www.it-connect.fr Open in urlscan Pro
2606:4700:3032::6815:b7e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Submission: On June 08 via api (June 8th 2022, 6:31:08 am UTC) from US — Scanned from IT

Summary HTTP 82 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 11 domains to perform 82 HTTP transactions. The main IP is 2606:4700:3032::6815:b7e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.it-connect.fr. The Cisco Umbrella rank of the primary domain is 598926.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 8th 2022. Valid for: a year.

This is the only time www.it-connect.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
44	2606:4700:303... 2606:4700:3032::6815:b7e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	52.222.209.55 52.222.209.55	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
3	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:231... 2600:9000:2315:8600:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
7	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1 1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
5	18.190.65.130 18.190.65.130	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2006	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
82	15

44 2606:4700:3032::6815:b7e (United States)

ASN13335 (CLOUDFLARENET, US)

www.it-connect.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.222.209.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-209-55.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gvl.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:8600:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.190.65.130 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-190-65-130.us-east-2.compute.amazonaws.com

capi-tier-1-us-east-2.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	it-connect.fr www.it-connect.fr — Cisco Umbrella Rank: 598926	503 KB
13	connatix.com 1 redirects capi.connatix.com — Cisco Umbrella Rank: 3465 cd.connatix.com — Cisco Umbrella Rank: 3085 cds.connatix.com — Cisco Umbrella Rank: 3207 capi-tier-1-us-east-2.connatix.com — Cisco Umbrella Rank: 3823 img.connatix.com — Cisco Umbrella Rank: 3790	457 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 42 imasdk.googleapis.com — Cisco Umbrella Rank: 381	744 KB
5	ezodn.com go.ezodn.com — Cisco Umbrella Rank: 7419 ezodn.com — Cisco Umbrella Rank: 7213 g.ezodn.com — Cisco Umbrella Rank: 53811 gvl.ezodn.com — Cisco Umbrella Rank: 69750	265 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 280	41 KB
4	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 173	180 KB
3	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90	38 KB
2	gstatic.com fonts.gstatic.com	89 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 242	17 KB
1	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1452	12 KB
1	ezoic.net go.ezoic.net — Cisco Umbrella Rank: 8711	2 KB
82	11

	Domain	Requested by
44	www.it-connect.fr	www.it-connect.fr
5	capi-tier-1-us-east-2.connatix.com	cd.connatix.com
4	imasdk.googleapis.com	cd.connatix.com imasdk.googleapis.com
4	cds.connatix.com	www.it-connect.fr cd.connatix.com
4	c.amazon-adsystem.com	www.it-connect.fr c.amazon-adsystem.com
4	securepubads.g.doubleclick.net	www.it-connect.fr securepubads.g.doubleclick.net cd.connatix.com
3	pagead2.googlesyndication.com	srcdoc
2	gvl.ezodn.com	g.ezodn.com
2	capi.connatix.com	www.it-connect.fr cd.connatix.com
2	fonts.gstatic.com	fonts.googleapis.com
1	s0.2mdn.net	imasdk.googleapis.com
1	img.connatix.com
1	cdn.id5-sync.com	www.it-connect.fr
1	g.ezodn.com	www.it-connect.fr
1	cd.connatix.com	1 redirects
1	go.ezoic.net	www.it-connect.fr
1	ezodn.com	www.it-connect.fr
1	fonts.googleapis.com	www.it-connect.fr
1	go.ezodn.com	www.it-connect.fr
82	19

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.instagram.com
www.youtube.com
www.linkedin.com
www.bleepingcomputer.com
www.twitter.com
plus.google.com
linkedin.com
akismet.com
www.ezoic.com
blogmotion.fr
www.deliberata.com
www.tech2tech.fr
www.generateur-motsdepasse.fr

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-02-08` - `2023-02-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
*.ezoic.net Amazon	`2022-01-16` - `2023-02-14`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2021-08-20` - `2022-09-21`	a year	crt.sh
cdn.id5-sync.com R3	`2022-04-13` - `2022-07-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Frame ID: CAB76214A1198F7C0CF5798842728845
Requests: 73 HTTP requests in this frame

Frame: https://cds.connatix.com/p/165409/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Frame ID: 2199B281999EA9FCC45A6F864D33BB35
Requests: 10 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Frame ID: 599683BCAC364BDADDBDB1F215D8B636
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Frame ID: A9D2C42DEA61B3F3D4C5B6EEC807FA5E
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Frame ID: CCC300D3F58D413A03F7346744732DF0
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html
Frame ID: 840CB628C6AE655FF5E7F0BFD261138B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 379AC895D361338B4C981706F3C4A2B5
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 358601355FDFFBFA23C1F57BC5662F3E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 8F594783705E24C9F6446763929DA481
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Le ransomware Black Basta cible les serveurs VMware ESXi

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

82
Requests

99 %
HTTPS

60 %
IPv6

11
Domains

19
Subdomains

15
IPs

3
Countries

2347 kB
Transfer

7244 kB
Size

17
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/it.connect.fr/

Search URL Search Domain Scan URL

URL: https://twitter.com/ITConnect_fr

Search URL Search Domain Scan URL

URL: https://www.instagram.com/it_connect.fr/?hl=fr

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCIJTq0nGrgkGMy1xJL_YppQ

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/it-connect-fr

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/linux-version-of-black-basta-ransomware-targets-vmware-esxi-servers/
Title: Source

Search URL Search Domain Scan URL

URL: https://www.twitter.com/share?text=@ITConnect_fr%20-%20Une%20version%20sp%C3%A9cifique%20du%20ransomware%20Black%20Basta%20cible%20les%20serveurs%20VMware%20ESXi&url=https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Title: <img class="class_rs_share" alt="Partager sur Twitter" src="https://www.it-connect.fr/wp-content-itc/themes/itc-2017-child/images/flat_twitter.png"/>

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/&t=Une%20version%20sp%C3%A9cifique%20du%20ransomware%20Black%20Basta%20cible%20les%20serveurs%20VMware%20ESXi
Title: <img class="class_rs_share" alt="Partager sur Facebook" src="https://www.it-connect.fr/wp-content-itc/themes/itc-2017-child/images/flat_facebook.png" />

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/&title=Une%20version%20sp%C3%A9cifique%20du%20ransomware%20Black%20Basta%20cible%20les%20serveurs%20VMware%20ESXi
Title: <img class="class_rs_share" alt="Partager sur Linkedin" src="https://www.it-connect.fr/wp-content-itc/themes/itc-2017-child/images/flat_linkedin.png" />

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Title: <img class="class_rs_share" alt="Partager sur Google+" src="https://www.it-connect.fr/wp-content-itc/themes/itc-2017-child/images/flat_google.png" />

Search URL Search Domain Scan URL

URL: https://twitter.com/florianburnel

Search URL Search Domain Scan URL

URL: https://linkedin.com/in/florian-burnel-268b52b1/

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: En savoir plus sur comment les données de vos commentaires sont utilisées

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/It-connectFr/?sub_confirmation=1
Title: <img class="aligncenter size-full wp-image-27891" src="https://www.it-connect.fr/wp-content-itc/uploads/2022/05/it-connect-ban-youtube-mai-2022.jpg" alt="" width="300" height="300" />

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

URL: http://blogmotion.fr/
Title: Blogmotion

Search URL Search Domain Scan URL

URL: https://www.deliberata.com/
Title: Délibérata

Search URL Search Domain Scan URL

URL: https://www.tech2tech.fr/
Title: Tech2tech

Search URL Search Domain Scan URL

URL: https://www.generateur-motsdepasse.fr/
Title: Générateur de mots de passe

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882 HTTP 302
https://cds.connatix.com/p/165409/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882

82 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/ 315 KB
68 KB 470ms
359ms Document
text/html 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

526eebcbc4ab937c55c173d52cbd48ba9bdcc21f9fb0eb2ad04d1f089eea8532

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 717f950cbcfb3746-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 08 Jun 2022 06:31:02 GMT
display: pub_site_sol
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Tue, 07 Jun 2022 06:31:02 GMT
last-modified: Wed, 08 Jun 2022 06:02:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pagespeed: off
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Va4216daCfiaM58Ar2qBCmbhJRh8JKzbaEvr6NihKwH3y7NHOACqpYzBRRW0ojxWjfot76jWYX3kQKASMssR3R2BGOYc38CdPid5gLSMUl1WvS%2FueIIGCDqTiX3jJ4HitD83j0E2jL30cyJU5ooN1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
response: 200
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-ezoic-cdn: Hit ds;mm;c100398f7203f2cc57589f30f739d5e7;2-122228-182;470bf33f-4253-441f-4056-c13ae1eaaf49
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-origin-cache-control
x-sol: pub_site
x-xss-protection: 1; mode=block

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
28 KB 139ms
54ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

05f1ce194bd1286a0de68cf2368ea4f87af97fa45c190af78d98071d20294dc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28119
x-xss-protection: 0
server: sffe
etag: "1238 / 190 of 1000 / last-modified: 1654639515"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 08 Jun 2022 06:31:02 GMT

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 360 KB
107 KB 194ms
135ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=adtelligent,amx,appnexus,criteo,ix,medianet,oftmedia,onemobile,onetag,pubmatic,rubicon,sovrn&cb=195-0-39
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4223e659318e9228a0a4c3f61fe0dab3ba65cd6494585445c4faca5af778edda

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 08 Jun 2022 06:31:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2L26zj56%2FDbCiqgl9KqOnjDgGvq7bX6SFoJ22bIykJO0JZnZC1CKH6vQU80dOH388wQpyNisZ17kssCtAXmpvy6rcZRtNNXII8a2BpKKE5SbBO%2Bz7HdHCgY5N3oPWD2BLupHxbeerrmxsbI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 717f950f5a13f927-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
37 KB 119ms
43ms Script
application/javascript 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1eabadac42cf734244db7ffc1ccbe12580ef8574ca267ca2f106439d9eb6169e

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 08 Jun 2022 05:43:16 GMT
via: 1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront), 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
last-modified: Tue, 24 May 2022 19:53:03 GMT
server: AmazonS3
age: 2867
etag: W/"cc07895b7b7c30a55c948b849ccd5e56"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA56-P3
content-encoding: gzip
x-amz-cf-id: -XF0gZBkdjX6NjlxlQfaWD-eeOPRvgQTioiSnTeHZWrkEgHRZoDM_g==

GET
H3 200 banger.js Show response
www.it-connect.fr/porpoiseant/ 54 KB
14 KB 56ms
55ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.it-connect.fr/porpoiseant/banger.js?cb=195-0&bv=119&v=58&PageSpeed=off
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da615b904f3735e5b9ffdb1e0ad9a71a8aa1508a02d123559606f65deabc957a

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2326
cf-polished: origSize=55365
cf-ray: 717f950fe8833748-MXP
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 08 Jun 2022 05:52:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYcKUCj%2BKct9zgITafYMd1hiFDYzl0Ij%2F3xE9yjMMh%2FzyPc2V8I4ChjvvodbFzfhkUq88zv2%2BtzkLz1IZ2CRCJOE9nrHF4w%2BUIA91TR7eHmWtrCsS4jRK0CWLpwM3%2B%2BTH8%2Fjh40adHToTq3VLqnxYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex
cf-bgj: minify

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 118ms
44ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT%20Sans%3Aregular%7COpen%20Sans%3A600%2Cregular&subset=latin&display=swap

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

152a96c0af3f7901e6989a8d79fd7ade70d137d3ea52989373328f7fadcd9bdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 08 Jun 2022 06:31:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 08 Jun 2022 06:31:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 08 Jun 2022 06:31:02 GMT

GET
H2 200 63094a3caf8d750b07fe012d7e039c7a.css
www.it-connect.fr/wp-content-itc/cache/min/1/ 416 KB
60 KB 60ms
59ms Stylesheet
text/css 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/cache/min/1/63094a3caf8d750b07fe012d7e039c7a.css

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfe9aeabaf65723ea86bc24fd97631118b14eaa78571a19113079e42ef52ab7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-sol: orig
age: 5382
cf-polished: origSize=426951
x-ezoic-cdn: Hit ds;mm;11cdec541e0cf48fd0969d2f40033d5e;2-122228-182;5bb327fb-1d1c-41a8-41d7-8e8f00b915cb
x-middleton-display: staticcontent_sol, orig_site_sol
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Tue, 07 Jun 2022 06:49:44 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hG6%2BK9%2BERXE0WBTFeTNy%2BbK1gK3W2lxKL75HcLVwiFa4j31uXG0GMThiTLZMeFRhqDdODKBRjtSk68X%2BgHXA6%2Bw0KCmBH7nbxfwPVQYadeC0fPj0dTkJq3AWa1zz8encQftWiHql%2BKKkXTvdh%2BEphA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
x-middleton-response: 200
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f19533746-MXP
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H2 200 jquery.min.js Show response
www.it-connect.fr/wp-includes/js/jquery/ 87 KB
32 KB 53ms
53ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-includes/js/jquery/jquery.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;a21e8af6c9914aede8256fde5177707a;2-122228-182;42cdacfc-4cef-41b4-7169-86dba29ef499
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvQtBowGVsz4LQ3QEpV1F%2B%2FCXntazqJpXWgtCakAWgb7Pa1mAkGR8UCGkaO8z0Kf%2FrF1byzyolMNfdETfKyL2gIBkONa3aCFF2AU%2Byjfpl7HTEFQwtDt7AFfow4UlDlHnHIatE4Wf1oOBwPybJy31g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f19593746-MXP
display: staticcontent_sol

GET
H2 200 jquery-migrate.min.js Show response
www.it-connect.fr/wp-includes/js/jquery/ 11 KB
5 KB 42ms
41ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;6bee99da5901276db684854499e2d594;2-122228-182;6f4fbe1c-eca3-45fe-7154-fc42ac88d029
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qSJsV29WtVxNow28u5MsrOWr%2FvaNQ9WdIbs9IbBQoTNGYyhFEx%2FtUCY7j6JGYdo3v0gTTHkJfRuEQoh%2FSEnsvIgD%2F6Mg7dXzuqd4z4lLNj9j74K0M5VsUeAjdWRdRDZaj6PL8CvKpAeTZZiGnE82Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f19643746-MXP
display: staticcontent_sol

GET
H2 200 modernizr.custom.js Show response
www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/team-showcase/js/ 8 KB
4 KB 34ms
32ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/team-showcase/js/modernizr.custom.js?ver=1654584583

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43dd485cc6f431e29509cd9cbd4c6f2f5679540d1085a141950b28580a923576

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;01a89b2637936e0f5025361a322a99d3;2-122228-182;ec72c42c-5291-495c-51a9-68cae192bba9
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Tue, 07 Jun 2022 06:49:43 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eQZZ348x11okqP7sUfsbZ%2FOOSTXN7vGPfRqTB8MrZt52tdccWSXrQRuGDORinrrHfOLimVPqyz8XbMW1pRSUe0HVBMy%2FLYglxDRDT0h9vETrrTgDowcmCyzsBjccf7iW7%2BaAvZ2b3qYT80lcLcrNfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f19673746-MXP
display: staticcontent_sol
cf-bgj: minify

GET
H2 200 classie.js Show response
www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/team-showcase/js/ 1 KB
1 KB 49ms
46ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/team-showcase/js/classie.js?ver=1654584583

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4211e85ad3c3b1c03fe7f0df87ffa3fe450ce9727cb9b41d8431e3a78ae61f72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
cf-polished: origSize=1289
x-ezoic-cdn: Hit ds;mm;f18ffc332f564c3b53ba5eaa1d7a9fbe;2-122228-182;5801b608-fa2f-4a1b-4aeb-6593f3c7d12c
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Tue, 07 Jun 2022 06:49:43 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FvE71CvOfJIg%2BYuhc%2FYgmPOjwBb7%2BrHGr7HygXN7PSihA4TFDnzFJhjG2pG0MYOgEfdwqw3pGeGCmyUs5fv82Vd8Dyo4p6qtaAdX2knrXluNa4fNKnLaLivRY2vHasd3FfhQAqjuznPqCARkffYGMA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f296c3746-MXP
display: staticcontent_sol
cf-bgj: minify

GET
H2 200 featherlight.js Show response
www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/team-showcase/js/ 11 KB
4 KB 34ms
31ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/team-showcase/js/featherlight.js?ver=1654584583

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a954e96cf3a62139343b22c24dbf5e4130a8ba205b10925fbc2173b25dae155d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
cf-polished: origSize=11061
x-ezoic-cdn: Hit ds;mm;27fb07f2072a46be530bfc3f6547f71c;2-122228-182;ea354ab9-a189-46d5-41cb-7808b455d221
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Tue, 07 Jun 2022 06:49:43 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ef3E28j1f%2BeCwO595P%2FlGS7b%2FrASEYch1qs9ad4SN0VWzownR08jli7nFI9TZqVO30G7pG6CwkTJVnI5xcyjFNIS%2Ba3sI0vw%2Bn8hMxMXR0r896X1dqm4Udu5e5pkKEtwoprfsQ1QJIBnXv5in8qrGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f29713746-MXP
display: staticcontent_sol
cf-bgj: minify

GET
H2 200 main.js Show response
www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/team-showcase/js/ 346 B
589 B 34ms
31ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/team-showcase/js/main.js?ver=1654584583

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96f06523557072629b280422c02ac3e8a6d294f003097b7b4e2065db351265c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;ffa3e3b4a33c0b10dedd6147ee641749;2-122228-182;fad47b6b-2f77-4077-5eb6-64746be566ea
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Tue, 07 Jun 2022 06:49:43 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2Fg9nMuuP2Uv%2FJDvoEA7FfEmzkWcuz0QnE2bgO%2F8EgWjyeRqRaEkZA5ZUcF2wLffOyxxvAezOCnIpq%2Fd%2BnEljSMCvQ4xr5pnQb5j3o3ZQrq8M6U7Hhbo7JITkUFJe9dv9MoxyEavNzwzl7ONP4lasg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f29743746-MXP
display: staticcontent_sol
cf-bgj: minify

GET
H2 200 yt-script.js Show response
www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/wp-youtube-video-optimizer/assets/js/ 530 B
616 B 54ms
51ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/wp-youtube-video-optimizer/assets/js/yt-script.js?ver=1654584583

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

881045667abfb1b6a107ada05687ea7ff6b447dd1643c9cb95392cc15e176671

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;2279588aa058a95c50e398b95965abcd;2-122228-182;10a88951-cc3b-482f-539e-e2a9dda3cc7e
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Tue, 07 Jun 2022 06:49:43 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2s0416Lu5FDXXf8HSjiQFIMZmtsqWn7l21WI2ijWd3awkF1oWu1GJJuzzlO62ai%2B%2B99eX870yC%2F6EQYb2GPTmsLvC2oBMtjJHQP75TRe2x3eUO3A2plivT8%2FkOYhTJPd2OrCozYVAnP3ZTsMVywL7A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f29783746-MXP
display: staticcontent_sol
cf-bgj: minify

GET
H2 200 consentsettings.js Show response
ezodn.com/detroitchicago/ 1 KB
1 KB 120ms
60ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezodn.com/detroitchicago/consentsettings.js?cb=2
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 383472db86bc19b822592340828e1a9d680ece8e6a5114eb4744351081fdea3c

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9529134
cf-ray: 717f950f8b1c59ad-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 17 Feb 2022 06:09:22 GMT
server: cloudflare
etag: W/"5be-5d8309b817027;5d8309b816089-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toVR%2BOTDDzZSOMasPT%2BK%2B%2FzybZ2H6QqcFhY%2BeOOgsTYybBf3r99H3W3IiKtiInw0tiWgCycuGJPvCI7OUYQM8mWoL1eF1QZ1pdybcgy4pvS5o4VSA6vYMDCkhEGf12I0tWyILOXrQV8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex

GET
H2 200 email-decode.min.js Show response
www.it-connect.fr/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 29ms
25ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 01 Jun 2022 16:41:14 GMT
server: cloudflare
etag: W/"629796aa-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2TxXj4nGkeNivP1pfgCkifuPQVtPEguE0d5s3nzLOq1xRlvCWdrryA8dN3wU05O4FNUmlAMnUbgbNWGG5CcYL4efw1cKRQeDKpUdWGw%2BDTZnXFMRV9RWyIoIGaXawZUlIJ8Jvjx%2F2iif9XqtVHy28g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 717f950f297b3746-MXP
vary: Accept-Encoding
expires: Fri, 10 Jun 2022 06:31:02 GMT

GET
H2 200 learndash.js Show response
www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/sfwd-lms/themes/ld30/assets/js/ 23 KB
5 KB 39ms
35ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/cache/min/1/wp-content-itc/plugins/sfwd-lms/themes/ld30/assets/js/learndash.js?ver=1654584583

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50b384860a6051756172628f31d2975cf709ace9e1f61f14b7c9f8b34fe2acfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
cf-polished: origSize=23623
x-ezoic-cdn: Hit ds;mm;b34531b8a882d00763a583717831f939;2-122228-182;a4842dda-c057-4155-630d-40eb71a24a94
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Tue, 07 Jun 2022 06:49:43 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2Bi0jdEYvBXV%2BLQfz%2F9GtlKkO01iPh6ccoXDAvoyKP9%2BZNwDzq7iR3VmLSbBONe5Euvp44h7Df3VhYH%2FbN11rT%2Bka%2F6Xyu%2FjBkfcVsKjpZ5nat3Yob2SyVSm6iBnLz%2FRrT205IQecaS1w1QGv4tzYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f297e3746-MXP
display: staticcontent_sol
cf-bgj: minify

GET
H2 200 front.min.js Show response
www.it-connect.fr/wp-content-itc/plugins/table-of-contents-plus/ 6 KB
3 KB 63ms
60ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/plugins/table-of-contents-plus/front.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b179562b883c1257aabbad3a5641f965dd7331faa31fe06382a5d8c62d5ee19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;1779320db12af060f66c8e6ca2028dcd;2-122228-182;b9ffa77e-0e15-46a0-7d44-0366b25ca6f2
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7N6FQLnSTCS%2F8E0DQHDBj4%2FsdMx1vuLtdyidoBGcpkW8Mz36Pxx7kJSjI62JpWuillsZhoAR%2B%2FHB%2BLd6pgUl87R1A14Z4UYAysPMK1PK2dp9Y%2BgRcmZEcHCYA54Wg2ClX5SvVXKYV3iEVB24jlkduw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39ba3746-MXP
display: staticcontent_sol

GET
H2 200 comment-reply.min.js Show response
www.it-connect.fr/wp-includes/js/ 3 KB
2 KB 52ms
49ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-includes/js/comment-reply.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;c78bd0873b1e7488822a6051f675ff59;2-122228-182;b4ee526f-890f-47bb-61c1-210ec05cf1ad
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s5gj1Tu%2BdPbBjhOJwqju4bvc2bv%2Bmmu3NIFzlLF0ZuGF8ZnFMAvD08wAI%2Bxagmph646DcW%2BvbWmpgawYLW1%2B9TO8rzGFKirFt3Y3RD3I8Eb028UwxfIKFWQWpTQehBqnnNrWQB31vPjKoPO8XCJ4jw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39be3746-MXP
display: staticcontent_sol

GET
H2 200 jquery.sticky.min.js Show response
www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/sticky/ 4 KB
2 KB 54ms
50ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/sticky/jquery.sticky.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38998f65da495cfca899ffda18a8c92c661c1aad9ce7bd8f48d490928a51e9c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;8382cf0c08da0d4a5891e738cf5e705f;2-122228-182;6d730b9e-66db-4fc5-54c5-fb1a9d6ef2ce
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tWcZLSUFNXLSsP%2FkAyuq7W8k8dU0LeIIAEFRLnLvfcUQGCwjevmbypj5PQUMa%2BmQMmdfySxtZrBzNLf6%2B0XdqZmJa5Qe41iq8wgywnQaV6FD5MZy1wQRxldOxvkJrZJmY9d0yLak89keUQpAkPHa9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39c13746-MXP
display: staticcontent_sol

GET
H2 200 navigation.min.js Show response
www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/ 2 KB
1001 B 50ms
46ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/navigation.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

139b297a94d58eff93b2c02e14bf85958141f13a79f0d9adff90155cf39ebf33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;17610a3074fb6c27681678b9d61f5abf;2-122228-182;4d0189d6-e34e-46f4-649e-d17be4e45528
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ln%2FEqrvKFYUzGB%2FGHD1ahMvdwpnkgmEZzDZkZ4I6KQ1%2FwsYOvFePjkMTo0OE3khGyBfkKdhM5zbHLSrHBKuTQs0MnUxt6zdBV%2BGW0MNwrR%2BoS1hQ80OrxOn3g6WuxKk6ni3e9SAm1bnJO952zdY2%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39c23746-MXP
display: staticcontent_sol

GET
H2 200 jquery.fitvids.min.js Show response
www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/fitvids/ 2 KB
1 KB 65ms
61ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/fitvids/jquery.fitvids.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fedf6af2935e1c30de75cc8f879ca86bd81dff8accd1c943c8a94440013115fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;25b4d41d48f891c0e8d0dce5cbc4545a;2-122228-182;acfe40d4-849e-429b-767e-9ed08a7bd4c2
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hFbYDmtWCcuiQXiAufB%2Ff5s5uFWFhP1lmpRyLtOX5ugO8F1h8z0vZUT6%2Bt%2BjpsdhIMbPgeO15mzo5w0jg0hkUtD0QMb%2FmZSbY3N0%2B2viIAEh4KQwgP7cNTpxVrmX3fLFTx5JS9VGT%2FnIOPjJ%2BvTIAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39c73746-MXP
display: staticcontent_sol

GET
H2 200 theia-sticky-sidebar.min.js Show response
www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/theia-sticky-sidebar/ 5 KB
2 KB 64ms
60ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/theia-sticky-sidebar/theia-sticky-sidebar.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28d75ac09bd2c2bab17d3e1f4a566007b245c85c53476d3f4ff6a5b074a297f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;7a64f4c87a04e34dcc4ff316e8506796;2-122228-182;1c7c6749-c346-4449-676a-64d5f14c1b6f
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FnEIpp006sxO9vSOtHhg%2BwjANHeZm0COJTiNI%2BOOa3qqzWOzlQvLdjYehAbRgqitLSk3fxCVcQzuE%2FAFrzFyAUI615YjmFZ5Mq54P9Zgxym8P3q1Me42Dn4%2F650b6GJQB9t49YvRArPO8KtTEUkxzA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39c83746-MXP
display: staticcontent_sol

GET
H2 200 ResizeSensor.min.js Show response
www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/theia-sticky-sidebar/ 2 KB
1 KB 63ms
59ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/theia-sticky-sidebar/ResizeSensor.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b29fff2ee0a036c1e074032677bd43b908c25d449579476d0dba0b5615fa9db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;b20f1e498a045c0c2114ad64e185c414;2-122228-182;d62973d6-2a3d-4b40-5b13-2a9081f9157e
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IelzFRmPm5S5oTn0Tr18pfYibEqaGk646yxJayKO69vaUhtEkcCfLNXGKHAx%2Bd6o9AUZn00pvp%2FAmAuJSr5O0GGtM8vk1HadnEMh1Iy6cTP3nzQcX2PzZJnLa3jeFKahg1gxJXyGsSalF3jZ06Bd8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39ca3746-MXP
display: staticcontent_sol

GET
H2 200 prognroll.min.js Show response
www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/prognroll/ 958 B
781 B 65ms
62ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/prognroll/prognroll.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99942fcc001f84db6b0669e8c6616437f4999e394c1b586b0566636a6bafc2a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;02f19fdddeeb2c43bf9a9395f69adcdf;2-122228-182;d9090270-b90f-408c-5452-3a02d4b1c040
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FSPXXofwnf5AzSO%2Fp4RvQvXfCUF7u%2Bhw544e2OsH2GX4neSveeV%2BgexNgEda%2FZIFHc5ZEHjZJrvZ43RiA10KMO8Sx2LJg61lxz5jO3oWkcZy8JqzfsVQSt3rsEH9eCZLekjCDos4HA%2FuxCLuZ4UzyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39cc3746-MXP
display: staticcontent_sol

GET
H2 200 skip-link-focus-fix.min.js Show response
www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/ 327 B
692 B 50ms
47ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/skip-link-focus-fix.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8c2b783dfb2a8ae80f75f9b271024777ef513e93fe8b220c0df95ed8fe3a4a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;94a06d41a24f48872af37780b167a2f0;2-122228-182;e06795f3-a3c9-49a8-4531-40e170812b0b
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oPdPwQH39E236xc2hi8vKHSGGqdQBfzZRC701oIz1MRY9L9ccANw%2FRt7Dwb3AWyjI8I4KfjogNi3lJUCc7GIXojqtdFdb0lo%2FPlk4sw9CeGLzRB6twOGZ4fOKVFaOyigZuS%2B6E44FjSRHk0v5pjI2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39cd3746-MXP
display: staticcontent_sol

GET
H2 200 colormag-custom.min.js Show response
www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/ 11 KB
4 KB 61ms
58ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/colormag-custom.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04c4fab94d703e081bae8e5ced41806f79c40010f48ee5dd8a3d533a4d1769d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;821b411a0e6279dcd8a51509814bc393;2-122228-182;ad772f84-006a-458d-76ca-04a31c84f933
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjBvtzPiuRj5c5M8grfDYqolfBOhNypv%2F6ubzOxuStI2PeLVSEPNKW3EWnIjeKP95v7WZMxz7H2L5XFtqH5mmPHd0B11GasRnmCIsCHFi8eqAZs3CiDffKpXsPJ3R2h9Evd6FAPbnn%2BEHPFHbbfDlg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39ce3746-MXP
display: staticcontent_sol

GET
H2 200 loadmore.min.js Show response
www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/ 1 KB
1 KB 52ms
49ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/loadmore.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6482ad3a544871923de537272e1e863dc1e1fbdf060c17e0b3edf0fd6af67a67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;da6e82a9213b313d6e8345e612591e74;2-122228-182;337f739c-ad59-4463-6b93-8940616bf33d
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=enbUwetitUCfQaIF96%2F4b6vNkUIj8BWHxs7VMyaG3ueL5ubcRq0rUIN4g4mPxRPQD8%2Fsefv9MPsW4e3QIP2zuNDcX61nDys9vkX%2FGSmT7rxDMM3S%2FuMiCxxS4kkA1l6bgwnhSlecCH%2B1z7LK0YjMpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39d03746-MXP
display: staticcontent_sol

GET
H2 200 infinite-scroll.min.js Show response
www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/ 2 KB
1 KB 63ms
61ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/js/infinite-scroll.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e4cac672a558644f4394f65304bc0a5c50be17d517be8bb6afbebb8c38468b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;3bf4d5717a94d14f0437c37574e9d1ad;2-122228-182;25dd9685-883a-4790-4b08-ffb2dd8c53bc
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CaDe1obU99GXfOieQrmCTxXXll6xnIoAjRTcKg%2F0x2ApptSrQXME%2FmooWLk7wwd0Cwo7WGG%2BmgdxR406lkRODVHGQI%2BPCfEpzJnEVavEcxmsLao7TIVlcLU7YUok0%2BqRqd3EinJqzXJILQFkgnblYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39d23746-MXP
display: staticcontent_sol

GET
H2 200 jquery.fancybox.min.js Show response
www.it-connect.fr/wp-content-itc/plugins/easy-fancybox/js/ 19 KB
7 KB 65ms
63ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/plugins/easy-fancybox/js/jquery.fancybox.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

948f0c154ad97428bc1d1dee456f2e20ec4e0e302b0d3189e08a4573cb63cdb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;7cbdb95dc7379cf7ad361fd377cb92d9;2-122228-182;59d55f0d-e768-402b-5e63-2749e2ce0768
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T2hS%2Fa8DzJXo1jZchk3BoOM8hQbagwxJ4mRNWU%2FVKsVkefLWFFe5H7pLmVjqYNIUsuL%2BtuIuex6hNUoyf3tOzEC4NN7u%2BMx0CV9ZmouSmPUDLVGg8upucrHsncRrGWcE5JmU%2BBk7LM0qoGsAA8Dytw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39d43746-MXP
display: staticcontent_sol

GET
H2 200 jquery.easing.min.js Show response
www.it-connect.fr/wp-content-itc/plugins/easy-fancybox/js/ 2 KB
1 KB 53ms
51ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/plugins/easy-fancybox/js/jquery.easing.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ec98adf593ebcc01bec60b1f494dacd47522abfef9038a714101d83f45e165d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;ebd1dbd360ee47df8a5633d97bab8d71;2-122228-182;7533c22c-d00f-44a9-683b-a38d87aabc78
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tAN6SxBYv%2BK%2ByH4wBz0W9Uo9Yz4vuJQoNv2WrQKCLOXXLN1e8wARKt1crRYPobixAaEvVy10X9VlAIIptJMrUFoPlUA4tRoBHggOq64xxSxMjVsUX8A4QxljGv6RdXccBKxZaXoIisihIAIu7Szq5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39d73746-MXP
display: staticcontent_sol

GET
H2 200 jquery.mousewheel.min.js Show response
www.it-connect.fr/wp-content-itc/plugins/easy-fancybox/js/ 3 KB
2 KB 62ms
60ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/plugins/easy-fancybox/js/jquery.mousewheel.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd9bfe5f04d4e393463f42b4f503763c36693306dffef16d481e0c071b61ae64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;a2fffea2d1a79ded040c2e1a2383d464;2-122228-182;2391b3de-9b15-4019-7eb8-fa9e25b31d27
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KaWg8W1KxToQZXdafPY1ZQdtZoZg7y3g%2F8Y0myhu8dmHBATyYGfls3gOb8RIYZG72k4vfCuC6KjYQEEYCNTuKNFbpTC42NwWNFx5uRJYcfjSgiYNLl6cbNXJz71MeXj8cTgBOrE3iyDjAMUySnXYsg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39d93746-MXP
display: staticcontent_sol

GET
H2 200 jquery.modal.min.js Show response
www.it-connect.fr/wp-content-itc/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/ 5 KB
2 KB 52ms
50ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/jquery.modal.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

970d08b0edc4bfc0925495d8b11564f3c2fd368f745f7b3510a7fced11848894

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;0cc4d2696f7b3c0bc56ef22845dd2323;2-122228-182;fe26dd6e-83af-4c4f-6c07-6f3381feb1c0
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9T04BiyWsUfbdRuXEQbDHSUXhjUDxwyfNXLWQufbyfOIQ3fkyNj88RPv9gCtht6m3Xcp7Gwrt3%2Fwkur3Cj7ZuDYa10m5%2BDBXk2v7N1rBYKtoCOq3C0wjyJuSewV15whwObY%2FrO%2FCMD0foAdom6W5cw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950f39db3746-MXP
display: staticcontent_sol

GET
H3 200 lazyload.min.js Show response
www.it-connect.fr/wp-content-itc/plugins/wp-rocket/assets/js/lazyload/17.5/ 8 KB
4 KB 57ms
56ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;37015e7abd87257566d297977368bd6e;2-122228-182;720359b8-f9f9-42d6-47cf-8c610933124f
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=teyai20%2FhwuZ2UDGcmiJcataaOe1KaA8F5u70wCOqNrbr51dYXaN7vYrVZCFQ2GxbcutdUDi%2BjwpfJHiK3zmnoZBtLvdMdO%2FAMAK9NXDhIBZV3Ujo2WJsGY6YPZ89xxOydTZ5FTjX5zrzFY4q8lgkg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=7200
cf-ray: 717f950fe88c3748-MXP
display: staticcontent_sol

GET
H3 200 ezcl.webp Show response
www.it-connect.fr/utilcave_com/inc/ 1 KB
2 KB 102ms
102ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.it-connect.fr/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: middleton
server: cloudflare
display: staticcontent_sol
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0f9HiemtPqeZ%2FpmiOFDu7iDO6XucJsw4U99wOM1Vsx0HPUtahY2MyV0YuzlGEAsaim%2FgXjr2nzWw%2BF%2FrtnyHGqVeqH1Bd7jnjEl1%2FVpxp4G1%2BdEAOZtaLGCQE1%2BAlbkd5ZRRpdaKWi0Wg0uK45TQlA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 717f950fe88f3748-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 cmbv2.js Show response
www.it-connect.fr/detroitchicago/ 45 KB
13 KB 103ms
102ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.it-connect.fr/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y21-3y2d-4y36-23&cmbcb=84&sj=x04x02x06x07x0bx0dx13x17x21x2dx36
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 326482d14b399f406e999f459846ad1eaba137a693fbe341059fa3049e9b5bc0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 08 Jun 2022 06:31:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ZNYTwPbBFgpolRUS5fao9dpXV%2FPcTHyEDdnxWY40e1aTE%2FVaXu8z1txPkA13cTDwTUpev6RckktUq04CFSTF6QYwzHZVnWCZfxNECAtOJ7T3nNMRLWOZyjGy1GK7aq6NZGxNUrs0TFzY4ZzOZrJxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 717f950fe8943748-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-robots-tag: noindex

GET
H2 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v17/ 44 KB
44 KB 181ms
99ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT%20Sans%3Aregular%7COpen%20Sans%3A600%2Cregular&subset=latin&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.it-connect.fr
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 19:26:35 GMT
x-content-type-options: nosniff
age: 558267
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45300
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jun 2023 19:26:35 GMT

GET
H3 200 fontawesome-webfont.woff2
www.it-connect.fr/wp-content-itc/themes/colormag-pro/fontawesome/fonts/ 75 KB
76 KB 72ms
72ms Font
font/woff2 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.it-connect.fr/wp-content-itc/themes/colormag-pro/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/wp-content-itc/cache/min/1/63094a3caf8d750b07fe012d7e039c7a.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.it-connect.fr/wp-content-itc/cache/min/1/63094a3caf8d750b07fe012d7e039c7a.css
Origin: https://www.it-connect.fr
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5382
x-ezoic-cdn: Hit ds;mm;7ad4eae3cc1184726de03d561c407f3b;2-122228-182;1a61a877-954c-410b-65e3-64ebc19e290a
x-middleton-display: staticcontent_sol
access-control-max-age: 1728000
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://www.it-connect.fr
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2FKcP9yvLvd42E7G5g8WS9JCuHxhAc3yzYQhoJgUTXRkW%2FQ5YFhxZFms3swqFIxyGFpu7rbsQXWFAU%2FbY%2BAs%2F%2FIDdatZhHu72Vj4LfLDlk6bGTAxSOdOLc%2F48BOM8LysQubTg3bbtlLvE9JZHByuog%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 717f950fe8a63748-MXP
display: staticcontent_sol

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45a0bc7a7b447e270e5fd28b03782e8d66c33f87971948db9002cfa9ead9b818

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v29/ 44 KB
44 KB 104ms
42ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT%20Sans%3Aregular%7COpen%20Sans%3A600%2Cregular&subset=latin&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.it-connect.fr
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 23:32:09 GMT
x-content-type-options: nosniff
age: 111533
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Jun 2023 23:32:09 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 03f939b4957901a568409c9eabca6e8004c5c3814e72f5d643609ccb171282b6

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 pubads_impl_2022060201.js Show response
securepubads.g.doubleclick.net/gpt/ 365 KB
124 KB 130ms
42ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022060201.js?cb=31067910

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

3fef2bb487a75c68deb09f1bb519592f7688129de30f665c72d577df95c102a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 19:54:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38206
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126885
x-xss-protection: 0
last-modified: Thu, 02 Jun 2022 08:36:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 07 Jun 2023 19:54:16 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 120 B
122 B 139ms
51ms XHR
application/json 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.it-connect.fr

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

6d34abecfbefc0c784f1393e2b2102530bdc20f5bb391081dd89625f31511813

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97
x-xss-protection: 0
expires: Wed, 08 Jun 2022 06:31:02 GMT

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04a285c97529f0b6e218d2f1c7eb9912e1079da7d846d94445922a25a9ae07f3

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e835aded6abb0736ad78bb1d6bc82bf0b0f2d6bc4f54bcd9355bfaa847d1cc1

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34e0bb5c5ed1184e6452cf7562faf332af1a26e95e50e035ff0a9f7065e6df9e

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba385bb7a29dfcb05fb453781a7fa6cf3866a88cd758f85596b936312dc402c8

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ezoic.png
go.ezoic.net/utilcave_com/img/ 1 KB
2 KB 130ms
37ms Image
image/png 2600:9000:2315:8600:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:8600:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 02 Jun 2022 02:47:57 GMT
via: 1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
x-sol: middleton
age: 531785
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol
content-length: 1181
x-amz-cf-id: pcjdDRTiRvm_aKO-6Dyv0hbqMeQOGfxoxXo1iS2lzZ6907NS_Dp29Q==
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: nginx
etag: "49d-5d9576f862e00"
vary: Accept-Encoding,Accept-Encoding
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: DUS51-P2
display: staticcontent_sol
expires: Thu, 09 Jun 2022 02:47:57 GMT

GET
H3 200 houston.js Show response
www.it-connect.fr/detroitchicago/ 4 KB
2 KB 41ms
41ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.it-connect.fr/detroitchicago/houston.js?gcb=0&cb=17
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3652fe22c6c2e0db8917c0a0201854e7487b13e8f689f233e78c2fd804b58ff6

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 73795
cf-ray: 717f9510eb3d3748-MXP
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 07 Jun 2022 10:01:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1oW3VtraEdl2FP%2Fxk2dZX9E0gOxbmIfoNcO15tDvFn9ugpShQV0ZOhVCkM9hQK3P9cdKu6AHpMEa1Xgkg2nvtHg4%2FENTCEAR9ybu0gcfKsILpo6%2B7trxsKm8al7IQU%2Bn8BXfjgVw%2FGsCRnRFZcZ7iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex
cf-bgj: minify

GET
H2 200 si
capi.connatix.com/tr/ 0
116 B 207ms
138ms Image
application/json 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capi.connatix.com/tr/si?token=dceed97a-951e-4c47-b565-c2794ffae817&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 0
access-control-max-age: 86400
content-type: application/json

GET
H3 200 tortoise.js Show response
www.it-connect.fr/beardeddragon/ 2 KB
1 KB 39ms
39ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.it-connect.fr/beardeddragon/tortoise.js?gcb=0&cb=3
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565c527fe8f92c8a9eadddf2a0e16eb40bbff31298fc67064f090e515f882b6b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 73795
cf-ray: 717f9510eb463748-MXP
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 07 Jun 2022 10:01:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DUXTb6%2B5w44kM5SHt3NBvglk3MpXZHFLuujKx3xZn0tx10%2BJ6%2Bq2MApEtqMqTVqbUeoTpJkhc9K4QwliXT4L0CGstxxId6WgRgLbX%2FPi57rkOjESw%2BKeCP3IE8IxSIXiiMi9m1KJCTDVgz%2FvvKVAhA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex
cf-bgj: minify

GET
H3 200 nmash.js
www.it-connect.fr/porpoiseant/ 24 KB
7 KB 35ms
35ms Other
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.it-connect.fr/porpoiseant/nmash.js?v=119
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f44dd451e145807d2bfdeb8a45b69924611ea381a0ace722712a5fcaf618b0a

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2326
cf-polished: origSize=29883
cf-ray: 717f9510fb593748-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
etag: W/"74bb-5e0698f2f8f80;5e0698f2f8f80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSAavCFu7mXbYlzQ%2FRadT6Phpfkmgf%2FnO0SHXHb8dKoVMs1mDBtoxksqLkSqr7ENB3oqZFLkDcnO2pOUg%2BKqIj4odijuLLJMs1mUHz2RTb2KaChwyP68oEapPyYAippYVAezczCpp0UCO%2FN6OlHfbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex
cf-bgj: minify

GET
H3 200 imp.gif Show response
www.it-connect.fr/detroitchicago/ 43 B
653 B 50ms
50ms XHR
image/gif 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.it-connect.fr/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A2%2C%22ad_lazyload_version%22%3A5%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%2234%2C34%2C34%2C34%2C21%2C2%2C1%2C702%2C702%2C702%2C4%2C35%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A12%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A1%2C%22city%22%3A%22Milan%22%2C%22country%22%3A%22IT%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A7%2C%22domain_id%22%3A122228%2C%22domain_test_group%22%3A20210301%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A2%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22596%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A8%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221101%2C1101%2C1101%2C1103%2C1104%2C1105%2C1107%2C1117%2C1129%2C1129%2C1129%2C1129%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22a724560b-dcb5-4ea0-41d1-4d4f729b5309%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2220123%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A139617%2C%22response_time_orig%22%3A5%2C%22serverid%22%3A%223.73.33.42%3A20966%22%2C%22state%22%3A%22MI%22%2C%22sub_page_ad_positions%22%3A%221101%2C1101%2C1101%2C1103%2C1104%2C1105%2C1107%2C1117%2C1129%2C1129%2C1129%2C1129%22%2C%22t_epoch%22%3A1654669861%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fwww.it-connect.fr%2Fune-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A916%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y0b-5y0d-14y13-3y17-4y21-3y2d-4y36-23&cmbcb=84&sj=x04x02x06x07x0bx0dx13x17x21x2dx36
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QZTI9IUJh1lI78KNj31577eUch8rluMi%2B%2FrBv%2F4JdR3NvVpmQtGsO1cUEm3JyEvv7ENee9PWngvdGWW3TnWB4n6xUEC2nQXwU5mWjgvpWzo8sKbPFQ9twSGUjJUVFnQ1RhJP7tZMOPpsSVhO4%2F2qKg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 717f9510fb673748-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Tue, 07 Jun 2022 06:31:04 GMT

GET
H3 200 cmbdv2.js Show response
www.it-connect.fr/detroitchicago/ 46 KB
12 KB 32ms
31ms Script
application/javascript 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.it-connect.fr/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-5y0c-5y18-4y37-23&cmbcb=84&sj=x03x0cx18x37
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5adff14dcd98713821594e09d7e3d9f795648bf73e178d02deee34d3c1af39ad

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 73795
cf-polished: origSize=46650
cf-ray: 717f9510fb6c3748-MXP
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 07 Jun 2022 10:01:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TADptIvYRcbG3zKaYzNhxkZZXfRvZz6UPj%2FMKrCVmcufaU7LEBLF2BTZL3HpX0JSwVQcYcCGDebvGd1j%2F9MsIXr%2F1fI6rMHxqmKg7erDzlc9RIvHOmBUSkHgXYgkZXFMZIm4JmiDXLJZsIUTK8uIjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex
cf-bgj: minify

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/165409/ Frame 2199
Redirect Chain

https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
https://cds.connatix.com/p/165409/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882

1021 KB
277 KB

44ms
23ms

Script
application/javascript

151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/165409/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H2
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6a717273581123d7f4bca27d679bdc418689c55c6979fe8fe532d505409299a7

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
last-modified: Tue, 07 Jun 2022 18:03:14 GMT
age: 44764
etag: "c4ade0b5bb479b7610afd7d04de21041"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 283299

Redirect headers

location: https://cds.connatix.com/p/165409/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
date: Wed, 08 Jun 2022 06:31:02 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
content-length: 0
access-control-max-age: 86400

GET
H2 200 cmp.js Show response
g.ezodn.com/cmp/v2/ 398 KB
108 KB 78ms
70ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezodn.com/cmp/v2/cmp.js?v=53
Requested by: Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbe562f87d5aff7a8105c63e7614c08869028ee1e9bf5021190fee8ae2e7d7f4

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 05 Apr 2022 10:05:17 GMT
server: cloudflare
age: 41937
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RVTOSKkuBFSQhAQWprQT6bgBfR0w%2BxmZQilKPNiQLWz66HhjTJaXDutjqGih15TuTyhnRo2hoVXFRXVWmafJUGJH%2Fc4iL4dwAkWGsoq%2BN4sn2ljyS8w1iZ2SUb9%2BNjKRv6LT2jydjOevdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 717f95111c7ff927-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 385 B
737 B 130ms
130ms XHR
application/json 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.it-connect.fr&pubid=aa05931b-5308-4ea3-95a2-adf84f4ffde4
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: Server /
Resource Hash: dd4320cdfa0077bbe8f1a4e0e77a65c6253cfae2fc282ce7a6ab8e78a330b143

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.it-connect.fr
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 385
x-amz-cf-id: 4hw75ZWDvtbsxGDZKiD_1CKG_yTC0GhAoXCOqMeqvBukOpRfm86Bmw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 103ms
34ms XHR
application/javascript 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.209.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-209-55.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id: rJc1WQUAqhvSMPW5pAnZljyS35FriyaP
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 1225
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 02 Jun 2022 00:57:09 GMT
server: AmazonS3
date: Wed, 08 Jun 2022 06:16:20 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: GI-tkRACjj_YI5_9M1VmK9p4UActtNvaBzvQFdZ48jycxbEaAFNISA==

GET
H3 200 IT-Connect_Flat_072017_Small_v2.png
www.it-connect.fr/wp-content-itc/uploads/2017/06/ 2 KB
2 KB 37ms
36ms Image
image/png 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.it-connect.fr/wp-content-itc/uploads/2017/06/IT-Connect_Flat_072017_Small_v2.png

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aaf5ff40f28c9bc834429fcf71bd52a6db4fe71ca007f45bab8ea311d70a9d4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 73795
x-ezoic-cdn: Hit ds;mm;60c55f3036b0416544bd31b952a2f090;2-122228-182;5b92bc3b-2509-4cb8-438a-fd98141e4e3b
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PaMWfUzej1%2F8Hn9%2BMolAslRu%2BCv%2FhG1KFZtHz7o0qq3XNB7ENI14WHjMBsh61NNRseyX24hPP6aun1jgUGLcgJ2TmRkSOPI5lDlEzEv8tUmVbgZ0N5mbgGiIAJ4C0UaoWxueNAKruSekOAxxq9WJzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=86400
cf-ray: 717f9511bcd83748-MXP
display: staticcontent_sol

GET
H3 200 securite-vmware-esxi-ransomware-black-basta-2022-06.jpg
www.it-connect.fr/wp-content-itc/uploads/2022/06/ 102 KB
103 KB 91ms
90ms Image
image/jpeg 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.it-connect.fr/wp-content-itc/uploads/2022/06/securite-vmware-esxi-ransomware-black-basta-2022-06.jpg

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d9dd1cfcd4389267aaf3f475f2d212063b6a065bc24b1e3281d8da54efc9f86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
x-ezoic-cdn: Hit ds;mm;623d3764e150eaa765612bba8b9d4c76;2-122228-182;7206b89c-92a6-486d-762d-07960c24328b
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 08 Jun 2022 06:01:50 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C9kwRVHTs3P4Uh9qOvkwW1rG5XUrDZVfk%2FF1LGp8QLSPMjUQ8Hm6AMHxmi5dglPyUoF36hAPln1QVp7x7WVjbKhT4BP7aeTJdQD8EO%2FR%2FiWee08Guuqb7V3LjG5ceABKnFyqfz8G4P0KTtMDIkq%2Bgw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=86400
cf-ray: 717f9511bcdb3748-MXP

GET
H3 200 it-connect-ban-youtube-mai-2022.jpg
www.it-connect.fr/wp-content-itc/uploads/2022/05/ 25 KB
26 KB 32ms
32ms Image
image/jpeg 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.it-connect.fr/wp-content-itc/uploads/2022/05/it-connect-ban-youtube-mai-2022.jpg

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24c0820dfb50ed4cc97df0683ddad7c8ecf1a005d3d359e2eb5c4adcd3a939d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 73795
x-ezoic-cdn: Hit ds;mm;87db2eea51110bf41b7267f6954f3dc5;2-122228-182;8d0e0bac-3ab9-402d-4270-7235b3f79745
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oex2B5JTOd5YLaVDYIzb21JSXl%2BeJTis8%2B7xu34kqSzTm%2Fj1W7ysOajTxKEEr824lxXAyVmTQDxANkAL%2BtDu2v1zSf06kcG1cdqoDTAYPiZ36qWIOhEqREGcEZCdYWmJ63r6UOABt3vXgXtMXK4DSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=86400
cf-ray: 717f9511bcdc3748-MXP
display: staticcontent_sol

GET
H3 200 securite-vmware-esxi-ransomware-black-basta-2022-06-390x205.jpg
www.it-connect.fr/wp-content-itc/uploads/2022/06/ 18 KB
19 KB 63ms
62ms Image
image/jpeg 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.it-connect.fr/wp-content-itc/uploads/2022/06/securite-vmware-esxi-ransomware-black-basta-2022-06-390x205.jpg

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8e8c3641066c7d0c3b4a8cf8492e26cac864b0ad6097813c4845ffca7884a41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
x-ezoic-cdn: Hit ds;mm;92cbeffd5dfee037ef3b90386564c892;2-122228-182;300982e8-c9f0-4e2f-44b9-ba17ede494c2
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 08 Jun 2022 06:01:50 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2YGImTLC%2FwBm1BVB%2FNEVC9G3Hp%2F6T%2FzzjZKcNvZw7k%2Fy1ioYasooOaV7ULtv7qUlyu4XC77SHn1l%2FBaeu5JAg74Fhcxqizui0P3IlcoOjlimznssN8ot2sGp%2BfS2QGrsU9EbToNOZJwU8Cpx%2Bw9ZRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=86400
cf-ray: 717f9511ccf43748-MXP

GET
H3 200 tuto-mariadb-adresse-vip-keepalived-130x90.jpg
www.it-connect.fr/wp-content-itc/uploads/2022/05/ 4 KB
5 KB 70ms
70ms Image
image/jpeg 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.it-connect.fr/wp-content-itc/uploads/2022/05/tuto-mariadb-adresse-vip-keepalived-130x90.jpg

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c155ff4cf69ad15a7bcb5e288748c84deb4bbf3d199417d6e1ba786c67d3b56d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
x-ezoic-cdn: Hit ds;mm;8b2be3e1abaf16cdb08753ab9b50f46b;2-122228-182;19cedd75-e1b2-4edf-6e49-85240bbe2dbe
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Wed, 01 Jun 2022 21:27:42 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GhrlmGE1kNB1ClpGwSYDM1IP917SGibO1jMJIS1h6CtqdUykoW7P51geWMOZqS7ZwEIO7ETZ%2B3O%2BsZ8h1iJrN%2BxgKdTx1n5zz4UlN%2Fm4oFHwBJHZ%2BjV%2Fkc23mYQOhfSaZXeFxrV4GocoYVfWh8IxNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=86400
cf-ray: 717f9511ccf63748-MXP

GET
H3 200 securite-italie-palerme-cyberattaque-2022-06-130x90.jpg
www.it-connect.fr/wp-content-itc/uploads/2022/06/ 3 KB
4 KB 29ms
28ms Image
image/jpeg 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.it-connect.fr/wp-content-itc/uploads/2022/06/securite-italie-palerme-cyberattaque-2022-06-130x90.jpg

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dc27eb75b3dad7efe8eb1283957702fd45633f9330b050cbcc8a7a70ea3732e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 61234
x-ezoic-cdn: Hit ds;mm;64b10ebc669fe80c80c30841c6bf6ef1;2-122228-182;207878a5-d93c-446d-55d0-2fc57f59b9fd
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
response: 200
last-modified: Tue, 07 Jun 2022 06:48:03 GMT
server: cloudflare
x-origin-cache-control: public
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4gIB%2FLXabkiOuMlf1W%2Bs1sKm6cd0FGTQFR8KVQvAb1j%2B1%2BfBK1QJw72EBFT%2BB4Qa3AsenliJXICvm19taDDp7sNfFQZvf3xgExA3KH75iGx%2BPA5iD2EaPgHidF8J3JB1xVSMDbGqq5hesRczmn3f5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cache-control: public,max-age=86400
cf-ray: 717f9511ccf83748-MXP
display: staticcontent_sol

GET
H2 200 GVL Show response
gvl.ezodn.com/gvlcache/ 330 KB
44 KB 121ms
65ms XHR
application/json 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gvl.ezodn.com/gvlcache/GVL?gvlSpecificationVersion=2&language=en&cmpv=61
Requested by: Host: g.ezodn.com
URL: https://g.ezodn.com/cmp/v2/cmp.js?v=53
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d7a761e512b2321668f5d8dcf2ca830212badba87fcb92d906a14dca33fc843

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
gvlcache-hit: true
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vq5j1gjkjkT5zv5lFFSMI3SY8AQf5cMbcmJfh5h0gVZjhRsm4gBsznqlxqNstyMk6Yi6dfMlYedsbYeJPxSGZTPZWdeFVkUlNfM1aan9jvIPo1aPrzwUo0NToTBt0DsU7awdoqfANcYlAHXt"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-ray: 717f95126b02374a-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 41 KB
12 KB 119ms
34ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: www.it-connect.fr
URL: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

aca72f84a2c66b81fbcec783e51fe3f462abb070762b4a23cda5bbe149dc6d85

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:25:19 GMT
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 11494
x-request-id: 431653247

GET
H3 200 GVL Show response
gvl.ezodn.com/gvlcache/ 31 KB
5 KB 71ms
45ms XHR
application/json 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gvl.ezodn.com/gvlcache/GVL?gvlSpecificationVersion=2&language=it&cmpv=61
Requested by: Host: g.ezodn.com
URL: https://g.ezodn.com/cmp/v2/cmp.js?v=53
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d61c13897b9a7779c1bc17e4b331d01c70e76414c60ccd517f5d6d316780dcf9

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:02 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
gvlcache-hit: true
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lU97Vpa9Kzv8MtN2hwzATrcdaSvzViyY38GY4dqXeUUjgyPzxR00Q5q6iOaXM5kO%2BdiO6Zvwig3FY%2Bfc0sr4ZRD1ha2fLM%2BSbzS4FDMdw481TUp9t9FKBB96DUcTXx685LNLtvfw64yLOrOe"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-ray: 717f95130c4a374a-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/165409/ Frame 2199 0
47 KB 23ms
23ms Other
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/165409/hls.5b3b785f487abbe00eee.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: br
last-modified: Tue, 07 Jun 2022 18:03:15 GMT
age: 44765
etag: "182f65d040bfb9544bd8f71472475672"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48258

GET
H2 200 player.css
cds.connatix.com/p/165409/ 57 KB
9 KB 23ms
23ms Stylesheet
text/css 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/165409/player.css
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ee8035020f84eb8ab08a9a40f6ce159b183908f991df41f5a651b8a37ac0e19d

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: br
last-modified: Tue, 07 Jun 2022 18:03:15 GMT
age: 44765
etag: "092cd45b8e076ae45afd27e6d858034f"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 8743

POST
H2 200 pls Show response
capi.connatix.com/core/ Frame 2199 6 KB
4 KB 159ms
159ms XHR
application/x-protobuf 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=165409&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9f8e24e075fd09366d76c9b0874a84c7518a48beadfbd628eab5b50e5c20140b

Request headers

Referer
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.it-connect.fr
access-control-max-age: 86400
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 3634

POST
H/1.1 200
OK sr Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 2199 0
318 B 531ms
131ms XHR
application/x-protobuf 18.190.65.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/sr?v=165409&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.190.65.130 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-190-65-130.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.it-connect.fr
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
27 KB 53ms
53ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

56b37a7a7eed81f410c4d731a78124319dddd01bdbee635b5149709ced1a9d43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28123
x-xss-protection: 0
server: sffe
etag: "1238 / 327 of 1000 / last-modified: 1654639515"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 08 Jun 2022 06:31:03 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2199 377 KB
127 KB 151ms
42ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52ad644da868878b67f129a0857315706f2b683876f5ff18f0ffb5c546d44958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128968
x-xss-protection: 0
expires: Wed, 08 Jun 2022 06:31:03 GMT

GET
H2 200 5.png
img.connatix.com/pid-dceed97a-951e-4c47-b565-c2794ffae817/dceed97a-951e-4c47-b565-c2794ffae817/ 5 KB
5 KB 30ms
22ms Image
image/png 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-dceed97a-951e-4c47-b565-c2794ffae817/dceed97a-951e-4c47-b565-c2794ffae817/5.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a525824d7672e22ce39795da065ac4ef98058bebc829124c84b7bb67e4243029

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: br
age: 949498
etag: "WyY66hWo5OdoXuQtIRPU7kBpkP2OfioY7IdwgbKwCN4"
access-control-max-age: 86400
fastly-io-info: ifsz=5795 idim=59x61 ifmt=png ofsz=5076 odim=59x61 ofmt=png
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 5081

POST
H/1.1 200
OK g Show response
capi-tier-1-us-east-2.connatix.com/rtb/ Frame 2199 1009 B
1 KB 583ms
211ms XHR
application/x-protobuf 18.190.65.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/rtb/g?v=165409&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.190.65.130 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-190-65-130.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 8c164d73d786ba27b0e95e3dc6827e8bd56989c4a55b1f238f6136216a2c290a

Request headers

Referer
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.it-connect.fr
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 754

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
493 B 63ms
63ms XHR
text/javascript 52.222.209.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.it-connect.fr%2Fune-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi%2F&pid=y4kXtXy7AJ0Kx&cb=0&ws=1600x1200&v=7.75.0&t=2000&slots=%5B%7B%22id%22%3A%22Outstream1%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1!ezoic.co.uk%2C2bbbe00c808d331bc2940fd239221a8f%2C1%2C%2C%2Cwww.it-connect.fr&pubid=aa05931b-5308-4ea3-95a2-adf84f4ffde4&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.209.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-209-55.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
x-amz-rid: X1R01RSM3RPQYQ22ND7K
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.it-connect.fr
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: gEWBj9BzH94cGa_2pTAzBkEAPEoQmAr4i_E4OfY4mxFkgYE_jLIpvw==

GET
H2 200 prebid6.20.0-1.js Show response
cds.connatix.com/p/plugins/ Frame 5996 433 KB
112 KB 22ms
22ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid6.20.0-1.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d92a11899a5768511f0431479d50a6fbabd9aa93099c062bc9f348fdb83be72b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 09:02:01 GMT
age: 1805326
etag: "d147c1dd13a25190e1aa7227401d9c91"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 115039

GET
H3 200 bridge3.517.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame A9D2 635 KB
205 KB 112ms
46ms Document
text/html 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50b9a3ff7ad63b639a8d69e0e54c427e9cd1d35dfa3884b0083eb0adca066174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.it-connect.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

accept-ranges: bytes
age: 36847
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210269
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 20:16:56 GMT
expires: Wed, 07 Jun 2023 20:16:56 GMT
last-modified: Mon, 23 May 2022 16:49:57 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 2199 44 KB
17 KB 151ms
59ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Jun 2022 06:31:03 GMT

GET
H3 200 bridge3.517.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame CCC3 635 KB
205 KB 71ms
32ms Document
text/html 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50b9a3ff7ad63b639a8d69e0e54c427e9cd1d35dfa3884b0083eb0adca066174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.it-connect.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

accept-ranges: bytes
age: 36847
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210269
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 20:16:56 GMT
expires: Wed, 07 Jun 2023 20:16:56 GMT
last-modified: Mon, 23 May 2022 16:49:57 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.517.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 840C 635 KB
205 KB 59ms
34ms Document
text/html 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.517.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50b9a3ff7ad63b639a8d69e0e54c427e9cd1d35dfa3884b0083eb0adca066174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.it-connect.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

accept-ranges: bytes
age: 36847
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210269
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 20:16:56 GMT
expires: Wed, 07 Jun 2023 20:16:56 GMT
last-modified: Mon, 23 May 2022 16:49:57 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 379A 37 KB
13 KB 113ms
31ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:05:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1525
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 08 Jun 2022 07:05:38 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 3586 37 KB
13 KB 114ms
37ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:05:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1525
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 08 Jun 2022 07:05:38 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8F59 37 KB
13 KB 134ms
63ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:05:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1525
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 08 Jun 2022 07:05:38 GMT

POST
H/1.1 200
OK ao Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 2199 0
318 B 131ms
131ms XHR
application/x-protobuf 18.190.65.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/ao?v=165409&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.190.65.130 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-190-65-130.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Jun 2022 06:31:04 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.it-connect.fr
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK ps Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 2199 0
318 B 260ms
131ms XHR
application/x-protobuf 18.190.65.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/ps?v=165409&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.190.65.130 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-190-65-130.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Jun 2022 06:31:03 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.it-connect.fr
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK sv Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 2199 0
318 B 131ms
131ms XHR
application/x-protobuf 18.190.65.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/sv?v=165409&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.190.65.130 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-190-65-130.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Wed, 08 Jun 2022 06:31:05 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://www.it-connect.fr
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 vpp.gif
www.it-connect.fr/detroitchicago/ 43 B
649 B 53ms
52ms Image
image/gif 2606:4700:3032::6815:b7e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.it-connect.fr/detroitchicago/vpp.gif?e=%5B%7B%22url%22%3A%22https%3A%2F%2Fwww.it-connect.fr%2Fune-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi%2F%22%2C%22pageview_id%22%3A%22a724560b-dcb5-4ea0-41d1-4d4f729b5309%22%2C%22template_id%22%3A134%2C%22player_name%22%3A%22ezcnx-outstream%22%2C%22domain_id%22%3A122228%2C%22media_src%22%3A%22%22%7D%5D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:b7e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 06:31:05 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kfWaEz6KLZSgVuCsq1wGU1gm0s84c4M1vQVMepFwRbtYhllQW2LgqGJKl1157lPPckyo2u3uE7r0QBYUnJAUvjUs5TgLOtKt7FeFuoMYD6WTKs%2Bebc72kzqwZFtJ4gFUqLH2jaGmqEsj%2FUL1QjGQRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 717f9523c8583748-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Tue, 07 Jun 2022 06:31:08 GMT

Verdicts & Comments Add Verdict or Comment

279 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.it-connect.fr/	1970-01-20 03:37:51	Name: ezoadgid_122228 Value: -1
.it-connect.fr/	1970-01-20 03:37:57	Name: ezoref_122228 Value:
.it-connect.fr/	1970-01-20 03:37:57	Name: ezoab_122228 Value: mod1-c
.it-connect.fr/	1970-01-20 03:37:51	Name: ezopvc_122228 Value: 1
.it-connect.fr/	1970-01-20 03:39:16	Name: ezepvv Value: 881
.it-connect.fr/	1970-01-20 03:37:51	Name: ezovid_122228 Value: 962995131
.it-connect.fr/	1970-01-20 03:37:51	Name: lp_122228 Value: https://www.it-connect.fr/une-version-specifique-du-ransomware-black-basta-cible-les-serveurs-vmware-esxi/
.it-connect.fr/	1970-01-20 03:40:42	Name: ezovuuidtime_122228 Value: 1654669862
.it-connect.fr/	1970-01-20 03:37:51	Name: ezovuuid_122228 Value: e2205388-66ea-4718-6222-9c1cb725d91a
.it-connect.fr/	1970-01-20 12:23:25	Name: ezCMPCCS Value: false
.it-connect.fr/	1970-01-20 12:23:25	Name: ezosuibasgeneris-1 Value: 27beb517-74f1-4e7c-603a-8b565fb36438
.it-connect.fr/	1970-01-20 03:40:42	Name: active_template::122228 Value: pub_site.1654669862
www.it-connect.fr/	1969-12-31 23:59:59	Name: ezouspvv Value: 0
www.it-connect.fr/	1969-12-31 23:59:59	Name: ezouspva Value: 0
www.it-connect.fr/	1970-01-22 16:57:01	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
www.it-connect.fr/	1970-01-22 16:57:01	Name: ezohw Value: w%3D1600%2Ch%3D1200
www.it-connect.fr/	1970-01-20 04:21:01	Name: _pbjs_userid_consent_data Value: 8316820400794021

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.amazon-adsystem.com
capi-tier-1-us-east-2.connatix.com
capi.connatix.com
cd.connatix.com
cdn.id5-sync.com
cds.connatix.com
ezodn.com
fonts.googleapis.com
fonts.gstatic.com
g.ezodn.com
go.ezodn.com
go.ezoic.net
gvl.ezodn.com
imasdk.googleapis.com
img.connatix.com
pagead2.googlesyndication.com
s0.2mdn.net
securepubads.g.doubleclick.net
www.it-connect.fr
151.101.130.137
151.101.66.137
18.190.65.130
216.58.212.162
2600:9000:2315:8600:2:cb38:840:93a1
2606:4700:3032::6815:b7e
2a00:1450:4001:809::2006
2a00:1450:4001:812::2003
2a00:1450:4001:827::200a
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200a
2a06:98c1:3120::3
2a06:98c1:3121::3
46.105.202.126
52.222.209.55
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03f939b4957901a568409c9eabca6e8004c5c3814e72f5d643609ccb171282b6
04a285c97529f0b6e218d2f1c7eb9912e1079da7d846d94445922a25a9ae07f3
04c4fab94d703e081bae8e5ced41806f79c40010f48ee5dd8a3d533a4d1769d5
05f1ce194bd1286a0de68cf2368ea4f87af97fa45c190af78d98071d20294dc1
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b29fff2ee0a036c1e074032677bd43b908c25d449579476d0dba0b5615fa9db
0d9dd1cfcd4389267aaf3f475f2d212063b6a065bc24b1e3281d8da54efc9f86
0ec98adf593ebcc01bec60b1f494dacd47522abfef9038a714101d83f45e165d
139b297a94d58eff93b2c02e14bf85958141f13a79f0d9adff90155cf39ebf33
152a96c0af3f7901e6989a8d79fd7ade70d137d3ea52989373328f7fadcd9bdd
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
1e835aded6abb0736ad78bb1d6bc82bf0b0f2d6bc4f54bcd9355bfaa847d1cc1
1eabadac42cf734244db7ffc1ccbe12580ef8574ca267ca2f106439d9eb6169e
24c0820dfb50ed4cc97df0683ddad7c8ecf1a005d3d359e2eb5c4adcd3a939d7
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28d75ac09bd2c2bab17d3e1f4a566007b245c85c53476d3f4ff6a5b074a297f6
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d7a761e512b2321668f5d8dcf2ca830212badba87fcb92d906a14dca33fc843
2e4cac672a558644f4394f65304bc0a5c50be17d517be8bb6afbebb8c38468b0
2f44dd451e145807d2bfdeb8a45b69924611ea381a0ace722712a5fcaf618b0a
326482d14b399f406e999f459846ad1eaba137a693fbe341059fa3049e9b5bc0
34e0bb5c5ed1184e6452cf7562faf332af1a26e95e50e035ff0a9f7065e6df9e
3652fe22c6c2e0db8917c0a0201854e7487b13e8f689f233e78c2fd804b58ff6
383472db86bc19b822592340828e1a9d680ece8e6a5114eb4744351081fdea3c
38998f65da495cfca899ffda18a8c92c661c1aad9ce7bd8f48d490928a51e9c0
3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791
3fef2bb487a75c68deb09f1bb519592f7688129de30f665c72d577df95c102a8
4211e85ad3c3b1c03fe7f0df87ffa3fe450ce9727cb9b41d8431e3a78ae61f72
4223e659318e9228a0a4c3f61fe0dab3ba65cd6494585445c4faca5af778edda
43dd485cc6f431e29509cd9cbd4c6f2f5679540d1085a141950b28580a923576
45a0bc7a7b447e270e5fd28b03782e8d66c33f87971948db9002cfa9ead9b818
4b179562b883c1257aabbad3a5641f965dd7331faa31fe06382a5d8c62d5ee19
50b384860a6051756172628f31d2975cf709ace9e1f61f14b7c9f8b34fe2acfa
50b9a3ff7ad63b639a8d69e0e54c427e9cd1d35dfa3884b0083eb0adca066174
526eebcbc4ab937c55c173d52cbd48ba9bdcc21f9fb0eb2ad04d1f089eea8532
52ad644da868878b67f129a0857315706f2b683876f5ff18f0ffb5c546d44958
565c527fe8f92c8a9eadddf2a0e16eb40bbff31298fc67064f090e515f882b6b
56b37a7a7eed81f410c4d731a78124319dddd01bdbee635b5149709ced1a9d43
5adff14dcd98713821594e09d7e3d9f795648bf73e178d02deee34d3c1af39ad
6482ad3a544871923de537272e1e863dc1e1fbdf060c17e0b3edf0fd6af67a67
6a717273581123d7f4bca27d679bdc418689c55c6979fe8fe532d505409299a7
6d34abecfbefc0c784f1393e2b2102530bdc20f5bb391081dd89625f31511813
6dc27eb75b3dad7efe8eb1283957702fd45633f9330b050cbcc8a7a70ea3732e
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
881045667abfb1b6a107ada05687ea7ff6b447dd1643c9cb95392cc15e176671
8c164d73d786ba27b0e95e3dc6827e8bd56989c4a55b1f238f6136216a2c290a
8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6
948f0c154ad97428bc1d1dee456f2e20ec4e0e302b0d3189e08a4573cb63cdb3
96f06523557072629b280422c02ac3e8a6d294f003097b7b4e2065db351265c2
970d08b0edc4bfc0925495d8b11564f3c2fd368f745f7b3510a7fced11848894
99942fcc001f84db6b0669e8c6616437f4999e394c1b586b0566636a6bafc2a7
9f8e24e075fd09366d76c9b0874a84c7518a48beadfbd628eab5b50e5c20140b
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
a525824d7672e22ce39795da065ac4ef98058bebc829124c84b7bb67e4243029
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
a8c2b783dfb2a8ae80f75f9b271024777ef513e93fe8b220c0df95ed8fe3a4a0
a954e96cf3a62139343b22c24dbf5e4130a8ba205b10925fbc2173b25dae155d
aaf5ff40f28c9bc834429fcf71bd52a6db4fe71ca007f45bab8ea311d70a9d4e
aca72f84a2c66b81fbcec783e51fe3f462abb070762b4a23cda5bbe149dc6d85
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
ba385bb7a29dfcb05fb453781a7fa6cf3866a88cd758f85596b936312dc402c8
bbe562f87d5aff7a8105c63e7614c08869028ee1e9bf5021190fee8ae2e7d7f4
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c155ff4cf69ad15a7bcb5e288748c84deb4bbf3d199417d6e1ba786c67d3b56d
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d61c13897b9a7779c1bc17e4b331d01c70e76414c60ccd517f5d6d316780dcf9
d92a11899a5768511f0431479d50a6fbabd9aa93099c062bc9f348fdb83be72b
da615b904f3735e5b9ffdb1e0ad9a71a8aa1508a02d123559606f65deabc957a
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd4320cdfa0077bbe8f1a4e0e77a65c6253cfae2fc282ce7a6ab8e78a330b143
dd9bfe5f04d4e393463f42b4f503763c36693306dffef16d481e0c071b61ae64
dfe9aeabaf65723ea86bc24fd97631118b14eaa78571a19113079e42ef52ab7b
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8e8c3641066c7d0c3b4a8cf8492e26cac864b0ad6097813c4845ffca7884a41
ee8035020f84eb8ab08a9a40f6ce159b183908f991df41f5a651b8a37ac0e19d
fedf6af2935e1c30de75cc8f879ca86bd81dff8accd1c943c8a94440013115fa

www.it-connect.fr Open in urlscan Pro 2606:4700:3032::6815:b7e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

82 Requests

99 %HTTPS

60 %IPv6

11 Domains

19 Subdomains

15 IPs

3 Countries

2347 kBTransfer

7244 kBSize

17 Cookies

19 Outgoing links

Redirected requests

82 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.it-connect.fr Open in urlscan Pro
2606:4700:3032::6815:b7e Public Scan

Screenshot
Live screenshot

Full Image

82
Requests

99 %
HTTPS

60 %
IPv6

11
Domains

19
Subdomains

15
IPs

3
Countries

2347 kB
Transfer

7244 kB
Size

17
Cookies

82 HTTP transactions
8 data transactions