www.uptycs.com Open in urlscan Pro
2606:2c40::c73c:67e2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
Submission: On April 28 via api (April 28th 2023, 2:09:36 am UTC) from TR — Scanned from DE

Summary HTTP 111 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 37 IPs in 3 countries across 33 domains to perform 111 HTTP transactions. The main IP is 2606:2c40::c73c:67e2, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.uptycs.com.
TLS certificate: Issued by GTS CA 1P5 on March 27th 2023. Valid for: 3 months.

This is the only time www.uptycs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	2606:2c40::c7... 2606:2c40::c73c:67e2	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1 2	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
5	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a04:4e42:200... 2a04:4e42:200::622	54113 (FASTLY) (FASTLY)
2	2606:4700:10:... 2606:4700:10::6816:e17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.35.237.151 23.35.237.151	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2606:4700::68... 2606:4700::6812:f0f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
10	23.36.162.208 23.36.162.208	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
1	65.9.95.121 65.9.95.121	16509 (AMAZON-02) (AMAZON-02)
4	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:212... 2600:9000:2127:2800:15:a0d3:77c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700::68... 2606:4700::6812:19c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8ace	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:69c7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:65ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:d6f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:212... 2600:9000:2127:9e00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	52.222.236.63 52.222.236.63	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:d2f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:14::1724:a244	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.202.10.197 18.202.10.197	16509 (AMAZON-02) (AMAZON-02)
6	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	52.19.23.51 52.19.23.51	16509 (AMAZON-02) (AMAZON-02)
111	37

34 2606:2c40::c73c:67e2 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.uptycs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7daf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:e17 (United States)

ASN13335 (CLOUDFLARENET, US)

my.hellobar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.237.151 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-151.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:f0f (United States)

ASN13335 (CLOUDFLARENET, US)

2617658.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.36.162.208 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-208.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-121.prg50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:2800:15:a0d3:77c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:19c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ace (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:69c7 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:65ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:d6f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:9e00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-63.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d2f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:14::1724:a244 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.202.10.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-10-197.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.23.51 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-23-51.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	uptycs.com www.uptycs.com	3 MB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 12305 c.6sc.co — Cisco Umbrella Rank: 16337 ipv6.6sc.co — Cisco Umbrella Rank: 13024 b.6sc.co — Cisco Umbrella Rank: 7606	15 KB
6	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	302 B
5	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 6729 forms-na1.hsforms.com — Cisco Umbrella Rank: 12260	4 KB
5	hubspotusercontent-na1.net 2617658.fs1.hubspotusercontent-na1.net	142 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 733 www.linkedin.com — Cisco Umbrella Rank: 779 px4.ads.linkedin.com — Cisco Umbrella Rank: 6554	3 KB
4	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 8845 track.hubspot.com — Cisco Umbrella Rank: 4128	2 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 3809	16 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 189	351 KB
4	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2353 m.addthis.com — Cisco Umbrella Rank: 2342	217 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 344	63 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 899 script.hotjar.com — Cisco Umbrella Rank: 1171 in.hotjar.com — Cisco Umbrella Rank: 2738	72 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 7456 forms.hscollectedforms.net — Cisco Umbrella Rank: 7895	26 KB
2	hellobar.com my.hellobar.com — Cisco Umbrella Rank: 27393	75 KB
2	wistia.com fast.wistia.com — Cisco Umbrella Rank: 8041	10 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	158 KB
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 1180	94 KB
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 7215	161 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 912	394 B
1	t.co t.co — Cisco Umbrella Rank: 584	378 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1867	157 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1604	375 B
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 2757	769 B
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 8194	22 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 3866	21 KB
1	clickcease.com www.clickcease.com — Cisco Umbrella Rank: 13694	54 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 9097	662 B
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1749	8 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1365	5 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 964	15 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129	455 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1718	254 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 681	1 KB
111	33

	Domain	Requested by
34	www.uptycs.com	www.uptycs.com js.usemessages.com
8	b.6sc.co	www.uptycs.com
6	www.facebook.com	www.uptycs.com
5	2617658.fs1.hubspotusercontent-na1.net	www.uptycs.com
4	forms.hsforms.com	www.uptycs.com js.hscollectedforms.net
4	js.hs-banner.com	www.uptycs.com js.hs-banner.com
4	connect.facebook.net	www.uptycs.com connect.facebook.net
4	cdnjs.cloudflare.com	www.uptycs.com
3	track.hubspot.com
3	s7.addthis.com	www.uptycs.com s7.addthis.com
2	px.ads.linkedin.com	2 redirects
2	my.hellobar.com	www.uptycs.com my.hellobar.com
2	fast.wistia.com	www.uptycs.com
2	www.googletagmanager.com	www.uptycs.com
2	unpkg.com	1 redirects www.uptycs.com
1	content.hotjar.io	script.hotjar.com
1	in.hotjar.com	script.hotjar.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	forms-na1.hsforms.com	www.uptycs.com
1	script.hotjar.com	static.hotjar.com
1	analytics.twitter.com	www.uptycs.com
1	t.co	www.uptycs.com
1	alb.reddit.com	www.uptycs.com
1	px4.ads.linkedin.com	www.uptycs.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	app.hubspot.com	www.uptycs.com
1	js.usemessages.com	www.uptycs.com
1	js.hscollectedforms.net	www.uptycs.com
1	js.hs-analytics.net	www.uptycs.com
1	www.clickcease.com	www.uptycs.com
1	ws.zoominfo.com	www.uptycs.com
1	static.hotjar.com	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	j.6sc.co	www.uptycs.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	z.moatads.com	s7.addthis.com
111	44

This site contains links to these domains. Also see Links.

Domain
www.prnewswire.com
www.linkedin.com
twitter.com
www.facebook.com
2617658.fs1.hubspotusercontent-na1.net
www.trellix.com
github.com
www.youtube.com
www.addthis.com

Subject Issuer	Validity	Valid
www.uptycs.com GTS CA 1P5	`2023-03-27` - `2023-06-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
fast.wistia.com GlobalSign Atlas R3 DV TLS CA 2022 Q3	`2022-09-28` - `2023-10-30`	a year	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
6sc.co R3	`2023-03-11` - `2023-06-09`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-12` - `2023-10-08`	6 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-02-04` - `2023-05-05`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
clickcease.com Amazon RSA 2048 M02	`2022-10-27` - `2023-11-25`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-02-24` - `2023-08-06`	5 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-19` - `2023-10-15`	6 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2023-03-02` - `2024-03-30`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
Frame ID: A9839C835E92F8C2D92A962786E3DB26
Requests: 113 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 0F86864DEBC5CA792139576BC5DDA187
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: D747BD8E4EAB1488CA013B4E81BF69A5
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: DAE6A2A7164F0AAF4E6691B79D46D052
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 6479E102C02334A5A18CF52AB9432868
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: BB2E8CC241C5194E8C42ECEAC0282B0D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RTM Locker Ransomware as a Service (RaaS) Now on Linux - UptycsFacebookTwitterEmailLinkedInPrintFacebookTwitterEmailLinkedInPrint

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AddThis (Widgets) Expand

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/

Page Statistics

111
Requests

97 %
HTTPS

68 %
IPv6

33
Domains

44
Subdomains

37
IPs

3
Countries

4484 kB
Transfer

8521 kB
Size

28
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://www.prnewswire.com/news-releases/uptycs-named-a-representative-vendor-in-the-gartner-market-guide-for-cloud-native-application-protection-platforms-301779063.html
Title: In the News Uptycs Named a Representative Vendor in the Gartner® Market Guide for CNAPP

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%201.png

Search URL Search Domain Scan URL

URL: https://www.trellix.com/en-us/about/newsroom/stories/research/read-the-manual-locker-a-private-raas-provider.html
Title: Trellix

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig.%202.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%203.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%204.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%205.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/FIg%206.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%207.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%208.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%209.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%2010.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%2011.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Figure12.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Figure13.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Figure14.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%2015.png

Search URL Search Domain Scan URL

URL: https://github.com/Hildaboo/BabukRansomwareSourceCode/blob/main/esxi/enc/curve25519-donna.cpp
Title: Babuk ransomware

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Figure16.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%2017.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%2018.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%2019.png

Search URL Search Domain Scan URL

URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Fig%2020.png

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/uptycs/

Search URL Search Domain Scan URL

URL: https://twitter.com/uptycs?lang=en

Search URL Search Domain Scan URL

URL: https://www.facebook.com/uptycs/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@uptycs

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js HTTP 302
https://unpkg.com/@lottiefiles/lottie-player@1.7.1/dist/lottie-player.js

Request Chain 77

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1682647767808&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1252922%26time%3D1682647767808%26url%3Dhttps%253A%252F%252Fwww.uptycs.com%252Fblog%252Frtm-locker-ransomware-as-a-service-raas-linux%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1682647767808&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1682647767808&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&liSync=true&e_ipv6=AQKssV5j1-xNmgAAAYfFn2NnGZP_HZ-omrlEUjtHNXBVPuEFQQ7KmAOru-lLoDFvP1HutSY

111 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request rtm-locker-ransomware-as-a-service-raas-linux Show response
www.uptycs.com/blog/ 160 KB
26 KB 626ms
75ms Document
text/html 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b445804d19fbb8ee793211ba3654d2c0678cbb4c050ae84d562ab3f7d1e913db

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 7bebc3591fb5371a-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Fri, 28 Apr 2023 02:09:25 GMT
edge-cache-tag: CT-112774722884,CG-2617658,CG-5593128451,P-2617658,CW-105369588578,CW-105720709649,CW-109011094577,E-105237096759,E-105237648739,E-105237674790,E-105237778736,E-105237810298,E-105237812090,E-105237812106,E-105237812592,E-109250214765,E-110303799892,PGS-ALL,SW-0,B-109014284043,GC-106292852859,GC-106293388626,GC-106405915759,GC-106405924729,TS-105237743018
etag: W/"6f821759cbec25d3ca6bae9290bdfc5e"
last-modified: Fri, 28 Apr 2023 00:07:00 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FZxIs35Aj25e11oKVUU9LWGGtvdPUKmRpwI8ChWO3TvpeU1g2Veav4l9yVbaWbdFPzmnDmERyHEA9EuSjcru0j3Cv8tsA0u7pkR%2FB6ye0ObB6iA24IkcKDsgEQqX7Ty%2FTYgM7Uau8cpQkOTm"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-campaign-id: 0dda784b-30ea-4a42-bc02-c3472e373b7d
x-hs-content-id: 112774722884
x-hs-hub-id: 2617658
x-hs-prerendered: Fri, 28 Apr 2023 00:07:00 GMT

GET
H2 200 index.js Show response
www.uptycs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
4 KB 67ms
66ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 60e71fe7e3db53eea86ce8b59ae62a6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
age: 115208
x-amz-cf-pop: BRU50-C1
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVfr93dyG4XZMByNHQQ5GBmLgXWkupAgRDHWmy4RCL5lsErJHsZmXwr16qbNtte2kJ0BfX4JICMal4BA%2FNygcxGaAUUp9V93vvb34WsmQLsXBec35jyUcVxkm%2Be7bJ8dWCA7XbDTLClcAmls"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bebc3599801371a-FRA
x-amz-cf-id: yxA09aq9s4B6PmpV6dl_-DYEUIs917gb4fJZ2aDCFGxwJJcp2hpepQ==
expires: Sat, 27 Apr 2024 02:09:26 GMT

GET
H2 200 project.js Show response
www.uptycs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 63ms
62ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 3d58896f901dbeed449603f5d2b4d9f0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
age: 7418824
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XgrO%2Fbm6L7gNzDwVyW%2FCWVRMHsTgwtxfluLHJPumU8djazenVl8t%2B7yjUEEhpKCdwAk2gkW10vs%2Ba2erUhdwbtHnBt3ggYrJgLYw%2BAIb6orvfr7orN%2FtPuCaHMlE9tBhbt8yyFJBiSU9qsjM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bebc3599fff371a-FRA
x-amz-cf-id: ZmuEZCCdZrm5xyAia8nJAfKJsHaYaoSZxaKdSs-yqLaOz8YTH1JBVw==
expires: Sat, 27 Apr 2024 02:09:26 GMT

GET
H2 200 v2.js Show response
www.uptycs.com/_hcms/forms/ 524 KB
170 KB 106ms
106ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cbba247ca6de6962085423c671b17bd76d58692e32e8e40ad808a12e27bbeab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
age: 317
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3102/bundles/project-v2.js&cfRay=7bebbb9a558d1905-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"250bc2c0c0e298494335c72c83b09e23"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3102/bundles/project-v2.js
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 f37f104903bda438e8b0547be6e0c192.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5gHIUZSUvmnzlEXn3ZiYc88hx3wrAZ6P
x-amz-cf-pop: IAD89-C3
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 59e92f56-64b7-466b-9746-a7d3625853b2
last-modified: Tue, 25 Apr 2023 11:31:17 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3QFwgiQp6OiCzcS2Hw6MiCr4grviYfdGv9eLn8rLjFockOYjFsXyVznDgVCdrj7cA1oH%2FxJ957DjhxDRTM3Ng8cfszPbTnBG5SFTKlE3QNeqjWvFRCygMIoRxFX5epedwAKR%2BcQLPFnjpil"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-cssjl
cf-ray: 7bebc3599800371a-FRA
x-amz-cf-id: Y8nH3uSp5BhmApV3NSARPwUTYBszLi8rq0WxZHoAtjhvvQe35rVGpA==

GET
H2

200

lottie-player.js Show response
unpkg.com/@lottiefiles/lottie-player@1.7.1/dist/
Redirect Chain

https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js
https://unpkg.com/@lottiefiles/lottie-player@1.7.1/dist/lottie-player.js

359 KB
93 KB

54ms
54ms

Script
application/javascript

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@lottiefiles/lottie-player@1.7.1/dist/lottie-player.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24f64aff27b1368441f0ef15311dc5e2dde4f3b6406d1b9a73cd60525f812bf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7226176
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01GRBEH36TKW3P0BB0ZTH2P8WW-fra
server: cloudflare
etag: W/"59a07-9+ZSgdYoXPYwDfF2oh5cz4L42Ds"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7bebc35a7aa81919-FRA

Redirect headers

date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01GZ2SW1M819RD8B7Y2QDKT83F-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 86
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /@lottiefiles/lottie-player@1.7.1/dist/lottie-player.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 7bebc35a2a751919-FRA

GET
H2 200 lottie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/lottie-web/5.7.14/ 262 KB
56 KB 133ms
50ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/lottie-web/5.7.14/lottie.min.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91fcd16ee338ec3a811b01a394e49fadedb6414173b4e70c1def946e36ed1b96

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 9843380
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 56224
last-modified: Tue, 12 Oct 2021 07:34:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61653a70-dba0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XsJ%2BPQiWb2C%2FlIrTD%2FrFyLcx8XK%2BVKT9BiP9ix6k0Hu7fflhFuHfeepV2tdXr2yotrXJvdFHEVSgLJ3VSTGMetiC2eAkMj7cBFtqAxBiJGuacelXp%2Fyyk9cTZb1nWO6XWmN7rr5O132cZw0tkxtdLVd9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bebc35a2ec72c36-FRA
expires: Wed, 17 Apr 2024 02:09:26 GMT

GET
H2 200 jquery-1.11.2.js Show response
www.uptycs.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 66ms
65ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 0a4e8f7c3d348e526848328c55dd452a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: null
age: 7418721
x-amz-cf-pop: FRA56-C2
content-encoding: br
x-cache: Hit from cloudfront
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZchjFUsEKjdToj80ZV0L87%2FtqeRxZNJz68pu2RIVImrxIwtO0K3vlONZy6Tbl7k%2BVBDpWmZRhAgqhrqvFfm9KLItd8ELWMn3ZJYlN9bfqwZmuPQEYDefcpjEN0HW%2BjHlqAzCtff2lse%2BERvk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bebc3599804371a-FRA
x-amz-cf-id: I4EK0lyH3llpn9yJkXDgwMLk66f7QrcaA_f1Jmda37csaeEcRwWXBQ==
expires: Sat, 27 Apr 2024 02:09:26 GMT

GET
H2 200 jquery-migrate-1.2.1.js Show response
www.uptycs.com/hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/ 7 KB
4 KB 107ms
103ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/jquery-migrate-1.2.1.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 13140684c599ca32163cf7ec1871cebc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: null
age: 7418721
x-amz-cf-pop: FRA56-C2
content-encoding: br
x-cache: Hit from cloudfront
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"eb05d8d73b5b13d8d84308a4751ece96"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HuPh6zJ%2F0W6Z9OGMWJ6hrsKzye44u4QxGkjW0v9JbZYCL5HCtqC16dEgrCgJVHsqf5GEsjGz15O5rmpicoJ%2F8ZODBJlC4tdKChqOOBBfvoDqBxtqLOVm3PhxyY0FbPwNAjB6kEvOxOzTdu5C"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bebc359a809371a-FRA
x-amz-cf-id: vs9iyqS-s2Xj6akGV1tUECXtCU6EQZR9n-7ij5xmx_aNM4oPCZXS3w==
expires: Sat, 27 Apr 2024 02:09:26 GMT

GET
H2 200 main.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237096759/1682488402554/Uptycs_Theme_2023/css/ 188 KB
35 KB 108ms
104ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237096759/1682488402554/Uptycs_Theme_2023/css/main.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

508d1edc6c86efaaadff8a8b8fbdb3a14083b01246b0e9a8b136ddc84ba4974b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
age: 1528
x-amz-request-id: 84FYDFVEA9HDR84C
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"190ffb1cf3f8fdba7ed1c51bb3090338"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682488402554
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 7b32163caf7e91fe96df7bbeaa58c0f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: WHbzqQo716fr2wqYksQJEQnuaLDRJQ.x
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 138
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: jv7sv91X4Yms1Ab7mFrWhJ64nIcMyc5Mz1dZgZhAQftg8LIjIeeiQe/g2F4BYWG47LdqhGZr1EGB5GtShkq0Q2vOO5KEhXOxRIo51NW5SQI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 115c13f7-75c4-4cc4-ad63-874dd2fe321d
last-modified: Wed, 26 Apr 2023 05:53:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b3Nf0GlqmI9J2HyY0tI7KPVgbdbrmRp6Yca9YMvyDrtvjIiaxxIFL6eRz%2FegqvEC5Z%2Fpwj5hlW%2B3HiuWIwH9POfCt4PAfPWgZdyCz02%2FT1TjsDGfjkcAE0Uwy6vPxkfCajSA0Hq1yWMwi%2Fkk"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-w6tv2
access-control-allow-credentials: false
cf-ray: 7bebc359a806371a-FRA
x-amz-cf-id: xCAb7FxBMo5HSIcMZq45Anpyp_7SvozaAzDobLkUKFrSHMUy-a72HQ==

GET
H2 200 blog.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237812106/1682612637347/Uptycs_Theme_2023/css/templates/ 36 KB
9 KB 76ms
72ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237812106/1682612637347/Uptycs_Theme_2023/css/templates/blog.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbac6ecb43f12d7331cdccc70a56b22718d8f35dab5fbcb7f0978507c91bf1fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
age: 1528
x-amz-request-id: 3849KK0YWMKN26FH
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"e6b42a3447d9b1a8a031f65971669267"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682612637347
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: euUlul0bGnApbbMlAj5cdOkNHn82Y0Mh
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 149
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: UWZ9wQF44nSaVvAZDctDYMFdzm2xeTrxBaAhK2tSVKBUOf0tXsWs4maNN/+ktLgg56dmwFod3ktM7jDgic4VssjaFPK/F5Jm0PQeWD0RMzE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5c054a98-b7b6-451b-9038-60e7614b814b
last-modified: Thu, 27 Apr 2023 16:23:58 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FQHitnMEYMYGVMryYsabyZRmKFSaWZTIyt7FJpul6%2FHH1sS2AhYeFBbQvQo3K0jPX6m6iOU6JSVCTIZVXiV%2BC3W0LPQs6sC8ZxLik%2BrsUB%2BgXCBvuay661D1NrGCo8lxZkif5Y0Li30%2F1Cum"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-hlzsf
access-control-allow-credentials: false
cf-ray: 7bebc359a807371a-FRA
x-amz-cf-id: CAgOAmEXKMjYWfewB0h39p-Pij7xzujhtCjyersQrC5iJPi6VmsgsQ==

GET
H2 200 theme-overrides.min.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/ 26 KB
6 KB 103ms
99ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e323a3bf913040ce64061d772773acb0bb08c19c7e69c056b6fcfbdf12f525f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
age: 1527
x-amz-request-id: BMMBP86CYW85XJY0
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"174b8eb2ba65ddfd3002bb51f0ffe065"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682460995425
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 5195de19cbc5ce842ac6538e9a6850ca.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: AiF4wyLkU5NKj4pmHh3kueEph9ecESFg
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 99
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: MiPnG2sSt5lQblTqnSFpagBtjxFKERvocUU9fxpxvmjgS1tZM3oauiS9wS+NDjHQvDbtOpLe4IM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: f3bde7ad-62a0-4a2b-b934-ddaaa8108560
last-modified: Tue, 25 Apr 2023 22:16:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ipUfZ3Z8gRRTIwYLI3D0mM2FyNxCyp1Y7i9jDzoMY88mXYInedOvAYGtZIBcSESGlbZf1CNDk5YZHc07ceWGt%2FZ%2FWKQJSaXgCSLC7ZCfoAYRG0GWzvBdg06Uh%2FIzFxWk6MJ1hTVlXaxS8CXY"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-xxvc6
access-control-allow-credentials: false
cf-ray: 7bebc359a80a371a-FRA
x-amz-cf-id: HS2axi0W_Wpqx__BqSRzOdklV-MOB8iKSKblGwfIpr1qCfFqYGhkcQ==

GET
H2 200 uptycs-custome-style.min.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/110303799892/1682488219602/Uptycs_Theme_2023/css/ 7 KB
3 KB 101ms
99ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/110303799892/1682488219602/Uptycs_Theme_2023/css/uptycs-custome-style.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

92b6882a6f1f89eaea5cd62363f34180267d117487929efc8e050c20cacc5174

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
age: 1528
x-amz-request-id: H0C80FXZD60ZNEM0
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"4d34062fc6bdbe0bd26f0e05ac925dde"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682488220572
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 1448f69604d5be1f9c9f0c64cfa90594.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 8yJLtMAlHY9pLb54W.QSz0oA_IGEGJiV
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 235
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: aOqTMAlv9KQjPMisAg4s1WrPNESDknX1Zn+CsNwqX68F1+6DvKSWUMCDJReW7MtRVGOGm3WB76A=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 87451e61-f992-4494-a93d-25387d71bce9
last-modified: Wed, 26 Apr 2023 05:50:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BisGxojYwL7PYCo4NWgHzzMHSBM28hhvWu3HbP4Bbm9ajDMqOhRix68Mfnus%2F1jw085oldlwV7yowbQO4fNOiCTqQqEk74PttJkiS2QLkRUlJ3fujvRvUHOXf6Fh%2FDcxhe8kao9n6w3KBCjF"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-xxvc6
access-control-allow-credentials: false
cf-ray: 7bebc359a80c371a-FRA
x-amz-cf-id: lpq_EE4l5M3TAUt2cgGvXYr59HDLuUvBRU_AeGVmMmRitCrwLQP6MA==

GET
H2 200 module_105369588578_EXT_-_Header_Module_-_2023.min.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/105369588578/1682272643585/ 94 B
1 KB 105ms
103ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/105369588578/1682272643585/module_105369588578_EXT_-_Header_Module_-_2023.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3799757070241db252436a90cbf25cac68f7e10e7c51580326b01d1a62dc1424

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
age: 1528
x-amz-request-id: WJV5ZFSX6E65ZF36
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"1e74c22cf5629d8ab7f0b04c54fe6106"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682272643585
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: kFSkTEy6UrPCBE9dkmQ6PCfwpnx7LecI
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 136
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: cPtzyhMIceK+s93FMByZLTPRf4U4mxX6XHDhV1/iaqcRZeYFL8PZ24Rka4OHX4+QbRWAqzylygE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: ca3f7b95-5e4d-4560-a7a6-fce30798b540
last-modified: Sun, 23 Apr 2023 17:57:24 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1mr8SLujU7hG01dBF8GjsmbSzUHG84mO6eVzbBQI510gDmL7pKGA4eZU2jtSMjJgV%2F3Utk2CYLV9AJ0aKZOTJnJiG8%2FFlihHpmVV8tdNk9hpiJYDTleR%2FHEN6BfC6vTIs7wHhBRGyTJD80z"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-h7h5q
access-control-allow-credentials: false
cf-ray: 7bebc359a80d371a-FRA
x-amz-cf-id: QMvyqb7X5DGyb6UiBuEVs1rlXwh9fly_QYA6susNaM-psP8hWP9vkg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
84 KB 150ms
58ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FM1R8N7KP8

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

58d19fe480d86efe39999dc40ab4d8b1ceacac9e2e46e6b8abb37903fdd55f58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85820
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 28 Apr 2023 02:09:26 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 179ms
42ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Fri, 28 Apr 2023 02:09:26 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
x-host: s7.addthis.com
content-length: 116390

GET
H3 200 Logo.png
www.uptycs.com/hs-fs/hubfs/ 2 KB
3 KB 63ms
59ms Image
image/png 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Logo.png?width=272&height=80&name=Logo.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0020585c97713430e9ebfd32f3a69f2c89dc6d880fa1a18eff64337984b624f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-106883654926,P-2617658,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2202
cf-resized: internal=ok/m q=0 n=842+0 c=0+3 v=2023.4.1 l=2202
last-modified: Fri, 17 Mar 2023 09:13:22 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfvRZ75P8xraLZIXLezWsgepK0qbrdEcZQRpAQZLVwDQ:d278421bd7fefc0c8282dbf672ba6506"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7cnrI7ucbegJUTr2WiQxL0aEhMo8vS3ka5gukBeXk%2B%2BWI2zUfeLAYH5uIl%2BFiQuGXgdYzCZvgG2il9%2BcIZGX8S%2FZ%2B4fN6H3m8wKVUL2dQ451IDBdEuYczntVCtLdCsjOnLETTnvOMe7g92UQ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bebc35c4c7a35f4-FRA

GET
H3 200 Featured%20Image.png
www.uptycs.com/hubfs/ 185 KB
186 KB 1013ms
1008ms Image
image/png 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hubfs/Featured%20Image.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

053dde4fc8556b539b56f7b2fee7c8a420c28e26fc4b25b788f32eb2cb89663d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-112780881495,P-2617658,FLS-ALL
x-amz-request-id: 37F97F20T98CV39Z
x-amz-server-side-encryption: AES256
edge-cache-tag: F-112780881495,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "ae4f50f058e6f3d0afae80cba9852111"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1682458594691
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:27 GMT
strict-transport-security: max-age=31536000
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: GPzFmNshNVS8Kldzi7D6.RPbt1jSMX8g
x-amz-cf-pop: FRA56-P4
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-112780881495,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 189205
x-amz-id-2: jI035h9HFpulLW2QUyGbp9/A/+2WIjpJkmWrgOYb1ZVui2cSyruQ0IJ+tsBAA4EwnbmLoA3xCXw=
last-modified: Tue, 25 Apr 2023 21:36:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yd4jOIm549cqidD8NJA0sBKU7%2Br75tr5DWKxEMD%2BVaqVSg3fbgEY5XtkK6SarKaMUSoXiWr9YMhtYq7SBWJ%2FL%2Bm2M2%2BZyeWp7HusTnqgpZx9m0Z2dr3jrkOeK9g20MGkQQJxBbukLy%2Fgz70q"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bebc35c4c7d35f4-FRA
x-amz-cf-id: RXMVK3XGpgn2xx2Exr7wCJvvrYkway6azqj6-pQaPefb1s24FEzQPw==

GET
H3 200 For%20Restream%20Event.png
www.uptycs.com/hubfs/ 867 KB
869 KB 890ms
884ms Image
image/png 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hubfs/For%20Restream%20Event.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

589790e05dc0929143050861e2404bba1421e281ab17369c76e733fa85b1eff6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-108934005817,P-2617658,FLS-ALL
x-amz-request-id: FCX62M3VEMY10J52
x-amz-server-side-encryption: AES256
edge-cache-tag: F-108934005817,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "e9d9dd96a9c4a0f622c69642f72b7943"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680206588116
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:27 GMT
strict-transport-security: max-age=31536000
via: 1.1 e59bea79ab5f15feda92136bc7b74158.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 098sMC3_pup2u85vF4ELatAC06yK4hsQ
x-amz-cf-pop: FRA56-P4
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-108934005817,P-2617658,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 887970
x-amz-id-2: JtrQ+2Wekm1Kfiqg6GzHAH13LornWQBG29dBsMWYUgSxebwtCQsWhckHg5Guo1n0MsZYgTwYpHY=
last-modified: Thu, 30 Mar 2023 20:03:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2BfhJ7uoPV%2FYW8TqmZ3HwfOTpi19FTX%2FW4tg4x6aN3Lsp8T2JGVP2FwvBtHTWzavTHYSrVV6owyKUy9rYjQROP7W2CB%2Buuhbcs1KMLiE6det1WXyeqUkQnUGLelp2Z3T2QZOPpZrLwq9u5y6"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bebc35c5c7f35f4-FRA
x-amz-cf-id: lo_sLjobKvRs3TYZM_DU-CpYzAE9usl1hToOuqnRc9nNnwtnTW6N_A==

GET
H2 200 swatch
fast.wistia.com/embed/medias/ztu87xpvqc/ 5 KB
6 KB 307ms
57ms Image
image/jpeg 2a04:4e42:200::622
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/embed/medias/ztu87xpvqc/swatch

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

28f6f5f4cd55d3bf96dba95ce5e6acff88e0ef235375d47402aaff335c9e31cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
access-control-request-method: *
via: 1.1 e7e267d22aaab825174c9e30c630f528.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
x-cdn: cloudfront
x-amz-cf-pop: IAD89-P2
age: 302592
edge-cache-tag: 6bb623b79382a3eb04ed2700858dd3e8bee9e568
x-cache: Miss from cloudfront, HIT, HIT
x-envoy-upstream-service-time: 116
content-disposition: inline
content-length: 5449
x-served-by: cache-iad-kcgs7200106-IAD, cache-ams21071-AMS
x-browser-version: 112
last-modified: Thu, 09 Mar 2023 18:29:12 UTC
x-timer: S1682647767.694916,VS0,VE1
etag: k82-TRUQmo8sgf_FXstlhc2l2eI=
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, no-cache, max-age=31536000
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: PCXLTdBMAqPFGw1iHobNrlLPnT4LXYS78vlJLFKR1DitwwU9fkvZBQ==
x-cache-hits: 10, 1

GET
H2 200 swatch
fast.wistia.com/embed/medias/w2f7silpyw/ 4 KB
4 KB 298ms
48ms Image
image/jpeg 2a04:4e42:200::622
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/embed/medias/w2f7silpyw/swatch

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d57f0ca82f50169108be00506dd5964f1a1a61d3ee38e2c40608170abe33841a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
access-control-request-method: *
via: 1.1 0cba74644cedf83bb6fb7dc90d8b0980.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
x-cdn: cloudfront
x-amz-cf-pop: IAD12-P2
age: 302615
edge-cache-tag: aabbc23f572420b1ac6da15bf448650d
x-cache: Hit from cloudfront, HIT, HIT
x-envoy-upstream-service-time: 136
content-disposition: inline
content-length: 3792
x-served-by: cache-iad-kcgs7200110-IAD, cache-ams21071-AMS
x-browser-version: 112
last-modified: Fri, 16 Dec 2022 17:31:32 UTC
x-timer: S1682647767.695021,VS0,VE1
etag: YqFVpCAfQSwM8MNXn5k38_qRZvg=
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, no-cache, max-age=31536000
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: mq3yWjnUtGESL-7JVvS5MOGDPF_avVWxI9YgKKO2iQWo6ZkvCSpFTA==
x-cache-hits: 12, 1

GET
H3 200 AWS%20Security%20Software_Graphic%20Badge_v2.svg
www.uptycs.com/hubfs/ 43 KB
17 KB 67ms
62ms Image
image/svg+xml 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hubfs/AWS%20Security%20Software_Graphic%20Badge_v2.svg

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a068741b8418ff3a57e863dc542f2fb242ad23952c11ebb09fbfb5a278cc1f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-110862303490,P-2617658,FLS-ALL
age: 153528
x-amz-request-id: XPR15AGRDXG1GNQK
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110862303490,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"5c7713ac6c702752bd2d8d4546136e86"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681411495582
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 fde85e7daa13f95cf6b8f5fa09c62ef6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: O14gPj9vtC53vkK.xD_20UXgU69xsJpW
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110862303490,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: EMGFf0OOrDp9ZUvWVDz4PK/VdXQQz98MQWEB9h+WpzX6jXHCoAJJxp9OZAnXlifdUv0byBB2bGs=
last-modified: Thu, 13 Apr 2023 18:44:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aI2C5G%2F%2BEME6nYbv6RbgyaEn7hFxg%2BBa0NOd4%2BtGP60v%2BAUMTriYbEt1yujfEQ2tPpAyV2mUPKqFVLLRJ%2Fho1Wjoozw9mAjiJA6r7nMwuyTUeIis80C0T2x8a9f%2Fyl0qr8w817%2BHSxVQYbRJ"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bebc35c5c8035f4-FRA
x-amz-cf-id: JoyOPkh338Tc9bvCXgymLaUwjsx1RzzD2Kt_PQZabyoT5H-oRjCE_g==

GET
H3 200 AWS_Graphic%20Badge_v2.svg
www.uptycs.com/hubfs/ 14 KB
7 KB 65ms
59ms Image
image/svg+xml 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hubfs/AWS_Graphic%20Badge_v2.svg

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

21f25c0486d370e7c9ecb62c96685617fb254fd8ba3ea4985f0f600cce68e317

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-110862969410,P-2617658,FLS-ALL
age: 252296
x-amz-request-id: 3GJ07BGAQ2WYD2WS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110862969410,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"8789a631dcf92ab685140976716c3a41"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681411458012
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 9ccf0420be8414e77edc70962db79938.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: B1w4d.KCrpqFqJXOdCMvcHU9xG2Xq05_
x-amz-cf-pop: ATL59-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110862969410,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: nZi8NT5df3+xePekji70bvWTMknKQ3r0JjSGYxsVxZOk2gI+8a0Fb8ToflSUg3ObGpGzhgeuwFk=
last-modified: Thu, 13 Apr 2023 18:44:19 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bg6kAP64G5pzEKRkVjmLdvUOf3o0mQO6OzwBTQDba%2F8kPYL5K%2F0aXIpY0c%2BAU15tbVRbOAmFuAvENg2UwZvGlVra%2F18bhQeE9o9sGcg8barYitCtyhv5E5rHwEFgu8dHGaukcSesTshyMoml"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bebc35c5c8135f4-FRA
x-amz-cf-id: wurjROKbV8iUDvZgBQbyDZyGMt_RZRQqUNOSd-zSwGJmWFgR6oOo_A==

GET
H3 200 AICPA_Graphic%20Badge_v2.svg
www.uptycs.com/hubfs/ 110 KB
78 KB 74ms
68ms Image
image/svg+xml 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hubfs/AICPA_Graphic%20Badge_v2.svg

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ba9ebd0651f0396e50654d49d9cca8139b25f32952b08cee61b00057874bb2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-111058676253,P-2617658,FLS-ALL
age: 153527
x-amz-request-id: H00JK1PCBCM9FHNB
x-amz-server-side-encryption: AES256
edge-cache-tag: F-111058676253,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"de419b008fb61b889a87e70d1439419e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681508342508
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ZgnebF6aJMQ66jLGNJzVMieq7GwP6Cdk
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-111058676253,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: dVcJ/CpQVf9v0yfU5m6jKpzg30hP42cQWn8KEKTz6i1CElO4FRDqWyadwwlujJJgYVxws8srPxs=
last-modified: Fri, 14 Apr 2023 21:39:03 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fn7XI5Ylxgq4bEorPko%2FUCv14zxGcU31gpS2HwTnngp9Jt5CvwXwS6g0XOcnj1YFDp4nFNYllFMiYgcxDWXUs%2F0e6ihe2HIryR7jjNvjrC8ZfHid9IXY94FDjXlay0p0KWpdL4zf4DQnpi%2FF"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bebc35c5c8335f4-FRA
x-amz-cf-id: aJd7XOENbYNyo5HDxMRGUm7cyNg55j7gO_56gM85nEYdsqdQ3axoqQ==

GET
H3 200 Plugin-script.min.js Show response
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/109250214765/1680515510267/Uptycs_Theme_2023/js/ 359 KB
95 KB 68ms
67ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/109250214765/1680515510267/Uptycs_Theme_2023/js/Plugin-script.min.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

16a71983d829c9a944751c1a412fd15ca9a24c61f5482d866ae2b92ebad42160

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
age: 1527
x-amz-request-id: 0BNZRSDQZ6617KTT
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"199ad667f08f5b1de55b888b095b3cc4"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680515512531
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: qlz.yfFtRSzAsAB9pJbHBa4DE8TB.iD7
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 120
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: TQ/eHa9NLPycXkcxhQnqISKa/dTksrO6gJsdUYnaxc5eNJe5tPZrlhb6klpfSxKO+kkiuRENieQ=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1df89d68-3fa8-459f-bdd4-a82953bc1b48
last-modified: Mon, 03 Apr 2023 09:51:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cn3G%2BEdy5lPVQTQcWrsmRHD8%2Ba2Eq3eDRWJ6Mj0TcTQyc6bQTCfpI69HiKD1qstkikEG78GzL9KtSqARdNNAmhxgQgMTLOxmEF14tvi9rAkpOQiw%2B1QEUZm4MFrTW7NonTtCrEvptAYbOgY4"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-w6tv2
access-control-allow-credentials: false
cf-ray: 7bebc35b2b8635f4-FRA
x-amz-cf-id: F2LK1KevfbUTukWx3S54DQGN_WutDZZrd1zSak_7O2ORz8rZYbayPw==

GET
H3 200 main.min.js Show response
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237812090/1681370928509/Uptycs_Theme_2023/js/ 48 KB
14 KB 359ms
359ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237812090/1681370928509/Uptycs_Theme_2023/js/main.min.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

269ecb0a4ca3a19ea5356891a708984db842b1a1b9015b0f023935799ad64512

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: 87E1DA0AM5DA0S9J
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"d4ca1cc9ec67ab024c5bf417414d27a6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681370929116
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 5195de19cbc5ce842ac6538e9a6850ca.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CdWFwEhFb1JhTKKtc6Sio8uOx8de.vlR
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 117
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: i5tM2wLnAm3eEg00arkbmOWTVLulG8JZFFMVjCJyt9mbqt7Xji2PkhQeI+5+TJW3RvHp1SwA2as=
x-request-id: d1871a8a-1be6-4441-8150-097b5c65031a
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 13 Apr 2023 07:28:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ZmJT8ddU8sGnl2SteeSZI%2BpM8uhviwd8CTnXXap20C0d9IKhd7p%2BtzkduzkNfDzN6gMZNYuF4oe17WCp8ELwuFQLYJOx035wlI1XM25u9jbxv4DcN5zpq0WepQcyT7SKHLKXr%2ByAUNthAru"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-xxvc6
access-control-allow-credentials: false
cf-ray: 7bebc35bfc3435f4-FRA
x-amz-cf-id: 3GWNOgzI7NkH2f5AK1jV_SdoUFEqOxM_19MvXcPsSWZXOVc_Dbq9XQ==

GET
H3 200 2617658.js Show response
www.uptycs.com/hs/scriptloader/ 2 KB
1 KB 309ms
303ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs/scriptloader/2617658.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8579d7cdfc6e955656a78873fb2656de5446083f3aec2112b9ffd3e7fc252f76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 4ca7c45b-2ea3-46e4-829a-045ac57b1ef2
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 27 Apr 2023 23:54:27 GMT
server: cloudflare
x-trace: 2BBBB9623F84E3E6BEC3824163321FFA6389FB666D000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.uptycs.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKJWbWKJdvqt6SIZ%2B3erSeoeZGjC2CZE%2Byx8tHusGJ%2F5Se6D0okY3D62I%2BIwi0aCtPki0Mbq7LzgamQTK4on3C95K%2FAZvr1oAOZWlXn1SmyNPvcoxBN3XsVwBn2fa6MTr6iEuh%2B4WrHs4ily"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 7bebc35c5c8535f4-FRA
expires: Fri, 28 Apr 2023 02:10:26 GMT

GET
H2 200 c42c9a8680c89010c1c5214aa9b2bbbca8b38118.js Show response
my.hellobar.com/ 2 KB
1 KB 360ms
249ms Script
text/javascript 2606:4700:10::6816:e17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.hellobar.com/c42c9a8680c89010c1c5214aa9b2bbbca8b38118.js
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:e17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9cdbd459a46d084aa2f638e774122f24e1de189c7c341701e556c8b750980b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
content-encoding: br
cf-cache-status: REVALIDATED
cf-bgj: minify
last-modified: Thu, 27 Apr 2023 10:14:44 GMT
server: cloudflare
x-amz-request-id: DRSC3FGD365TVTAG
etag: W/"313035a8ecf6e089949ca664ed9d54d8"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=86400, must-revalidate, proxy-revalidate, s-maxage=10
cf-ray: 7bebc35cff2e3827-FRA
x-amz-id-2: 6FuuVeeokBTVR0zRlaBUAVSC4164/1NU1/U2qdA5MHerCRehAcGRycq9lANH8FUZi941/IHAd88=

GET
H2 200 slick.min.css
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/ 1 KB
716 B 93ms
92ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50ad448a8a5720bf8a5617db15af31ae60163de06331576f60c6244c012ffc72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3110176
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 394
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-559"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BWJ4SzCH%2FWvuIrrLFnjKle0LW6i7IFjKTgyGI2RQ4eNHPbg7lYD%2By81xuIblQmZkrDrrL3rrbojz2BKXj%2FvwtudtJuMKZnMiHo89PI9kUEhfNq1%2FXd4S97rFCHDXqBGYBLGX7Ra%2FYW2iScqVM3BzfnaN"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bebc35b6fa42c36-FRA
expires: Wed, 17 Apr 2024 02:09:26 GMT

GET
H2 200 slick-theme.min.css
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/ 2 KB
1011 B 52ms
51ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick-theme.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e21aa5b0d3fd28cebed9e03c5544f4924e11b0c453792ed018720cf8c679b0b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6235575
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 657
last-modified: Mon, 04 May 2020 16:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fd5-956"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WpzkdM3nTuisL8RhKuUtJOo7aQ3UtP4Shp6w9EWnM7Psdh2LmltXM5tMBYX2AhN6NtxymE5EAcz8Cx9uq857xxWCcYxrNBl4bmQ1SIPC2SgHvG7NICHKLHCzzcuCR79MGR2BPPn67DF8bVJp66I9SK4r"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bebc35b6fa02c36-FRA
expires: Wed, 17 Apr 2024 02:09:26 GMT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 92ms
91ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 32428
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0dUx8so1r3ZwFnRhx%2FuX8sivvdK6t50Om5dER%2FcCP7fzsWU2RCphfMbQ2qygNuIIPG2IwmYoiicFMRb8%2B5dW2fFb%2Fo39uoQ8uprl9KRaXNZE14Os4Cr8GkpshJuUlNDHLRVknS414G20LVT4slIQgURb"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bebc35b6fa22c36-FRA
expires: Wed, 17 Apr 2024 02:09:26 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 214 KB
73 KB 247ms
157ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2e19215751b5a2c8cda5bbcdc0ee7d12628719a0b7b12051b4ba399f6a7f8270

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75018
x-xss-protection: 0
last-modified: Fri, 28 Apr 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 28 Apr 2023 02:09:26 GMT

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 132ms
39ms Script
application/x-javascript 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=34696
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f0b10fcb00f54ff132f2ba46b0b68959a4fabf769d6eaffd73e7c55186ea81f4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4a2698c9b28f0e6053921e4832c8c7d14c8847fa0bea29985d3fbb5b2511ad8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 Logo-Shield_Padded_400x400.png
www.uptycs.com/hubfs/ 5 KB
6 KB 273ms
273ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hubfs/Logo-Shield_Padded_400x400.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

20ef92addd5e9f9495b402e54ff6f74e3b9d87933745b89ad0deaf7736ab68a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-98273713033,P-2617658,FLS-ALL
age: 233526
x-amz-request-id: 16MXBFSPN635S49C
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98273713033,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Logo-Shield_Padded_400x400.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
cf-bgj: imgq:85,h2pri
etag: "9dc86353e444c47b96f3bb4939d2d633"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673542291546
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 f3d57c6f1e03e389abd50b7f7535cee4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Qvfmuxdc6Tx7LaOeuxyeMUJK4hCmPZyX
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=9676
x-cache: RefreshHit from cloudfront
cache-tag: F-98273713033,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4688
x-amz-id-2: 2HXVd8OJwZXivI7KOl54eTFCDUpbVhal5eXZPjLJnPa9FodGEqBmWspHt6AnKOzFVLVJu28m6g8=
last-modified: Thu, 12 Jan 2023 16:51:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QXYRPI6k%2FAFsGzL%2FzPCgFz%2FgSfNRGxiB6%2BNEuHC6R%2FtUE1lZ87Qnwd6kWPr6imCo9OkwgN2rDsP8Z%2Byn%2Fg4iSlBX5eGN6FEpkKPUSTH5EVfjasXewRNFTez%2FGALzZr6C893QyU3CKyekxMuY"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bebc35c8cb235f4-FRA
x-amz-cf-id: 09JbHmjfFwkhX0k1EmobKrKJnif9Ax9c60RCx4J8d7SvzGa86ZE5uw==

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d3b31f99e56699dc64436a0cf3f1677dd783d5e19c203567a487f9cb7182fb12

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 055eea778a9f4bbdbc684268fb81eac45c8f487530620333c4f919f7c24ae2f7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c172b3d24530a82112555d011de195af36ffc64abe8663a090561108068c39f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 Laura%20Kenner%20Headshot.png
www.uptycs.com/hubfs/ 261 KB
262 KB 72ms
72ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hubfs/Laura%20Kenner%20Headshot.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4a4bde6034070447282fb73be8f241da543276b2e48f5aa4e1bc2e3ac795522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-106474309703,P-2617658,FLS-ALL
age: 238060
x-amz-request-id: 16MYZYG2Z91BRF4N
x-amz-server-side-encryption: AES256
edge-cache-tag: F-106474309703,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Laura%20Kenner%20Headshot.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
cf-bgj: imgq:85,h2pri
etag: "269d832078b7c20fc62004a01f5280b4"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678811926006
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 2c29bb35ddacc1dc2616fe65bdf5122e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: AsehcKPmH0tt5hWnCvPyghmNY5BqCg1h
x-amz-cf-pop: FRA56-P4
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=471868
x-cache: RefreshHit from cloudfront
cache-tag: F-106474309703,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 266950
x-amz-id-2: Ky66V2SmA9dyraoiO9WYjU4XGqgwbCm4LRqYEZj2ZD1OUxBjK8A2EWBGGJDO6Xa8BFuLdBO0Hj8=
last-modified: Tue, 14 Mar 2023 16:39:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aSkWQHgjCum4OOqbw7%2BEeMQG4%2FsER6U8b1jKY0JK4r%2BVVWkWiFncQLsefOC3TNfZ%2FRozMzH%2BRwwj4%2B6k%2BcsQfdgP9gA8KM7CMVTdYnVD12FzmLvqTjnbfBlZu8Vioatj0al%2FKsu4LcUt2nYE"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bebc35c8cb635f4-FRA
x-amz-cf-id: FHyEo4Uohok0zODlCZUtbRQ0nGPo63uCbEW69qliV1aqLg4xOhHIjQ==

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c8e00ac7963ebd049252bf97b4ae71f265566258a335f481a77cdb6c9274437

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1012 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89db57949b0fd8f67051cb9abafa2718ba53f1c8a5075d7e3aea34bc7c4c43c4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 Jeremy%20Colvin.jpeg
www.uptycs.com/hubfs/ 41 KB
42 KB 62ms
61ms Image
image/jpeg 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hubfs/Jeremy%20Colvin.jpeg

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

02b49f77333f067dfe414f0f2313f9b47e1633e3ecbbb9126ca2e61373eef9ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-89288986522,P-2617658,FLS-ALL
age: 238060
x-amz-request-id: 16MS01RVZ869RRD9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-89288986522,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
cf-bgj: imgq:85,h2pri
etag: "2c7e541a2a42aec076bf3922104bca57"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666626235888
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: yT6CxT_7LF40df9K.UydyVjwVkTiU8gU
x-amz-cf-pop: FRA56-P4
x-hs-alternate-content-type: text/plain
cf-polished: degrade=85, origSize=64474, status=webp_bigger
x-cache: RefreshHit from cloudfront
cache-tag: F-89288986522,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 42193
x-amz-id-2: GBN4kyCes/llwv3Lng8Wdj0d8Jh/ceE7yFrkzWB3hSQOIJ1exugQQ1CbsHB2AEyXdZ9nkLo2+iE=
last-modified: Mon, 24 Oct 2022 15:43:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W5AMaXY3jKSmf32wlJMIfZg0yRVpSnw9Mpx8kB%2BSVc%2BRw03%2FzVo71k24zEwyhe4%2Bk%2F9xL5FAhPyweOA%2FxOaE2SZ4Did1d5xmMtmFq%2B%2F483bD2SLucSdOMdfP%2F7CLbP8Lx4FDS7diDGAJnshh"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bebc35c9cba35f4-FRA
x-amz-cf-id: cFb-ZqIw-1ojVOzwLmtYR-HFAtqcqLDXQw_ambKG96dsepLzFWE68w==

GET
H3 200 Footer%20Shape.png
www.uptycs.com/hubfs/Uptycs%20Theme%20-%202023/Blog%20Page%20-%202023/Design%20Assets/ 747 KB
749 KB 104ms
103ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hubfs/Uptycs%20Theme%20-%202023/Blog%20Page%20-%202023/Design%20Assets/Footer%20Shape.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bad24e105479fb5068a865e3e3d3a2bcaac9a2ba464f9c4cefd5b5c0eb1bdfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-108181951152,FD-107813354289,P-2617658,FLS-ALL
age: 252294
x-amz-request-id: 4ZSJ2GFZ3ES9J4BF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-108181951152,FD-107813354289,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Footer%20Shape.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
cf-bgj: imgq:85,h2pri
etag: "b3d93a318b1f23fa374b7baaa0d1d01e"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1679914929702
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c221513394b3b02bda5f198eb4ca6d2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ugvFJbwUahWJOTsWq1TQa4WMnyI5_qlN
x-amz-cf-pop: ATL59-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=929677
x-cache: RefreshHit from cloudfront
cache-tag: F-108181951152,FD-107813354289,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 765320
x-amz-id-2: 9DGu0jLLyk6/cf29Cq8QCcqB8rY+2RaYMidexlDl4KhZAYV0Pmp3eAE+BjCPmB1R9V/0zKHERaY=
last-modified: Mon, 27 Mar 2023 11:08:47 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1HkLPwfGlm9K55Vl4BSXNiwgQj7Hsv5tp2s37lFKz%2Fu7Qz9LQ71M%2BWDypNZ8yVG%2BiYqSWBG78DFqVm0g0upGmHhuemHJdCTI46HVZL8TS0ADgbkIvcagRUrftFMtgHBMXs5pC60DCp%2BwXS16"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bebc35c9cbc35f4-FRA
x-amz-cf-id: icBxkCBeEvDp4jCNo_cNL475JyWQjpJ2DU3jXqYsHuk8sfnQ8AkBKw==

GET
H2 200 Dazzed-SemiBold.woff2
2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/ 35 KB
35 KB 259ms
157ms Font
application/font-woff2 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/Dazzed-SemiBold.woff2
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7d73ae35c3412dd12292590b041a66f83a14f7766041b8d523fadf78c8d7daa

Request headers

Referer: https://www.uptycs.com/
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-105405778095,FD-105405778080,P-2617658,FLS-ALL
age: 355626
x-amz-request-id: WYBZ89PNKTG3ZN84
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105405778095,FD-105405778080,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "2d0d0de050f8833c2853af07a440a4ee"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678191122420
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 f23ba2c965ce44072e54ea2301ccf406.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: IEWlA03LFNsvE9C7Xc.pkI3DfKgTQ7bF
x-amz-cf-pop: MXP64-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-105405778095,FD-105405778080,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 35588
x-amz-id-2: dw5/lqIIVkh6oa+eAS1Fpt7BH4Y09TZpliOTOiNJy3Q1+z/VjsYho2tILNuNNRfLwEhK7gWyULo=
last-modified: Tue, 07 Mar 2023 12:12:03 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7bebc35d3c439253-FRA
x-amz-cf-id: gwtbKSWCdjAv_xtZMtW7szuf-GkHtJToh31XF7P5-dW1McsHmLaNOg==

GET
H2 200 Dazzed-Medium.woff2
2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/ 34 KB
34 KB 211ms
109ms Font
application/font-woff2 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/Dazzed-Medium.woff2
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c431b7004f2def447ab4b6b2e63e694f322c65162a22e689f91a69e391241df4

Request headers

Referer: https://www.uptycs.com/
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-105405968195,FD-105405778080,P-2617658,FLS-ALL
age: 352766
x-amz-request-id: VQ9Y7SFXJCK1K36R
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105405968195,FD-105405778080,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "91c0cd4d25d2ea71e8826f69b4497c6c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678191122410
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 645f43b8717568c0a4b2c8f32ab504dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: A6Y2_MG70jGC4aeahpXKuceRQH2hp.YW
x-amz-cf-pop: MXP64-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-105405968195,FD-105405778080,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 34664
x-amz-id-2: ORHwp8uP+EXQ18RNUZrRyVqx2oUs2XKzgaXkUfihs+kINklQGo1ovpPYitR8elWW2RcLA1LTGds=
last-modified: Tue, 07 Mar 2023 12:12:03 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7bebc35d3c449253-FRA
x-amz-cf-id: K9LDcUqBpRzu5ZsSo-Ls1TVkoz_OR8BjEeKq4DcDYD7Cs64duuERXw==

GET
H2 200 Dazzed-Regular.woff2
2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/ 34 KB
35 KB 199ms
97ms Font
application/font-woff2 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/Dazzed-Regular.woff2
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b48a0510a39e949184e762267407b9d7292b4fd69dcbf953b657c1e9cfc4cc61

Request headers

Referer: https://www.uptycs.com/
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-105405778092,FD-105405778080,P-2617658,FLS-ALL
age: 352766
x-amz-request-id: NB2CWESHPEV5VWXQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105405778092,FD-105405778080,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "504d899b185471166fa525f6154e224f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678191122391
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 b61152e740e230075fb9605e656b9520.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: Z950va749GesENoMyecGaQOgk36GpyAD
x-amz-cf-pop: MXP64-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-105405778092,FD-105405778080,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 34732
x-amz-id-2: xfiXFkW3NfsGwIREZ+jo7KYzCxdROzaveLsbGz2fEztdZgDyV1VnFgk5dPRz09cSVrMeNPphykF0i1O7+7AGWFdCiHv6vmlY
last-modified: Tue, 07 Mar 2023 12:12:03 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7bebc35d3c459253-FRA
x-amz-cf-id: w5vMIIA27He663VrZQ9qenTMvoi5K1mRF15ittKWQ7pUCE35eDnhgg==

GET
H2 200 Dazzed-Bold.woff2
2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/ 35 KB
36 KB 1094ms
993ms Font
application/font-woff2 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/Dazzed-Bold.woff2
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1682460993713/Uptycs_Theme_2023/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62e120f9707942e703ef7a54d281e0f4a4027114e88e57f38909e48927029604

Request headers

Referer: https://www.uptycs.com/
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-105405946669,FD-105405778080,P-2617658,FLS-ALL
x-amz-request-id: WXRMJS8QPE27XKXJ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105405946669,FD-105405778080,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "dec9ad669c463ebe04b667dc906e58b0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678191122320
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:27 GMT
via: 1.1 782307cc86daaa076cbdb91c6d06353e.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-version-id: kiiOVn0Uia49V.XtbhyVQvLQlSKfVfD1
x-amz-cf-pop: MXP64-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-105405946669,FD-105405778080,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 35912
x-amz-id-2: 6374cBLH7Nueueqrfs1O2snIHOIuP8D9ZLTYSJuH1urjUn+o6Xprr/Rh7slKhJacE/W12/9HW0M=
last-modified: Tue, 07 Mar 2023 12:12:03 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7bebc35d3c469253-FRA
x-amz-cf-id: HhIwOaV1yDqxK49yUleo8Zc-ePF6LNXgHmiqJRME0jglqXVnwkTNBA==

GET
H3 200 Kubernetes%20Blog%20Hero%20Images-02.jpg
www.uptycs.com/hs-fs/hubfs/ 306 KB
307 KB 98ms
97ms Image
image/jpeg 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Kubernetes%20Blog%20Hero%20Images-02.jpg?width=1517&height=792&name=Kubernetes%20Blog%20Hero%20Images-02.jpg

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5519c98304c2b1ab66d70401cc8fe260fc0b5e68afb4e820eed04ce299a2d3ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 fa87f2173bfe5d35fd73cec71ab12a32.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-112438664121,P-2617658,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 313229
cf-resized: internal=ok/m q=0 n=838+0 c=6+0 v=2023.4.1 l=313229
last-modified: Sun, 23 Apr 2023 02:52:20 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cf0DOGtipTOlmwjZIy0fmtGCvdKUId6P0Z2LTvaVtKDQ:abf8b8f6f2a09873039fe9cc7e271060"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f4zmxll8sUFTmHrRwAzdr2ARcP%2B1kOWK08CC7soGfUATb4CI21dvGFecN2iLj0aM0FA45bo7esYamVBmrF0pYR%2BLiVoB8w5v1wcBHktesL456%2BcsQidEA6ShZVMkZOYQM5eGUGzUQ9Babj5G"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bebc35ced0035f4-FRA

GET
H3 200 shift-uppng.png
www.uptycs.com/hs-fs/hubfs/ 36 KB
36 KB 412ms
411ms Image
image/png 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/shift-uppng.png?width=960&height=540&name=shift-uppng.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

49bcf828bccbf7b6bcb6f4d87a97901dc743cce92707bb64ad536227ebc77135

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-112027988237,P-2617658,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36452
cf-resized: internal=ok/m q=0 n=858+0 c=2+42 v=2023.4.1 l=36452
last-modified: Thu, 20 Apr 2023 16:17:48 GMT
cf-bgj: imgq:97,h2pri
server: cloudflare
etag: "cfGPSyX6uq41ZdMASTpTsAG6zrZWTPEG92uyqu-1kkDQ:60a9c3202a88a5f1a405b110e0a44c81"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d8vlHC7xLQiTwR%2BWCbkFJWWZsCl%2B6jfbqvudoTJZ9xPr7knm%2F3bgCxIkApb17skK1ydDjfjjTUs9K4Hd0Dm%2B7hcqVB%2Fiv7XqmVTuCjxuxqVulODvqeluqbGntr4XluCZlFfREnBFjBhJMGFt"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bebc35ced0335f4-FRA

GET
H3 200 container.png
www.uptycs.com/hs-fs/hubfs/ 17 KB
18 KB 427ms
426ms Image
image/png 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/container.png?width=238&height=127&name=container.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

31ecf49765b9a0667e7736a30dadfcd7d886eea4eb33a7eec3b623d3bfbcb4a3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-106405660523,P-2617658,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17284
cf-resized: internal=ok/m q=0 n=834+0 c=1+21 v=2023.4.1 l=17284
last-modified: Tue, 14 Mar 2023 06:15:56 GMT
cf-bgj: imgq:82,h2pri
server: cloudflare
etag: "cfzyt4pgPDSVUFR9CWdWVkmupZykDJ7RJ_hg7r28tDDQ:2f810cf7ab7a4b4b5afaf6a1b96b3046"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eV9Uv1gzwtD0aacHFfEb2tIPIV%2BAo9%2FGSMt7CwzweJBQO4RlsMBWr9DS92Fv5GB3%2BO2ZB4BbgdJsG9uTydu9iauXmDjdTzjxPJpwsPOt74zGryUXnhOpk2TT4t6K4%2FMz1O%2BCQjrnNAqvIF14"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bebc35ced0435f4-FRA

GET
H3 200 press-release-test_v2.png
www.uptycs.com/hs-fs/hubfs/ 8 KB
9 KB 434ms
433ms Image
image/png 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/press-release-test_v2.png?width=1200&height=676&name=press-release-test_v2.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

27ec162e5b6e59e8b6b56b3b4520c46502af9f4db0e5339ac7d37955414dba25

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-112315880211,P-2617658,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8571
cf-resized: internal=ok/h q=0 n=21+0 c=2+54 v=2023.4.1 l=8571
last-modified: Fri, 21 Apr 2023 19:35:13 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf8v_RHaHdWob5dk_1WBh-_H5Rf8LlsKQqS_An4NtzDQ:feaf9f79c04580ffdc21b5147a7ed37e"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hSsrIaW7JPDUZz7ZSyipTxH6U1%2BkFZaoRGllHM3x3jDDTfEMqq5cDlpf9KBGFU6ttQj%2BAvBgOEd7rsSMNkWa1QPjZf0gjXsxprySoY5QebVlYLC%2BtSah9Xtf68HstRbP8BmdhpezMoTd1h2L"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bebc35ced0535f4-FRA

GET
H3 200 Fig%201.png
www.uptycs.com/hs-fs/hubfs/ 80 KB
81 KB 449ms
448ms Image
image/png 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Fig%201.png?width=1074&height=1397&name=Fig%201.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e35bd3a7cf61fd519a25a25964dcbf61d0f5d2f72b6ff7b2c74f12c5d90a58a6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-112776923738,P-2617658,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 82189
cf-resized: internal=ok/m q=0 n=849+0 c=6+100 v=2023.4.1 l=82189
last-modified: Tue, 25 Apr 2023 20:36:43 GMT
cf-bgj: imgq:96,h2pri
server: cloudflare
etag: "cft7FBNZboN4GsBWwvrWaALNHLungLIBVJFvak-FWCDQ:32651620db7ca5627ccfdc761fb9f5bf"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2gp2cgxpQXtUMMOJ%2BcFh5OjElUQKHq%2FNQJ3emG0eTf344KT99fi6vqJm8SlGgRej4D29Nk9ghcu9By2oU6ObCE9M5RtleTMohaJ9NVeAwz85%2FvbVjHxcqyYCBBEpik11lnQqbsC2VMzHvnOJ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bebc35ced0635f4-FRA

GET
H3 200 Fig.%202.png
www.uptycs.com/hs-fs/hubfs/ 12 KB
12 KB 450ms
449ms Image
image/png 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Fig.%202.png?width=512&height=238&name=Fig.%202.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

194e315e87d57f06cc018fb80ad5a7c414019323dc2093f47c54f33808e4c801

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-112777198359,P-2617658,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 11924
cf-resized: internal=ok/m q=0 n=825+0 c=0+23 v=2023.4.1 l=11924
last-modified: Tue, 25 Apr 2023 20:38:52 GMT
cf-bgj: imgq:95,h2pri
server: cloudflare
etag: "cfaD_wQioJrwfJxaoqQze-_MhRYiiBukOiGMRsI34JDQ:91ca884a2fe6cb8f7426798e99efdc5d"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYyIp28PGnsCA3VL5DQpmKwRGU8kO3DPWjqBKcwsyAhYjIoQqiIPbyPLZkNKWmzizNotwAKIs2N9VWaxt0vZO1wTS4h8HdONys8MJtfutE9qo45UNviOT2cBWu73dAke%2FAB%2BG7EGQPACRhaN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bebc35ced0735f4-FRA

GET
H3 200 Fig%203.png
www.uptycs.com/hs-fs/hubfs/ 17 KB
18 KB 451ms
450ms Image
image/png 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Fig%203.png?width=512&height=309&name=Fig%203.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecefe3f3de7584e4f4e4b1b8dddfbbf9cd89bf37fe94692751ea8a79e028f5e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:26 GMT
via: 1.1 0d78cc90106520d13c1b5c5b16dd8246.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-112775484418,P-2617658,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17437
cf-resized: internal=ok/m q=0 n=845+0 c=0+19 v=2023.4.1 l=17437
last-modified: Tue, 25 Apr 2023 20:40:39 GMT
cf-bgj: imgq:99,h2pri
server: cloudflare
etag: "cfUzNqKgmwB_MMlixtCe_TyjKGnBJk4kMBxFaCsw1gDQ:3eca360e84b2746c23dd5e2c2b71d64b"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qo3XV3lOxwN1PsHOVJOX8pXFSPGaoY4uI4cR2QZbIchJNFw4SSLlvHFrWK2vr86iMhjVp6s4Dw1KkhO1tB94B%2BDWPNiXC2ThPZ5iMmHHgh3qEWQu52eqmendbvIPu4EkwDhTgabY1ZrTBLb%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bebc35ced0835f4-FRA

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 134ms
46ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FM1R8N7KP8&gtm=45je34q0&_p=762073071&gcs=G100&gdid=dZTQ1Zm&cid=428239388.1682647767&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682647767&sct=1&seg=0&dl=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&dt=RTM%20Locker%20Ransomware%20as%20a%20Service%20(RaaS)%20Now%20on%20Linux%20-%20Uptycs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FM1R8N7KP8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Apr 2023 02:09:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.uptycs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
455 B 160ms
48ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=G100&rnd=1698233507.1682647767&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&gtm=45He34q0n81P663XDQ

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Apr 2023 02:09:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 33 KB
11 KB 221ms
39ms Script
application/javascript 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

12ce92cc3c4eb9d74f48e9a10eb919bdf30bbdc5ccf9843c6543fec302dec54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Apr 2023 02:09:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 04 Apr 2023 21:13:35 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "642c92ff-8319"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 10492
expires: Fri, 28 Apr 2023 02:09:27 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 152ms
42ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230111-FRA

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 149ms
40ms Script
application/x-javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=19159
accept-ranges: bytes
content-length: 4777

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 151ms
42ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Mon, 23 Jan 2023 21:56:14 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "03d5db9dfd00a5719bb4c9261e6fa1bb"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7356

GET
H2 200 hotjar-3384743.js Show response
static.hotjar.com/c/ 9 KB
4 KB 194ms
57ms Script
application/javascript 65.9.95.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3384743.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-121.prg50.r.cloudfront.net

Software

Resource Hash

46f7868bd7716ddbffeacd63584d6f7db3764424ee71b4d9d6fb2cbaf3919148

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:02 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 aa90ed38e679f04bd48e055cce602e20.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 25
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/055151399ad926aad39a0e740fdeba1e
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
x-amz-cf-id: vWeEmW-gxzebZT3ihWaB4ShBwlzarFso0MhTKV_OeH_bqEdj0AxS5g==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 108 KB
28 KB 148ms
41ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1288df0a77810a31168d5f3cca4d5e22aad4886b3930ee08595b4c589c490ea9

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 28 Apr 2023 02:09:27 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27911
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: sqQ5npGbi0OQOYiBfDDEMdHA/dWZEMd8mwbWr42fYj117RnNgOkGHwuKHi9Ehjke5P9v5ldbopuQLfqeuZpqyA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 6127ecc2d037650015c31617 Show response
ws.zoominfo.com/pixel/ 0
662 B 285ms
179ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/6127ecc2d037650015c31617

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7bebc362eec93606-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok
content-length: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 stat.js Show response
www.clickcease.com/monitor/ 171 KB
54 KB 173ms
48ms Script
application/javascript 2600:9000:2127:2800:15:a0d3:77c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickcease.com/monitor/stat.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:2800:15:a0d3:77c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4f9687af855e3702920c9feedcf07596807bf43bcd8de0b543ffee66f98e1a22

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: 6Er2d0GJvgnFniPQXIH7h8kzG7dJBNJf
content-encoding: gzip
via: 1.1 aa90ed38e679f04bd48e055cce602e20.cloudfront.net (CloudFront)
date: Fri, 28 Apr 2023 02:09:22 GMT
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests;
x-amz-cf-pop: PRG50-C1
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 22 Nov 2022 11:31:37 GMT
server: AmazonS3
etag: W/"1c27f449b067550681f23ad3e53988fa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: microphone 'none'; camera 'none';
x-amz-cf-id: qfWx4v-GgbjRivfI4xrR2uRLA2xATjhSu3oOFn1d7m8nZlFYALaX2Q==

GET
H3 200 json Show response
www.uptycs.com/_hcms/forms/embed/v3/form/2617658/0492e7b1-c029-4110-8042-598f482d9802/ 8 KB
4 KB 186ms
185ms XHR
application/json 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/_hcms/forms/embed/v3/form/2617658/0492e7b1-c029-4110-8042-598f482d9802/json?hs_static_app=forms-embed&hs_static_app_version=1.3102&X-HubSpot-Static-App-Info=forms-embed-1.3102

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

92b7129669be0cdf62e38b7e48fbec74a28d877d6a3b4abf99928dfb1dfbba97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Fri, 28 Apr 2023 02:09:27 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 14aa42f3-c8a1-412b-972e-2c748f81174a
x-envoy-upstream-service-time: 19
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5866b03f-de29-48f9-a022-42729873974b
server: cloudflare
x-trace: 2B1B93C0AABF8E855CA58B7175C718CFE71FF6FB3F000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-bmnkz
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=05kiIdwMSZDqXqWW5WtlRZV1%2BApbKh71H6jdKc6wxqr1G5A2hTj8GcjCNx1zf0U4gQwLwMA0OHU6roz9L%2Bp%2Bd7gqDVRKHLYM4Df4OXtyYWsx8wZiqp9Lb7eW6iJKuzrUkqH4gjm1ePeRx3xz"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bebc362491435f4-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 2617658.js Show response
js.hs-banner.com/ 63 KB
16 KB 131ms
47ms Script
text/javascript 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/2617658.js
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs/scriptloader/2617658.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2b349073b8421ec84bfd334c01132010daabccff2f8975a9d242720a37a7da3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
x-amz-version-id: TuWmOSXJ.1_mSeervlSUXgVEF7VD5cJt
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 1HEAPPJSMX72FFFA
age: 26
x-amz-server-side-encryption: AES256
x-amz-id-2: FZONNM3VMduvJTeIRuL9LUZYaQ1OJzM3MlT/j/lv17Q1fh1ZWkrkbSZq7IM93YjVnZtpAtovqDRtaktBT6DZ8Q==
last-modified: Mon, 17 Apr 2023 15:07:23 GMT
server: cloudflare
etag: W/"bb0865a36c00349fa7c66c579d630ef2"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.uptycs.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7bebc3638e679956-FRA
expires: Fri, 28 Apr 2023 02:14:01 GMT

GET
H2 200 2617658.js Show response
js.hs-analytics.net/analytics/1682647500000/ 65 KB
21 KB 308ms
221ms Script
text/javascript 2606:4700::6810:8ace
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1682647500000/2617658.js
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs/scriptloader/2617658.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8ace , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d7a3c75b0d9fbf3135c116822323108eb378d0b0a72364849e762510a597d59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: QZ3YMZZQXYA1D56X
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-envoy-upstream-service-time: 66
x-amz-id-2: 70ZegJEXlEn8B8o1tT3wM2J+Wu+knEkk+ehmwtHb71RMfoGwbJ1nRhmFo4VZpnHH63b/IPNb5UFdFPZWM7zQjbRIdfKlGoxD
x-evy-trace-listener: listener_https
x-request-id: 392de2fa-c8d9-4355-b616-0d34291177f3
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 18 Apr 2023 13:57:24 GMT
server: cloudflare
etag: W/"c052047be8a1d06610dfc2baf0c396b7"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-76cd9
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7bebc363bbbd18cf-FRA
expires: Fri, 28 Apr 2023 02:14:27 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 247ms
153ms Script
application/javascript 2606:4700::6811:69c7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs/scriptloader/2617658.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:69c7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 798d10a2358bf2bb2383db429dbd3872c61623eae564f5ec4b35cebe16e8d3ee

Request headers

Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
x-amz-version-id: aBw9KhRIvCv.ZxIPDLAZZBBgMDNKkxQd
via: 1.1 20579d8c7e6a7d159f211e9ee1d4003c.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
content-encoding: br
x-amz-cf-pop: IAD89-C3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.362/bundles/project.js&cfRay=7bebc363ccda360b-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0bbcc131-178e-4fc4-88be-f237ac877632
last-modified: Thu, 27 Apr 2023 09:01:08 UTC
server: cloudflare
etag: W/"bace8c71ddeb09e8dcafa17e11c33f6c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-rgtl5
cf-ray: 7bebc363ccda360b-FRA
x-amz-cf-id: _BM6ioe5pNd2i-qyArg6U_YeGlLuxZowjsv8Zx1Gb3DMzdBYxjNwFA==
x-hs-target-asset: collected-forms-embed-js/static-1.362/bundles/project.js

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 75 KB
22 KB 133ms
47ms Script
application/javascript 2606:4700::6811:65ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs/scriptloader/2617658.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:65ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d797893d6d2afaeea7fea8656fa1659af49ab38f497780839ca072f0e0cb5169

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
x-amz-version-id: p3mPERgKKJYHgEJDa7bI1VIVF0Op243b
via: 1.1 4db130e87be66fce9731567ae0669c56.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD89-C3
age: 369
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.12992/bundles/project.js&cfRay=7bebba5dcaea3a44-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 20
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2d2f2192-c745-47de-a0a5-14bf39ac11a3
last-modified: Tue, 25 Apr 2023 03:57:42 UTC
server: cloudflare
etag: W/"e93fe34aa376433a33e9f4ddf43842a1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: MISS
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-4lk5b
cf-ray: 7bebc363bb783a9d-FRA
x-amz-cf-id: rZDwkCrD7lF-MT0K4FSkBpWCtoFRMx1oUib-rfTfg4D10HBYMEa1sA==
x-hs-target-asset: conversations-embed/static-1.12992/bundles/project.js

GET
H2 200 modules.js Show response
my.hellobar.com/ 254 KB
73 KB 59ms
57ms Script
text/javascript 2606:4700:10::6816:e17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.hellobar.com/modules.js
Requested by: Host: my.hellobar.com
URL: https://my.hellobar.com/c42c9a8680c89010c1c5214aa9b2bbbca8b38118.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:e17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7181f66fd7038a68b26cbb290d8af50cbcce22e24737373fe69bb8f925a5fd9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: DDVT11ZF4HG2BCXB
age: 4844
cf-polished: origSize=260636
x-amz-server-side-encryption: AES256
x-amz-id-2: K9lL0+rtDQwPzUzfA/VVygE2tw9wcP8i1mWX/iDR4Nfy3KfSYHR9HXpIJqk6f04qpUyLXqvfYYY=
cf-bgj: minify
last-modified: Tue, 21 Mar 2023 14:22:08 GMT
server: cloudflare
etag: W/"15367a2c7f16f7a1e7b3409dd910b082"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 7bebc3625aaf3827-FRA

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
997 B 288ms
202ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=2617658&callback=jsonpHandler

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5d012b05-a785-4f70-8d95-1bc9b36446c5
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=7bebc363bb229b9b&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 2ddec3cd-bd7c-4a36-abae-d2ff99ac9cb2
server: cloudflare
x-trace: 2B480EBE33C24B5586A98FB20B36314E8024BEE241000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-9sjmd
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 7bebc363bb229b9b-FRA

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5abce1b92ae0c302/ 2 KB
769 B 78ms
75ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5abce1b92ae0c302/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8ae5f96b06a7ec9fcd7b1a35e1f2b495037643c08fca0727923be37dea04c4a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:27 GMT
content-encoding: gzip
etag: -143959452--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=31, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 593

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 90 B
250 B 199ms
198ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=644b2ad61d3f7676&bkl=0&bl=1&pdt=634&sid=644b2ad61d3f7676&pub=ra-5abce1b92ae0c302&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.uptycs.com&fp=blog%2Frtm-locker-ransomware-as-a-service-raas-linux&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1682647767411&jsl=1&uvs=644b2ad63e6a235d000&skipb=1&callback=addthis.cbs.jsonp__085231145221456030
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2862c8cec8e337cc6892b9e10260275bf5188fa82230628c770872e55815f2ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Apr 2023 02:09:27 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 90
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 0F86 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame D747 71 KB
26 KB 42ms
42ms Document
text/html 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Fri, 28 Apr 2023 02:09:27 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1007 B 242ms
156ms Image
image/gif 2606:4700::6811:d6f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 28 Apr 2023 02:09:27 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: 4d3e63c4-e450-4f4f-8741-293da239f31a
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 6
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fddb44b2-d583-4d07-80c4-d251f32f695e
Server: cloudflare
X-Trace: 2BA1B6BB9A2DC7A29AC95FC1645403218930DFF9E7000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-w7shg
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7bebc3650c203602-FRA

GET
H2 200 Submit_arrow.svg
2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Home%20Page%20Images/ 270 B
1 KB 154ms
71ms Image
image/svg+xml 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Home%20Page%20Images/Submit_arrow.svg
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237096759/1682488402554/Uptycs_Theme_2023/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7775c3a94d76e47ed6bda5a404bf940ef8f710223ecdd4bfb7f48edb58925430

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-105763674949,FD-105371464374,P-2617658,FLS-ALL
age: 26679
x-amz-request-id: GHNTYAGH532GEHVP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105763674949,FD-105371464374,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"d86c78f19be3b56354776168464f274a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678357972000
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Fri, 28 Apr 2023 02:09:27 GMT
via: 1.1 2b6f385212d54f32d2c4991db852b20e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: jMw4TxEmyrDKjLRp3HsQf.dOAbMI9oJK
x-amz-cf-pop: BRU50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-105763674949,FD-105371464374,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-id-2: TKQvu43s6CADC7pvrrIZyuFxdbTE0yUiurEU6Jog23tSowQtWclL2TpNTon6OKByZTIL2eUt/Rw=
last-modified: Thu, 09 Mar 2023 10:32:53 GMT
server: cloudflare
cf-ray: 7bebc3655b0403a6-FRA
x-amz-cf-id: BHagNigRH3ncvjufufIEcdTuLlbuecO9Nb5l8922Uv7_2duvyrJE1g==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/1252922/domain/uptycs.com/ 36 B
375 B 194ms
58ms XHR
application/json 2600:9000:2127:9e00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/1252922/domain/uptycs.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:9e00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:03 GMT
content-encoding: gzip
via: 1.1 b031f43146c9801101822eabdc464390.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 24
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: 4yTPQ4MZ0qrLJf6pOqpuwW9kELuxeLFYpbDl0wdgpzZkg6kbPdQEDQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1682647767808&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1252922%26time%3D1682647767808%26url%3Dhttps%253A%252F%252Fwww.uptycs.com%252Fblo...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1682647767808&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1682647767808&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&liSync=true&e_ipv6=AQKssV5j1-x...

0
265 B

287ms
183ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1682647767808&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&liSync=true&e_ipv6=AQKssV5j1-xNmgAAAYfFn2NnGZP_HZ-omrlEUjtHNXBVPuEFQQ7KmAOru-lLoDFvP1HutSY
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:29 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 9DAB4556C90048DFB98EE1AFA1B7A9D1 Ref B: FRAEDGE1813 Ref C: 2023-04-28T02:09:30Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6W/ahb3YfIUSxJWAeBA==

Redirect headers

date: Fri, 28 Apr 2023 02:09:29 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 16171BCABF574F7EB4B7D189CEC4650E Ref B: DUS30EDGE0718 Ref C: 2023-04-28T02:09:29Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1682647767808&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&liSync=true&e_ipv6=AQKssV5j1-xNmgAAAYfFn2NnGZP_HZ-omrlEUjtHNXBVPuEFQQ7KmAOru-lLoDFvP1HutSY
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6W/acMrgw3ArpfrCOWw==

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
157 B 231ms
137ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1682647767810&id=t2_99fn83o5&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=36f51a16-6aa7-4cc8-afef-518769adffe1&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_65e23bc4
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:28 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 707843366776374 Show response
connect.facebook.net/signals/config/ 376 KB
108 KB 103ms
102ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/707843366776374?v=2.9.103&r=canary

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

66a4c67f29859c7e0f4d93920c9f638c80f3e2e4a6350968f06b03229576162e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 28 Apr 2023 02:09:27 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: XWtwMWo0bIJxXENqXS+nJDK8d6fR9ODVs+nrX59gWzKZZJH1ilyX1GAVEXGCA8S74ZHw/wOBDmbDj5wm3iGOnQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
378 B 235ms
143ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=d5149045-a0fd-49fd-90d5-338dad883321&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=dbb63b0d-798d-4b5b-93b9-15b83f3bcfc2&tw_document_href=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzmp6&type=javascript&version=2.3.29

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-response-time: 103
date: Fri, 28 Apr 2023 02:09:27 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: e92491dcdcd8ebe4
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: e94d106c5a6c3af1c9bdb5457af8871c5dd04d56a96f8e30e6849fdf0dcca866
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
394 B 260ms
146ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=d5149045-a0fd-49fd-90d5-338dad883321&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=dbb63b0d-798d-4b5b-93b9-15b83f3bcfc2&tw_document_href=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzmp6&type=javascript&version=2.3.29

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-response-time: 102
date: Fri, 28 Apr 2023 02:09:27 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: f80c6c6942c9db76
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: e86e248092ca5181b99dc6aacc7b89b25154a0edff8a387127335b7f7c04fa45
content-length: 43

GET
H2 200 modules.58186d35f175af355542.js Show response
script.hotjar.com/ 264 KB
68 KB 143ms
47ms Script
application/javascript 52.222.236.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.58186d35f175af355542.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3384743.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.63 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-63.fra56.r.cloudfront.net

Software

Resource Hash

e5abfd65c55dc5e6f697b2825ff51a5d645e7b23a6d959c324143b71f36055df

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 09:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 a823be133adad65df6d3bf471a742792.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 60500
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 69210
last-modified: Thu, 27 Apr 2023 09:20:33 GMT
etag: "c12209e29a66e3097786324f83a79f90"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: HGQow0DO9GTG48uPvvE9MGHQq0LylUZkD2UFMU-PB48Xl-w8rNjkoQ==

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1007 B 492ms
407ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 28 Apr 2023 02:09:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: 9fe560f1-178e-467f-b97f-22d3416cca54
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 5
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 46061682-31dc-444f-b944-1ebb66a24151
Server: cloudflare
X-Trace: 2B5E70069C080F83C46C945C451C381249C9ACE615000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-sdwfp
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7bebc366fb482bba-FRA

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 43ms
43ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Fri, 28 Apr 2023 02:09:28 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77617

GET
H2 200 cf-location Show response
js.hs-banner.com/cookie-banner-public/v1/ 2 B
150 B 134ms
50ms XHR
text/plain 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/2617658.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: https://www.uptycs.com
date: Fri, 28 Apr 2023 02:09:28 GMT
server: cloudflare
cf-ray: 7bebc366faa9bbfd-FRA
content-length: 2
vary: Origin, Accept-Encoding
content-type: text/plain;charset=UTF-8

GET
H2 200 / Show response
c.6sc.co/ 7 B
202 B 60ms
48ms XHR
text/html 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-162-208.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:28 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.uptycs.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
309 B 314ms
40ms XHR
text/html 2a02:26f0:3500:14::1724:a244
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:14::1724:a244 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: c0ad39faea959c6452ccf07bbf3c65bf7f5e1afa8df00d05cfbb1087a8aee9ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Apr 2023 02:09:28 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.uptycs.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:92::6
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467402_388276228_270515341_18_738_38_0";dur=1
content-length: 19
expires: Fri, 28 Apr 2023 02:09:28 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 254ms
242ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=7f8bd8662c3cd8304b53ece67c07c07c&svisitor=null&visitor=945d2e3a-f0b6-4e0d-877f-d0d0273a8352&session=bfab1148-5af3-4616-8d4f-c5f7800da453&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2028%20Apr%202023%2002%3A09%3A28%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2028%20Apr%202023%2002%3A09%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%227f8bd8662c3cd8304b53ece67c07c07c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2028%20Apr%202023%2002%3A09%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2028%20Apr%202023%2002%3A09%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Uptycs%20threat%20research%20team%20discovered%20a%20new%20ransomware%20Linux%20binary%20attributed%20to%20the%20RTM%20group%20Locker%2C%20a%20known%20Ransomware-as-a-Service%20(RaaS)%20provider.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22RTM%20Locker%20Ransomware%20as%20a%20Service%20(RaaS)%20Now%20on%20Linux%20-%20Uptycs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&pageViewId=676e5e78-1e71-499a-819d-90fd37a7eabc

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:28 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 widget Show response
www.uptycs.com/_hcms/livechat/ 307 B
1 KB 179ms
179ms XHR
application/json 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/_hcms/livechat/widget?portalId=2617658&conversations-embed=static-1.12992&mobile=false&messagesUtk=e2fcb6b476a24d89ad573913182d03f0&traceId=e2fcb6b476a24d89ad573913182d03f0

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a0cc1e6f9bcfd44f2d599aef3771cd9bb02ad27521f95cb9f0c94304d3b369d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:28 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 570d4888-7af2-4ccb-999a-044ba70f151e
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-trace: 2B24FECA3F673DD07A3B8423E252A913A3C73E71D7000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p4Pnjl7BKItEmVxHfGvWR6nZzX9jBVKFknqI2cqj8Lpi%2B%2FglKFCQINpGO148%2F598ZG3ra8W1uKK5EnfMWYPtJypakFoYXIA1R2El4uZ5qbVjbfL8%2FQiYpQe1oDI2B23pfYwOspoKu0IQvJcu"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 7bebc3669c3d35f4-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 413ms
413ms Preflight
application/octet-stream 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.uptycs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.uptycs.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 7bebc371bb2fbbfd-FRA
content-length: 0
content-type: application/octet-stream
date: Fri, 28 Apr 2023 02:09:30 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-76cd9
x-evy-trace-virtual-host: all
x-request-id: a13bba37-393f-4813-b343-f5ad54908d79

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
167 B 156ms
156ms XHR
text/plain 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/2617658.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 28 Apr 2023 02:09:30 GMT
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 08f03d0d-e907-43a5-95d7-3226b61c9375
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 20
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ec0c4e71-17f2-499c-8037-651a978355d0
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.uptycs.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-c2gr8
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7bebc3744d3fbbfd-FRA

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
473 B 154ms
145ms XHR
application/json 2606:4700::6811:69c7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=2617658&utk=
Requested by: Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:69c7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6067dcd5dce2a3474610f14be162b671b90e8d916358d4cf324a526fb5e9ac6

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:29 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 44916355-4419-4380-b323-805dab3d9d0a
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5d183515-1b03-4cbf-beaa-27f6b59f7f28
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.uptycs.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-cvdrq
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 7bebc371cd39360b-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 247ms
247ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=7f8bd8662c3cd8304b53ece67c07c07c&svisitor=null&visitor=945d2e3a-f0b6-4e0d-877f-d0d0273a8352&session=bfab1148-5af3-4616-8d4f-c5f7800da453&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A6%22%7D&isIframe=false&m=%7B%22description%22%3A%22Uptycs%20threat%20research%20team%20discovered%20a%20new%20ransomware%20Linux%20binary%20attributed%20to%20the%20RTM%20group%20Locker%2C%20a%20known%20Ransomware-as-a-Service%20(RaaS)%20provider.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22RTM%20Locker%20Ransomware%20as%20a%20Service%20(RaaS)%20Now%20on%20Linux%20-%20Uptycs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&pageViewId=676e5e78-1e71-499a-819d-90fd37a7eabc

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 235ms
235ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/3384743/ 148 B
322 B 183ms
61ms XHR
application/json 18.202.10.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/3384743/visit-data?sv=7
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.58186d35f175af355542.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.10.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-10-197.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 9d1faf9bd9dfb8aa89f59852a79665717d0d5e551b39ceebca1d209dc4b117ff

Request headers

Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Fri, 28 Apr 2023 02:09:30 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H3 200 374032967231178 Show response
connect.facebook.net/signals/config/ 376 KB
107 KB 105ms
104ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/374032967231178?v=2.9.103&r=canary

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3ca8a668b6180d4806ea6913180bf07b20671e6ba5575bb9e7c4261563c790d7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 28 Apr 2023 02:09:30 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: MdvN0F1pJ2ifuX86yRy/q7MIVDjZrpDz+D9Amt55K8+havTLL5SwMRqbvffDKIPd5Lq/ijxcwgatjxpw3oHZGg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 140ms
40ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=707843366776374&ev=PageView&dl=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&rl=&if=false&ts=1682647770016&sw=1600&sh=1200&v=2.9.103&r=canary&a=tmgoogletagmanager&ec=0&o=30&ttf=4645.399997711182&tts=2445.099998474121&ttse=4643.799999237061&cs_est=true&fbp=fb.1.1682647770016.1797657691&it=1682647767819&coo=false&rqm=GET

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 28 Apr 2023 02:09:30 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
646 B 211ms
165ms Image
image/gif 2606:4700::6811:d6f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: c5b7d979-9da6-4394-8b29-a5a46fb8e989
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9879f667-d83b-4c19-b226-c5b1ecd7f28e
server: cloudflare
x-trace: 2BAAB2E99D55409637D6053F935905C4822FDC66A9000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-9sl45
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 7bebc3737d67699f-FRA

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 330ms
117ms XHR
application/json 52.19.23.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.58186d35f175af355542.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.23.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-23-51.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 99207dab24e7f9a6b0ca50cf441a93db306a66666630a4e634f0943b0aaee995

Request headers

Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 28 Apr 2023 02:09:32 GMT
content-length: 56
vary: Origin
content-type: application/json

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 235ms
235ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:32 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 148788590035143 Show response
connect.facebook.net/signals/config/ 375 KB
107 KB 107ms
107ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/148788590035143?v=2.9.103&r=canary

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a99cee11f6203ecf7a2167a8ac316d0eb8e24f88cf03fb8dc98fca02d4e4b5a4

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 28 Apr 2023 02:09:32 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 4QfQCxidgitcvXa1gouR7i4S3nCKQWxhW3QZnHK/t6X2dOR4TAuOYZiqe8+Ia3KrTeno2zI/FafVtVuBOQT5JA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 41ms
41ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=374032967231178&ev=PageView&dl=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&rl=&if=false&ts=1682647771946&sw=1600&sh=1200&v=2.9.103&r=canary&a=tmgoogletagmanager&ec=0&o=30&ttf=6576.700000762939&tts=2445.099998474121&ttse=4648.299999237061&cs_est=true&fbp=fb.1.1682647770016.1797657691&it=1682647767819&coo=false&rqm=GET

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 28 Apr 2023 02:09:31 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 40ms
40ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=148788590035143&ev=PageView&dl=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&rl=&if=false&ts=1682647772079&sw=1600&sh=1200&v=2.9.103&r=canary&a=tmgoogletagmanager&ec=0&o=30&ttf=6709.299999237061&tts=2445.099998474121&ttse=6577.899997711182&cs_est=true&fbp=fb.1.1682647770016.1797657691&it=1682647767819&coo=false&rqm=GET

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 28 Apr 2023 02:09:32 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
608 B 157ms
157ms Image
image/gif 2606:4700::6811:d6f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 39d43136-0274-4bb4-a59b-a2749e13753d
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 56667bd1-cd7b-429c-9177-35e0a77969a8
server: cloudflare
x-trace: 2B7EA9955AE9C37167C9EA2D379C17720DC556656E000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-65t7k
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 7bebc37fbc54699f-FRA

POST
H3 200 / Show response
www.facebook.com/tr/ Frame DAE6 0
15 B 40ms
40ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.uptycs.com
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.uptycs.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Fri, 28 Apr 2023 02:09:32 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
613 B 158ms
157ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=2617658&pi=112774722884&ct=blog-post&ccu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&cpi=112774722884&cgi=5593128451&lpi=112774722884&lvi=112774722884&lvc=en&pu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&t=RTM+Locker+Ransomware+as+a+Service+(RaaS)+Now+on+Linux+-+Uptycs&cts=1682647772273&vi=b4537742cb1a4d08c2dd01f7d8c097b3&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 24edae4f-516a-46bd-a091-632b5f95924c
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0b2b98a2-432b-49cb-a434-9012c1729f42
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wlHGMn%2Bm259qR8UGKJA9wRZdkLO5%2Bw7nukedl%2F%2Bdu8WS19rxZPEVFvGnIHPzELlXQ26uQw6y1aUiN%2BvEvvUsJgsQDZPnRVNTML%2Bq60oX3vcDrmdcKwB5c9J%2Fa%2FHQP%2Bz%2BF25h6BI3lVdFBL0lW%2Bo"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-ws54l
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bebc380dee99b9b-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
439 B 156ms
155ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=0492e7b1-c029-4110-8042-598f482d9802&fci=679306c6-d4bd-4e68-b6fe-f4f203a6bdd2&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=2617658&pi=112774722884&ct=blog-post&ccu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&cpi=112774722884&cgi=5593128451&lpi=112774722884&lvi=112774722884&lvc=en&pu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&t=RTM+Locker+Ransomware+as+a+Service+(RaaS)+Now+on+Linux+-+Uptycs&cts=1682647772274&vi=b4537742cb1a4d08c2dd01f7d8c097b3&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2feae00e-2b1d-4ccf-9707-1199dfbb6c84
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 375f8ef1-dee7-4e18-8032-f68e1f10ab13
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4u5%2Fz2RjMzpIUtjFjPA%2BaLx9m%2B19YXbsHWzIpuYMoWV7omsClMNnW6qmqH17bNoznWoKt3ZDli8vrjHkGvL%2FBRFj9CDYeWGvwk%2B1rGia8avVifqxfXlJY48tA2QFNMuptDr64lNsj9So0nvt5XE5"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-4xxgt
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bebc380def29b9b-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
434 B 153ms
152ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=0492e7b1-c029-4110-8042-598f482d9802&fci=679306c6-d4bd-4e68-b6fe-f4f203a6bdd2&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=2617658&pi=112774722884&ct=blog-post&ccu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&cpi=112774722884&cgi=5593128451&lpi=112774722884&lvi=112774722884&lvc=en&pu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Frtm-locker-ransomware-as-a-service-raas-linux&t=RTM+Locker+Ransomware+as+a+Service+(RaaS)+Now+on+Linux+-+Uptycs&cts=1682647772275&vi=b4537742cb1a4d08c2dd01f7d8c097b3&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a50f7342-2705-4e04-b2ca-5d81f5ef8974
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6fc7d4b0-9423-44dc-ace9-f37ea5f1fe2d
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6rtN1HMjPgiRClCGGUMDYfXM7RWDKNrWV6X16s7zsAgDg6wzUlzZevV7%2FrAZoC3aS3%2FVj3uq%2Bk0jSCamNxgEdb7BaWI0wa0VNhdQCuX6PYKlnzGGWmAZ8KZtJtpFwJV7enoPsh3CJ4xrAPKpRQ9"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-bwtzj
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bebc380def39b9b-FRA
x-robots-tag: none

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
608 B 291ms
290ms Image
image/gif 2606:4700::6811:d6f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: c827e657-e103-466c-b4cb-66c0651c70fe
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d754ce39-537b-49ad-8f4c-412e0c4f57fc
server: cloudflare
x-trace: 2B950D62E3F6D0B027EB61A3A20CD6A889B0FDAE1F000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-w7shg
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 7bebc381fd6f699f-FRA

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 6479 0
15 B 63ms
63ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.uptycs.com
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.uptycs.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Fri, 28 Apr 2023 02:09:32 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 / Show response
www.facebook.com/tr/ Frame BB2E 0
15 B 171ms
171ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.uptycs.com
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.uptycs.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Fri, 28 Apr 2023 02:09:32 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 235ms
234ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:33 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 235ms
234ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:34 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 235ms
235ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 200 perf Show response
www.uptycs.com/_hcms/ 2 B
839 B 176ms
176ms XHR
text/plain 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/_hcms/perf

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-type: application/json

Response headers

date: Fri, 28 Apr 2023 02:09:35 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1c801065-a10b-4944-9f8b-a54b2ea72763
x-envoy-upstream-service-time: 8
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 79cbec85-e291-4a7b-b85a-5dbcc25cecec
server: cloudflare
x-trace: 2BEF9120F5E45B8825963E897638C6E28CE7750AC7000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uss6oUimDNy1FgzrUgWsjChAjE9XP9uhpQcHu2an5Tn%2Ba6cPBtl%2FL%2BF1peAYPzPQULJlpB0UB87gswsz39h%2BxiezvIjcAJfvXVC8wzqBUzjkkK7LJtcGmcIRiA%2FCJtvkNlknBPRWUptkHiKw"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-0-9-td/envoy-proxy-57d8759bb6-k58tx
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 7bebc3938f4535f4-FRA
x-robots-tag: none

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 235ms
234ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/rtm-locker-ransomware-as-a-service-raas-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:09:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

108 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.uptycs.com/	1970-01-20 11:24:09	Name: __cf_bm Value: 6cV_DYFCcrZCqObodKsMZOkNLkPv_iCQcqToCxmOmFg-1682647765-0-AfnUI/dkoSjvCSwVwQnq2+vzHM6EqLcQd7QYlz/6w6WeBuGX7aHMvouBRq4y6dwhlzs5G6N1y8rjGei3UFXTDGw=
.www.uptycs.com/	1969-12-31 23:59:59	Name: __cfruid Value: d5672e84eeca92eaea5cf8c4117322df58440a8c-1682647765
www.uptycs.com/	1970-01-20 20:54:22	Name: __atuvc Value: 1%7C17
www.uptycs.com/	1970-01-20 11:24:09	Name: __atuvs Value: 644b2ad63e6a235d000
.zoominfo.com/	1970-01-20 11:24:09	Name: __cf_bm Value: gejRkJmVFFx1dEAhwjcSYgpHfXiUa8emwsvhR7TI11c-1682647767-0-ATJuI/0+5tgkAZDM9oe1Pr06c32KMnHbrBCJQ0pUMdw224w8RwBGf2ZAPqkRgS9xQkWmUsgiiaOSWjzWGaZIqLc=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 6w3aXs6tQBqa8BqtS78moWsqJKwQlmA3G82s0vGNf34-1682647767643-0-604800000
.addthis.com/	1970-01-20 20:54:22	Name: uvc Value: 1%7C17
.uptycs.com/	1970-01-20 13:33:43	Name: _rdt_uuid Value: 1682647767810.36f51a16-6aa7-4cc8-afef-518769adffe1
.hubspot.com/	1970-01-20 11:24:09	Name: __cf_bm Value: ouYOiNZQQASFLZ72PPkCKBVrvZJHLbjQxD0i8cPRW9M-1682647767-0-AWBAKIfUicFAOfcyj1W1m7BF2rIWyUrMtK2jSEj5CjfHm/oKVz5EDyE5HJjkwebDXjvu7Ea31nPOLOthJZYo18s=
www.uptycs.com/	1970-01-20 21:00:07	Name: _gd_visitor Value: 945d2e3a-f0b6-4e0d-877f-d0d0273a8352
www.uptycs.com/	1970-01-20 11:24:22	Name: _gd_session Value: bfab1148-5af3-4616-8d4f-c5f7800da453
.t.co/	1970-01-20 21:00:07	Name: muc_ads Value: b8e4bbc6-ddb6-4171-bad2-869d543ce8e2
.linkedin.com/	1970-01-20 12:07:19	Name: UserMatchHistory Value: AQJPK23n80PTDQAAAYfFn1u_7wkrpJObQdmViT79laBqlPOuIzoLC8dq8GDwlU05SAz0Zd6V6CjPIQ
.linkedin.com/	1970-01-20 12:07:19	Name: AnalyticsSyncHistory Value: AQJGQ_5YR6A8fwAAAYfFn1u_zJ3Gk_Aj53jilHelyjI08AayfJBQXWwF-7zmrvL4qYXdVMTJEPI1VYgJSZ19Xw
.linkedin.com/	1970-01-20 20:09:43	Name: bcookie Value: "v=2&48452e13-bccc-42f1-82cf-dcbb81ae78ef"
.linkedin.com/	1970-01-20 11:25:34	Name: lidc Value: "b=TGST02:s=T:r=T:a=T:p=T:g=3004:u=1:x=1:i=1682647768:t=1682734168:v=2:sig=AQFbGiB5cK2dURdvFsW6ae8GroWLDNN3"
www.uptycs.com/	1970-01-20 11:25:34	Name: ln_or Value: eyIxMjUyOTIyIjoiZCJ9
.twitter.com/	1970-01-20 21:00:07	Name: personalization_id Value: "v1_6U6clR6Ve1YekkX1tFqjAw=="
.6sc.co/	1970-01-20 21:00:07	Name: 6suuid Value: d0d5ce17835a0100d82a4b64270100009ed21100
.www.linkedin.com/	1970-01-20 20:09:43	Name: bscookie Value: "v=1&2023042802092880131f48-610f-478b-8071-9305ef382936AQEZvt63jgx8LK5mfbQujiMETWK02nyd"
.linkedin.com/	1970-01-20 15:43:19	Name: li_gc Value: MTswOzE2ODI2NDc3Njg7MjswMjEJs4kBwRw9VdBYCiRh/H70zx5fHDCZ7neSHHIPp2jKeQ==
.addthis.com/	1970-01-20 20:54:22	Name: loc Value: MDAwMDBFVURFU04yMzA2MTkyMzAwODAwMDBDSA==
.uptycs.com/	1970-01-20 20:09:43	Name: _hjSessionUser_3384743 Value: eyJpZCI6IjMxNWNlYjk4LTc3NGEtNTk5OC04ZmUxLTcxMDhmYWI3YzRlNSIsImNyZWF0ZWQiOjE2ODI2NDc3Njk5MTQsImV4aXN0aW5nIjpmYWxzZX0=
.uptycs.com/	1970-01-20 11:24:09	Name: _hjFirstSeen Value: 1
.uptycs.com/	1970-01-20 11:24:07	Name: _hjIncludedInSessionSample_3384743 Value: 1
.uptycs.com/	1970-01-20 11:24:09	Name: _hjSession_3384743 Value: eyJpZCI6ImU5NThjM2I5LWQzZmMtNDY2Zi05N2RhLTA5NzMyYWRiNzI5YyIsImNyZWF0ZWQiOjE2ODI2NDc3Njk5MjAsImluU2FtcGxlIjp0cnVlfQ==
.uptycs.com/	1970-01-20 11:24:09	Name: _hjAbsoluteSessionInProgress Value: 0
.uptycs.com/	1970-01-20 13:33:43	Name: _fbp Value: fb.1.1682647770016.1797657691

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2617658.fs1.hubspotusercontent-na1.net
alb.reddit.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
c.6sc.co
cdn.linkedin.oribi.io
cdnjs.cloudflare.com
connect.facebook.net
content.hotjar.io
fast.wistia.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
in.hotjar.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hscollectedforms.net
js.usemessages.com
m.addthis.com
my.hellobar.com
pagead2.googlesyndication.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s7.addthis.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
t.co
track.hubspot.com
unpkg.com
v1.addthisedge.com
ws.zoominfo.com
www.clickcease.com
www.facebook.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.uptycs.com
z.moatads.com
s7.addthis.com
104.244.42.131
104.244.42.133
104.75.88.126
13.107.42.14
146.75.116.157
151.101.129.140
18.202.10.197
2001:4860:4802:32::36
23.35.237.151
23.36.162.208
2600:9000:2127:2800:15:a0d3:77c0:93a1
2600:9000:2127:9e00:2:53b2:240:93a1
2606:2c40::c73c:67e2
2606:4700:10::6816:e17
2606:4700::6810:7daf
2606:4700::6810:8ace
2606:4700::6810:a852
2606:4700::6811:180e
2606:4700::6811:65ac
2606:4700::6811:69c7
2606:4700::6811:d2f3
2606:4700::6811:d6f3
2606:4700::6812:19c4
2606:4700::6812:f0f
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:808::2008
2a00:1450:4001:813::2002
2a02:26f0:3500:14::1724:a244
2a02:26f0:3500:16::215:148d
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:200::622
2a04:4e42:400::396
52.19.23.51
52.222.236.63
65.9.95.121
0020585c97713430e9ebfd32f3a69f2c89dc6d880fa1a18eff64337984b624f0
02b49f77333f067dfe414f0f2313f9b47e1633e3ecbbb9126ca2e61373eef9ea
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
053dde4fc8556b539b56f7b2fee7c8a420c28e26fc4b25b788f32eb2cb89663d
055eea778a9f4bbdbc684268fb81eac45c8f487530620333c4f919f7c24ae2f7
0a0cc1e6f9bcfd44f2d599aef3771cd9bb02ad27521f95cb9f0c94304d3b369d
1288df0a77810a31168d5f3cca4d5e22aad4886b3930ee08595b4c589c490ea9
12ce92cc3c4eb9d74f48e9a10eb919bdf30bbdc5ccf9843c6543fec302dec54f
16a71983d829c9a944751c1a412fd15ca9a24c61f5482d866ae2b92ebad42160
194e315e87d57f06cc018fb80ad5a7c414019323dc2093f47c54f33808e4c801
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d
20ef92addd5e9f9495b402e54ff6f74e3b9d87933745b89ad0deaf7736ab68a7
21f25c0486d370e7c9ecb62c96685617fb254fd8ba3ea4985f0f600cce68e317
24f64aff27b1368441f0ef15311dc5e2dde4f3b6406d1b9a73cd60525f812bf6
269ecb0a4ca3a19ea5356891a708984db842b1a1b9015b0f023935799ad64512
27ec162e5b6e59e8b6b56b3b4520c46502af9f4db0e5339ac7d37955414dba25
2862c8cec8e337cc6892b9e10260275bf5188fa82230628c770872e55815f2ee
28f6f5f4cd55d3bf96dba95ce5e6acff88e0ef235375d47402aaff335c9e31cf
2c172b3d24530a82112555d011de195af36ffc64abe8663a090561108068c39f
2cbba247ca6de6962085423c671b17bd76d58692e32e8e40ad808a12e27bbeab
2e19215751b5a2c8cda5bbcdc0ee7d12628719a0b7b12051b4ba399f6a7f8270
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
31ecf49765b9a0667e7736a30dadfcd7d886eea4eb33a7eec3b623d3bfbcb4a3
3799757070241db252436a90cbf25cac68f7e10e7c51580326b01d1a62dc1424
3ca8a668b6180d4806ea6913180bf07b20671e6ba5575bb9e7c4261563c790d7
46f7868bd7716ddbffeacd63584d6f7db3764424ee71b4d9d6fb2cbaf3919148
49bcf828bccbf7b6bcb6f4d87a97901dc743cce92707bb64ad536227ebc77135
4c8e00ac7963ebd049252bf97b4ae71f265566258a335f481a77cdb6c9274437
4d7a3c75b0d9fbf3135c116822323108eb378d0b0a72364849e762510a597d59
4f9687af855e3702920c9feedcf07596807bf43bcd8de0b543ffee66f98e1a22
508d1edc6c86efaaadff8a8b8fbdb3a14083b01246b0e9a8b136ddc84ba4974b
50ad448a8a5720bf8a5617db15af31ae60163de06331576f60c6244c012ffc72
5519c98304c2b1ab66d70401cc8fe260fc0b5e68afb4e820eed04ce299a2d3ed
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
589790e05dc0929143050861e2404bba1421e281ab17369c76e733fa85b1eff6
58d19fe480d86efe39999dc40ab4d8b1ceacac9e2e46e6b8abb37903fdd55f58
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
62e120f9707942e703ef7a54d281e0f4a4027114e88e57f38909e48927029604
66a4c67f29859c7e0f4d93920c9f638c80f3e2e4a6350968f06b03229576162e
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
6a068741b8418ff3a57e863dc542f2fb242ad23952c11ebb09fbfb5a278cc1f9
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
7775c3a94d76e47ed6bda5a404bf940ef8f710223ecdd4bfb7f48edb58925430
798d10a2358bf2bb2383db429dbd3872c61623eae564f5ec4b35cebe16e8d3ee
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
8579d7cdfc6e955656a78873fb2656de5446083f3aec2112b9ffd3e7fc252f76
89db57949b0fd8f67051cb9abafa2718ba53f1c8a5075d7e3aea34bc7c4c43c4
8ae5f96b06a7ec9fcd7b1a35e1f2b495037643c08fca0727923be37dea04c4a9
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
91fcd16ee338ec3a811b01a394e49fadedb6414173b4e70c1def946e36ed1b96
92b6882a6f1f89eaea5cd62363f34180267d117487929efc8e050c20cacc5174
92b7129669be0cdf62e38b7e48fbec74a28d877d6a3b4abf99928dfb1dfbba97
99207dab24e7f9a6b0ca50cf441a93db306a66666630a4e634f0943b0aaee995
9ba9ebd0651f0396e50654d49d9cca8139b25f32952b08cee61b00057874bb2c
9bad24e105479fb5068a865e3e3d3a2bcaac9a2ba464f9c4cefd5b5c0eb1bdfa
9d1faf9bd9dfb8aa89f59852a79665717d0d5e551b39ceebca1d209dc4b117ff
9e323a3bf913040ce64061d772773acb0bb08c19c7e69c056b6fcfbdf12f525f
a4a2698c9b28f0e6053921e4832c8c7d14c8847fa0bea29985d3fbb5b2511ad8
a4a4bde6034070447282fb73be8f241da543276b2e48f5aa4e1bc2e3ac795522
a99cee11f6203ecf7a2167a8ac316d0eb8e24f88cf03fb8dc98fca02d4e4b5a4
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
b445804d19fbb8ee793211ba3654d2c0678cbb4c050ae84d562ab3f7d1e913db
b48a0510a39e949184e762267407b9d7292b4fd69dcbf953b657c1e9cfc4cc61
c0ad39faea959c6452ccf07bbf3c65bf7f5e1afa8df00d05cfbb1087a8aee9ac
c2b349073b8421ec84bfd334c01132010daabccff2f8975a9d242720a37a7da3
c431b7004f2def447ab4b6b2e63e694f322c65162a22e689f91a69e391241df4
c7181f66fd7038a68b26cbb290d8af50cbcce22e24737373fe69bb8f925a5fd9
cbac6ecb43f12d7331cdccc70a56b22718d8f35dab5fbcb7f0978507c91bf1fb
cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d3b31f99e56699dc64436a0cf3f1677dd783d5e19c203567a487f9cb7182fb12
d57f0ca82f50169108be00506dd5964f1a1a61d3ee38e2c40608170abe33841a
d797893d6d2afaeea7fea8656fa1659af49ab38f497780839ca072f0e0cb5169
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e21aa5b0d3fd28cebed9e03c5544f4924e11b0c453792ed018720cf8c679b0b6
e35bd3a7cf61fd519a25a25964dcbf61d0f5d2f72b6ff7b2c74f12c5d90a58a6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5abfd65c55dc5e6f697b2825ff51a5d645e7b23a6d959c324143b71f36055df
e6067dcd5dce2a3474610f14be162b671b90e8d916358d4cf324a526fb5e9ac6
e7d73ae35c3412dd12292590b041a66f83a14f7766041b8d523fadf78c8d7daa
e9cdbd459a46d084aa2f638e774122f24e1de189c7c341701e556c8b750980b8
ecefe3f3de7584e4f4e4b1b8dddfbbf9cd89bf37fe94692751ea8a79e028f5e7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0b10fcb00f54ff132f2ba46b0b68959a4fabf769d6eaffd73e7c55186ea81f4
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.uptycs.com Open in urlscan Pro 2606:2c40::c73c:67e2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

111 Requests

97 %HTTPS

68 %IPv6

33 Domains

44 Subdomains

37 IPs

3 Countries

4484 kBTransfer

8521 kBSize

28 Cookies

31 Outgoing links

Redirected requests

111 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.uptycs.com Open in urlscan Pro
2606:2c40::c73c:67e2 Public Scan

Screenshot
Live screenshot

Full Image

111
Requests

97 %
HTTPS

68 %
IPv6

33
Domains

44
Subdomains

37
IPs

3
Countries

4484 kB
Transfer

8521 kB
Size

28
Cookies

111 HTTP transactions
8 data transactions