www.netscout.com Open in urlscan Pro
156.154.241.50  Public Scan

13 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://sales.netscout.com/api/mailings/click/PMRGSZBCHI2DMMBWGU3TILBCOVZGYIR2EJUHI5DQOM5C6L3XO53S43TFORZWG33VOQXGG33NF5RGY33HF5QXGZLSOQXWYYL2MFZHK4ZNMJSWC4RNMFZG2YLEMEWWYYTBFVSGI33TFVSXQ5DPOJ2GS33OFVQXI5DBMNVS2Y3BNVYGC2LHNYWW6Y3UN5RGK4RCFQRG64THEI5CEZTFGFSTKODGGAWTCNBQMYWTIODBGUWTSNTBGUWTKMZUGAZTMODBGE4GCYJCFQRHMZLSONUW63RCHIRDIIRMEJZWSZZCHIRFUZBRNRTTEM2WIVUVE5DROZDHCOLQJNPVKV3PN5ZDST22N4YU2Q3NNZ2TA2ZYKJ2XM32FHURH2=== HTTP 302
   https://www.netscout.com/blog/asert/lazarus-bear-armada-lba-ddos-extortion-attack-campaign-october HTTP 301
   https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Page URL
   

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

• https://9460942.fls.doubleclick.net/activityi;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020 HTTP 302
• https://9460942.fls.doubleclick.net/activityi;dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020

Request Chain 90

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&time=1644438747115&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020 HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&time=1644438747115&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27243%26time%3D1644438747115%26url%3Dhttps%253A%252F%252Fwww.netscout.com%252Fblog%252Fasert%252Flazarus-bear-armada-ddos-extortion-campaign-december-2020%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&time=1644438747115&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&time=1644438747115&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&cookiesTest=true&liSync=true&e_ipv6=AQLut2qi90lEsgAAAX7gL_qUBNw95wHkI5LojGFpXskbU7fHAp37rtthK5g1pp1WxF_Wj0FCKA HTTP 302
• https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6416e44b-6918-44db-85ad-1306a85ea6a0 HTTP 302
• https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6416e44b-6918-44db-85ad-1306a85ea6a0&_expected_cookie=609ac217dc07b387e8f1d383607947f9

Request Chain 112

• https://insight.adsrvr.org/track/up?adv=uiox7en&ref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&upid=25dk7ip&upv=1.1.0 HTTP 302
• https://match.adsrvr.org/track/upb/?adv=uiox7en&ref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&upid=25dk7ip&upv=1.1.0

Request Chain 115

• https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=MDE1MjI2NGYtMjNhZi00NGVkLThlY2EtZTBlNzA5NDEyMzZk&gdpr=0&gdpr_consent=&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d HTTP 302
• https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d&google_gid=CAESEOEqyhyRakaK3u1t56Hk5EI&google_cver=1

Request Chain 116

• https://ups.analytics.yahoo.com/ups/55953/sync?uid=0152264f-23af-44ed-8eca-e0e70941236d&_origin=1&gdpr=0&gdpr_consent= HTTP 302
• https://ups.analytics.yahoo.com/ups/55953/sync?uid=0152264f-23af-44ed-8eca-e0e70941236d&_origin=1&gdpr=0&gdpr_consent=&verify=true

Request Chain 117

• https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D0152264f-23af-44ed-8eca-e0e70941236d HTTP 302
• https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=3786660870947406893&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d

120 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request lazarus-bear-armada-ddos-extortion-campaign-december-2020 Show response www.netscout.com/blog/asert/ Redirect Chain https://sales.netscout.com/api/mailings/click/PMRGSZBCHI2DMMBWGU3TILBCOVZGYIR2EJUHI5DQOM5C6L3XO53S43TFORZWG33VOQXGG33NF5RGY33HF5QXGZLSOQXWYYL2MFZHK4ZNMJSWC4RNMFZG2YLEMEWWYYTBFVSGI33TFVSXQ5DPOJ2GS33... https://www.netscout.com/blog/asert/lazarus-bear-armada-lba-ddos-extortion-attack-campaign-october https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020	294 KB 47 KB	524ms 524ms	Document text/html	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash 3f1d51bc1340bd68a31aea60df1933215a516007fdeda43ee4a7e20079f3d03c Security Headers Name Value Content-Security-Policy default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Response headers Server nginx Date Wed, 09 Feb 2022 20:32:25 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Cache-Control must-revalidate, no-cache, private Link <https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020>; rel="canonical" <https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020>; rel="alternate"; hreflang="en" <https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020>; rel="revision" X-UA-Compatible IE=edge Content-language en X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Permissions-Policy interest-cohort=() Expires Sun, 19 Nov 1978 05:00:00 GMT X-Generator Drupal 9 (https://www.drupal.org) Content-Security-Policy default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests X-XSS-Protection 1; mode=block Strict-Transport-Security max-age=31536000; includeSubDomains Content-Encoding gzip X-Request-ID v-64163140-89e7-11ec-a067-5f5418723cea X-AH-Environment prod Age 0 Via varnish Vary Accept-Encoding X-Cache MISS Accept-Ranges bytes Redirect headers Server nginx Date Wed, 09 Feb 2022 20:32:25 GMT Content-Type text/html; charset=UTF-8 Content-Length 11265 Connection keep-alive X-Redirect-ID 65586 X-UA-Compatible IE=edge Content-language en X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Permissions-Policy interest-cohort=() Expires Sun, 19 Nov 1978 05:00:00 GMT X-Generator Drupal 9 (https://www.drupal.org) Content-Security-Policy default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests X-XSS-Protection 1; mode=block Strict-Transport-Security max-age=31536000; includeSubDomains Location https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 X-Request-ID v-2728977a-89e5-11ec-84ff-fb540e5e24cb X-AH-Environment prod Cache-Control max-age=900, public Age 961 Via varnish X-Cache HIT X-Cache-Hits 9
GET H2	200	autopilot_sdk.js Show response cdn.bc0a.com/autopilot/f00000000205858/	40 KB 14 KB	40ms 12ms	Script application/javascript	35.201.125.192 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.bc0a.com/autopilot/f00000000205858/autopilot_sdk.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.201.125.192 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 192.125.201.35.bc.googleusercontent.com Software UploadServer / Resource Hash 5244e8be9b318067ed3230ec95fea683afc4485741a3dc4a962d18a2a23f7437 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-goog-meta-marvel_enabled true content-encoding gzip age 1738 x-guploader-uploadid ADPycdtTTsoOOk_DD2Q3DTgnz1r136Ohau3RO7f1eMJEl5yPEQm4tbWEltxGaIYFrE4Ls1TQCBnTLfkhee5rDCDcsLQ x-goog-meta-sdk_canonical_host x-goog-meta-sdk_whitelist ixf x-goog-stored-content-encoding gzip x-goog-meta-publishingdate 2020-08-06 20:18:58 x-goog-meta-sdk_canonical_protocol etag "c0e4b6649b99cd04ab4e7ae8d9310536" vary Accept-Encoding x-goog-generation 1596745138329175 content-language en access-control-allow-origin * x-goog-meta-custom true access-control-expose-headers Content-Type cache-control public, max-age=3600 x-goog-meta-spa false expires Wed, 09 Feb 2022 21:03:27 GMT x-goog-meta-sdk_version 1.3.0 date Wed, 09 Feb 2022 20:03:27 GMT x-goog-meta-sdk_account_id f00000000205858 x-goog-meta-sdk_request_parameters_case_sensitive false x-goog-meta-marvel_config_consistency_custom {"data-customerid":"f00000000205858"} x-goog-storage-class MULTI_REGIONAL x-goog-meta-marvel_customer_id x-goog-metageneration 3 alt-svc clear content-length 13837 x-goog-meta-sdk_log_level 2 last-modified Thu, 06 Aug 2020 20:18:58 GMT server UploadServer x-goog-hash crc32c=yhBTEA==, md5=wOS2ZJuZzQSrTnro2TEFNg== x-goog-stored-content-length 13837 accept-ranges bytes content-type application/javascript x-goog-meta-marvel_test_mode false
GET H2	200	css fonts.googleapis.com/	11 KB 1 KB	82ms 35ms	Stylesheet text/css	2607:f8b0:4006:822::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:822::200a Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash f1bbb8127b5d5b33dae60b322733f311a584debdeb9334d7b9c4a59ff7bc6a3a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 09 Feb 2022 19:23:03 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Wed, 09 Feb 2022 20:32:25 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 09 Feb 2022 20:32:25 GMT
GET H2	200	jquery.dataTables.min.css cdn.datatables.net/1.10.20/css/	14 KB 2 KB	79ms 28ms	Stylesheet text/css	2606:4700:10::ac43:e8b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.datatables.net/1.10.20/css/jquery.dataTables.min.css Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:e8b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 618d62ceaca1223e16de2c8939a1963a95c34b0ac75852f835f93e5b42f20871 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:25 GMT content-encoding gzip vary Accept-Encoding,User-Agent cf-cache-status HIT age 10132674 content-length 2109 last-modified Fri, 24 Sep 2021 14:22:22 GMT server cloudflare etag "1120c9d-364c-5ccbe79c893a7-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-frame-options SAMEORIGIN access-control-allow-methods GET content-type text/css; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes cf-ray 6dafddf0c96c4bd6-YUL access-control-allow-headers origin, x-requested-with, content-type expires Sat, 15 Oct 2022 13:54:30 GMT
GET H/1.1	200 OK	css_dPMwQIMfN4ZIgrbO7wLcca37f9Hh27168BLD3nroqwk.css www.netscout.com/sites/default/files/css/	65 B 567 B	25ms 25ms	Stylesheet text/css	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL https://www.netscout.com/sites/default/files/css/css_dPMwQIMfN4ZIgrbO7wLcca37f9Hh27168BLD3nroqwk.css Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash 74f33040831f37864882b6ceef02dc71adfb7fd1e1dbbd7af012c3de7ae8ab09 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:25 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 610524 X-Cache HIT Connection keep-alive X-AH-Environment prod Content-Length 67 X-Request-ID v-d0cbb2ee-8459-11ec-bdd3-0b0fc6d7aec9 Last-Modified Wed, 26 Jan 2022 18:55:26 GMT Server nginx Vary Accept-Encoding Content-Type text/css Via varnish Expires Thu, 02 Feb 2023 18:57:00 GMT Cache-Control max-age=31536000 Accept-Ranges bytes X-Cache-Hits 40750
GET H/1.1	200 OK	css_2O_tHk3c50HWH4fh5w8X1pbIVS0sND3u0oscR-R_gvo.css www.netscout.com/sites/default/files/css/	35 KB 7 KB	52ms 26ms	Stylesheet text/css	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL https://www.netscout.com/sites/default/files/css/css_2O_tHk3c50HWH4fh5w8X1pbIVS0sND3u0oscR-R_gvo.css Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash d8efed1e4ddce741d61f87e1e70f17d696c8552d2c343deed28b1c47e47f82fa Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:25 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 610596 X-Cache HIT Connection keep-alive X-AH-Environment prod Content-Length 6476 X-Request-ID v-bc80d49a-8459-11ec-b174-0364c53baff9 Last-Modified Wed, 02 Feb 2022 00:51:23 GMT Server nginx Vary Accept-Encoding Content-Type text/css Via varnish Expires Thu, 02 Feb 2023 18:55:49 GMT Cache-Control max-age=31536000 Accept-Ranges bytes X-Cache-Hits 109044
GET H/1.1	200 OK	css_P6IHQ0ID3X9adVclrJAC5j8T4YVvN1XOCR0pmTsQVQ4.css www.netscout.com/sites/default/files/css/	14 KB 4 KB	61ms 28ms	Stylesheet text/css	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL https://www.netscout.com/sites/default/files/css/css_P6IHQ0ID3X9adVclrJAC5j8T4YVvN1XOCR0pmTsQVQ4.css Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash 3fa207434203dd7f5a755725ac9002e63f13e1856f3755ce091d29993b10550e Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:25 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 609775 X-Cache HIT Connection keep-alive X-AH-Environment prod Content-Length 3555 X-Request-ID v-a5eeed46-845b-11ec-966b-73f1382dca20 Last-Modified Wed, 26 Jan 2022 18:43:45 GMT Server nginx Vary Accept-Encoding Content-Type text/css Via varnish Expires Thu, 02 Feb 2023 19:09:30 GMT Cache-Control max-age=31536000 Accept-Ranges bytes X-Cache-Hits 1760
GET H/1.1	200 OK	css_ambD5b1xFtqYus1VWxkJRierSgyYND1z9RvnNgr-aBw.css www.netscout.com/sites/default/files/css/	366 B 696 B	58ms 25ms	Stylesheet text/css	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL https://www.netscout.com/sites/default/files/css/css_ambD5b1xFtqYus1VWxkJRierSgyYND1z9RvnNgr-aBw.css Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash 6a66c3e5bd7116da98bacd555b19094627ab4a0c98343d73f51be7360afe681c Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:25 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 609775 X-Cache HIT Connection keep-alive X-AH-Environment prod Content-Length 196 X-Request-ID v-a607f322-845b-11ec-a98b-1bfdf18fff3b Last-Modified Wed, 26 Jan 2022 18:43:45 GMT Server nginx Vary Accept-Encoding Content-Type text/css Via varnish Expires Thu, 02 Feb 2023 19:09:30 GMT Cache-Control max-age=31536000 Accept-Ranges bytes X-Cache-Hits 1789
GET H2	200	addthis_widget.js Show response s7.addthis.com/js/300/	353 KB 114 KB	155ms 38ms	Script application/javascript	23.221.200.152 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://s7.addthis.com/js/300/addthis_widget.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.221.200.152 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-221-200-152.deploy.static.akamaitechnologies.com Software nginx/1.15.8 / Resource Hash acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403 Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers strict-transport-security max-age=15724800; includeSubDomains content-encoding gzip last-modified Mon, 26 Oct 2020 18:11:48 GMT server nginx/1.15.8 etag "5f971164-5834c" vary Accept-Encoding x-distribution 99 content-type application/javascript cache-control public, max-age=600 date Wed, 09 Feb 2022 20:32:25 GMT x-host s7.addthis.com content-length 116360
GET H2	200	v4.js Show response play.vidyard.com/embed/	71 KB 23 KB	52ms 10ms	Script application/javascript	151.101.1.181 FASTLY
General Check archive.org Show headers Download Go to Full URL https://play.vidyard.com/embed/v4.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.181 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash a4b2001122dd39199bbfd92904833d9ba48cdeb06c053a24e4155771b2aa92a5 Security Headers Name Value Strict-Transport-Security max-age=31557600 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:25 GMT content-encoding gzip vary X-ThumbnailAB, X-China, accept-language, Accept-Encoding age 7136 x-cache HIT x-cache-hits 5 content-length 23192 x-served-by cache-yul12830-YUL x-china 0 last-modified Tue, 11 Jan 2022 16:11:16 GMT etag "1754d147a447af9d75d777438a745153" strict-transport-security max-age=31557600 content-type application/javascript via 1.1 varnish cache-control no-cache, no-store, must-revalidate accept-ranges bytes expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	NS_LOGO_COL_POS_RGB.svg www.netscout.com/themes/custom/netscout/images/	3 KB 4 KB	29ms 28ms	Image image/svg+xml	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Show image Full URL https://www.netscout.com/themes/custom/netscout/images/NS_LOGO_COL_POS_RGB.svg Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash d11e9edd739b64bf03d985eeadd5ef06688031876f989ed39e92b06c92caf562 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:25 GMT Via varnish X-Content-Type-Options nosniff Age 610596 X-Cache HIT X-Cache-Hits 90597 Connection keep-alive X-AH-Environment prod Content-Length 3365 X-Request-ID v-bcb7a24a-8459-11ec-84cf-bf928e3439c3 Last-Modified Mon, 10 Jan 2022 22:58:25 GMT Server nginx Content-Type image/svg+xml Cache-Control max-age=31536000 Accept-Ranges bytes Expires Thu, 02 Feb 2023 18:55:49 GMT
GET H/1.1	200 OK	NS_LOGO_COL_NEG_RGB.svg www.netscout.com/themes/custom/netscout/images/	3 KB 4 KB	28ms 27ms	Image image/svg+xml	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Show image Full URL https://www.netscout.com/themes/custom/netscout/images/NS_LOGO_COL_NEG_RGB.svg Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash 8feaee28719a83b2a84643a5c3760a89b8d79d16db975012141304099491706e Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:25 GMT Via varnish X-Content-Type-Options nosniff Age 610596 X-Cache HIT X-Cache-Hits 90044 Connection keep-alive X-AH-Environment prod Content-Length 3362 X-Request-ID v-bcb6dfea-8459-11ec-a7bf-fbc688af07f8 Last-Modified Mon, 10 Jan 2022 22:58:34 GMT Server nginx Content-Type image/svg+xml Cache-Control max-age=31536000 Accept-Ranges bytes Expires Thu, 02 Feb 2023 18:55:49 GMT
GET H2	200	forms2.min.js Show response app-ab15.marketo.com/js/forms2/js/	205 KB 68 KB	307ms 232ms	Script application/x-javascript	104.16.96.80 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-ab15.marketo.com/js/forms2/js/forms2.min.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2689a0237a95cfd8135f8da3ac79c430e903f3c542f8b862f68141c84c348c43 Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Wed, 12 Jan 2022 18:47:30 GMT server cloudflare age 1308 etag "23600d9-33210-5d567007b9480" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=63113904 content-type application/x-javascript; charset=utf-8 cache-control public, max-age=14400 cf-ray 6dafddf15b0c3ff2-YYZ vary Accept-Encoding expires Thu, 10 Feb 2022 00:32:26 GMT
GET H2	200	google-analytics.js Show response play.vidyard.com/v0/	15 KB 6 KB	131ms 89ms	Script application/javascript	151.101.1.181 FASTLY
General Check archive.org Show headers Download Go to Full URL https://play.vidyard.com/v0/google-analytics.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.1.181 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4890e3b411e79a5b84540077fabb262eee8f9d2c97598468fabe5b8805949420 Security Headers Name Value Strict-Transport-Security max-age=31557600 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:25 GMT via 1.1 varnish vary X-ThumbnailAB, X-China, accept-language, Accept-Encoding age 0 x-cache MISS content-encoding gzip content-length 5845 x-served-by cache-yul12830-YUL x-china 0 last-modified Fri, 30 Apr 2021 19:42:10 GMT x-timer S1644438746.776318,VS0,VE79 etag "796ea134ca3d91213a9aa2990d82230f" strict-transport-security max-age=31557600 content-type application/javascript accept-ranges bytes x-cache-hits 0
GET H2	200	jquery.dataTables.min.js Show response cdn.datatables.net/1.10.20/js/	82 KB 28 KB	30ms 29ms	Script application/javascript	2606:4700:10::ac43:e8b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.datatables.net/1.10.20/js/jquery.dataTables.min.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:e8b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2f871fee6fdc802e757bb0453f141c299717af2cd28eeed56012892ce28f1ef4 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:25 GMT content-encoding gzip vary Accept-Encoding,User-Agent cf-cache-status HIT age 21294281 content-length 28862 last-modified Tue, 08 Jun 2021 08:47:53 GMT server cloudflare etag "1120cc2-14961-5c43d36ba6e16-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-frame-options SAMEORIGIN access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes cf-ray 6dafddf0d9894bd6-YUL access-control-allow-headers origin, x-requested-with, content-type expires Wed, 08 Jun 2022 09:27:44 GMT
GET H/1.1	200 OK	js_lzclU0o0HXaG-wgjYwf3uycgoCuOQqSUJ0R0ic6BYow.js Show response www.netscout.com/sites/default/files/js/	2 MB 585 KB	35ms 34ms	Script text/javascript	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL https://www.netscout.com/sites/default/files/js/js_lzclU0o0HXaG-wgjYwf3uycgoCuOQqSUJ0R0ic6BYow.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash 973725534a341d7686fb08236307f7bb2720a02b8e42a49427447489ce81628c Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:25 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 610596 X-Cache HIT Connection keep-alive X-AH-Environment prod Content-Length 598801 X-Request-ID v-bcab67fa-8459-11ec-816e-ff7f12df7861 Last-Modified Wed, 26 Jan 2022 18:41:34 GMT Server nginx Vary Accept-Encoding Content-Type text/javascript Via varnish Expires Thu, 02 Feb 2023 18:55:49 GMT Cache-Control max-age=31536000 Accept-Ranges bytes X-Cache-Hits 74586
GET H/1.1	200 OK	js_d373TkYUFC3utU09UVDZ16YFmMjDjDxwMZwtWs-7k74.js Show response www.netscout.com/sites/default/files/js/	1 KB 1 KB	27ms 26ms	Script text/javascript	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL https://www.netscout.com/sites/default/files/js/js_d373TkYUFC3utU09UVDZ16YFmMjDjDxwMZwtWs-7k74.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash 777ef74e4614142deeb54d3d5150d9d7a60598c8c38c3c70319c2d5acfbb93be Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:25 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 609775 X-Cache HIT Connection keep-alive X-AH-Environment prod Content-Length 580 X-Request-ID v-a627ffaa-845b-11ec-9ae7-73c017a5fbe4 Last-Modified Wed, 26 Jan 2022 18:43:46 GMT Server nginx Vary Accept-Encoding Content-Type text/javascript Via varnish Expires Thu, 02 Feb 2023 19:09:30 GMT Cache-Control max-age=31536000 Accept-Ranges bytes X-Cache-Hits 1782
GET H2	200	0558575896 Show response ixfd-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000205858/	2 KB 932 B	62ms 30ms	XHR application/json	35.244.153.179 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ixfd-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000205858/0558575896?client=js_sdk&client_version=1.3.0&orig_url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&base_url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F98.0.4758.80%20Safari%2F537.36 Requested by Host: cdn.bc0a.com URL: https://cdn.bc0a.com/autopilot/f00000000205858/autopilot_sdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.153.179 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 179.153.244.35.bc.googleusercontent.com Software bws/1.0 / Resource Hash de6b25d0918c674a796d56ad782239c400296fec2b5949b510a6d0281f92775e Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-be-pop IAD-1-601 date Wed, 09 Feb 2022 20:32:21 GMT content-encoding br server bws/1.0 content-type application/json access-control-allow-origin * cache-control public, max-age=3600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 via 1.1 google
GET H2	200	GSj3wrAT5uY Show response www.youtube-nocookie.com/embed/ Frame B849	60 KB 26 KB	119ms 71ms	Document text/html	2607:f8b0:4006:806::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube-nocookie.com/embed/GSj3wrAT5uY Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:806::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash a2791984d385fcad66e6ecd524f558c2ab531e590cdb66d1747a7adf021598f3 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ Response headers content-type text/html; charset=utf-8 x-content-type-options nosniff cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Wed, 09 Feb 2022 20:32:25 GMT strict-transport-security max-age=31536000 accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version report-to {"group":"ATmXEA-ICoFJ9VXgvj-MamPyZ8u8P8wifEU_jWh0oMT5PP7Ad4_5jA0mRps","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA-ICoFJ9VXgvj-MamPyZ8u8P8wifEU_jWh0oMT5PP7Ad4_5jA0mRps"}]} cross-origin-opener-policy-report-only same-origin; report-to="ATmXEA-ICoFJ9VXgvj-MamPyZ8u8P8wifEU_jWh0oMT5PP7Ad4_5jA0mRps" permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=* content-encoding br server ESF x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v27/	44 KB 44 KB	68ms 19ms	Font font/woff2	2607:f8b0:4006:807::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:807::2003 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.netscout.com Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 07 Feb 2022 15:58:15 GMT x-content-type-options nosniff age 189250 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 44656 x-xss-protection 0 last-modified Thu, 28 Oct 2021 00:30:43 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Tue, 07 Feb 2023 15:58:15 GMT
GET H/1.1	200 OK	search.svg www.netscout.com/themes/custom/netscout/images/	2 KB 2 KB	27ms 26ms	Image image/svg+xml	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Show image Full URL https://www.netscout.com/themes/custom/netscout/images/search.svg Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash 54ec6fecb5131319e2f22913ceb9c5124ee9b985676f8a199d4f3ed6815986e3 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:25 GMT Via varnish X-Content-Type-Options nosniff Age 610596 X-Cache HIT X-Cache-Hits 26806 Connection keep-alive X-AH-Environment prod Content-Length 1738 X-Request-ID v-bcca92b0-8459-11ec-a480-43ecb070deea Last-Modified Fri, 12 Mar 2021 11:12:53 GMT Server nginx Content-Type image/svg+xml Cache-Control max-age=31536000 Accept-Ranges bytes Expires Thu, 02 Feb 2023 18:55:49 GMT
GET H/1.1	200 OK	svg-branded-icons-6046f998.svg www.netscout.com/themes/custom/netscout/images/sprites/svg/	16 KB 17 KB	27ms 27ms	Image image/svg+xml	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Show image Full URL https://www.netscout.com/themes/custom/netscout/images/sprites/svg/svg-branded-icons-6046f998.svg Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash aa1c2b56b557ae22130c789981760e1f0ee7a762a1aaa88a58c634722fe969bd Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:25 GMT Via varnish X-Content-Type-Options nosniff Age 609775 X-Cache HIT X-Cache-Hits 1245 Connection keep-alive X-AH-Environment prod Content-Length 16696 X-Request-ID v-a638c9de-845b-11ec-bd9e-3f87993d5d1f Last-Modified Fri, 12 Mar 2021 11:12:59 GMT Server nginx Content-Type image/svg+xml Cache-Control max-age=31536000 Accept-Ranges bytes Expires Thu, 02 Feb 2023 19:09:30 GMT
GET DATA	200 OK	truncated /	563 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7e65bc18d322129052c561a0bdc8c0b1bfd1b16e4c529f3f5546f56d5d5062a6 Request headers Accept-Language en-CA,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	conv_v3.js Show response cdn.b0e8.com/	67 KB 22 KB	39ms 12ms	Script application/javascript	35.190.5.192 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.b0e8.com/conv_v3.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.5.192 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 192.5.190.35.bc.googleusercontent.com Software UploadServer / Resource Hash afdd29778a35ecf1638fc1c8bee1d4f7843d437d01b5db08cdf364da6b0edeaf Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:20:43 GMT content-encoding gzip age 702 x-guploader-uploadid ADPycdvX0I1-qwPpXDpQU2mCbUaWTDt9-wjj8UjgwmvE_KDoGKcbzcMrmIsLpZ8AbK8qGWJ1wYamRMs7Aa_d4P8XND4 x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 2 x-goog-stored-content-encoding gzip alt-svc clear content-length 21570 last-modified Fri, 07 Aug 2020 06:51:36 GMT server UploadServer etag "befb3eb28cd6dd99609966faf9c239e0" vary Accept-Encoding x-goog-hash crc32c=kqf0jw==, md5=vvs+sozW3ZlgmWb6+cI54A== content-language en access-control-allow-origin * x-goog-generation 1596783096708452 access-control-expose-headers Content-Type cache-control public, max-age=3600 x-goog-stored-content-length 21570 accept-ranges bytes content-type application/javascript expires Wed, 09 Feb 2022 21:20:43 GMT
GET H2	200	www-player-webp.css www.youtube-nocookie.com/s/player/326d75a6/ Frame B849	341 KB 47 KB	22ms 20ms	Stylesheet text/css	2607:f8b0:4006:806::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube-nocookie.com/s/player/326d75a6/www-player-webp.css Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/embed/GSj3wrAT5uY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:806::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 780b00bc569866c124b568e32a48f939b79b7fd4a4278e47c4fa593f373c6752 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/embed/GSj3wrAT5uY User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 07 Feb 2022 16:48:58 GMT content-encoding br x-content-type-options nosniff age 186208 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 47768 x-xss-protection 0 last-modified Mon, 07 Feb 2022 01:23:39 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Tue, 07 Feb 2023 16:48:58 GMT
GET H2	200	www-embed-player.js Show response www.youtube-nocookie.com/s/player/326d75a6/www-embed-player.vflset/ Frame B849	282 KB 85 KB	32ms 31ms	Script text/javascript	2607:f8b0:4006:806::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube-nocookie.com/s/player/326d75a6/www-embed-player.vflset/www-embed-player.js Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/embed/GSj3wrAT5uY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:806::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e193190c97b8e3027b8296a02c72b29e63dcfadfa7b3139eb4d21f993fd934cf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/embed/GSj3wrAT5uY User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 07 Feb 2022 16:48:58 GMT content-encoding br x-content-type-options nosniff age 186208 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 87003 x-xss-protection 0 last-modified Mon, 07 Feb 2022 01:23:39 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Tue, 07 Feb 2023 16:48:58 GMT
GET H2	200	base.js Show response www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/ Frame B849	2 MB 536 KB	57ms 56ms	Script text/javascript	2607:f8b0:4006:806::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/base.js Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/embed/GSj3wrAT5uY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:806::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f40738f279faebcd175dd75d78e0478749d5de4e55f9b5a788e5adc979e4d399 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/embed/GSj3wrAT5uY User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 07 Feb 2022 16:48:58 GMT content-encoding br x-content-type-options nosniff age 186208 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 548387 x-xss-protection 0 last-modified Mon, 07 Feb 2022 01:23:39 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Tue, 07 Feb 2023 16:48:58 GMT
GET H2	200	fetch-polyfill.js Show response www.youtube-nocookie.com/s/player/326d75a6/fetch-polyfill.vflset/ Frame B849	8 KB 3 KB	52ms 51ms	Script text/javascript	2607:f8b0:4006:806::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube-nocookie.com/s/player/326d75a6/fetch-polyfill.vflset/fetch-polyfill.js Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/embed/GSj3wrAT5uY Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:806::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/embed/GSj3wrAT5uY User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 07 Feb 2022 16:48:58 GMT content-encoding br x-content-type-options nosniff age 186208 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2830 x-xss-protection 0 last-modified Mon, 07 Feb 2022 01:23:39 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Tue, 07 Feb 2023 16:48:58 GMT
GET H2	200	moatframe.js Show response z.moatads.com/addthismoatframe568911941483/	2 KB 1 KB	113ms 32ms	Script application/x-javascript	104.110.250.9 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://z.moatads.com/addthismoatframe568911941483/moatframe.js Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.110.250.9 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-110-250-9.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT content-encoding gzip last-modified Fri, 08 Nov 2019 20:13:52 GMT server AmazonS3 x-amz-request-id 6A07D9CDA6EABBB8 etag "f14b4e1f799b14f798a195f43cf58376" vary Accept-Encoding content-type application/x-javascript cache-control max-age=23194 accept-ranges bytes content-length 948 x-amz-id-2 bMVNTvmooWJrXd613nC3W6DUu7bGMtzM5JTbWH4UdA8CCDonWRULJc48V0RZl7jjtJorEVsnN7o=
GET H3	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame B849	15 KB 15 KB	47ms 20ms	Font font/woff2	2607:f8b0:4006:807::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/embed/GSj3wrAT5uY Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:807::2003 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.youtube-nocookie.com/ Origin https://www.youtube-nocookie.com Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 08 Feb 2022 15:59:51 GMT x-content-type-options nosniff age 102755 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 08 Feb 2023 15:59:51 GMT
GET H2	200	getForm Show response app-ab15.marketo.com/index.php/form/	18 KB 3 KB	711ms 711ms	Script application/javascript	104.16.96.80 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-ab15.marketo.com/index.php/form/getForm?munchkinId=513-UXA-533&form=3308&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&callback=jQuery112405575376865832267_1644438746168&_=1644438746169 Requested by Host: app-ab15.marketo.com URL: https://app-ab15.marketo.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 59da48ccd281c2c7957e697eb064ffad322430ac03e7dfa3a3716b2385d5becb Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * strict-transport-security max-age=63113904 cf-ray 6dafddf3a8e13ff2-YYZ cached false
GET H2	200	brightedge3.php a.b0e8.com/	35 B 226 B	52ms 25ms	Image image/gif	34.95.105.148 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://a.b0e8.com/brightedge3.php?id=f00000000205858&p_id=AR846L2P6664RRN222N2N2NA8AAAAAAAAH&bf=25f5faa62625465e4783fcecd2a1ea40&url=https%3A//www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020&ref=&bn=1&bv=3.43&title=DDoS%20Extortion%20Attack%20Campaign%20Lazarus%20Bear%20Armada%20%28LBA%29%20%7C%20NETSCOUT&metadesc=DDoS%20Extortion%20Update%3A%20As%20previously%20reported%2C%20a%20relatively%20prolific%20threat%20actor%20initiated%20a%20global%20campaign%20of%20DDoS%20extortion%20attacks%20in%20mid-August%202020%2C%20largely%20directed%20towards%20regional%20financial%20and%20travel-industry%20targets%20such%20as%20regional%20banks%2C%20sto&metakeywords=LBA%2C%20extortion%2C%20ddos&s_id=AR846L2P6664RJANARL2N2NA8AAAAAAAAH Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.95.105.148 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 148.105.95.34.bc.googleusercontent.com Software bws/1.0 / Resource Hash a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-be-pop IAD-1-601 date Wed, 09 Feb 2022 20:32:20 GMT via 1.1 google last-modified Tue, 29 Jun 2021 14:16:36 GMT server bws/1.0 etag "60db2b44-23" content-type image/gif access-control-allow-origin * accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35
GET H2	200	gtm.js Show response www.googletagmanager.com/	279 KB 82 KB	101ms 51ms	Script application/javascript	2607:f8b0:4006:824::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Requested by Host: www.netscout.com URL: https://www.netscout.com/sites/default/files/js/js_lzclU0o0HXaG-wgjYwf3uycgoCuOQqSUJ0R0ic6BYow.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:824::2008 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 265741c6ec5cdd0f63945d8f261100da20e7d3e88e883188a33dc2b1e66dd6ca Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 83760 x-xss-protection 0 last-modified Wed, 09 Feb 2022 18:45:26 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 09 Feb 2022 20:32:26 GMT
GET H2	200	_ate.track.config_resp Show response v1.addthisedge.com/live/boost/ra-5a2974ab1cafb62f/	2 KB 888 B	58ms 49ms	Script application/javascript	23.221.200.152 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://v1.addthisedge.com/live/boost/ra-5a2974ab1cafb62f/_ate.track.config_resp Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.221.200.152 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-221-200-152.deploy.static.akamaitechnologies.com Software / Resource Hash 0546166d2811d4522338a0fdbdfefad1a1e452b5458050af5fde5bf0c58da1e3 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT content-encoding gzip etag 290151766--gzip vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control public, max-age=37, s-maxage=86400 content-disposition attachment; filename=1.txt content-length 713
GET H2	200	300lo.json Show response m.addthis.com/live/red_lojson/	136 B 1 KB	172ms 109ms	Script application/javascript	23.221.200.152 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://m.addthis.com/live/red_lojson/300lo.json?si=620424da013c5f8a&bkl=0&bl=1&pdt=837&sid=620424da013c5f8a&pub=ra-5a2974ab1cafb62f&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.netscout.com&fp=blog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=0&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=LBA%2Cextortion%2Cddos&colc=1644438746288&jsl=1&uvs=620424da8c6c3e9d000&skipb=1&callback=addthis.cbs.jsonp__97841263445815920 Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.221.200.152 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-221-200-152.deploy.static.akamaitechnologies.com Software / Resource Hash a7721004f69845315db1ff13e3ca5d0a7dd68fa8f0b517498bb6cbc5ac018038 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:26 GMT cache-control max-age=0, no-cache, no-store, no-transform content-disposition attachment; filename=1.txt p3p policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA" content-length 136 content-type application/javascript;charset=utf-8
GET		sh.f48a1a04fe8dbf021b4cda1d.html s7.addthis.com/static/ Frame 54DA	0 0
GET H2	200	sh.f48a1a04fe8dbf021b4cda1d.html Show response s7.addthis.com/static/ Frame 4E06	71 KB 26 KB	38ms 38ms	Document text/html	23.221.200.152 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.221.200.152 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-221-200-152.deploy.static.akamaitechnologies.com Software nginx/1.15.8 / Resource Hash 55d783462e6671fa985a6b0829db15474f4e57f0555c93e15cc2db6a1d1e6cab Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ Response headers server nginx/1.15.8 content-type text/html last-modified Thu, 04 Jun 2020 15:49:19 GMT etag W/"5ed917ff-11adc" timing-allow-origin * cache-control public, max-age=86313600 p3p CP="NON ADM OUR DEV IND COM STA" strict-transport-security max-age=15724800; includeSubDomains content-encoding gzip content-length 26421 date Wed, 09 Feb 2022 20:32:26 GMT vary Accept-Encoding x-host s7.addthis.com
GET H2	200	Webp.net-compress-image_0.jpg marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/styles/large_lazy_load_480x480/public/2020-09/03/images/	12 KB 13 KB	112ms 47ms	Image image/webp	2600:9000:2162:ce00:0:f267:a5c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://marvel-b1-cdn.bc0a.com/f00000000205858/www.netscout.com/sites/default/files/styles/large_lazy_load_480x480/public/2020-09/03/images/Webp.net-compress-image_0.jpg?itok=nonRqDsW Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2162:ce00:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1c88377859e6be3252de29584095102a35555ba1e8c6f71d3159caf98ab0356e Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 19:36:40 GMT via 1.1 1741dbec7ff4486be3ac109e403dff4e.cloudfront.net (CloudFront) age 3347 x-cache Hit from cloudfront x-amz-request-id 2TP63SD2F5RC6TQH x-amz-id-2 iHAsb35fxwSJO5HAndh7GXiC0YugarJXin5WqP9J5+66sS+/PzsxB+CcuZksUOfGOWzUKSNiOBg= accept-ranges bytes last-modified Fri, 16 Jul 2021 19:56:36 GMT server AmazonS3 etag "89597af3a6e124e81881e6c7f8a832b7" x-amz-version-id l6MjP9xv9PS8.gHKdmlFQl9oyEDbXUKY access-control-allow-origin * cache-control max-age=31536000 x-amz-cf-pop EWR52-C3 content-length 12358 content-type image/webp x-amz-cf-id -4L0vLgzaq1t9valBMxBN5sbYsZE6ipseQBhyVSxebgK2VPFSKNL1g==
GET H2	200	layers.fa6cd1947ce26e890d3d.js Show response s7.addthis.com/static/	263 KB 76 KB	44ms 43ms	Script application/javascript	23.221.200.152 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js Requested by Host: s7.addthis.com URL: https://s7.addthis.com/js/300/addthis_widget.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.221.200.152 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-221-200-152.deploy.static.akamaitechnologies.com Software nginx/1.15.8 / Resource Hash 6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers strict-transport-security max-age=15724800; includeSubDomains content-encoding gzip last-modified Mon, 26 Oct 2020 18:11:48 GMT server nginx/1.15.8 etag W/"5f971164-41cf5" vary Accept-Encoding content-type application/javascript cache-control public, max-age=86313600 date Wed, 09 Feb 2022 20:32:26 GMT x-host s7.addthis.com timing-allow-origin * content-length 77617
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	65ms 19ms	Script text/javascript	2607:f8b0:4006:80d::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80d::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 490 date Wed, 09 Feb 2022 20:24:16 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Wed, 09 Feb 2022 22:24:16 GMT
GET H2	200	conversion_async.js Show response www.googleadservices.com/pagead/	39 KB 15 KB	105ms 57ms	Script text/javascript	142.250.176.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.176.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS lga34s37-in-f2.1e100.net Software cafe / Resource Hash cae0ae2d67aac89367108586ebd25e00afc5d0f8110e6eb71b8d274037f7a5d8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14884 x-xss-protection 0 server cafe etag 16747055602125368176 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Wed, 09 Feb 2022 20:32:26 GMT
GET H3	200	activityi;dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flaz... Show response 9460942.fls.doubleclick.net/ Frame 0C83 Redirect Chain https://9460942.fls.doubleclick.net/activityi;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Fl... https://9460942.fls.doubleclick.net/activityi;dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fw...	556 B 456 B	67ms 39ms	Document text/html	142.251.40.166 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://9460942.fls.doubleclick.net/activityi;dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.40.166 , United States, ASN15169 (GOOGLE, US), Reverse DNS lga25s81-in-f6.1e100.net Software cafe / Resource Hash 6d1fb8455a229c96dc9235503fa8348e1d4f509dc689d394657436b8677fe595 Security Headers Name Value Strict-Transport-Security max-age=21600 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer about:blank Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Wed, 09 Feb 2022 20:32:26 GMT expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate strict-transport-security max-age=21600 content-type text/html; charset=UTF-8 pragma no-cache x-content-type-options nosniff content-encoding gzip server cafe content-length 431 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Redirect headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Wed, 09 Feb 2022 20:32:26 GMT pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate follow-only-when-prerender-shown 1 strict-transport-security max-age=21600 location https://9460942.fls.doubleclick.net/activityi;dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020? content-type text/html; charset=UTF-8 x-content-type-options nosniff server cafe content-length 0 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	512bf103-a365-48b3-82ca-9d6e1c407dd0.js Show response cdn.mouseflow.com/projects/	216 KB 70 KB	82ms 18ms	Script application/javascript	23.111.9.38 HIGHWINDS2
General Check archive.org Show headers Download Go to Full URL https://cdn.mouseflow.com/projects/512bf103-a365-48b3-82ca-9d6e1c407dd0.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.111.9.38 , United States, ASN33438 (HIGHWINDS2, US), Reverse DNS Software NetDNA-cache/2.2 / Resource Hash ca3bef8304d04aaa709ac0de450f322f734a50eb34444760bd78d385456dd243 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT content-encoding gzip last-modified Tue, 08 Feb 2022 21:31:50 GMT server NetDNA-cache/2.2 etag W/"6c37a48331dd81:0" x-cache HIT content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=86400
GET H2	200	notice Show response consent.truste.com/	88 B 553 B	161ms 91ms	Script text/javascript	13.225.230.5 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://consent.truste.com/notice?domain=netscout.com&c=teconsent&text=true&gtm=1 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.230.5 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-230-5.jfk51.r.cloudfront.net Software nginx / Resource Hash 9d13d6e082243d2cbc869b3cac92410edc781678e8e625e3bda2face9271a976 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.netscout.com/ Origin https://www.netscout.com Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT via 1.1 74636a0d3b110dc164c7801b27cac3b2.cloudfront.net (CloudFront) x-content-type-options nosniff x-amz-cf-pop JFK51-C1 x-cache Miss from cloudfront cloudfront-viewer-country CA content-length 88 x-xss-protection 1; mode=block timing-allow-origin * server nginx x-frame-options SAMEORIGIN content-type text/javascript;charset=ISO-8859-1 access-control-allow-origin * cache-control max-age=3600 cloudfront-viewer-country-region QC x-amz-cf-id kXYhbbXLXMdG2uxQdV0onDP9gEw96hMjPKvyhSccK-0xMTan3Q04Vg== expires Wed, 09 Feb 2022 21:32:26 GMT
GET H/1.1	200 OK	formalyze_init.min.js Show response www.netscout.com/js/	579 B 788 B	27ms 27ms	Script application/javascript	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL https://www.netscout.com/js/formalyze_init.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash ca4cef801e43a5c76e4cb708568d3daaa1e41233828d754d6eac014f57b9714d Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:26 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 610524 X-Cache HIT Connection keep-alive X-AH-Environment prod Content-Length 273 X-Request-ID v-e2431882-8459-11ec-bccd-f3e032623380 Last-Modified Fri, 12 Mar 2021 11:12:58 GMT Server nginx Vary Accept-Encoding Content-Type application/javascript Via varnish Expires Thu, 02 Feb 2023 18:57:02 GMT Cache-Control max-age=31536000 Accept-Ranges bytes X-Cache-Hits 84555
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	116ms 32ms	Script application/x-javascript	23.10.86.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.10.86.114 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-10-86-114.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:26 GMT Content-Encoding gzip Last-Modified Fri, 29 Oct 2021 01:24:07 GMT Server AkamaiNetStorage ETag "461ce1cffaadfebf2e7659745618ba8e:1635470647.434977" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Connection keep-alive Accept-Ranges bytes Content-Type application/x-javascript Content-Length 753
GET H/1.1	200 OK	ff-3.min.js Show response cdn-0.d41.co/tags/	265 KB 266 KB	74ms 23ms	Script application/javascript	13.225.230.88 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-0.d41.co/tags/ff-3.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 13.225.230.88 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-230-88.jfk51.r.cloudfront.net Software AmazonS3 / Resource Hash ce659473360379780a37f64a2f3609ea756953553032a6f7215f529641a2c2dc Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:31:42 GMT Via 1.1 d77f2f1d7dfcddde244aedf1c9ed7a8e.cloudfront.net (CloudFront) Last-Modified Thu, 16 Dec 2021 20:47:36 GMT Server AmazonS3 Age 45 ETag "c7bef8fcfa2a49c60df32820fd19a007" X-Cache Hit from cloudfront Content-Type application/javascript Connection keep-alive X-Amz-Cf-Pop JFK51-C1 Accept-Ranges bytes Content-Length 271716 X-Amz-Cf-Id YYCYeuGxDHXrLyvfl5ZhZK7AOU-oU2SBgVtFJZCxeZD9ZmTQSiNh1g==
GET H/1.1	200 OK	up_loader.1.1.0.js Show response js.adsrvr.org/	4 KB 5 KB	88ms 17ms	Script application/x-javascript	13.225.226.150 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.adsrvr.org/up_loader.1.1.0.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 13.225.226.150 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-226-150.jfk51.r.cloudfront.net Software AmazonS3 / Resource Hash ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 04:48:58 GMT Via 1.1 f141d4a0b9a72779a9dd3a57c2c25f52.cloudfront.net (CloudFront) Last-Modified Thu, 24 Sep 2020 15:15:34 GMT Server AmazonS3 Age 56609 ETag "98d98b3499058b76d58073cf8ede2f10" X-Cache Hit from cloudfront Content-Type application/x-javascript Connection keep-alive X-Amz-Cf-Pop JFK51-C1 Accept-Ranges bytes Content-Length 4593 X-Amz-Cf-Id w59vk0FFe10oNao1Bb_UJ7mdBsLCo7-rQ1JBMK_wpVRmWxwsUXiflQ==
GET H/1.1	200 OK	25007 Show response cdn.bttrack.com/universal/	2 KB 3 KB	114ms 28ms	Script application/javascript	69.16.175.42 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://cdn.bttrack.com/universal/25007 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.16.175.42 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS hwcdn.net Software / Resource Hash b8d384f0137e3e9d6a92be834e24333e3ac0432353ce605471c55b078cd4bd64 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:26 GMT Cache-Control max-age=848 Connection Keep-Alive Accept-Ranges bytes Content-Length 2532 X-HW 1644438746.dop183.dc2.t,1644438746.cds207.dc2.shn,1644438746.dop183.dc2.t,1644438746.cds210.dc2.c Content-Type application/javascript; charset=utf-8
OPTIONS H2	200	Create jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame	0 0	92ms 33ms	Preflight text/html	2607:f8b0:4006:809::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:809::200a Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type,x-goog-api-key,x-user-agent Origin https://www.youtube-nocookie.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://www.youtube-nocookie.com vary origin referer x-origin access-control-allow-methods DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT access-control-allow-headers content-type,x-goog-api-key,x-user-agent access-control-max-age 3600 date Wed, 09 Feb 2022 20:32:26 GMT content-type text/html server ESF content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN x-content-type-options nosniff alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H3	200	Create Show response jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame B849	45 KB 22 KB	74ms 46ms	XHR application/json+protobuf	2607:f8b0:4006:809::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/base.js Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:809::200a Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ec801a0eb517e03375d7ab6134df8718dbb744f0a553b313dda501c742c38bb7 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers X-User-Agent grpc-web-javascript/0.1 Referer https://www.youtube-nocookie.com/ X-Goog-Api-Key AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type application/json+protobuf Response headers date Wed, 09 Feb 2022 20:32:26 GMT content-encoding gzip x-content-type-options nosniff alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" server ESF x-frame-options SAMEORIGIN content-type application/json+protobuf; charset=UTF-8 access-control-allow-origin https://www.youtube-nocookie.com access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private vary Origin, X-Origin, Referer content-length 22102 x-xss-protection 0
GET H3	200	remote.js Show response www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/ Frame B849	97 KB 30 KB	23ms 22ms	Script text/javascript	2607:f8b0:4006:806::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/remote.js Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/base.js Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:806::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1ed0157ed43db630f7e8c04388d4a812c213e02d179fabd63016196852806bd3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/embed/GSj3wrAT5uY User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 07 Feb 2022 16:48:59 GMT content-encoding br x-content-type-options nosniff age 186207 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30677 x-xss-protection 0 last-modified Mon, 07 Feb 2022 01:23:39 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Tue, 07 Feb 2023 16:48:59 GMT
GET H2	200	zRgr2ACnj0YI3poDVuWyejvFMZcBcPxtDmNhcAvw--E.js Show response www.google.com/js/th/ Frame B849	35 KB 14 KB	72ms 20ms	Script text/javascript	2607:f8b0:4006:80e::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/js/th/zRgr2ACnj0YI3poDVuWyejvFMZcBcPxtDmNhcAvw--E.js Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/base.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cd182bd800a78f4608de9a0356e5b27a3bc531970170fc6d0e6361700bf0fbe1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 04:24:55 GMT content-encoding br x-content-type-options nosniff age 58051 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13563 x-xss-protection 0 last-modified Thu, 27 Jan 2022 13:30:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 09 Feb 2023 04:24:55 GMT
GET H3	200	embed.js Show response www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/ Frame B849	26 KB 7 KB	20ms 19ms	Script text/javascript	2607:f8b0:4006:806::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/embed.js Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/base.js Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:806::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 101cf8e1a293ce6299d5884bd8431ee260b17f9124b6c74d2fb1b953353584fa Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/embed/GSj3wrAT5uY User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 08 Feb 2022 10:50:04 GMT content-encoding br x-content-type-options nosniff age 121342 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7645 x-xss-protection 0 last-modified Mon, 07 Feb 2022 01:23:39 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Wed, 08 Feb 2023 10:50:04 GMT
GET DATA	200 OK	truncated / Frame B849	175 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2 Request headers Accept-Language en-CA,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Content-Type image/png
GET H2	200	AKedOLTBf88R-HKlsi0w1NUQqwSZxJmjIndxQPDzF_ReTw=s68-c-k-c0x00ffffff-no-rj yt3.ggpht.com/ytc/ Frame B849	2 KB 2 KB	68ms 20ms	Image image/jpeg	2607:f8b0:4006:816::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://yt3.ggpht.com/ytc/AKedOLTBf88R-HKlsi0w1NUQqwSZxJmjIndxQPDzF_ReTw=s68-c-k-c0x00ffffff-no-rj Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:816::2001 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software fife / Resource Hash 14518110e0dec9ec838c0cee5986988c2987482142d8a25dd94ee02f095502f7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 17:32:48 GMT x-content-type-options nosniff age 10778 content-disposition inline;filename="unnamed.jpg" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1925 x-xss-protection 0 server fife etag "v1d5" vary Origin content-type image/jpeg access-control-allow-origin * access-control-expose-headers Content-Length cache-control public, max-age=86400, no-transform timing-allow-origin * expires Tue, 16 Nov 2021 09:45:09 GMT
GET H2	200	sddefault.jpg i.ytimg.com/vi/GSj3wrAT5uY/ Frame B849	22 KB 23 KB	90ms 36ms	Image image/jpeg	2607:f8b0:4006:81f::2016 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://i.ytimg.com/vi/GSj3wrAT5uY/sddefault.jpg Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81f::2016 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 947f6929237e63b34579f7720da7b54f77d862eefd81cb9b382276dde0a02ca7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 22611 x-xss-protection 0 server sffe etag "1602022907" vary Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type image/jpeg cache-control public, max-age=7200 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Wed, 09 Feb 2022 22:32:26 GMT
GET DATA	200 OK	truncated /	443 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba Request headers Accept-Language en-CA,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Content-Type image/png
GET H3	200	js Show response www.google-analytics.com/gtm/	91 KB 35 KB	66ms 39ms	Script application/javascript	2607:f8b0:4006:80d::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/gtm/js?id=GTM-WZFNBKF&t=gtm4&cid=401394055.1644438747 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:80d::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 1f2628b514afc2ad882bc11034bceecf081670951d55f12a3d6b4e8a856db1c7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35998 x-xss-protection 0 expires Wed, 09 Feb 2022 20:32:26 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/1069926541/	3 KB 2 KB	93ms 46ms	Script text/javascript	2607:f8b0:4006:806::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069926541/?random=1644438746714&cv=9&fst=1644438746714&num=1&label=mRg7CLWa3_sBEI2Rl_4D&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg270&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&tiba=DDoS%20Extortion%20Attack%20Campaign%20Lazarus%20Bear%20Armada%20(LBA)%20%7C%20NETSCOUT&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:806::2002 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f029f7d42662adab6cf40a5a25c4fe3f42e4fcc90bfb471cc9c8b32fa65c2bcf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:26 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1207 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	init Show response n2.mouseflow.com/	0 318 B	103ms 25ms	XHR text/plain	2604:9a00:2100:a04a:1::44 LEASEWEB-USA-WDC
General Check archive.org Show headers Download Go to Full URL https://n2.mouseflow.com/init?v=17.60&p=512bf103-a365-48b3-82ca-9d6e1c407dd0&s=322cb62e6ae5d5e8c74c3c88cc49229e&page=020926211d1dfdedfa9d6810b59a8f994dcb75b6&ret=0&u=6c35093c053200c3a047f2f309c47ccd&href=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&url=%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&ref=&title=DDoS%20Extortion%20Attack%20Campaign%20Lazarus%20Bear%20Armada%20(LBA)%20%7C%20NETSCOUT&res=1600x1200&tz=0&to=0&dnt=0&ori=&dw=1600&dh=1200&time=1077&pxr=1&gdpr=0 Requested by Host: cdn.mouseflow.com URL: https://cdn.mouseflow.com/projects/512bf103-a365-48b3-82ca-9d6e1c407dd0.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2604:9a00:2100:a04a:1::44 , United States, ASN30633 (LEASEWEB-USA-WDC, US), Reverse DNS Software Mouseflow / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.netscout.com/ Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-type text/plain Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:26 GMT server Mouseflow x-recorder rec-14-us content-type text/plain; charset=Windows-1252 access-control-allow-origin https://www.netscout.com cache-control no-cache access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains; preload content-length 0 expires -1
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/161/	11 KB 5 KB	35ms 34ms	Script application/x-javascript	23.10.86.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/161/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.10.86.114 New York, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-10-86-114.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:26 GMT Content-Encoding gzip Last-Modified Wed, 08 Sep 2021 00:38:21 GMT Server AkamaiNetStorage ETag "0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Type application/x-javascript Content-Length 4681 Expires Fri, 20 May 2022 20:32:26 GMT
GET H/1.1	200 OK	formalyze_call_secure.min.js Show response www.netscout.com/js/	210 KB 34 KB	28ms 27ms	Script application/javascript	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL https://www.netscout.com/js/formalyze_call_secure.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash 45ac18a90ddb596418d1c2923721deca2db30de93e334b2deca6fc81908934d8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:26 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 610524 X-Cache HIT Connection keep-alive X-AH-Environment prod Content-Length 34701 X-Request-ID v-e844fb2e-8459-11ec-99c2-9b320cd8c5c9 Last-Modified Fri, 12 Mar 2021 10:49:10 GMT Server nginx Vary Accept-Encoding Content-Type application/javascript Via varnish Expires Thu, 02 Feb 2023 18:57:02 GMT Cache-Control max-age=31536000 Accept-Ranges bytes X-Cache-Hits 83650
GET H2	200	dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-... Show response adservice.google.com/ddm/fls/i/ Frame CC26	555 B 900 B	131ms 83ms	Document text/html	2607:f8b0:4006:806::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/ddm/fls/i/dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020 Requested by Host: 9460942.fls.doubleclick.net URL: https://9460942.fls.doubleclick.net/activityi;dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020? Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:806::2002 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 63df85a2df8e44585a39c9ff3ed58eb40049b6c73a5f87c2225ffe71a0332c9a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://9460942.fls.doubleclick.net/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin date Wed, 09 Feb 2022 20:32:26 GMT expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate content-type text/html; charset=UTF-8 pragma no-cache x-content-type-options nosniff content-encoding gzip server cafe content-length 431 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	204	generate_204 www.youtube-nocookie.com/ Frame B849	0 9 B	22ms 21ms	Image text/plain	2607:f8b0:4006:806::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.youtube-nocookie.com/generate_204?ssasWg Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:806::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/embed/GSj3wrAT5uY User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0
GET H2	200	cast_sender.js Show response www.gstatic.com/cv/js/sender/v1/ Frame B849	4 KB 3 KB	85ms 38ms	Script text/javascript	2607:f8b0:4006:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/cv/js/sender/v1/cast_sender.js Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/base.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80f::2003 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:26 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2007 x-xss-protection 0 last-modified Tue, 16 Feb 2021 23:57:06 GMT server sffe cross-origin-opener-policy same-origin; report-to="cloudview" vary Accept-Encoding report-to {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Wed, 09 Feb 2022 20:32:26 GMT
POST H/1.1	200 OK	visitWebPage 513-uxa-533.mktoresp.com/webevents/	2 B 311 B	119ms 32ms	Ping text/plain	192.28.144.124 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://513-uxa-533.mktoresp.com/webevents/visitWebPage?_mchNc=1644438746901&_mchCn=&_mchId=513-UXA-533&_mchTk=_mch-netscout.com-1644438746901-21807&_mchHo=www.netscout.com&_mchPo=&_mchRu=%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/161/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.28.144.124 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software nginx / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:27 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin * Connection keep-alive X-Request-Id 2ed58274-4b9c-407d-9e7f-da157ee92e68
GET H3	200	s-BiyweUPV0v-yRb-cjciPk_vArhqVIZ0nv9q090hN8.woff2 fonts.gstatic.com/s/droidsans/v8/	21 KB 21 KB	23ms 21ms	Font font/woff2	2607:f8b0:4006:807::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/droidsans/v8/s-BiyweUPV0v-yRb-cjciPk_vArhqVIZ0nv9q090hN8.woff2 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:807::2003 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 197f29a9d43e95d57c1aee32ca7b618daa3d46938c0677bc5a4c3a0b3e188bc0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.netscout.com/ Origin https://www.netscout.com Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Sat, 05 Feb 2022 01:09:50 GMT x-content-type-options nosniff age 415356 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21252 x-xss-protection 0 last-modified Wed, 11 Oct 2017 18:25:12 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Sun, 05 Feb 2023 01:09:50 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	2 B 22 B	34ms 34ms	XHR text/plain	2607:f8b0:4006:80d::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1375781482&t=pageview&_s=1&dl=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&ul=en-us&de=UTF-8&dt=DDoS%20Extortion%20Attack%20Campaign%20Lazarus%20Bear%20Armada%20(LBA)%20%7C%20NETSCOUT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=330639684&gjid=293993056&cid=401394055.1644438747&tid=UA-231177-6&_gid=1890680161.1644438747&_r=1&gtm=2wg270WSK2TN&cd9=401394055.1644438747&cd11=20220209%7C03914526&cd12=20%3A32%3A26&z=1709601982 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:80d::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.netscout.com/ Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:26 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.netscout.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	20ms 19ms	Image image/gif	2607:f8b0:4006:80d::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=1375781482&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&ul=en-us&de=UTF-8&dt=DDoS%20Extortion%20Attack%20Campaign%20Lazarus%20Bear%20Armada%20(LBA)%20%7C%20NETSCOUT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Blog&ea=Page%20View%20%7C%20%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&el=Arbor%20Networks%20-%20DDoS%20Experts%20%7C%20Attacks%20and%20DDoS%20Attacks&ev=0&_u=aGDAAEADQAAAAC~&jid=&gjid=&cid=401394055.1644438747&tid=UA-231177-6&_gid=1890680161.1644438747&gtm=2wg270WSK2TN&cd9=401394055.1644438747&cd11=20220209%7C03914526&cd12=20%3A32%3A26&z=1432158981 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:80d::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Wed, 09 Feb 2022 19:38:39 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 3227 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.com/pagead/1p-user-list/1069926541/	42 B 64 B	74ms 45ms	Image image/gif	2607:f8b0:4006:80e::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/1069926541/?random=1644438746714&cv=9&fst=1644436800000&num=1&label=mRg7CLWa3_sBEI2Rl_4D&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg270&sendb=1&frm=0&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&tiba=DDoS%20Extortion%20Attack%20Campaign%20Lazarus%20Bear%20Armada%20(LBA)%20%7C%20NETSCOUT&async=1&fmt=3&is_vtc=1&cid=CAQSKQCNIrLMHbTFyrubmjfFYSOjuJzR2xgu1jzIkrWWZhMknNuJsvSLldV2&random=2532060863&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:27 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.ca/pagead/1p-user-list/1069926541/	42 B 548 B	95ms 47ms	Image image/gif	2607:f8b0:4006:823::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.ca/pagead/1p-user-list/1069926541/?random=1644438746714&cv=9&fst=1644436800000&num=1&label=mRg7CLWa3_sBEI2Rl_4D&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg270&sendb=1&frm=0&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&tiba=DDoS%20Extortion%20Attack%20Campaign%20Lazarus%20Bear%20Armada%20(LBA)%20%7C%20NETSCOUT&async=1&fmt=3&is_vtc=1&cid=CAQSKQCNIrLMHbTFyrubmjfFYSOjuJzR2xgu1jzIkrWWZhMknNuJsvSLldV2&random=2532060863&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:823::2003 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:27 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	forms2.css app-ab15.marketo.com/js/forms2/css/	13 KB 3 KB	68ms 67ms	Stylesheet text/css	104.16.96.80 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-ab15.marketo.com/js/forms2/css/forms2.css Requested by Host: app-ab15.marketo.com URL: https://app-ab15.marketo.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:27 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT age 2979 content-length 2623 last-modified Wed, 12 Jan 2022 18:47:30 GMT server cloudflare etag "23e05f0-3437-5d567007b9480" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 6dafddf8ab913ff2-YYZ expires Thu, 10 Feb 2022 00:32:27 GMT
GET H2	200	forms2-theme-simple.css app-ab15.marketo.com/js/forms2/css/	826 B 333 B	74ms 73ms	Stylesheet text/css	104.16.96.80 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-ab15.marketo.com/js/forms2/css/forms2-theme-simple.css Requested by Host: app-ab15.marketo.com URL: https://app-ab15.marketo.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:27 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT age 3210 vary Accept-Encoding content-length 242 last-modified Wed, 12 Jan 2022 18:47:30 GMT server cloudflare etag "d403ad-33a-5d567007b9480" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=63113904 content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 6dafddf8ab943ff2-YYZ expires Thu, 10 Feb 2022 00:32:27 GMT
GET H2	200	getKnownLead Show response app-ab15.marketo.com/index.php/form/	48 B 248 B	425ms 424ms	Script application/javascript	104.16.96.80 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-ab15.marketo.com/index.php/form/getKnownLead?form=3308&lpId=&munchkinId=513-UXA-533&filledFields=true&_mkt_trk=id%3A513-UXA-533%26token%3A_mch-netscout.com-1644438746901-21807&callback=jQuery112405575376865832267_1644438746168&_=1644438746170 Requested by Host: app-ab15.marketo.com URL: https://app-ab15.marketo.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 884c6204a7a573859c90dee30957bf0b388ed218751bb4e37266cedd05c2f231 Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:27 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=63113904 content-type application/javascript; charset=utf-8 cf-ray 6dafddf8ab953ff2-YYZ
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 443 B	138ms 52ms	XHR text/plain	2607:f8b0:4023:1407::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-231177-6&cid=401394055.1644438747&jid=330639684&gjid=293993056&_gid=1890680161.1644438747&_u=aGDAAEACQAAAAC~&z=860482659 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4023:1407::9c Columbus, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.netscout.com/ Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Wed, 09 Feb 2022 20:32:27 GMT content-type text/plain access-control-allow-origin https://www.netscout.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/	5 KB 2 KB	80ms 19ms	Script application/x-javascript	2600:141b:13::17d7:82d0 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2600:141b:13::17d7:82d0 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 303 Date Wed, 09 Feb 2022 20:32:27 GMT Content-Encoding gzip Last-Modified Wed, 29 Sep 2021 19:17:49 GMT X-CDN AKAM X-EdgeConnect-MidMile-RTT 1 Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=11434 Connection keep-alive Accept-Ranges bytes Content-Length 2036
GET H2	200	uwt.js Show response static.ads-twitter.com/	14 KB 6 KB	63ms 17ms	Script application/javascript	151.101.208.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.208.157 Newark, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:27 GMT content-encoding gzip last-modified Sat, 05 Feb 2022 00:34:56 GMT etag "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip" vary Accept-Encoding,Host x-tw-cdn FT p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" cache-control no-cache x-cache HIT, HIT accept-ranges bytes content-type application/javascript; charset=utf-8 content-length 5410 x-served-by cache-iad-kcgs7200172-IAD, cache-ewr18171-EWR
GET H2	200	hotjar-1115618.js Show response static.hotjar.com/c/	8 KB 3 KB	72ms 28ms	Script application/javascript	13.225.63.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-1115618.js?sv=7 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.63.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-63-15.ewr53.r.cloudfront.net Software / Resource Hash 41b2c36a225439255ad65ad1bb6b602b9c79cc7affa046a6714742d9d4455608 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:27 GMT content-encoding br x-content-type-options nosniff cache-control max-age=60 age 16 etag W/08a7c907a1737e22fddf8b812ac42858 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=UTF-8 access-control-allow-origin * x-cache-hit 1 cross-origin-resource-policy cross-origin x-amz-cf-pop EWR53-C1 x-amz-cf-id M5floSZjpEC3-vLfO3EcmvaMthhvZGSWVX8C4DBOlZqvrTbJRLgDDw== via 1.1 34d27d5dec8d9c8d04bc61d1e0056be2.cloudfront.net (CloudFront)
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	99 KB 27 KB	61ms 19ms	Script application/x-javascript	2a03:2880:f012:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 26236 x-xss-protection 0 pragma public x-fb-debug r+9MIL8nxQwRCNEMCwK3HdBATBqSwymde5kEizlojyDwz60JMt8S71renXcjfFHdW88c4LwnIX89BN5bDuLEEQ== x-fb-trip-id 1512268381 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Wed, 09 Feb 2022 20:32:27 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	lt.min.js Show response www.netscout.com/js/	17 KB 6 KB	28ms 27ms	Script application/javascript	156.154.241.50 NEUSTAR-AS6
General Check archive.org Show headers Download Go to Full URL https://www.netscout.com/js/lt.min.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 156.154.241.50 , United States, ASN19905 (NEUSTAR-AS6, US), Reverse DNS pr.security.neustar Software nginx / Resource Hash 5df7be00fc6004e7cb398488ad628bbea14bfa2865273c0742913ce148642add Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:27 GMT Content-Encoding gzip X-Content-Type-Options nosniff Age 610524 X-Cache HIT Connection keep-alive X-AH-Environment prod Content-Length 5949 X-Request-ID v-e2e659ca-8459-11ec-bd35-9fbe2c420f7f Last-Modified Fri, 12 Mar 2021 11:12:58 GMT Server nginx Vary Accept-Encoding Content-Type application/javascript Via varnish Expires Thu, 02 Feb 2023 18:57:02 GMT Cache-Control max-age=31536000 Accept-Ranges bytes X-Cache-Hits 82449
GET H/1.1	200	btp Show response pixel-prod.sprinklr.com/	7 KB 8 KB	168ms 25ms	Script text/plain	54.82.120.105 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://pixel-prod.sprinklr.com/btp?clientId=5325 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.82.120.105 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-82-120-105.compute-1.amazonaws.com Software Sprinklr / Resource Hash 8cede350cb533674628a88894cc8d81dd9356233826c1665f57c472105eba2de Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:26 GMT Server Sprinklr Access-Control-Max-Age 3600 Access-Control-Allow-Methods POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin * Cache-control no-cache="set-cookie" Connection keep-alive Access-Control-Allow-Headers X-CSRF-Token, x-requested-with, partnerId, Content-Type, apiKey, Cache-Control Content-Length 7658
GET H2	200	LBmW4bnp8zJET0IHLEdv Show response ws.zoominfo.com/pixel/	0 477 B	173ms 96ms	Script text/javascript	2606:4700::6810:a852 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/LBmW4bnp8zJET0IHLEdv Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:27 GMT via 1.1 google x-content-type-options nosniff cf-cache-status DYNAMIC server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type text/javascript access-control-allow-origin * access-control-allow-credentials true cf-ray 6dafddf96f6f4bd0-YUL access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for content-length 0
GET H/1.1	204 No Content	/ Show response api6132.d41.co/sync/	0 816 B	172ms 30ms	Script text/plain	34.233.224.179 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api6132.d41.co/sync/ Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.233.224.179 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-233-224-179.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Pragma no-cache Date Wed, 09 Feb 2022 20:32:27 GMT Referrer-Policy no-referrer-when-downgrade Expect-CT max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly" X-Frame-Options SAMEORIGIN Connection keep-alive Access-Control-Allow-Origin https://www.netscout.com Cache-Control no-cache, no-store Access-Control-Allow-Credentials true Strict-Transport-Security max-age=31536000; includeSubDomains X-XSS-Protection 1; mode=block
GET H3	200	cast_sender.js Show response www.gstatic.com/eureka/clank/98/ Frame B849	52 KB 15 KB	51ms 23ms	Script text/javascript	2607:f8b0:4006:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/eureka/clank/98/cast_sender.js Requested by Host: www.gstatic.com URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:80f::2003 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3b3043a59925da95728c8d505da11bc06e2c7a502486e1c84fcc9445dee2ab96 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.youtube-nocookie.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 15:36:51 GMT content-encoding gzip x-content-type-options nosniff age 17736 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15480 x-xss-protection 0 last-modified Mon, 29 Nov 2021 16:03:53 GMT server sffe vary Accept-Encoding report-to {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]} content-type text/javascript cache-control public, max-age=86400 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="cloudview-release" expires Thu, 10 Feb 2022 15:36:51 GMT
GET H2	200	dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-... Show response adservice.google.ca/ddm/fls/i/ Frame 4015	194 B 870 B	140ms 82ms	Document text/html	2607:f8b0:4006:80e::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.ca/ddm/fls/i/dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020 Requested by Host: adservice.google.com URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKCr4dq78_UCFYIFwwodmN8Pog;src=9460942;type=sitewide;cat=glbswide;ord=118088640030;gtm=2wg270;auiddc=1815551589.1644438746;~oref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://adservice.google.com/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin date Wed, 09 Feb 2022 20:32:27 GMT expires Wed, 09 Feb 2022 20:32:27 GMT cache-control private, max-age=0 content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip server cafe content-length 177 x-xss-protection 0 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
POST H3	200	GenerateIT Show response jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame B849	98 B 141 B	44ms 40ms	XHR application/json+protobuf	2607:f8b0:4006:809::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/s/player/326d75a6/player_ias.vflset/en_US/base.js Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:809::200a Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 753e8e712194da8b5081214db6bb2ac852ee6b87a7a5e336728bf3a170f88aa2 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers X-User-Agent grpc-web-javascript/0.1 Referer https://www.youtube-nocookie.com/ X-Goog-Api-Key AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type application/json+protobuf Response headers date Wed, 09 Feb 2022 20:32:27 GMT content-encoding gzip x-content-type-options nosniff alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" server ESF x-frame-options SAMEORIGIN content-type application/json+protobuf; charset=UTF-8 access-control-allow-origin https://www.youtube-nocookie.com access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private vary Origin, X-Origin, Referer content-length 118 x-xss-protection 0
OPTIONS H3	200	GenerateIT jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame	0 0	37ms 36ms	Preflight text/html	2607:f8b0:4006:809::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:809::200a Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Method POST Access-Control-Request-Headers content-type,x-goog-api-key,x-user-agent Origin https://www.youtube-nocookie.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Sec-Fetch-Mode cors Response headers access-control-allow-origin https://www.youtube-nocookie.com vary origin referer x-origin access-control-allow-methods DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT access-control-allow-headers content-type,x-goog-api-key,x-user-agent access-control-max-age 3600 date Wed, 09 Feb 2022 20:32:27 GMT content-type text/html server ESF content-length 0 x-xss-protection 0 x-frame-options SAMEORIGIN x-content-type-options nosniff alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	adsct Show response analytics.twitter.com/i/	31 B 459 B	126ms 43ms	Script application/javascript	104.244.42.195 TWITTER
General Check archive.org Show headers Download Go to Full URL https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nuknd&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=a817f287-147b-4165-9f72-eb056bc3f646&tw_document_href=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&tpx_cb=twttr.conversion.loadPixels Requested by Host: static.ads-twitter.com URL: https://static.ads-twitter.com/uwt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.195 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_b / Resource Hash df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-response-time 6 date Wed, 09 Feb 2022 20:32:26 GMT content-encoding gzip server tsa_b strict-transport-security max-age=631138519 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" cache-control no-cache, no-store, max-age=0 x-connection-hash 728434c6c8f90cd24fcfc9c6ace8aa2aa586dd6b92f7d7c45fb9a7687fc2e876 content-type application/javascript;charset=utf-8 content-length 57
GET H2	200	adsct t.co/i/	43 B 336 B	126ms 46ms	Image image/gif	104.244.42.5 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nuknd&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=a817f287-147b-4165-9f72-eb056bc3f646&tw_document_href=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.5 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_b / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-response-time 10 date Wed, 09 Feb 2022 20:32:26 GMT server tsa_b strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash 0f341fa72d719cc4a8111b30d0dd15761f5898c502c0ff37f129d8467ffece79 content-length 43
GET H2	200	modules.acfce7141cd3503e3221.js Show response script.hotjar.com/	235 KB 62 KB	60ms 19ms	Script application/javascript	52.85.61.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.acfce7141cd3503e3221.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-1115618.js?sv=7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.85.61.27 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-85-61-27.ewr53.r.cloudfront.net Software / Resource Hash 6568a8a9578cfdd55945b329b1ac8901849f56d9867b6aff7c01102b117cf9aa Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Mon, 07 Feb 2022 11:27:07 GMT content-encoding br x-content-type-options nosniff age 205520 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 62580 access-control-allow-origin * last-modified Mon, 07 Feb 2022 11:26:47 GMT etag "bf840f14bd6880d7ed369487d067cc3a" vary Accept-Encoding content-type application/javascript via 1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront) cache-control max-age=31536000 x-amz-cf-pop EWR53-P1 accept-ranges bytes x-robots-tag none x-amz-cf-id Rfi8u9aU_YJ6YEzRYDYfsVb06NbRN5eIE66s2EgtxdpgtYBUnNqx5w==
GET H2	200	/ p.adsymptotic.com/d/px/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&time=1644438747115&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020 https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&time=1644438747115&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&cookiesTest... https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27243%26time%3D1644438747115%26url%3Dhttps%253A%252F%252Fwww.netscout.com%252Fblo... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&time=1644438747115&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&cookiesTest... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27243&time=1644438747115&url=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&cookiesTes... https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6416e44b-6918-44db-85ad-1306a85ea6a0 https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6416e44b-6918-44db-85ad-1306a85ea6a0&_expected_cookie=609ac217dc07b387e8f1d383...	43 B 142 B	51ms 50ms	Image image/gif	104.18.99.194 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6416e44b-6918-44db-85ad-1306a85ea6a0&_expected_cookie=609ac217dc07b387e8f1d383607947f9 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Server 104.18.99.194 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:28 GMT cf-cache-status DYNAMIC server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" cf-ray 6dafddffe96a5401-YYZ p3p CP='NON DSP COR CONi OUR BUS CNT' content-type image/gif content-length 43 Redirect headers location https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6416e44b-6918-44db-85ad-1306a85ea6a0&_expected_cookie=609ac217dc07b387e8f1d383607947f9 date Wed, 09 Feb 2022 20:32:28 GMT cf-cache-status DYNAMIC server cloudflare cf-ray 6dafddff78895401-YYZ content-length 0 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	46ms 44ms	Image image/gif	2607:f8b0:4006:80e::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-231177-6&cid=401394055.1644438747&jid=330639684&_u=aGDAAEACQAAAAC~&z=1980383401 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:27 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.ca/ads/	42 B 63 B	71ms 43ms	Image image/gif	2607:f8b0:4006:823::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-231177-6&cid=401394055.1644438747&jid=330639684&_u=aGDAAEACQAAAAC~&z=1980383401 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:823::2003 Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:27 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	box-acca23410e696f2ca3087d947271c3d0.html Show response vars.hotjar.com/ Frame 119A	2 KB 1 KB	57ms 17ms	Document text/html	143.204.150.62 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-1115618.js?sv=7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.150.62 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-150-62.ewr52.r.cloudfront.net Software / Resource Hash e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ Response headers content-type text/html content-length 1044 date Fri, 04 Feb 2022 08:52:06 GMT accept-ranges bytes cache-control max-age=31536000 content-encoding br cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin etag "6f65fac4e8efe167ff5132c0c54c5729" last-modified Fri, 04 Feb 2022 08:51:39 GMT x-robots-tag none vary Accept-Encoding x-cache Hit from cloudfront via 1.1 6f21edc64d8594b28f80c9ab159bcddc.cloudfront.net (CloudFront) x-amz-cf-pop EWR52-C2 x-amz-cf-id QUZZ0uEz1ZIWvdr_T4i9CIFatbvSIhJPSMKpWXIKHUhvvGgM4EB3cA== age 474021
GET H/1.1	200 OK	dnb_coretag_v5.min.js Show response cdn-0.d41.co/tags/	74 KB 75 KB	32ms 20ms	Script application/javascript	13.225.230.88 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-0.d41.co/tags/dnb_coretag_v5.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSK2TN Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 13.225.230.88 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-230-88.jfk51.r.cloudfront.net Software AmazonS3 / Resource Hash 6cc0b251ec54fdd5cd55d98cbe7a7af00bd34f9cfd71fd01ca08c83121c89720 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:29:17 GMT Via 1.1 d77f2f1d7dfcddde244aedf1c9ed7a8e.cloudfront.net (CloudFront) Last-Modified Thu, 18 Nov 2021 14:57:39 GMT Server AmazonS3 Age 191 ETag "13bc1e6c74c25b3098a3b54b58b70b3c" X-Cache Hit from cloudfront Content-Type application/javascript Connection keep-alive X-Amz-Cf-Pop JFK51-C1 Accept-Ranges bytes Content-Length 76038 X-Amz-Cf-Id Cz2Wv6PvS-kbW9RE6XolxicadHr_M-lQFvLeTsl1qcxEp7ToZMpqiw==
GET H2	403	tracking tracking.leadlander.com/api/	0 0	95ms 23ms	Image text/html	34.197.253.42 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://tracking.leadlander.com/api/tracking?accountId=29078&page=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&referer=&fp=a8d84d13681aa3ad4d1a51bc4a8c5495 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.197.253.42 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-197-253-42.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers
GET H3	200	223055731396892 Show response connect.facebook.net/signals/config/	307 KB 87 KB	39ms 19ms	Script application/x-javascript	2a03:2880:f012:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/223055731396892?v=2.9.52&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 079b99a13a24588793536c855bf2e65d674067ee1876e5019575c2f89bc8bf66 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 89114 x-xss-protection 0 pragma public x-fb-debug nFaEy1aewU2rqYkvpgohOwpAv6Ims2gHKUt/SEicaDo3caUdIX51GIRkArENbCvXyo0EVIHZBHZs5r864D1osw== x-frame-options DENY date Wed, 09 Feb 2022 20:32:27 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200	btp pixel-prod.sprinklr.com/	7 KB 7 KB	25ms 25ms	Image text/plain	54.82.120.105 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://pixel-prod.sprinklr.com/btp?brandId=8379C02E9FAD4FD36A2562A3F57190978B7B890B4A0B1BD047C90A682461456D&action=PageView&location=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.82.120.105 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-82-120-105.compute-1.amazonaws.com Software Sprinklr / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 20:32:27 GMT Server Sprinklr Access-Control-Max-Age 3600 Access-Control-Allow-Methods POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin * Connection keep-alive Access-Control-Allow-Headers X-CSRF-Token, x-requested-with, partnerId, Content-Type, apiKey, Cache-Control Content-Length 7658
GET H/1.1	200 OK	api Show response api6132.d41.co/	1 KB 2 KB	38ms 38ms	Fetch application/json	34.233.224.179 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api6132.d41.co/api?req=api6132&form=json Requested by Host: cdn-0.d41.co URL: https://cdn-0.d41.co/tags/dnb_coretag_v5.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.233.224.179 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-233-224-179.compute-1.amazonaws.com Software / Resource Hash 7552e76848221cd879f41e87e94574d3b279bac6dc73b3f1dcc3760cf176904e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Pragma no-cache Date Wed, 09 Feb 2022 20:32:27 GMT Referrer-Policy no-referrer-when-downgrade Expect-CT max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly" X-Frame-Options SAMEORIGIN Connection keep-alive Content-Type application/json Access-Control-Allow-Origin https://www.netscout.com Cache-control no-store Access-Control-Allow-Credentials true Strict-Transport-Security max-age=31536000; includeSubDomains Content-Length 1478 X-XSS-Protection 1; mode=block
POST H2	200	visit-data Show response in.hotjar.com/api/v2/client/sites/1115618/	146 B 323 B	294ms 99ms	XHR application/json	52.48.200.82 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://in.hotjar.com/api/v2/client/sites/1115618/visit-data?sv=7 Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.acfce7141cd3503e3221.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.48.200.82 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-48-200-82.eu-west-1.compute.amazonaws.com Software / Resource Hash bd50219667293fd4ee2c24ca0ab2140a609854fc6b1facb507cbf1d5d1a5effd Request headers Referer https://www.netscout.com/ Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type text/plain; charset=UTF-8 Response headers date Wed, 09 Feb 2022 20:32:27 GMT content-encoding br vary Accept-Encoding content-type application/json access-control-allow-origin * access-control-max-age 86400 cache-control no-cache, no-store access-control-allow-credentials true
GET H2	204	1115618 Show response vc.hotjar.io/sessions/	0 257 B	150ms 82ms	XHR text/plain	13.225.230.14 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vc.hotjar.io/sessions/1115618?s=0.25&r=0.0629321946091228 Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.acfce7141cd3503e3221.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.230.14 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-230-14.jfk51.r.cloudfront.net Software Python/3.7 aiohttp/3.5.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:27 GMT via 1.1 74636a0d3b110dc164c7801b27cac3b2.cloudfront.net (CloudFront) server Python/3.7 aiohttp/3.5.4 x-amz-cf-pop JFK51-C1 x-cache Miss from cloudfront access-control-allow-origin * cache-control no-store x-amz-cf-id g9emDj3rVOLt7ZHOXXTVLGfArZ7RytfuJE_Nue6lToOODMjhljB7Bg==
GET H3	200	collect www.google-analytics.com/	35 B 55 B	19ms 19ms	Image image/gif	2607:f8b0:4006:80d::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=1375781482&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&ul=en-us&de=UTF-8&dt=DDoS%20Extortion%20Attack%20Campaign%20Lazarus%20Bear%20Armada%20(LBA)%20%7C%20NETSCOUT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VI_Complete&ea=undefined&el=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&_u=aGDAAEADQAAAAC~&jid=&gjid=&cid=401394055.1644438747&tid=UA-231177-6&_gid=1890680161.1644438747&gtm=2wg270WSK2TN&cd9=401394055.1644438747&cd11=20220209%7C03914526&cd12=20%3A32%3A27&cd5=202897810&cd8=Telecommunications%20Resellers&cd10=Large&cd14=&cd15=468361600&cd16=&cd17=100000&cd18=Alorica%20Customer%20Care%20Ltd&cd19=1&cd20=&z=1748902606 Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:80d::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Wed, 09 Feb 2022 19:38:39 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 3228 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 407 B	55ms 18ms	Image image/gif	2a03:2880:f112:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=223055731396892&ev=PageView&dl=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&rl=&if=false&ts=1644438747369&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&fbp=fb.1.1644438747368.1048123623&it=1644438747270&coo=false&rqm=GET Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:27 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 44 expires Wed, 09 Feb 2022 20:32:27 GMT
POST H2	200	html Show response n2.mouseflow.com/	0 318 B	221ms 78ms	XHR text/plain	2604:9a00:2100:a04a:1::44 LEASEWEB-USA-WDC
General Check archive.org Show headers Download Go to Full URL https://n2.mouseflow.com/html?website=512bf103-a365-48b3-82ca-9d6e1c407dd0&session=322cb62e6ae5d5e8c74c3c88cc49229e&page=020926211d1dfdedfa9d6810b59a8f994dcb75b6&gz=1 Requested by Host: cdn.mouseflow.com URL: https://cdn.mouseflow.com/projects/512bf103-a365-48b3-82ca-9d6e1c407dd0.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2604:9a00:2100:a04a:1::44 , United States, ASN30633 (LEASEWEB-USA-WDC, US), Reverse DNS Software Mouseflow / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.netscout.com/ Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-type text/plain Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:27 GMT server Mouseflow x-recorder rec-03-us content-type text/plain; charset=Windows-1252 access-control-allow-origin https://www.netscout.com cache-control no-cache access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains; preload content-length 0 expires -1
GET H2	200	XDFrame Show response app-ab15.marketo.com/index.php/form/ Frame 98EB	2 KB 864 B	269ms 268ms	Document text/html	104.16.96.80 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-ab15.marketo.com/index.php/form/XDFrame Requested by Host: app-ab15.marketo.com URL: https://app-ab15.marketo.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1eb2e9d6fa6eb867733f41587c9f264806f067c62b1f9ec658077dc26a0b906b Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ Response headers date Wed, 09 Feb 2022 20:32:27 GMT content-type text/html; charset=utf-8 content-length 653 cache-control max-age=3600 strict-transport-security max-age=63113904 x-content-type-options nosniff vary Accept-Encoding content-encoding gzip cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 6dafddfd6cf83ff2-YYZ
POST H3	200	/ Show response www.facebook.com/tr/ Frame 92FB	0 18 B	39ms 18ms	Document text/plain	2a03:2880:f112:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 Origin https://www.netscout.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ Response headers content-type text/plain access-control-allow-origin https://www.netscout.com access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin content-length 0 server proxygen-bolt alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 priority u=0 date Wed, 09 Feb 2022 20:32:27 GMT
GET H2	200	forms2.min.js Show response app-ab15.marketo.com/js/forms2/js/ Frame 98EB	205 KB 68 KB	75ms 74ms	Script application/x-javascript	104.16.96.80 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-ab15.marketo.com/js/forms2/js/forms2.min.js Requested by Host: app-ab15.marketo.com URL: https://app-ab15.marketo.com/index.php/form/XDFrame Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2689a0237a95cfd8135f8da3ac79c430e903f3c542f8b862f68141c84c348c43 Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://app-ab15.marketo.com/index.php/form/XDFrame User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Wed, 09 Feb 2022 20:32:28 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Wed, 12 Jan 2022 18:47:30 GMT server cloudflare age 1310 etag "23600d9-33210-5d567007b9480" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=63113904 content-type application/x-javascript; charset=utf-8 cache-control public, max-age=14400 cf-ray 6dafddff291e3ff2-YYZ vary Accept-Encoding expires Thu, 10 Feb 2022 00:32:28 GMT
GET H2	200	nr-1215.min.js Show response js-agent.newrelic.com/	36 KB 14 KB	83ms 34ms	Script application/javascript	151.101.130.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-1215.min.js Requested by Host: www.netscout.com URL: https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 18395fd1ef75de4f03f701f5a5020563aed55e1539b3200605053f2c924211bb Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-amz-version-id mrZZlI3m.d3cabi4HqLBBkr4pQ2c77UF content-encoding gzip etag "615035bb6557b191e767e19087efabaf" x-amz-request-id CR73YSP0N20HT0PN x-cache HIT cross-origin-resource-policy cross-origin content-length 13666 x-amz-id-2 NoWBwQTkKh67aBB4iTYIly42rNEwyiVE5qw3jwmo6VA6Sg0OGdWUYY+6hsRACVKmocvUwKdWqMs= x-served-by cache-yul12831-YUL last-modified Mon, 24 Jan 2022 22:13:53 GMT server AmazonS3 x-timer S1644438748.260628,VS0,VE0 date Wed, 09 Feb 2022 20:32:28 GMT vary Accept-Encoding content-type application/javascript via 1.1 varnish cache-control public, max-age=7200, stale-if-error=604800 accept-ranges bytes x-cache-hits 909
GET H2	200	adsct Show response analytics.twitter.com/i/	31 B 116 B	44ms 44ms	Script application/javascript	104.244.42.195 TWITTER
General Check archive.org Show headers Download Go to Full URL https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nuknd&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=f8444b96-f7eb-4559-b8de-a27e57e9db1e&tw_document_href=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&tpx_cb=twttr.conversion.loadPixels Requested by Host: static.ads-twitter.com URL: https://static.ads-twitter.com/uwt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.195 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_b / Resource Hash df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-response-time 7 date Wed, 09 Feb 2022 20:32:27 GMT content-encoding gzip server tsa_b strict-transport-security max-age=631138519 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" cache-control no-cache, no-store, max-age=0 x-connection-hash 728434c6c8f90cd24fcfc9c6ace8aa2aa586dd6b92f7d7c45fb9a7687fc2e876 content-type application/javascript;charset=utf-8 content-length 57
GET H2	200	adsct t.co/i/	43 B 100 B	44ms 44ms	Image image/gif	104.244.42.5 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nuknd&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=f8444b96-f7eb-4559-b8de-a27e57e9db1e&tw_document_href=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.5 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_b / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers x-response-time 7 date Wed, 09 Feb 2022 20:32:27 GMT server tsa_b strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash 0f341fa72d719cc4a8111b30d0dd15761f5898c502c0ff37f129d8467ffece79 content-length 43
GET H2	200	init Show response ff.d41.co/v1/	46 B 825 B	304ms 83ms	Fetch application/json	104.77.178.156 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ff.d41.co/v1/init?req=vff6132 Requested by Host: cdn-0.d41.co URL: https://cdn-0.d41.co/tags/ff-3.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.77.178.156 Edison, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a104-77-178-156.deploy.static.akamaitechnologies.com Software / Resource Hash f454405a41322604bb266cbca4c5a59c287ffb342be339d014a783b5c4240092 Security Headers Name Value Strict-Transport-Security max-age=15768000 ; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:28 GMT referrer-policy no-referrer-when-downgrade expect-ct max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly" x-frame-options SAMEORIGIN content-type application/json;charset=UTF-8 access-control-allow-origin * x-xss-protection 1 cache-control no-cache, no-store, max-age=0 strict-transport-security max-age=15768000 ; includeSubDomains content-length 46 x-content-type-options nosniff expires 0
GET H3	200	collect www.google-analytics.com/	35 B 55 B	20ms 19ms	Image image/gif	2607:f8b0:4006:80d::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=1375781482&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&ul=en-us&de=UTF-8&dt=DDoS%20Extortion%20Attack%20Campaign%20Lazarus%20Bear%20Armada%20(LBA)%20%7C%20NETSCOUT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Client%20ID&ea=401394055.1644438747&el=%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&_u=aHDAAEADQAAAAC~&jid=&gjid=&cid=401394055.1644438747&tid=UA-231177-6&_gid=1890680161.1644438747&gtm=2wg270WSK2TN&cd9=401394055.1644438747&cd11=20220209%7C03914526&cd12=20%3A32%3A28&z=1647853369 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:80d::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers pragma no-cache date Wed, 09 Feb 2022 19:38:39 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 3229 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response match.adsrvr.org/track/upb/ Frame 98EB Redirect Chain https://insight.adsrvr.org/track/up?adv=uiox7en&ref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&upid=25dk7ip&upv=1.1.0 https://match.adsrvr.org/track/upb/?adv=uiox7en&ref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&upid=25dk7ip&upv=1.1.0	882 B 1 KB	26ms 25ms	Document text/html	35.71.131.137 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://match.adsrvr.org/track/upb/?adv=uiox7en&ref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&upid=25dk7ip&upv=1.1.0 Requested by Host: js.adsrvr.org URL: https://js.adsrvr.org/up_loader.1.1.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.71.131.137 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software / Resource Hash 3bbcb9c7bb6dfb585a5cb2fc3821f1bf89e6352f23001c45ca75636882871da7 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ Response headers date Wed, 09 Feb 2022 20:32:28 GMT content-type text/html; charset=utf-8 cache-control private,no-cache, must-revalidate pragma no-cache x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" Redirect headers date Wed, 09 Feb 2022 20:32:28 GMT content-type text/html; charset=utf-8 location https://match.adsrvr.org/track/upb/?adv=uiox7en&ref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&upid=25dk7ip&upv=1.1.0 cache-control private,no-cache, must-revalidate pragma no-cache x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET H/1.1	200 OK	1a459162e1 Show response bam.nr-data.net/1/	57 B 322 B	110ms 27ms	Script text/javascript	162.247.242.32 NEWRELIC-AS-1
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/1a459162e1?a=56253397&v=1215.1253ab8&to=MQRXY0dXChdRVUILVghOdFRBXwsKH3JEF0kHDWlZWlIBOHNZWBZLCQ1ZUkdqKgtUU2ALXBEiWllBRAsIXFNETwcQCFBA&rst=3444&ck=1&ref=https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020&ap=484&be=884&fe=3352&dc=1446&perf=%7B%22timing%22:%7B%22of%22:1644438744831,%22n%22:0,%22f%22:283,%22dn%22:283,%22dne%22:283,%22c%22:283,%22ce%22:283,%22rq%22:284,%22rp%22:808,%22rpe%22:826,%22dl%22:813,%22di%22:1437,%22ds%22:1445,%22de%22:1485,%22dc%22:3350,%22l%22:3351,%22le%22:3358%7D,%22navigation%22:%7B%7D%7D&fp=975&fcp=975&at=HUNUFQ9NGRk%3D&jsonp=NREUM.setToken Requested by Host: js-agent.newrelic.com URL: https://js-agent.newrelic.com/nr-1215.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 162.247.242.32 , United States, ASN23467 (NEWRELIC-AS-1, US), Reverse DNS service.newrelic.co.nz Software / Resource Hash f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23 Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Cross-Origin-Resource-Policy cross-origin Content-Type text/javascript;charset=iso-8859-1 Content-Length 57 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	universal_pixel.1.1.0.js Show response js.adsrvr.org/ Frame 98EB	487 B 964 B	18ms 17ms	Script application/x-javascript	13.225.226.150 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.adsrvr.org/universal_pixel.1.1.0.js Requested by Host: match.adsrvr.org URL: https://match.adsrvr.org/track/upb/?adv=uiox7en&ref=https%3A%2F%2Fwww.netscout.com%2Fblog%2Fasert%2Flazarus-bear-armada-ddos-extortion-campaign-december-2020&upid=25dk7ip&upv=1.1.0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 13.225.226.150 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-226-150.jfk51.r.cloudfront.net Software AmazonS3 / Resource Hash f6d7e9dafd1ec463ecd0c6b20f170400dd15afe81c71dea50771550df2f83ffc Request headers Accept-Language en-CA,en;q=0.9 Referer https://match.adsrvr.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Wed, 09 Feb 2022 08:51:01 GMT Via 1.1 f141d4a0b9a72779a9dd3a57c2c25f52.cloudfront.net (CloudFront) Last-Modified Thu, 24 Sep 2020 15:15:32 GMT Server AmazonS3 Age 42088 ETag "f0a7a3296da7382ce6bc1a3b6769e927" X-Cache Hit from cloudfront Content-Type application/x-javascript Connection keep-alive X-Amz-Cf-Pop JFK51-C1 Accept-Ranges bytes Content-Length 487 X-Amz-Cf-Id -0KSGj23GhNmLvW8nPKGaI7i2kUg-3PjxXqkBLj5NPJahmaEmRpldA==
GET H2	200	google Show response match.adsrvr.org/track/cmf/ Frame 4331 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=MDE1MjI2NGYtMjNhZi00NGVkLThlY2EtZTBlNzA5NDEyMzZk&gdpr=0&gdpr_consent=&ttd_tdid=0152264f-23af-44ed-8eca-e0e70... https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d&google_gid=CAESEOEqyhyRakaK3u1t56Hk5EI&google_cver=1	70 B 589 B	25ms 24ms	Document image/gif	35.71.131.137 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d&google_gid=CAESEOEqyhyRakaK3u1t56Hk5EI&google_cver=1 Requested by Host: js.adsrvr.org URL: https://js.adsrvr.org/universal_pixel.1.1.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.71.131.137 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://match.adsrvr.org/ Response headers date Wed, 09 Feb 2022 20:32:28 GMT content-type image/gif content-length 70 cache-control private,no-cache, must-revalidate pragma no-cache x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" Redirect headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d&google_gid=CAESEOEqyhyRakaK3u1t56Hk5EI&google_cver=1 date Wed, 09 Feb 2022 20:32:28 GMT pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 server HTTP server (unknown) content-length 386 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	204	sync ups.analytics.yahoo.com/ups/55953/ Frame 364E Redirect Chain https://ups.analytics.yahoo.com/ups/55953/sync?uid=0152264f-23af-44ed-8eca-e0e70941236d&_origin=1&gdpr=0&gdpr_consent= https://ups.analytics.yahoo.com/ups/55953/sync?uid=0152264f-23af-44ed-8eca-e0e70941236d&_origin=1&gdpr=0&gdpr_consent=&verify=true	0 0	29ms 28ms	Document text/plain	3.218.90.66 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://ups.analytics.yahoo.com/ups/55953/sync?uid=0152264f-23af-44ed-8eca-e0e70941236d&_origin=1&gdpr=0&gdpr_consent=&verify=true Requested by Host: js.adsrvr.org URL: https://js.adsrvr.org/universal_pixel.1.1.0.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 3.218.90.66 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-218-90-66.compute-1.amazonaws.com Software ATS/9.1.0.33 / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://match.adsrvr.org/ Response headers date Wed, 09 Feb 2022 20:32:28 GMT strict-transport-security max-age=31536000 p3p CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV age 0 server ATS/9.1.0.33 Redirect headers date Wed, 09 Feb 2022 20:32:28 GMT content-length 0 strict-transport-security max-age=31536000 p3p CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV location https://ups.analytics.yahoo.com/ups/55953/sync?uid=0152264f-23af-44ed-8eca-e0e70941236d&_origin=1&gdpr=0&gdpr_consent=&verify=true age 0 server ATS/9.1.0.33
GET H2	200	appnexus Show response match.adsrvr.org/track/cmf/ Frame 920D Redirect Chain https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D0152264f-23af-44ed-8eca-e0e70941236d https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=3786660870947406893&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d	70 B 590 B	25ms 25ms	Document image/gif	35.71.131.137 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=3786660870947406893&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d Requested by Host: js.adsrvr.org URL: https://js.adsrvr.org/universal_pixel.1.1.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.71.131.137 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language en-CA,en;q=0.9 Referer https://match.adsrvr.org/ Response headers date Wed, 09 Feb 2022 20:32:28 GMT content-type image/gif content-length 70 cache-control private,no-cache, must-revalidate pragma no-cache x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" Redirect headers Server nginx/1.17.9 Date Wed, 09 Feb 2022 20:32:28 GMT Content-Type text/html; charset=utf-8 Content-Length 0 Connection keep-alive Cache-Control no-store, no-cache, private Pragma no-cache Expires Sat, 15 Nov 2008 16:00:00 GMT P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" X-XSS-Protection 0 Access-Control-Allow-Credentials true Access-Control-Allow-Origin * Location https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=3786660870947406893&ttd_tdid=0152264f-23af-44ed-8eca-e0e70941236d AN-X-Request-Uuid 4e39bffc-dee5-474a-aea0-4763f1fc87bd X-Proxy-Origin 149.56.153.184; 149.56.153.184; 637.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
GET H/1.1	204 No Content	/ vff6132.d41.co/sync/	0 0	141ms 43ms	Fetch	54.81.37.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://vff6132.d41.co/sync/ Requested by Host: cdn-0.d41.co URL: https://cdn-0.d41.co/tags/ff-3.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.81.37.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-81-37-132.compute-1.amazonaws.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Pragma no-cache Date Wed, 09 Feb 2022 20:32:28 GMT Referrer-Policy no-referrer-when-downgrade Expect-CT max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly" X-Frame-Options SAMEORIGIN Connection keep-alive Access-Control-Allow-Origin https://www.netscout.com Cache-Control no-cache, no-store Access-Control-Allow-Credentials true Strict-Transport-Security max-age=31536000; includeSubDomains X-XSS-Protection 1; mode=block
POST H3	200	log_event Show response www.youtube-nocookie.com/youtubei/v1/ Frame B849	28 B 50 B	38ms 38ms	XHR application/json	2607:f8b0:4006:806::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube-nocookie.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 Requested by Host: www.youtube-nocookie.com URL: https://www.youtube-nocookie.com/s/player/326d75a6/www-embed-player.vflset/www-embed-player.js Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:806::200e Queens, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type application/json X-YouTube-Utc-Offset 0 X-YouTube-Client-Name 56 Referer https://www.youtube-nocookie.com/embed/GSj3wrAT5uY X-YouTube-Client-Version 1.20220206.00.00 X-YouTube-Time-Zone Etc/Unknown X-Goog-Visitor-Id CgtNc2g0R3ZNdWg5YyjZyZCQBg%3D%3D X-YouTube-Ad-Signals dt=1644438746358&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image Response headers date Wed, 09 Feb 2022 20:32:28 GMT content-encoding br x-content-type-options nosniff server ESF x-frame-options SAMEORIGIN vary Origin, X-Origin, Referer content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31 x-xss-protection 0
GET H/1.1	200 OK	api Show response vff6132.d41.co/	1 KB 2 KB	105ms 35ms	Fetch application/json	54.81.37.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://vff6132.d41.co/api?req=vff6132&form=json Requested by Host: cdn-0.d41.co URL: https://cdn-0.d41.co/tags/dnb_coretag_v5.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.81.37.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-81-37-132.compute-1.amazonaws.com Software / Resource Hash 7552e76848221cd879f41e87e94574d3b279bac6dc73b3f1dcc3760cf176904e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language en-CA,en;q=0.9 Referer https://www.netscout.com/blog/asert/lazarus-bear-armada-ddos-extortion-campaign-december-2020 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Pragma no-cache Date Wed, 09 Feb 2022 20:32:28 GMT Referrer-Policy no-referrer-when-downgrade Expect-CT max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly" X-Frame-Options SAMEORIGIN Connection keep-alive Content-Type application/json Access-Control-Allow-Origin https://www.netscout.com Cache-control no-store Access-Control-Allow-Credentials true Strict-Transport-Security max-age=31536000; includeSubDomains Content-Length 1478 X-XSS-Protection 1; mode=block
POST H2	200	dom Show response n2.mouseflow.com/	0 317 B	25ms 25ms	XHR text/plain	2604:9a00:2100:a04a:1::44 LEASEWEB-USA-WDC
General Check archive.org Show headers Download Go to Full URL https://n2.mouseflow.com/dom?gz=1 Requested by Host: cdn.mouseflow.com URL: https://cdn.mouseflow.com/projects/512bf103-a365-48b3-82ca-9d6e1c407dd0.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2604:9a00:2100:a04a:1::44 , United States, ASN30633 (LEASEWEB-USA-WDC, US), Reverse DNS Software Mouseflow / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.netscout.com/ Accept-Language en-CA,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-type text/plain Response headers pragma no-cache date Wed, 09 Feb 2022 20:32:29 GMT server Mouseflow x-recorder rec-05-us content-type text/plain; charset=Windows-1252 access-control-allow-origin https://www.netscout.com cache-control no-cache access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains; preload content-length 0 expires -1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

s7.addthis.com

URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html