research.openanalysis.net Open in urlscan Pro
2606:50c0:8001::153 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Submission: On May 11 via api (May 11th 2024, 1:00:37 am UTC) from BY — Scanned from DE

Summary HTTP 16 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 16 HTTP transactions. The main IP is 2606:50c0:8001::153, located in United States and belongs to FASTLY, US. The main domain is research.openanalysis.net.
TLS certificate: Issued by R3 on May 8th 2024. Valid for: 3 months.

This is the only time research.openanalysis.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	2606:50c0:800... 2606:50c0:8001::153	54113 (FASTLY) (FASTLY)
3	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.67.173.89 172.67.173.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	162.159.133.233 162.159.133.233	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:50c0:800... 2606:50c0:8001::154	54113 (FASTLY) (FASTLY)
2	199.232.196.193 199.232.196.193	54113 (FASTLY) (FASTLY)
16	6

5 2606:50c0:8001::153 (United States)

ASN54113 (FASTLY, US)

research.openanalysis.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.173.89 (United States)

ASN13335 (CLOUDFLARENET, US)

img.shields.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.133.233 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.discordapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8001::154 (United States)

ASN54113 (FASTLY, US)

raw.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.196.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	openanalysis.net research.openanalysis.net	82 KB
4	shields.io img.shields.io — Cisco Umbrella Rank: 42152	4 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	110 KB
2	imgur.com i.imgur.com — Cisco Umbrella Rank: 7840	146 KB
1	githubusercontent.com raw.githubusercontent.com — Cisco Umbrella Rank: 4538	5 MB
1	discordapp.com cdn.discordapp.com — Cisco Umbrella Rank: 3064	36 B
16	6

	Domain	Requested by
5	research.openanalysis.net	research.openanalysis.net
4	img.shields.io	research.openanalysis.net
3	cdnjs.cloudflare.com	research.openanalysis.net cdnjs.cloudflare.com
2	i.imgur.com	research.openanalysis.net
1	raw.githubusercontent.com	research.openanalysis.net
1	cdn.discordapp.com	research.openanalysis.net
16	6

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
www.twitch.tv
discord.gg
www.patreon.com
github.com
bazaar.abuse.ch
cluster25.io
symantec-enterprise-blogs.security.com
gist.github.com
c3rb3ru5d3d53c.github.io
www.magnumdb.com
docs.microsoft.com
f3real.github.io
malshare.com

Subject Issuer	Validity	Valid
research.openanalysis.net R3	`2024-05-08` - `2024-08-06`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
shields.io GTS CA 1P5	`2024-04-27` - `2024-07-26`	3 months	crt.sh
discordapp.com Cloudflare Inc ECC CA-3	`2023-10-20` - `2024-10-19`	a year	crt.sh
*.github.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-03-15` - `2025-03-14`	a year	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-15` - `2025-02-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Frame ID: 708E28F0C9A72BAD5F5BB564389DC371
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Lockbit 3.0 Ransomware Triage | OALABS Research

Detected technologies

Jekyll (Static Site Generator) Expand

Overall confidence: 100%
Detected patterns

<!-- Begin Jekyll SEO tag

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

16
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

5240 kB
Transfer

5719 kB
Size

2
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://www.youtube.com/c/OALabs

Search URL Search Domain Scan URL

URL: https://www.twitch.tv/oalabslive

Search URL Search Domain Scan URL

URL: https://discord.gg/cw4U3WHvpn

Search URL Search Domain Scan URL

URL: https://www.patreon.com/oalabs

Search URL Search Domain Scan URL

URL: https://github.com/OALabs/research/tree/master/_notebooks/2022-07-07-lockbit3.ipynb

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/sample/80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce/
Title: MalwareBazaar

Search URL Search Domain Scan URL

URL: https://github.com/whichbuffer/Lockbit-Black-3.0/blob/main/Threat%20Spotlight%20Lockbit%20Black%203.0%20Ransomware.pdf
Title: Lockbit Black 3.0 Ransomware (infinitum IT)

Search URL Search Domain Scan URL

URL: https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/
Title: LockBit 3.0: “Making The Ransomware Great Again” (custer25)

Search URL Search Domain Scan URL

URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockbit-targets-servers
Title: LockBit: Ransomware Puts Servers in the Crosshairs

Search URL Search Domain Scan URL

URL: https://github.com/snemes/aplib/blob/master/aplib.py
Title: Sandor Nemes (snemes)

Search URL Search Domain Scan URL

URL: https://gist.github.com/c3rb3ru5d3d53c
Title: @c3rb3ru5d3d53c

Search URL Search Domain Scan URL

URL: https://gist.github.com/c3rb3ru5d3d53c/4f2c984d81ef64e5f133e37726619c64
Title: python script

Search URL Search Domain Scan URL

URL: https://c3rb3ru5d3d53c.github.io/malware-blog/lockbit-v3-api-hashing/
Title: blog post

Search URL Search Domain Scan URL

URL: https://github.com/OALabs/hashdb
Title: hashdb

Search URL Search Domain Scan URL

URL: https://www.magnumdb.com/
Title: Welcome to MagNumDB

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/rstmgr/about-restart-manager
Title: Restart manager

Search URL Search Domain Scan URL

URL: https://f3real.github.io/duplicatehandle.html
Title: this trick

Search URL Search Domain Scan URL

URL: https://malshare.com/sample.php?action=detail&hash=b1ae7316e73ceebb1b429dd707387bfd12fd489c2af0ed1083895195e7baf119
Title: b1ae7316e73ceebb1b429dd707387bfd12fd489c2af0ed1083895195e7baf119

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request lockbit3.html Show response
research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/ 301 KB
67 KB 302ms
194ms Document
text/html 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 9325c2c2b48973fc84a9f25ce5df3a59f9dd2989e1cc97840e48aded1b8ab14d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 0
cache-control: max-age=600
content-encoding: gzip
content-length: 67998
content-type: text/html; charset=utf-8
date: Sat, 11 May 2024 01:00:32 GMT
etag: W/"662eba23-4b2a0"
expires: Sat, 11 May 2024 01:10:32 GMT
last-modified: Sun, 28 Apr 2024 21:05:39 GMT
server: GitHub.com
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-fastly-request-id: 9e96f5bde8caba700f2c81d9119bab8979ec4be1
x-github-request-id: A426:312E23:2651661:274AAC6:663EC32F
x-proxy-cache: MISS
x-served-by: cache-cph2320043-CPH
x-timer: S1715389233.689243,VS0,VE156

GET
H2 200 style.css
research.openanalysis.net/assets/css/ 20 KB
5 KB 162ms
160ms Stylesheet
text/css 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://research.openanalysis.net/assets/css/style.css
Requested by: Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 7520646fc7e1337f44f20886643f665d18dd11127ac82dcae77f772d9ccb4d33

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 9307a2e7215f19a09887b0d3f5e1371dade3c07d
date: Sat, 11 May 2024 01:00:33 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 0
age: 0
x-cache: MISS
x-proxy-cache: MISS
content-length: 4802
x-served-by: cache-cph2320043-CPH
last-modified: Sun, 28 Apr 2024 21:05:39 GMT
server: GitHub.com
x-github-request-id: 1DFC:2FE1DA:2675D2C:276F1A3:663EC32C
x-timer: S1715389233.913884,VS0,VE122
etag: W/"662eba23-4e1f"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
expires: Sat, 11 May 2024 01:10:32 GMT

GET
H3 200 primer.css
cdnjs.cloudflare.com/ajax/libs/Primer/15.2.0/ 200 KB
21 KB 124ms
79ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/Primer/15.2.0/primer.css

Requested by

Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e85c012e50453d8f6df10075c60e872e24bdf889707b51462d3af8292d74691f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/
Origin: https://research.openanalysis.net
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 01:00:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 702214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 20730
last-modified: Mon, 21 Sep 2020 15:32:35 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f68c793-320ac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rvBEEvKB972Bi6aen4OH8Y%2BeGRCrhXcFEk5Cii5RXL2wa15yrVje%2BRa%2Fk6O%2BQmkXHYl%2BWC8JkpaC8A27gEDYKSyzx1tuNp1LfL5MQiR4bRekWobuRVdfvz4udComHivf2CpX%2BuC9"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 881e3b91fcd21c36-FRA
expires: Thu, 01 May 2025 01:00:32 GMT

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/ 58 KB
11 KB 92ms
47ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css

Requested by

Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/
Origin: https://research.openanalysis.net
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 01:00:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 170796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 10391
last-modified: Wed, 15 Jul 2020 18:15:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f0f47d3-e637"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f7MhhQhwLDcaArR2t3uJnveNyb%2FdoONWWfOSAhqHRdWsAMuRNzHlXiqJjMqGZ%2B83pzy9ukhFMZnYemaBXTlJRnRSo8O7mSwMRyK8HEa%2FtJSa8ylljR%2FoKQyMW4bwxOQ8Qjs2WURQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 881e3b91fccf1c36-FRA
expires: Thu, 01 May 2025 01:00:32 GMT

GET
H3 200 -YouTube-FF0000
img.shields.io/badge/ 915 B
995 B 193ms
138ms Image
image/svg+xml 172.67.173.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.shields.io/badge/-YouTube-FF0000
Requested by: Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 958b273c7907e71e100edb668de5e9c220130dc4a10c483cac9f90d43f111c85

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 01:00:33 GMT
via: 2 fly.io
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 07 May 2024 15:52:02 GMT
fly-request-id: 01HXFCKQMQHQJBMPPQDV7Y9476-fra
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SLUrCMQo4UquIdD3bvxNwwLx9ua4mMj%2F3i7xVr15R13pjc5AjmP75vuXO7JF2tVC18UxobWrh8KEhw%2FCcguTXmCyCNirN3IiZvppkZj7cWkOy7eHCpnbZipTtzYixSPwqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
cf-ray: 881e3b920859bbd9-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 oalabslive
img.shields.io/twitch/status/ 2 KB
2 KB 299ms
244ms Image
image/svg+xml 172.67.173.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.shields.io/twitch/status/oalabslive?style=social
Requested by: Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3102e7ea421c5b383635d9bc26c72442fedf142cbc2ffd1b4996ab66bd5dcd0d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 01:00:33 GMT
via: 2 fly.io
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
fly-request-id: 01HXJJMXTPCVQZG1E51CX1SE5N-fra
last-modified: Fri, 10 May 2024 15:28:16 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lVOjvc3RGyVOP7aZ%2FKrSgi1vXuI7ZFHqhKC2htYd4ZHLXAPxPlba8ckz31l3TO8SlrZ%2BA0Jk36r2PXIQSMtwYrVAQ2fR1C3OiEQyoMu29lpBaTAsA8s6dnUwpAGV%2BWjiFg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=30, s-maxage=30
cf-ray: 881e3b920858bbd9-FRA
expires: Sat, 11 May 2024 01:01:03 GMT

GET
H3 200 -Join%20Our%20Discord-blueviolet
img.shields.io/badge/ 961 B
972 B 139ms
138ms Image
image/svg+xml 172.67.173.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.shields.io/badge/-Join%20Our%20Discord-blueviolet
Requested by: Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbfc31ced385e704856825a95b1b4646f73d6d09c8a12be51f56d1395e16f9a3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 01:00:33 GMT
via: 2 fly.io
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 10 May 2024 04:04:59 GMT
fly-request-id: 01HXJJMXY17VE6HYTZ29D8WNTQ-fra
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oufu3EDSAme7QzYWOAgmCjhGedjMrYqENsyh8DKy%2FBD%2BLB1g5UPA9dSf%2FzcfUIc%2FxQ7ZGhma6qc55s3a9gwBIX1HNv7gF5%2BTE9r2nedXWavrIggCdhE6vIQ3aQbbU1FnWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
cf-ray: 881e3b92b8a0bbd9-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 -OALABS%20Patreon-FF424D
img.shields.io/badge/ 947 B
968 B 234ms
232ms Image
image/svg+xml 172.67.173.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.shields.io/badge/-OALABS%20Patreon-FF424D
Requested by: Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6d9fee6f4b9c5e9ac913a6d415b194bc16e151168f5c76de301e6e01f1eab39

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 01:00:33 GMT
via: 2 fly.io
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Thu, 09 May 2024 04:06:07 GMT
fly-request-id: 01HXJJMXY5XDP1EJDVVEY4JYTT-fra
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k9j6Vpnf13eQEzI6XSk67aQtSynbiTRhkPtClOmyE4Rl0iccTgHeozg%2B3N7tMtn%2F%2FNl15HoAsYPZVugK79YSqyiD7tf5Le82Wr15L2g6YZfsU%2FQFM%2FggervzYa8aM7KdQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
cf-ray: 881e3b92b8a1bbd9-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 github.svg
research.openanalysis.net/assets/badges/ 2 KB
1 KB 147ms
146ms Image
image/svg+xml 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://research.openanalysis.net/assets/badges/github.svg
Requested by: Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: d628f183c4edc3762b60c01b60b4b19358dda80f7cb660d08e6b0b326073b8ff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: d304d662e530f057efb7a72c3f9c4837be643459
date: Sat, 11 May 2024 01:00:33 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 0
age: 0
x-cache: MISS
x-proxy-cache: MISS
content-length: 1142
x-served-by: cache-cph2320043-CPH
last-modified: Sun, 28 Apr 2024 21:05:39 GMT
server: GitHub.com
x-github-request-id: D21C:28EC01:26706AF:276A624:663EC32B
x-timer: S1715389233.077028,VS0,VE108
etag: W/"662eba23-7d6"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
expires: Sat, 11 May 2024 01:10:33 GMT

GET
H3 404 THE_LOCKBIT_3.0_RANSOMWARE.png
cdn.discordapp.com/attachments/885652495421030431/997227676190392351/ 36 B
36 B 200ms
55ms Image
text/plain 162.159.133.233
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.discordapp.com/attachments/885652495421030431/997227676190392351/THE_LOCKBIT_3.0_RANSOMWARE.png
Requested by: Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.133.233 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 01:00:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4rvc1RGKS42mJaG4aWr2I3dUVcnaaNV47wN2iWCAZX5KDkBVo8cF0fQwxKm99b8hcq%2B29chwCTliheRFQfKfRwfY%2FOmUADpeY6seSCfkdu4pgf9BILUIPAPBSol9%2B%2BakQcr%2Blw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=UTF-8
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
cf-ray: 881e3b939ea56a76-TXL
content-length: 36
alt-svc: h3=":443"; ma=86400

GET
H2 200 HashDB-IAT_Scan.gif
raw.githubusercontent.com/OALabs/hashdb-ida/main/assets/ 5 MB
5 MB 567ms
422ms Image
image/gif 2606:50c0:8001::154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/OALabs/hashdb-ida/main/assets/HashDB-IAT_Scan.gif

Requested by

Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8001::154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c30bf490ebcf258d6b366afa3da902d4972e5b06ed29b29c37e5621ae2f11760

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: cb7659215c0c0e6bdbe39e21af403ce4569bed41
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Sat, 11 May 2024 01:00:33 GMT
via: 1.1 varnish
x-cache-hits: 0
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 5012256
x-xss-protection: 1; mode=block
x-served-by: cache-cph2320040-CPH
x-github-request-id: B150:28EC35:169D61C:17E381A:663EC32F
x-timer: S1715389233.221471,VS0,VE384
etag: W/"3484c0a37705bf2ee304e8ff1a774abe2db5248d05194b93d9c7f4ef6487afc2"
source-age: 0
x-frame-options: deny
vary: Authorization,Accept-Encoding,Origin
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
expires: Sat, 11 May 2024 01:05:33 GMT

GET
H2 200 9i2aYW7.png
i.imgur.com/ 95 KB
95 KB 223ms
78ms Image
image/png 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/9i2aYW7.png

Requested by

Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

4c5ac0dbdf6bb717da3b03ec21ad6770230e7c0048c5af0d7b07688a26effda8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 01:00:33 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
age: 1205528
x-amz-cf-pop: IAD89-P1
x-cache: Miss from cloudfront, MISS, HIT
content-length: 97228
x-served-by: cache-iad-kjyo7100173-IAD, cache-fra-etou8220124-FRA
last-modified: Mon, 11 Jul 2022 00:55:22 GMT
server: cat factory 1.0
x-timer: S1715389233.222680,VS0,VE1
etag: "a4a5b304fae0e010510ec5039415905e"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: v-eoRUgo30z35Zc9qT1TTfSBERHRqW-LFD2f1Qe4VubO94_2RMbeyQ==
x-cache-hits: 0, 0

GET
H2 200 6w1xoGP.png
i.imgur.com/ 50 KB
50 KB 182ms
38ms Image
image/png 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/6w1xoGP.png

Requested by

Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

9dedb49f3f98b116f303ef6a3088521b8fcf022e779aa3fb8804c2307819da05

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 01:00:33 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
age: 2854296
x-amz-cf-pop: IAD89-P1
x-cache: Miss from cloudfront, HIT, HIT
content-length: 51094
x-served-by: cache-iad-kcgs7200049-IAD, cache-fra-etou8220124-FRA
last-modified: Thu, 14 Jul 2022 22:59:21 GMT
server: cat factory 1.0
x-timer: S1715389233.222714,VS0,VE1
etag: "f7970a366cd4375f5ec1c022f2305a1e"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: _0_Gaan4gXnCVoRjS9DgcF4U0c0i-1Q72hSsLeTg77bYUoUp3E0-3g==
x-cache-hits: 33, 0

GET
H2 200 minima-social-icons.svg
research.openanalysis.net/assets/ 15 KB
6 KB 151ms
151ms Other
image/svg+xml 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://research.openanalysis.net/assets/minima-social-icons.svg
Requested by: Host: research.openanalysis.net
URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 02ef9d85d5cf1081d5abd7f6a71bced5254a6b641aed8258c850a3a9245ce509

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 0411f849c04864399294d399349daf654d6a3fa6
date: Sat, 11 May 2024 01:00:33 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 0
age: 0
x-cache: MISS
x-proxy-cache: MISS
content-length: 6282
x-served-by: cache-cph2320043-CPH
last-modified: Sun, 28 Apr 2024 21:05:39 GMT
server: GitHub.com
x-github-request-id: 8DD2:32A7D1:24FD3F3:25F6DBB:663EC330
x-timer: S1715389233.084072,VS0,VE113
etag: W/"662eba23-3a99"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
expires: Sat, 11 May 2024 01:10:33 GMT

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/ 78 KB
79 KB 48ms
48ms Font
application/octet-stream 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
Origin: https://research.openanalysis.net
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 01:00:33 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1289768
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 80148
last-modified: Wed, 15 Jul 2020 18:15:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f0f47d3-13914"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pn61sGGwGxArAkIyU%2B5AJdPgBGLQm3AzRES8FUuQUCPaBQb5R6M8vzo4gijgwZ5vWbfJtyX3TJprPcw9eGq0bSC7HMsT93FK%2BlT2lPbT5AkqTTpfGOaJDUNRXjyYUBZDN%2FY0c2Xm"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 881e3b93adb81c36-FRA
expires: Thu, 01 May 2025 01:00:33 GMT

GET
H2 200 favicon.ico
research.openanalysis.net/images/ 2 KB
2 KB 151ms
151ms Other
image/vnd.microsoft.icon 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://research.openanalysis.net/images/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 36c8bbf98bdc49a0f69f3b192d927dfbdb5207a654b58685289ef23ab938ff63

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 85018ade18594a4df11599c5a76a0c73c22e3e8e
date: Sat, 11 May 2024 01:00:34 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 0
age: 0
x-cache: MISS
x-proxy-cache: MISS
content-length: 2212
x-served-by: cache-cph2320043-CPH
last-modified: Sun, 28 Apr 2024 21:05:39 GMT
server: GitHub.com
x-github-request-id: FAD4:31B68F:156D977:15F5E4E:663EC32A
x-timer: S1715389234.922188,VS0,VE113
etag: W/"662eba23-8b8"
vary: Accept-Encoding
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
expires: Sat, 11 May 2024 01:10:33 GMT

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| wrap_img

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.discordapp.com/	1970-01-20 20:29:51	Name: __cf_bm Value: OmnsJcRS.S85D9D.RcxLkFyoqHPNiN89mN_bxy_oD4w-1715389233-1.0.1.1-_FRzX4aKAS9Rn2bqv1xrxRaJxRiO7xecZK0c1nVpqXTq8vXYJKiG4lK.WgHUy9yDPsACJRy2.XN7QIYrOZsqOQ
			.discordapp.com/	1969-12-31 23:59:59	Name: _cfuvid Value: wR.sOKINHtWESTX5Gb0p0WXL72DbkJ_G2VgOiHENC.4-1715389233239-0.0.1.1-604800000

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://research.openanalysis.net/lockbit/lockbit3/yara/triage/ransomware/2022/07/07/lockbit3.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://cdn.discordapp.com/attachments/885652495421030431/997227676190392351/THE_LOCKBIT_3.0_RANSOMWARE.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.discordapp.com
cdnjs.cloudflare.com
i.imgur.com
img.shields.io
raw.githubusercontent.com
research.openanalysis.net
104.17.25.14
162.159.133.233
172.67.173.89
199.232.196.193
2606:50c0:8001::153
2606:50c0:8001::154
02ef9d85d5cf1081d5abd7f6a71bced5254a6b641aed8258c850a3a9245ce509
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
3102e7ea421c5b383635d9bc26c72442fedf142cbc2ffd1b4996ab66bd5dcd0d
36c8bbf98bdc49a0f69f3b192d927dfbdb5207a654b58685289ef23ab938ff63
4c5ac0dbdf6bb717da3b03ec21ad6770230e7c0048c5af0d7b07688a26effda8
7520646fc7e1337f44f20886643f665d18dd11127ac82dcae77f772d9ccb4d33
9325c2c2b48973fc84a9f25ce5df3a59f9dd2989e1cc97840e48aded1b8ab14d
958b273c7907e71e100edb668de5e9c220130dc4a10c483cac9f90d43f111c85
9dedb49f3f98b116f303ef6a3088521b8fcf022e779aa3fb8804c2307819da05
a6d9fee6f4b9c5e9ac913a6d415b194bc16e151168f5c76de301e6e01f1eab39
c30bf490ebcf258d6b366afa3da902d4972e5b06ed29b29c37e5621ae2f11760
c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65
cbfc31ced385e704856825a95b1b4646f73d6d09c8a12be51f56d1395e16f9a3
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658
d628f183c4edc3762b60c01b60b4b19358dda80f7cb660d08e6b0b326073b8ff
e85c012e50453d8f6df10075c60e872e24bdf889707b51462d3af8292d74691f

research.openanalysis.net Open in urlscan Pro 2606:50c0:8001::153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

5240 kBTransfer

5719 kBSize

2 Cookies

18 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

2 Cookies

3 Console Messages

Indicators

research.openanalysis.net Open in urlscan Pro
2606:50c0:8001::153 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

5240 kB
Transfer

5719 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions