arcticwolf.com Open in urlscan Pro
52.222.139.122 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://protect-eu.mimecast.com/s/aI5KC4QXvF6KGAiOns9F?domain=arcticwolf.com
Effective URL:
https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02N...
Submission: On July 31 via manual (July 31st 2023, 12:34:00 pm UTC) from GB — Scanned from GB

Summary HTTP 359 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 60 IPs in 6 countries across 47 domains to perform 359 HTTP transactions. The main IP is 52.222.139.122, located in United States and belongs to AMAZON-02, US. The main domain is arcticwolf.com. The Cisco Umbrella rank of the primary domain is 73543.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 22nd 2023. Valid for: 7 months.

This is the only time arcticwolf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	91.220.42.215 91.220.42.215	42427 (MIMECAST-UK) (MIMECAST-UK)
96	52.222.139.122 52.222.139.122	16509 (AMAZON-02) (AMAZON-02)
1	35.201.125.192 35.201.125.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
7	13.32.99.99 13.32.99.99	16509 (AMAZON-02) (AMAZON-02)
9	2606:4700::68... 2606:4700::6812:aa72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
2	13.249.9.129 13.249.9.129	16509 (AMAZON-02) (AMAZON-02)
8	104.17.71.206 104.17.71.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:218... 2600:9000:218e:4a00:0:f267:a5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1d26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	44.208.41.101 44.208.41.101	14618 (AMAZON-AES) (AMAZON-AES)
10	23.53.42.251 23.53.42.251	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	2a02:26f0:780... 2a02:26f0:780::210:a40a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
2	23.197.137.224 23.197.137.224	16625 (AKAMAI-AS) (AKAMAI-AS)
1 6	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:1e49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
73	18.66.112.55 18.66.112.55	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.244.142.80 35.244.142.80	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e0:... 2606:4700:e0::ac40:6824	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	23.35.228.210 23.35.228.210	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20eb:d600:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
5 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1 4	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
4	2620:1ec:46::45 2620:1ec:46::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
2	2001:4860:480... 2001:4860:4802:36::36	15169 (GOOGLE) (GOOGLE)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1 3	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	151.101.128.143 151.101.128.143	54113 (FASTLY) (FASTLY)
5	52.3.28.106 52.3.28.106	14618 (AMAZON-AES) (AMAZON-AES)
7	20.231.53.73 20.231.53.73	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.158.224.20 35.158.224.20	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:400:1c:f10a:ad80:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2600:1f18:e8a... 2600:1f18:e8a:cd06:e361:a2ce:b047:17c	14618 (AMAZON-AES) (AMAZON-AES)
3	65.9.66.23 65.9.66.23	16509 (AMAZON-02) (AMAZON-02)
1	169.48.138.204 169.48.138.204	36351 (SOFTLAYER) (SOFTLAYER)
1	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1 3	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:710... 2a02:26f0:7100::210:172	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	52.222.236.102 52.222.236.102	16509 (AMAZON-02) (AMAZON-02)
2	18.197.22.0 18.197.22.0	16509 (AMAZON-02) (AMAZON-02)
12	54.147.21.139 54.147.21.139	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:8d:... 2a04:4e42:8d::720	54113 (FASTLY) (FASTLY)
359	60

2 91.220.42.215 (United Kingdom) 2 redirects

ASN42427 (MIMECAST-UK, GB)
PTR: eu-api.mimecast.com

protect-eu.mimecast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

96 52.222.139.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-122.ams50.r.cloudfront.net

arcticwolf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.125.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.125.201.35.bc.googleusercontent.com

marvel-b2-cdn.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.32.99.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-99.fra60.r.cloudfront.net

cdn-app.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:aa72 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.249.9.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-9-129.cdg53.r.cloudfront.net

app.cdn.lookbookhq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.17.71.206 (None, )

ASN13335 (CLOUDFLARENET, US)

cybersecurity.arcticwolf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:218e:4a00:0:f267:a5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

marvel-b1-cdn.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1d26 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 44.208.41.101 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-41-101.compute-1.amazonaws.com

jukebox.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.53.42.251 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-42-251.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:780::210:a40a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.197.137.224 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-137-224.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1e49 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

73 18.66.112.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-55.fra56.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e0::ac40:6824 (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.35.228.210 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-210.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:d600:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 5 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

840-osq-661.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::36 (United States)

ASN15169 (GOOGLE, US)

us-central1-adaptive-growth.cloudfunctions.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.70 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.128.143 (United States)

ASN54113 (FASTLY, US)

s.swiftypecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.3.28.106 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-28-106.compute-1.amazonaws.com

spcollector.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 20.231.53.73 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

q.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.158.224.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-224-20.eu-central-1.compute.amazonaws.com

6145655.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:400:1c:f10a:ad80:93a1 (United States)

ASN16509 (AMAZON-02, US)

ob.robotflowermobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f18:e8a:cd06:e361:a2ce:b047:17c (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.robotflowermobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.66.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-23.fra56.r.cloudfront.net

cdn.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.48.138.204 (Dallas, United States)

ASN36351 (SOFTLAYER, US)
PTR: cc.8a.30a9.ip4.static.sl-reverse.com

cc.swiftype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::210:172 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.236.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-102.fra56.r.cloudfront.net

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.22.0 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-22-0.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 54.147.21.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-21-139.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
targeting.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
flow.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:8d::720 (United States)

ASN54113 (FASTLY, US)

driftt.imgix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
104	arcticwolf.com arcticwolf.com — Cisco Umbrella Rank: 73543 cybersecurity.arcticwolf.com — Cisco Umbrella Rank: 320033	2 MB
73	driftt.com js.driftt.com — Cisco Umbrella Rank: 6322	830 KB
27	pathfactory.com cdn-app.pathfactory.com — Cisco Umbrella Rank: 38819 jukebox.pathfactory.com — Cisco Umbrella Rank: 31826 spcollector.pathfactory.com — Cisco Umbrella Rank: 37875 cdn.pathfactory.com — Cisco Umbrella Rank: 129314	793 KB
14	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1039 q.clarity.ms — Cisco Umbrella Rank: 8936 c.clarity.ms — Cisco Umbrella Rank: 1568	53 KB
12	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 7117 metrics.api.drift.com — Cisco Umbrella Rank: 6970 event.api.drift.com — Cisco Umbrella Rank: 7736 targeting.api.drift.com — Cisco Umbrella Rank: 7228 flow.api.drift.com — Cisco Umbrella Rank: 11834	14 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5514 c.6sc.co — Cisco Umbrella Rank: 8744 ipv6.6sc.co — Cisco Umbrella Rank: 5717 b.6sc.co — Cisco Umbrella Rank: 3597	18 KB
9	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 360	173 KB
8	robotflowermobile.com ob.robotflowermobile.com — Cisco Umbrella Rank: 499887 obs.robotflowermobile.com — Cisco Umbrella Rank: 378749	37 KB
7	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 3 adservice.google.com — Cisco Umbrella Rank: 118 region1.analytics.google.com — Cisco Umbrella Rank: 2693	1 KB
7	linkedin.com 5 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 384 www.linkedin.com — Cisco Umbrella Rank: 543 px4.ads.linkedin.com — Cisco Umbrella Rank: 5993	6 KB
7	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 11592367.fls.doubleclick.net Failed ad.doubleclick.net — Cisco Umbrella Rank: 183 stats.g.doubleclick.net — Cisco Umbrella Rank: 114	5 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 73	565 KB
6	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4477 ws-assets.zoominfo.com — Cisco Umbrella Rank: 14928	20 KB
6	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 383 c.bing.com — Cisco Umbrella Rank: 224	29 KB
6	gstatic.com fonts.gstatic.com	139 KB
5	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 3116	753 B
5	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 1800	9 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 79	3 KB
4	bc0a.com marvel-b2-cdn.bc0a.com — Cisco Umbrella Rank: 20244 marvel-b1-cdn.bc0a.com — Cisco Umbrella Rank: 18120 marvel-processor.bc0a.com Failed	16 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 11044	3 KB
3	swiftypecdn.com s.swiftypecdn.com — Cisco Umbrella Rank: 10314	149 KB
3	facebook.com 1 redirects www.facebook.com — Cisco Umbrella Rank: 108	395 B
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14565 ibc-flow.techtarget.com — Cisco Umbrella Rank: 16282	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9651	586 B
2	cloudfunctions.net us-central1-adaptive-growth.cloudfunctions.net — Cisco Umbrella Rank: 2799
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 58	21 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 170	155 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3724	7 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 92	65 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 795	10 KB
2	lookbookhq.com app.cdn.lookbookhq.com — Cisco Umbrella Rank: 54997	3 KB
2	mimecast.com 2 redirects protect-eu.mimecast.com — Cisco Umbrella Rank: 30183	3 KB
1	imgix.net driftt.imgix.net — Cisco Umbrella Rank: 14949	7 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 163	2 KB
1	swiftype.com cc.swiftype.com — Cisco Umbrella Rank: 10989	279 B
1	siteimproveanalytics.io 6145655.global.siteimproveanalytics.io — Cisco Umbrella Rank: 882685	473 B
1	mktoresp.com 840-osq-661.mktoresp.com	318 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 688	397 B
1	t.co t.co — Cisco Umbrella Rank: 525	378 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1510	637 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 876	377 B
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 3946	14 KB
1	pdst.fm cdn.pdst.fm — Cisco Umbrella Rank: 2777	6 KB
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8314	1 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1368	8 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 713	15 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 634	314 B
359	47

	Domain	Requested by
96	arcticwolf.com	arcticwolf.com ob.robotflowermobile.com
73	js.driftt.com	arcticwolf.com js.driftt.com
12	jukebox.pathfactory.com	cdn-app.pathfactory.com
9	cdn.cookielaw.org	arcticwolf.com cdn.cookielaw.org
8	b.6sc.co	arcticwolf.com
8	cybersecurity.arcticwolf.com	arcticwolf.com cybersecurity.arcticwolf.com
7	obs.robotflowermobile.com	ob.robotflowermobile.com arcticwolf.com
7	q.clarity.ms	www.clarity.ms
7	www.googletagmanager.com	arcticwolf.com www.googletagmanager.com ob.robotflowermobile.com
7	cdn-app.pathfactory.com	arcticwolf.com cdn-app.pathfactory.com
6	fonts.gstatic.com	fonts.googleapis.com
5	spcollector.pathfactory.com	cdn-app.pathfactory.com
5	www.google.co.uk	arcticwolf.com
5	pixel.mathtag.com	www.googletagmanager.com pixel.mathtag.com arcticwolf.com
5	ws.zoominfo.com	arcticwolf.com js.zi-scripts.com ws-assets.zoominfo.com
5	bat.bing.com	arcticwolf.com bat.bing.com
4	targeting.api.drift.com	js.driftt.com
4	www.clarity.ms	bat.bing.com www.clarity.ms
4	www.google.com	1 redirects arcticwolf.com
4	px.ads.linkedin.com	4 redirects
4	fonts.googleapis.com	arcticwolf.com cybersecurity.arcticwolf.com
3	js.zi-scripts.com	arcticwolf.com js.zi-scripts.com
3	c.clarity.ms	1 redirects arcticwolf.com www.clarity.ms
3	cdn.pathfactory.com	arcticwolf.com
3	s.swiftypecdn.com	arcticwolf.com s.swiftypecdn.com
3	www.facebook.com	1 redirects arcticwolf.com
3	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com
3	marvel-b1-cdn.bc0a.com	arcticwolf.com
2	flow.api.drift.com	js.driftt.com
2	event.api.drift.com	js.driftt.com
2	metrics.api.drift.com	js.driftt.com
2	bootstrap.api.drift.com	js.driftt.com
2	epsilon.6sense.com	j.6sc.co
2	region1.analytics.google.com	www.googletagmanager.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	ad.doubleclick.net	2 redirects
2	ibc-flow.techtarget.com	trk.techtarget.com
2	us-central1-adaptive-growth.cloudfunctions.net	cdn.pdst.fm
2	px4.ads.linkedin.com	arcticwolf.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	arcticwolf.com connect.facebook.net
2	munchkin.marketo.net	arcticwolf.com munchkin.marketo.net
2	www.youtube.com	arcticwolf.com www.youtube.com
2	snap.licdn.com	www.googletagmanager.com arcticwolf.com
2	app.cdn.lookbookhq.com	arcticwolf.com
2	protect-eu.mimecast.com	2 redirects
1	driftt.imgix.net
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	c.bing.com	1 redirects
1	www.googleadservices.com	www.googletagmanager.com
1	cc.swiftype.com	arcticwolf.com
1	ob.robotflowermobile.com	www.googletagmanager.com
1	6145655.global.siteimproveanalytics.io	arcticwolf.com
1	adservice.google.com	arcticwolf.com
1	840-osq-661.mktoresp.com	munchkin.marketo.net
1	analytics.twitter.com	arcticwolf.com
1	t.co	arcticwolf.com
1	alb.reddit.com	arcticwolf.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	siteimproveanalytics.com	www.googletagmanager.com
1	cdn.pdst.fm	arcticwolf.com
1	trk.techtarget.com	arcticwolf.com
1	tracking.g2crowd.com	arcticwolf.com
1	www.redditstatic.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	j.6sc.co	arcticwolf.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	marvel-b2-cdn.bc0a.com	arcticwolf.com
0	marvel-processor.bc0a.com Failed	arcticwolf.com
0	11592367.fls.doubleclick.net Failed	www.googletagmanager.com
359	73

This site contains links to these domains. Also see Links.

Domain
www.coveware.com
safeatlast.co
www.ibm.com
invenioit.com
www.dlapiper.com
www.comparitech.com
www.facebook.com
www.twitter.com
www.youtube.com
www.linkedin.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
arcticwolf.com DigiCert SHA2 Extended Validation Server CA	`2023-03-22` - `2023-10-22`	7 months	crt.sh
cdn.bc0a.com GTS CA 1D4	`2023-06-11` - `2023-09-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.pathfactory.com Amazon RSA 2048 M02	`2023-06-11` - `2024-07-09`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
cybersecurity.arcticwolf.com Cloudflare Inc ECC CA-3	`2023-04-05` - `2024-04-04`	a year	crt.sh
marvel-cdn.bc0a.com Amazon RSA 2048 M01	`2023-02-09` - `2024-03-09`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-12` - `2023-10-08`	6 months	crt.sh
*.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-09` - `2023-08-07`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-24` - `2024-07-23`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-03-01` - `2023-09-21`	7 months	crt.sh
cdn.pdst.fm GTS CA 1D4	`2023-07-25` - `2023-10-23`	3 months	crt.sh
siteimproveanalytics.com GTS CA 1P5	`2023-07-03` - `2023-10-01`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-19` - `2023-10-15`	6 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-11-14` - `2023-11-14`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-01` - `2023-10-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
misc.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-07-26` - `2023-10-24`	3 months	crt.sh
s.swiftypecdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-02` - `2024-08-02`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
*.global.r1.siteimproveanalytics.io Amazon RSA 2048 M02	`2023-06-15` - `2024-07-13`	a year	crt.sh
*.robotflowermobile.com Amazon RSA 2048 M02	`2023-07-18` - `2024-08-15`	a year	crt.sh
*.swiftype.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-21` - `2024-07-14`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
js.zi-scripts.com Amazon RSA 2048 M02	`2022-10-17` - `2023-11-15`	a year	crt.sh
c.msn.com Microsoft Azure TLS Issuing CA 05	`2023-06-06` - `2024-05-31`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
*.imgix.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-03-05` - `2024-04-05`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Frame ID: D089ABA7044767358D24A46BB811E230
Requests: 245 HTTP requests in this frame

Frame: https://11592367.fls.doubleclick.net/activityi;src=11592367;type=home;cat=allsi0;ord=8548564205194;auiddc=103245672.1690806829;u1=%5BMarket%5D;u2=%5BURL%5D;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Frame ID: C875392DCA480C575E0F617C87A1A725
Requests: 1 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=09fd64c7-aa2d-4500-b292-fe899938fff8&no_iframe=1&mt_adid=252398&source=mathtag
Frame ID: 65A5DCBA100B1C66BA62D3BC305D3C0C
Requests: 2 HTTP requests in this frame

Frame: https://cybersecurity.arcticwolf.com/index.php/form/XDFrame
Frame ID: FC434502C9A6753A0A0CE3A26E10BB9B
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/?redirect=0
Frame ID: 37013D90DBC8460871FEAF756B2C7A2B
Requests: 1 HTTP requests in this frame

Frame: https://arcticwolf.com/cheq-ppc-invalid-users/
Frame ID: 9042B311B0B45375C262C5EBA42E7C43
Requests: 3 HTTP requests in this frame

Frame: https://bat.bing.com/bat.js
Frame ID: 036B4BE59EF7F22DEE7A498543A77394
Requests: 8 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Frame ID: 51E105ACEBC1D29F8AB4EB33FA4CD1C5
Requests: 42 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
Frame ID: 6695D96AB95ED246142A0FA2EF2756A2
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

(1) New Messages!Back ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://protect-eu.mimecast.com/s/aI5KC4QXvF6KGAiOns9F?domain=arcticwolf.com HTTP 307
https://protect-eu.mimecast.com/r/0mkPcfjJ3aiA9y6ct-6tTLb7w9JiTg6isNcj_VfZwzK3frjGUPEBPKm_kHUPtVBhqK4XfA0kjY... HTTP 307
https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&m... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

particles.js (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

/particles(?:\.min)?\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

GSAP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

TweenMax(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

359
Requests

97 %
HTTPS

50 %
IPv6

47
Domains

73
Subdomains

60
IPs

6
Countries

5622 kB
Transfer

15948 kB
Size

62
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound#:~:text=Most%20Common%20Ransomware%20Attack%20Vectors,the%20most%20common%20attack%20vector.
Title: *Coveware.com

Search URL Search Domain Scan URL

URL: https://safeatlast.co/blog/ransomware-statistics/#gref
Title: *Safeatlast.co

Search URL Search Domain Scan URL

URL: https://www.ibm.com/security/data-breach
Title: *ibm.com

Search URL Search Domain Scan URL

URL: https://invenioit.com/continuity/financial-services-ransomware/
Title: over 1,200 stores and kiosks

Search URL Search Domain Scan URL

URL: https://www.dlapiper.com/en/uk/news/2017/06/dla-piper-malware-statement?utm_source=TWITTER
Title: DLA Piper in 2017

Search URL Search Domain Scan URL

URL: https://www.comparitech.com/blog/information-security/ransomware-attacks-hospitals-data/
Title: The report

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ArcticWolfNetworks

Search URL Search Domain Scan URL

URL: https://www.twitter.com/AWNetworks

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/ArcticWolfNetworks

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/arctic-wolf-networks

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://protect-eu.mimecast.com/s/aI5KC4QXvF6KGAiOns9F?domain=arcticwolf.com HTTP 307
https://protect-eu.mimecast.com/r/0mkPcfjJ3aiA9y6ct-6tTLb7w9JiTg6isNcj_VfZwzK3frjGUPEBPKm_kHUPtVBhqK4XfA0kjYxbDYzta44mzzQ6GN8WgO11BxpNUeuAv5TW64ZMSqevmkN3AEA0W1ddIzFpFIUWD6T5Et645I844qGN8_az0Didprli0a5lHHwuibwhN6m3b9Ejckq47aKL1uVkDQlrnghzgescqZrXwRFHpl45QSMRQMksxlbU8QwIBRSH3-L8bebiduJyOvdGRNj2WiiAh92VaSksQ5b3BBulMIcmGqYT-ZyI349AeXfwLdCrAOkegM7Se51YFyjcZu69GuxY7GgpP5fEjqlX5C80D_Qo7rduKx8tWw1tBg6vJMqb9fcMgRLE58pwW4yL77k5PL5HTQOlE6zd6CzCQ46bZapT8O-yazQCKyFUTy2OcZT1nHji5oNObi3LaKstFdyd2jNAxZ8S-EjZwSkaHh-raUSC8isSa9ce8j858aq7eJnKZJi6S__gPqFfJUh1S7nL15j9lqboB2UcTNVSwSqt_ODG_mDKPyNfWyh2n9edOwRcuj8L4DMLTm-vVJ-c3Shwo110GspjM5J-JKSOyC8_u641mhm17PmlW6Wp8bJLg8v7acFrtvcXVzQUnHQa6aJOP-iCTU3KcvpzSOeuftbhDIg8jU4A_Kh9HF1wWdAcK_8MDqpdXEj6C1_mNg10ywpS8TrepGDZ4Yf_mfKbkm3E5E3Qt1kL6xIKFUPjYrRKGBdIGqaWLnrmvZ59iRt_lMYfcclahB-sgA-qCD6IgW7RNMeGXruSA1LEWZSV3rsCzeaxOi85YsQnqcAEqOxldeCE0c0sKEK-ecJxLde-nmfepYTy7d5mTb-ev4YbM99hWPAjOJU1pfaQ0f7JFAN-8hLSfzGdUR6i56txjIQr0LFUw9CM_8k0aBVDcwkJkVLAwe2vrCw9qjjiazCUstwY4Ex3vnzCLW2JaTRbmIvV5FZJFLNLxNiTb5PJ9-cVnRRx93scAeBVAtWuKXxooGb68zS2nGXWeKP6819c3XJu75hIfjxT5HvP1OP5TJTWpNT3QdYNr24Rk2DRq8eR-ZxojqlBcl9O4NA15OJqeWDJ38JLNY4Rs2SQM-czoC4RNP5CUkzB9GUWxBe3vKTtxJgPLCgtyRcmwqa4cZxA6JQWxZSzS4sfWErXRE6Grh9XdddptWD_JInNgT_mR_3PFl2knueWTtqObpoQccY8EgRf6E0_s5Lr6rDOCvE2pCOcC4rYfrMURMJdFwp5Czgno1gYHuP7vXJq9N5NJ_Z_lqnZzIlVBmWzL8fvLMftrtUt-30YqU-soIC29j3Pea1lJ9VLbZkztJ_pTR6PvS1ihajgEOLEyDsQpiL9FnZuebeYTldM1Mt2oIrPEYaZZOrIG3ZqyK_ZcBMeDT6aEapnp7ODApMVQlIDdjTao_ELJFdSJafwlF2A1qGuEpuy-Hapj7UDJ6lX7D0_aZqZD_ruq0qQAyi8GCKs1fCqmHmxMk8CYxqDQ4nDvVSavtlYZDJINS5J_eU5NVKFhEG4Mc_O1aaZPDulk9LJfzie2DlxrXxUZmJ5cKzRzK-mq4XjLYMakdOFBrbVxGKaYAUdmcXC6PTzxK0goBbu-kZCfmBgMT1nG-9MpKTWH6NtJDx-btfUP4eC6gvaSK3_-VOUHrwC7CG3HiB6UjZ0FmRe3mflEbMRw5MWUFTROp0-RolsR3Up0Vv6uj_IEtRrFHeokL3eZgkUSnVyZVOeNSgrrJMtzmoKuMhUGL4n5WMUr1UPXjsBsyNuJ3aigEnHBAtARpXD7_eT7q-qIMfGfZytzBRxliTdTsuSZ_Ss0Nqud7Y9LS0cDoyVK4GMurmY1MdnlPoPvbTXva7qigXwgoR_cYuReS47hcIXobthfR0DV9Rb5nHRyPlKrQTWdNhluT_bHqB2WodeCsMSjrK08vtmNMDXKYuOmEAnjaxJhw9JehtIoww_R4ZgCI5RlfPwIoSxZFFS11wEnw8CVCU0vvsL3t_QURfFTI7_-d0OWIz7rouAkB8HxK178Hun3letQ94Sy7_pFKdpryvPzeRxeckwWnPLko35qaE3IjOV7MQPf7F4qAAvWpJkzQ_u_FOvLYV-FBjwrJ4PB4XRAhtpwu5UXMfeDmmJJ6r23sWFtaQbYy_5vm7K_AS1fx2uWTKj_9ghkvkGYAN2_IKx3gy1Evo6D3rL_l6pmQJoPE2gW4EPc9_IA9ciCOEH6R_mp3qUOgK07Y2UNxy3ArtH3sqMloOc3sgGPDigr5JrSLlyvuwIa1JECBnihr8e59IaGXo8hB9dq2VihM7qWK3Z9jh450nFkD8A8a5fZ2f3FsgX7COsUQP7lLvro6owWmgtMCkuJ41IIje8kpHKevKNGkSHwQySaUJN8hZEmXpHi9OYjz4tO5eJm2bEt3OtS__H34fWlnhQJQb0LK_FmWoAXlkDZI-E4EFwBmlrvghCGUYCW09J-DBDuy-xqc7KgLkrVU21GkAXNI-ihXL137sPSNUwU98tdN9MkstHR6n3uVwWquln0e8FCKaM80FTsYKukmQv-GuSQS722jSz6MJlsHL5zG3bMCuLrn8wADIJaAa3V4zezWl843R5G2Y3L9jp710Z0Uh6v8Tds2k2q67VAy6-su012d5r9tCnuE1RaxOE0x9IT9PFiD1mEL4W HTTP 307
https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 144

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806829401&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806829401&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D50605%26time%3D1690806829401%26url%3Dhttps%253A%252F%252Farcticwolf.com%252Fincident-response-timeline-ransomware%252F%253Futm_source%253Demail%2526utm_medium%253Dnurture%2526mkt_tok%253DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806829401&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806829401&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&cookiesTest=true&liSync=true&e_ipv6=AQLNSnnWK_sLogAAAYmr8MWeI0PoXujnk9W8hE5viBt98U2G9StsrBkrZ4EtK-E7ai4j

Request Chain 163

https://ad.doubleclick.net/ddm/activity/src=12016171;type=invmedia;cat=arcti0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord= HTTP 302
https://ad.doubleclick.net/ddm/activity/src=12016171;dc_pre=CLD06KP6uIADFaAHogMdBIgODQ;type=invmedia;cat=arcti0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord= HTTP 302
https://adservice.google.com/ddm/fls/z/src=12016171;dc_pre=CLD06KP6uIADFaAHogMdBIgODQ;type=invmedia;cat=arcti0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=

Request Chain 178

https://marvel-b1-cdn.bc0a.com/f00000000241276/blob:https://arcticwolf.com/5dd11da2-10df-4012-a3c8-3f50dbd16e4c HTTP 302
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000241276&url=https://blob:https://arcticwolf.com/5dd11da2-10df-4012-a3c8-3f50dbd16e4c

Request Chain 193

https://www.facebook.com/tr/ HTTP 302
https://www.facebook.com/tr/?redirect=0

Request Chain 231

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806832574&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806832574&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&e_ipv6=AQLrEkAQgXAT1gAAAYmr8M4Uc8ndrJMqjXYq1Vq3nHUYq045wzqF9QBbu2KGiODGE270

Request Chain 239

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=81B32A20668545F99194F378EFD85A77&RedC=c.clarity.ms&MXFR=27D96165CE62623506E8723ACA626C56 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=81B32A20668545F99194F378EFD85A77&MUID=30A10492562C6192373117CD57E76020

Request Chain 242

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/410966486/?random=512245519&cv=11&fst=1690806832653&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&label=lzDbCJmv1ocYENaz-8MB&hn=www.googleadservices.com&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&gtm_ee=1&auid=103245672.1690806829&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=MKrHZN2GMaGA-cAPvO6u4A8&sscte=1&crd=&pscrd=EkxDaEFJOExlZHBnWVEyTFQ1anBEUXJ2SmxFaVVBSHRxR0cwcjZmVDNtSlRpWWxxNVBLa0E3bXd1Mkx1bDNFV3JsTjg2dVBKYjdLV3g3GlhDaEVJOExlZHBnWVFfdS1YbTZYbW5icXpBUkl0QUhaODBUZHZWTmdEeVhUX2djMTVfX2ZVOXN1SnpjRUFLaVhEaENUZTI5QXRFb3ZIdWotZm9Yak9ldnh5IhMI3d6cpfq4gAMVIUAeAh08twv8 HTTP 302
https://www.google.com/pagead/1p-conversion/410966486/?random=512245519&cv=11&fst=1690806832653&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&label=lzDbCJmv1ocYENaz-8MB&hn=www.googleadservices.com&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&gtm_ee=1&auid=103245672.1690806829&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOExlZHBnWVEyTFQ1anBEUXJ2SmxFaVVBSHRxR0cwcjZmVDNtSlRpWWxxNVBLa0E3bXd1Mkx1bDNFV3JsTjg2dVBKYjdLV3g3GlhDaEVJOExlZHBnWVFfdS1YbTZYbW5icXpBUkl0QUhaODBUZHZWTmdEeVhUX2djMTVfX2ZVOXN1SnpjRUFLaVhEaENUZTI5QXRFb3ZIdWotZm9Yak9ldnh5IhMI3d6cpfq4gAMVIUAeAh08twv8&is_vtc=1&ocp_id=MKrHZN2GMaGA-cAPvO6u4A8&cid=CAQSKQBpAlJWaMb34XS9DDeAK77uK5_njBJPvjc35kl6MEUkYBGZk-2DVzw-&random=1862634495 HTTP 302
https://www.google.co.uk/pagead/1p-conversion/410966486/?random=512245519&cv=11&fst=1690806832653&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&label=lzDbCJmv1ocYENaz-8MB&hn=www.googleadservices.com&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&gtm_ee=1&auid=103245672.1690806829&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOExlZHBnWVEyTFQ1anBEUXJ2SmxFaVVBSHRxR0cwcjZmVDNtSlRpWWxxNVBLa0E3bXd1Mkx1bDNFV3JsTjg2dVBKYjdLV3g3GlhDaEVJOExlZHBnWVFfdS1YbTZYbW5icXpBUkl0QUhaODBUZHZWTmdEeVhUX2djMTVfX2ZVOXN1SnpjRUFLaVhEaENUZTI5QXRFb3ZIdWotZm9Yak9ldnh5IhMI3d6cpfq4gAMVIUAeAh08twv8&is_vtc=1&ocp_id=MKrHZN2GMaGA-cAPvO6u4A8&cid=CAQSKQBpAlJWaMb34XS9DDeAK77uK5_njBJPvjc35kl6MEUkYBGZk-2DVzw-&random=1862634495&ipr=y

359 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
arcticwolf.com/incident-response-timeline-ransomware/
Redirect Chain

https://protect-eu.mimecast.com/s/aI5KC4QXvF6KGAiOns9F?domain=arcticwolf.com
https://protect-eu.mimecast.com/r/0mkPcfjJ3aiA9y6ct-6tTLb7w9JiTg6isNcj_VfZwzK3frjGUPEBPKm_kHUPtVBhqK4XfA0kjYxbDYzta44mzzQ6GN8WgO11BxpNUeuAv5TW64ZMSqevmkN3AEA0W1ddIzFpFIUWD6T5Et645I844qGN8_az0Didprl...
https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMR...

336 KB
51 KB

420ms
307ms

Document
text/html

52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

bdd09ae9f057518bb63173753996460f13fda67e4fa826b78821db4edf47657b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: must-revalidate, max-age=0, s-maxage=86400
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 31 Jul 2023 12:33:48 GMT
etag: W/"ebf65c66465fc4940fe1fc600cf27a4a"
last-modified: Fri, 28 Jul 2023 20:41:57 GMT
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
via: 1.1 51d16867ea09d1b4c52eca0e090ad4a2.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-id: lAYOcyWwyII9JNMxYisKpOfP_5nI2RNk3znKWLaDn_3I1dByu9WBvg==
x-amz-cf-pop: AMS54-C1 AMS50-C1
x-amz-version-id: qpP5CUL4WpbB8Hcvi2JXuLYZpYJ3oZFo
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

Cache-control: no-store
Connection: keep-alive
Content-Length: 0
Date: Mon, 31 Jul 2023 12:33:47 GMT
Location: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow

GET
H2 200 marvel.js Show response
marvel-b2-cdn.bc0a.com/ 9 KB
4 KB 124ms
35ms Script
application/javascript 35.201.125.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://marvel-b2-cdn.bc0a.com/marvel.js

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.125.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

192.125.201.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

190db2ea37186511e3cdfaeb6e37e68830c90647a9c18840f33ce00c03a05bd0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:07:04 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
content-security-policy: default-src 'self' 'unsafe-inline';
age: 1603
x-guploader-uploadid: ADPycduNMa9AqltC0wNoWv2mVlBw0UAQ95NR2ZdJV4z5L8PEJrQqj1iyh6ga_gPmRnXIcZ_sm4BCL-OOJ2cOQ5zwwv3RLQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3142
last-modified: Wed, 12 Apr 2023 17:03:33 GMT
server: UploadServer
etag: "0b57832ab47cd1fea51ee8a2dfa4f649"
vary: Accept-Encoding
x-goog-hash: crc32c=EF0vLQ==, md5=C1eDKrR80f6lHuii36T2SQ==
x-goog-generation: 1681319013677342
content-language: en
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 3142
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 31 Jul 2023 13:07:04 GMT

GET
H2 200 premium-addons.min.css
arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-css/ 297 KB
35 KB 64ms
59ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-css/premium-addons.min.css?ver=4.10.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b441f50a6dbac69ad97ee1f9c6f4f7c1ebbdee148b80a218c61b7b1c32b86cb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:35 GMT
x-amz-version-id: .xqizWaf03xyZWE1DE3jEUsAJVm5F9SI
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:53 GMT
server: AmazonS3
etag: W/"706d5a421bbde41d90246db0fee6a5fa"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: Rmuu7IxTvPlFLOhGjGPQE2_cscVvlsfG7pb4F4oqTjV6NdycIOk5MA==

GET
H2 200 premium-addons.min.css
arcticwolf.com/wp-content/plugins/premium-addons-pro/assets/frontend/min-css/ 208 KB
25 KB 54ms
49ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-pro/assets/frontend/min-css/premium-addons.min.css?ver=2.9.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d4cfd9de608164ad8ccc5cdabac2fd0db590394035c29e79c845987c1a955000

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: YH2eq_m1YqkCrYIehowE_MRYDFmRLF_y
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
via: 1.1 f655cacd0d6f7c5dc935ea687af6f3c0.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:55 GMT
server: AmazonS3
etag: W/"0c4671ca20b15d6d8400c857215521e1"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: IM0OO8qIteIJgXZ-Exn0Aws4y03BA1twD0y14StJRF8TantmkvW75w==

GET
H2 200 styles.css
arcticwolf.com/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/ 58 KB
9 KB 129ms
125ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/styles.css?ver=4.6.4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

58c855e7eb9b917e71e6b733e73c542c25bacb986f3ba7df2be1570200312135

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: dJfxa1IRetJp8tyagus3IC96cYD8K6gU
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 2e0227ef3f0af98f7b4e1f8452f59f84.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:19 GMT
server: AmazonS3
etag: W/"4940e4ae72b6124a6eab7e97fc8df1f4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 0PU_bBkC_ITgFKsM_jJjPOJAJyB6Jo3PZq9CmUktoi4yreQU_7V5gw==

GET
H2 200 style.min.css
arcticwolf.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/ 2 KB
1 KB 102ms
97ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/style.min.css?ver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1aeb9107928bb523947c28e17358efb50a07b942e15ed0a72259a5794ea2ca96

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: S0PFVJ0pwf_9rUl97C0bFlg71LO19oN3
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 b8eaad25e4131c15c21d3d50aac2684c.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:06 GMT
server: AmazonS3
etag: W/"72a49c98f1c6118869dd01f1bdce2fce"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 0PMDxP-5jzkJPeLPW3EPvFbQYTdEEv9lA1rhmX191NNUuQUVOFgCHQ==

GET
H2 200 style_en.css
arcticwolf.com/wp-content/uploads/maxmegamenu/ 319 KB
26 KB 98ms
93ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/maxmegamenu/style_en.css?ver=3fab35

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

de33d25c348c9ed3bb8039156b407860db0cdc5eee5cdb26689276bfeef7a17f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: nOcIHUop10izsdf2ViEcSLGzRjr4lcu5
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
via: 1.1 4b3bed207ec72204ebc89ae818e573ee.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:06 GMT
server: AmazonS3
etag: W/"0c25dab01e827375c5873056f4713161"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 5U3fR4tZrVBkT8tuujz3dGGO8uqNZjJ06tVZS73vn7HThCFBCfKvTg==

GET
H2 200 dashicons.min.css
arcticwolf.com/wp-includes/css/ 58 KB
35 KB 108ms
103ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/css/dashicons.min.css?ver=6.2.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: VWGB94bFw4wQlHOvjjd0goMA4vOUv9pN
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 a668b79ea8c4f6f5d611c57b44351ff0.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:37 GMT
server: AmazonS3
etag: W/"d68d6bf519169d86e155bad0bed833f8"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 3r2ki1A9rL9FkD3MqPIxk2ZrGqGNjSSfwU9Eu8LjWwGn1rYEr0f6QQ==

GET
H2 200 style.css
arcticwolf.com/wp-content/themes/blankslate-child/ 23 KB
5 KB 130ms
125ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/themes/blankslate-child/style.css?ver=6.2.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c5904cf8f871eff63432d228df275b03148a0f5e8cc30abfed54f8a8dac1966a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: aAtiNLdglQpkO66E5dLCVB1Wnn35mXu4
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 ec5c4a66c1200ddcc562c6e98f77a48c.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:23 GMT
server: AmazonS3
etag: W/"e3c319ae4cb9ac69d6d043628c7a4551"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: TykurZ28MQg_3pw9o7xW12Wv1ncbC5L1Cv2vtwpDiuvlvMIkpqcE8A==

GET
H2 200 elementor-icons.min.css
arcticwolf.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 131ms
127ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.20.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a0c3e823a07498a845daa25db9e85afdb4a985866f00b4cf1518f363336cd030

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: Dh.Yy.XcSAsdOcBuE0N1u1hVomGAh0Qh
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 0f34c0d3b0e50b8875bcbb7d41684a58.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:58 GMT
server: AmazonS3
etag: W/"ea327e2f7ad5d617a50a3a23b1f48146"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 36eGZQ2xXJUmEL6jcRt5Q9hHFIMZ1do2Ml91FoXVk5DL8I3oSnTKFQ==

GET
H2 200 frontend-legacy.min.css
arcticwolf.com/wp-content/plugins/elementor/assets/css/ 10 KB
1 KB 132ms
127ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

fca5eb2f7f0e369ce02c777e7c947f792a56d9cd843b274e5a535da2dc7211c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: x3._RN.7tennDB_GbraB9iFj_kUmfxzJ
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 eec12a22159207af63748eccf10799b2.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:10 GMT
server: AmazonS3
etag: W/"3edead1fae0cfa6b7158076745c0b8c1"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: cNgXZ4XdvQTqm2STLIRqptBFV6ZXrngRf2Hahqd1PKMBmD5i3sxQBw==

GET
H2 200 frontend.min.css
arcticwolf.com/wp-content/plugins/elementor/assets/css/ 153 KB
20 KB 136ms
131ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

2a39504ff0e8230cff9511b4027a386c4b2a54601d27524c751e7dc6f0a6e6f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: dTbrVSVFtgEYozmTXkNRqH3yyVCEUKqY
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:34 GMT
server: AmazonS3
etag: W/"72dbc483f54fddd6513a25f4706e90db"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 6aABDv9nb0_ghH8doiOhd_MLGmIUorShgD3ipD_dkq84XQ4-1-tPMA==

GET
H2 200 swiper.min.css
arcticwolf.com/wp-content/plugins/elementor/assets/lib/swiper/css/ 13 KB
3 KB 174ms
170ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: fBX9OhHCqTKWpcYv0kiHSvMi.Fp4LqqX
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
via: 1.1 6642832e0f3e501fb9fdc5f35d4351d8.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:13 GMT
server: AmazonS3
etag: W/"bcad7781b3e74db2565b8424c45232cd"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 6LbpVcHoeFU8ptAeb3BkTUTESmUK8GF0hPRP7gWkw7vmsa47OTeOrQ==

GET
H2 200 post-16145.css
arcticwolf.com/wp-content/uploads/elementor/css/ 4 KB
1 KB 166ms
162ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-16145.css?ver=1690221258

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c95bab0c7d4bbed3ae9b1aecfd4d43e506a4fce9e5345597a8eb2e9aa2510e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: 3Jr.BkNSi9XcYk9bHfrNGi4OigngYAdR
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 2b298af2bb6f21ab0dee9e764d8bcb28.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:24 GMT
server: AmazonS3
etag: W/"75adf9122075d58c42fe99fb60995aab"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: lDtiaFr9h2b9gTWLyLjipv9VwmPCTST_5QHlfTY_c2jRd6IKhHEcTw==

GET
H2 200 frontend.min.css
arcticwolf.com/wp-content/plugins/elementor-pro/assets/css/ 437 KB
41 KB 146ms
142ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3963b8591050c4af2f0edf8a96662113f01900444868e6936c5d192bc44dfe6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: 5voD29K3E96A9Aij7rGZ55h07XHqDOQO
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 ec5c4a66c1200ddcc562c6e98f77a48c.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:19 GMT
server: AmazonS3
etag: W/"10d1e52a10723848dcecc0248614a3ad"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 4LdIlOEfw5AxZ1B8UleFWfkY3bUA2xxP98whfbWyPBbyhW8YnDHsyw==

GET
H2 200 all.min.css
arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 58 KB
13 KB 164ms
160ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=4.10.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: t8PFYz_KKwuZA_1Ez3cbmOIfieWL.J8H
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
via: 1.1 0f34c0d3b0e50b8875bcbb7d41684a58.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:36 GMT
server: AmazonS3
etag: W/"74bab4578692993514e7f882cc15c218"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 5KiUPvyIn4mokns6R2VEtO-HlIfiCFjQSNdSaqcVHO9aUvL8_aOvBA==

GET
H2 200 v4-shims.min.css
arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 26 KB
5 KB 142ms
138ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c55902832fb84522d02ea1a60a30747403a140d8651fa748f13ba398b0c0df3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: JpV15bgj4l_fI01pNFAHbFAoALAcPjXq
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:11 GMT
server: AmazonS3
etag: W/"c55205bce667f5d812354fd1353e7389"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: Vdxpktna3qDorTgPB1yv-0ZHyRKIaBq9fi0dZPRHG4aWYHGG68ok1Q==

GET
H2 200 global.css
arcticwolf.com/wp-content/uploads/elementor/css/ 582 KB
25 KB 173ms
169ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/global.css?ver=1690221261

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

85d4f543bdcd23982777f3fa8c7882c9621bd91773a6f9d7e609cf8dfdd3fbeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: XgBU2Np9lndA4t.uproLCAu.dkdDAA_6
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
via: 1.1 edd6d90087c4f2b49e182778a2273adc.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:09 GMT
server: AmazonS3
etag: W/"da4e26921067faeb74abff2d791d44ec"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: LTgtW9wfANMaPk33T5W9jZjTkuxDXaXr2wH68gxVeCcVI6_CPLgdZg==

GET
H2 200 post-30031.css
arcticwolf.com/wp-content/uploads/elementor/css/ 62 KB
6 KB 423ms
420ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d8c74ee45a98e87beef8bb7a31b368645a2febd509e2a11e521649559742e2f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: tTpD31ig._JwsdgNDNy9d6i.rriFDcqW
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 2dc050ab05a5052054de7d000d6c5f50.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:41 GMT
server: AmazonS3
etag: W/"81485229f53b0d09c9471f4bcf99ba0a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: asNLzIgYsmzMuMgREsfO5Hi8xXQyaE7bi1hlV9ZCMB4b_X8ze44i8w==

GET
H2 200 general.min.css
arcticwolf.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/ 3 KB
1 KB 152ms
149ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.8.4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3e584003b5c6df9bc2854b2775e527ef7240f3d1cae4047e9aa504cdfbc109f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: T3SaZ57CToqPwmRCtNxFjH3bpGf6_tqP
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
via: 1.1 eec12a22159207af63748eccf10799b2.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:40:52 GMT
server: AmazonS3
etag: W/"ac793cfd8de80e4763d4f9ded0d96508"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: hcRV3QrMNcmLls85jaYpOOmyAPdjIEQaQ2k_hPXi5Ljv-5rZ1Xzejw==

GET
H2 200 style.min.css
arcticwolf.com/wp-content/plugins/happy-elementor-addons/assets/fonts/ 25 KB
6 KB 168ms
165ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/happy-elementor-addons/assets/fonts/style.min.css?ver=3.8.5

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a526f7e1a82516f99f2639fc48cd8033545c9d1ddae99c01942dede8116d4ee5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:35 GMT
x-amz-version-id: iaWd2T3y8dezNsMlEHWOgFQhVwNgZz.S
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
via: 1.1 a668b79ea8c4f6f5d611c57b44351ff0.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:40 GMT
server: AmazonS3
etag: W/"2a122fab955f87f5d0f9662a8fc5fc24"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: WhzwlbVRIuuPjLLVyr4BUNB66KxPmoQhA7sMyhk8vzTD5mzKUeI0Rw==

GET
H2 200 font-awesome.min.css
arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 30 KB
7 KB 167ms
163ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c4047043368afb4baf1aed25d358a5c2a333842a3b436b58491ab36aeee65b9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:35 GMT
x-amz-version-id: njoO_yt2CQwxNrUzxf5wI6825xVV5Dg.
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
via: 1.1 697a26790d3ab8292d8546ca9be87bbc.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:16 GMT
server: AmazonS3
etag: W/"008e0bb5ebfa7bc298a042f95944df25"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 4yAjg36jD2j4cYsVzl7Eax2XR3rlwjryNJZn7Ay7bJm_UL3UFCtZeg==

GET
H2 200 css
fonts.googleapis.com/ 38 KB
2 KB 174ms
70ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Encode+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CLato%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CBarlow%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bcf38f64dc776acb4dbb6986b1674e1a467f625b79db226b98bfffb2302e07bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 31 Jul 2023 12:33:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 12:33:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 31 Jul 2023 12:33:47 GMT

GET
H2 200 fontawesome.min.css
arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
13 KB 167ms
164ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: 1RSmTYcGBxQFvBgrAiX4URT5y8.FeRlF
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
via: 1.1 c149c6b8a4d6f497cac6f2d9e9e6be40.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:11 GMT
server: AmazonS3
etag: W/"eeb705d0bdccfd645d3bbd46dd1fbab3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: b7NmRqSkJDauL2tU0iCeGQ-HeWuMzdNJrmjakhHBRdaUbFNwtskqOw==

GET
H2 200 solid.min.css
arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 669 B
1 KB 166ms
163ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

37bab6cd583982e8eff58501a99d7c5c4d63664c1ca34f9e3b7cf526c5b73ae2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: aQtfTx6B799sTZIBjPCI9vUIWx8HNJtZ
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 f655cacd0d6f7c5dc935ea687af6f3c0.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
x-cache: Miss from cloudfront
content-length: 669
last-modified: Fri, 28 Jul 2023 20:29:10 GMT
server: AmazonS3
etag: "9eb2d3c87feb6bb2ffa63b70532b1477"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: s5DmIFFBCHS6U65sXBkYrOyiTJ_Jk4SG45Q4lPLAU9re2BJTyJuaaQ==

GET
H2 200 script.min.js Show response
arcticwolf.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/ 409 B
959 B 164ms
161ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/script.min.js?ver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f7bb442b06bfb13ecfee3c3ec2b6b19440a33e080ca9378f8d6f161281bd01ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: oKwg59XXXtUacuLvqdrDLz_kr3Q5W_K3
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 f5e34f7c59830a3caffb7df5f36b4dae.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
x-cache: Miss from cloudfront
content-length: 409
last-modified: Fri, 28 Jul 2023 20:28:17 GMT
server: AmazonS3
etag: "b2cb713d9736e814a08353c2fedcb8e1"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: -GlAW5bOs9YRVlMA79sO1jbCR9D035gb1xu9AlpaGE8kkj1Jwc8DsA==

GET
H2 200 jquery.min.js Show response
arcticwolf.com/wp-includes/js/jquery/ 88 KB
31 KB 173ms
171ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: 1U0LVKeLYGgHXYJ0.Kp6G642RJ7WUvtw
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:13 GMT
server: AmazonS3
etag: W/"0e850a69bc7fd0acc2e92ce6eee87959"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: -W9U91Qq0sAIpG9lMsIMZMVOVtAJxbOZ966LisqBBiBfd1K4gEkX5g==

GET
H2 200 jukebox.js Show response
cdn-app.pathfactory.com/production/jukebox/current/ 1 MB
302 KB 200ms
53ms Script
application/javascript 13.32.99.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 71e61808aa8662515cda96301f406318ef49040de08a5b35983760393f08e337

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
date: Mon, 31 Jul 2023 00:57:12 GMT
last-modified: Thu, 20 Jul 2023 00:56:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 41797
x-amz-server-side-encryption: AES256
etag: W/"d6c466ceb08a20c89356f04a4d25c580"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=43200
x-amz-cf-id: NFPPDyqJY6CdXIolXyVfSR9pAn5komMb9V05qU6YLmHun0xRbppZ3w==

GET
H2 200 wp-emoji-release.min.js Show response
arcticwolf.com/wp-includes/js/ 18 KB
5 KB 144ms
139ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 10:16:10 GMT
x-amz-version-id: NVuUlVXPh6rITeBwsKVml8z7rG0bLjRs
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 181059
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Sun, 16 Jul 2023 13:24:22 GMT
server: AmazonS3
etag: W/"4cc444663c1e69cb8ac7b909e7192bca"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: L29S3w_F-IJ6BmqV15EIOYfUHAsqGZwmENTvAy-VboPKdT1GwLQteA==

GET
H2 200 jquery-migrate.min.js Show response
arcticwolf.com/wp-includes/js/jquery/ 13 KB
5 KB 52ms
43ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: IUxcAP5cMXzMPWvJ5bu_g_bJ1QfoFCY5
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:01 GMT
server: AmazonS3
etag: W/"5cfa2b481de6e87c2190a0e3538515d8"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: css7C5nXjh7ejNz98hK6wJhbsxr90GflEddLduY8CXGj3_WP_E1y7g==

GET
H2 200 v4-shims.min.js Show response
arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/ 15 KB
5 KB 50ms
42ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: Dp4fkE4XeQpSHkdVzGtlztl_OzSsRsad
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 eec12a22159207af63748eccf10799b2.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:17 GMT
server: AmazonS3
etag: W/"7a5dea0a705cc2f4cd87dbaaa6666bc6"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: LDvWfJBt_uvWNsc2Vt8zToJQ2ymJAjfquOo6OoItlKRciXZV8njxWQ==

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/db482b86-7cc0-40a4-94cb-f20d32869a3b/ 293 KB
32 KB 141ms
55ms Script
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/db482b86-7cc0-40a4-94cb-f20d32869a3b/OtAutoBlock.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7d91aa0b45c98f76ea2bfd58ea76caa71cb1dcbb2d2c4755011dae9934da658

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 31 Jul 2023 12:33:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 77052
content-md5: Ewq4JJejQ8XLUrcajEK1sA==
content-length: 32357
x-ms-lease-status: unlocked
last-modified: Fri, 07 Oct 2022 19:49:51 GMT
server: cloudflare
etag: 0x8DAA89D199F7E55
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 621b3ce9-901e-00b6-1de1-5ad61e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ef5df332d3b7332-LHR
expires: Tue, 01 Aug 2023 12:33:48 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 130ms
44ms Script
application/javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b836876c6014c346a749c23f680845562679daf29c640c99a3d92797a6244b4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 31 Jul 2023 12:33:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: DflSFdkyRucOaDW0H1U81w==
age: 60109
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6821
x-ms-lease-status: unlocked
last-modified: Thu, 27 Jul 2023 06:30:44 GMT
server: cloudflare
etag: 0x8DB8E6B01ED7AE9
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: bd5e4695-c01e-010b-12c3-c086c7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ef5df332d3d7332-LHR

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 175 KB
64 KB 175ms
75ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-11592367

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1a8b62e10f603963a4181f69f6f169bb76486d865648be0b183df5d4c2506b41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64785
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 31 Jul 2023 12:33:48 GMT

GET
H2 200 pf_header_update.js Show response
arcticwolf.com/wp-content/ 143 KB
22 KB 52ms
44ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/pf_header_update.js?v=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f659239ecec7a1d39d6da7c6325d6287efb8511241df1df3ef0d09d54246f886

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: XK75B2kXM0ovBVqMf3Dx9QXnigBMv5m4
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 3649c20f8adf8628b43dbef00864e392.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Wed, 26 Jul 2023 20:07:35 GMT
server: AmazonS3
etag: W/"5d004cc432ee43ed8824b3cf7ce383a7"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: aXe8znXoS8ERp23c6EO8zPDEUcomE6aVeoT8pkpGq8d5NQoLMUIsbQ==

GET
H2 200 overlay.js Show response
app.cdn.lookbookhq.com/libraries/overlay/ 5 KB
2 KB 50ms
45ms Script
application/javascript 13.249.9.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.9.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-9-129.cdg53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 261774a6aad24d6e79e6998664f830b37bf553aee6bbb28526d119808b9bf3f8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 21:07:15 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Wed, 20 Jul 2022 01:16:06 GMT
server: AmazonS3
via: 1.1 6fa25eadb94abd73b5efc56a89b2d828.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG53-C1
etag: W/"813df591b7e8a03ddc84b1be21c23317"
age: 55594
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: cpheOStKQqJ1Dtw8x8Jb3tdR8sbdoUuxGYG2Olvu-LL7Onxrohg2Dg==

GET
H2 200 overlay.css
app.cdn.lookbookhq.com/libraries/overlay/ 569 B
922 B 192ms
45ms Stylesheet
text/css 13.249.9.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.cdn.lookbookhq.com/libraries/overlay/overlay.css
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.9.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-9-129.cdg53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5156dff19f3da0b22f54fae9883fdc4a140ab79ec89aac752751e9fc643159bc

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: null
date: Sun, 30 Jul 2023 14:11:01 GMT
via: 1.1 6fa25eadb94abd73b5efc56a89b2d828.cloudfront.net (CloudFront)
last-modified: Wed, 02 Feb 2022 02:43:20 GMT
server: AmazonS3
x-amz-cf-pop: CDG53-C1
age: 80568
etag: "73f6afb49415dbca4824d9ac67763fea"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 569
x-amz-cf-id: bSdP7_OmJCK2N5Oe1I1Ia4WB0XOEq1XeBoP2Qx2aeK1V5blXMCzYrw==

GET
H2 200 css
fonts.googleapis.com/ 6 KB
630 B 62ms
54ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Encode+Sans:400,500,600,700,900&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a4070c8c1e9a3ec5f00c5072b23a70a87e32f2c336956bb4d12f515bc05b8196

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 31 Jul 2023 12:33:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 12:33:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 31 Jul 2023 12:33:47 GMT

GET AW_LOGO_REVERSE-334.png
arcticwolf.com/wp-content/uploads/2021/11/ 0
0

GET
H2 200 AW-mkto-floating-form-labels-styles-211027.css
cybersecurity.arcticwolf.com/rs/840-OSQ-661/images/ 16 KB
4 KB 340ms
215ms Stylesheet
text/css 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.arcticwolf.com/rs/840-OSQ-661/images/AW-mkto-floating-form-labels-styles-211027.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9babe27bc02fe4d0b02c5119b7257a15a4cc31ebdc2e25580197a61a184c7b38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 22 Jul 2023 02:05:11 GMT
server: cloudflare
etag: "d003e4-4103-60109cfb9e4bb"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 7ef5df349dcf3622-MAN
content-length: 3651
expires: Mon, 31 Jul 2023 12:34:48 GMT

GET
H2 200 forms2.min.js Show response
cybersecurity.arcticwolf.com/js/forms2/js/ 208 KB
70 KB 62ms
61ms Script
application/x-javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.arcticwolf.com/js/forms2/js/forms2.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
age: 1104
etag: "23c1f69-34099-60062cdee3780"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 7ef5df355fda3622-MAN
expires: Mon, 31 Jul 2023 16:33:48 GMT

GET
H2 200 AW-mkto-form-style-attributes-210628.js Show response
cybersecurity.arcticwolf.com/rs/840-OSQ-661/images/ 2 KB
1 KB 210ms
202ms Script
application/x-javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.arcticwolf.com/rs/840-OSQ-661/images/AW-mkto-form-style-attributes-210628.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93782ddf0e56d9337912140c04414253fd17fac6ed1520ea517dfce09975f83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 22 Jul 2023 02:02:47 GMT
server: cloudflare
etag: "d003e1-7ad-60109c720947e"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 7ef5df35886b3622-MAN
content-length: 751
expires: Mon, 31 Jul 2023 12:34:48 GMT

GET
H2 200 post-30170.css
arcticwolf.com/wp-content/uploads/elementor/css/ 11 KB
2 KB 392ms
382ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30170.css?ver=1690222408

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

cbbcc1940575cb460e3fc9b5a883408b569ea12175913f5c3814a92ca0da217f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: gjid6jI5Ufx5nvt32oNBwyyNCA1raN_w
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 2b298af2bb6f21ab0dee9e764d8bcb28.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:40 GMT
server: AmazonS3
etag: W/"d486410e335a45199817c7e5c6957ac2"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: scrZzZxfxeMIG5krTOiripB4oLcfkqSyTa6qNrwFNsLRGiS8zYIjiA==

GET
H2 200 post-30119.css
arcticwolf.com/wp-content/uploads/elementor/css/ 15 KB
2 KB 405ms
395ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30119.css?ver=1690222409

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3a4c7a4655fde43b981e138f8c2b8ee77873e6862c5a47dee0205ab800e04157

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: VfQMSqn23lTWzvrRZOGpljSjRiPfyRdo
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 eec12a22159207af63748eccf10799b2.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:46 GMT
server: AmazonS3
etag: W/"094deb26a0dc67213b2427751b5da48e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 16lhHarRuz1miEHAoYXuGAKXcO11tNo7nVoZjvIPKCEc3c7uMUzmxg==

GET
H2 200 post-30124.css
arcticwolf.com/wp-content/uploads/elementor/css/ 14 KB
2 KB 1226ms
1215ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30124.css?ver=1690222408

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

04546ab6f2007d9dc6a58248b868f47da93b8404f7f4341c685a00b3184b230a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: Ozw8pamNFb2VNvnKDu3CMeOU5an2gK8c
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 ec5c4a66c1200ddcc562c6e98f77a48c.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:35 GMT
server: AmazonS3
etag: W/"a669813d90c9fc162d2007ac2f56fff3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: kqivXqjIFzKKb1jvc9CHBNEY7DzgqcYHA7Jc-cNHx_8-sEiUFEdBJg==

GET
H2 200 animations.min.css
arcticwolf.com/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 54ms
43ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: Pa_LDijohhDhCvHKjK6EOGlwGEW8MMgK
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227655
via: 1.1 0f34c0d3b0e50b8875bcbb7d41684a58.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:13 GMT
server: AmazonS3
etag: W/"4601ba55044413706c2022cb6c1c3d05"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: wgUZ82x-uDVt2b-To350GnDvR-Inu-cmCexVI2ieUTc3Kq_yhDbwMA==

GET
H2 200 post-30137.css
arcticwolf.com/wp-content/uploads/elementor/css/ 13 KB
2 KB 314ms
304ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30137.css?ver=1690222408

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

97a354619589bfea9f81aaaa4d0e3ce6327f1e24cd2b545daafec99e677bf1ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: F65aV3pkpMZaSuGL4L5uQ8zZ_D_KXJix
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 3649c20f8adf8628b43dbef00864e392.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:42 GMT
server: AmazonS3
etag: W/"31f2cf408682f972523963e4ba9ce714"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: Y3Vf9FSveP4cIHDs--KwV7zVcr3yEjCdc4ssPIw_qzPGQ--g3A77aw==

GET
H2 200 post-30179.css
arcticwolf.com/wp-content/uploads/elementor/css/ 15 KB
2 KB 351ms
341ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30179.css?ver=1690222407

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

6d19f681486e8ab7ff9f0c1d94bfd9e7b93bcc42b2733a694bca5152845e0c0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: kq65ByMH7LpcFdWNBTpDAx3QJW2tZDg1
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 a668b79ea8c4f6f5d611c57b44351ff0.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:42 GMT
server: AmazonS3
etag: W/"10c2625f703c71e092069d6f92426f0a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: az32hETkAsrHp_fPcmt0-UihupzJro14zzQrhEfxmJHnpsZX4qTHpA==

GET
H2 200 post-30180.css
arcticwolf.com/wp-content/uploads/elementor/css/ 12 KB
2 KB 532ms
522ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30180.css?ver=1690222407

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1d256f8e79f97cc601f418fc564c0e52df806184b7d153bcea234dc8b32007e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: AHf92x99EVbqZqW4B7x693KdBbqPLzhJ
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 f5e34f7c59830a3caffb7df5f36b4dae.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:44 GMT
server: AmazonS3
etag: W/"8a7ebeff357a9b56f195190086ecf68b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: kIc2gPctU0Uj7j7n3KlyzU28pvtNwn9q-QWHPfgFYSKIjrV4pMO1tQ==

GET
H2 200 post-30197.css
arcticwolf.com/wp-content/uploads/elementor/css/ 22 KB
3 KB 309ms
299ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30197.css?ver=1690222407

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

feb76453ca3f8d8bef5068a68e73dc7fe6f34600622a230ca28f00b26ac42a6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: XUWskcV89diapcz5_fPhrQR38WRUDBXw
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 697a26790d3ab8292d8546ca9be87bbc.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:48 GMT
server: AmazonS3
etag: W/"f6ff6640fc04bfc54d19c53430766513"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 9nZD4m5bsTBN8o2o08K5gQeYocRxdtE2Af94tv7f2VDYQa_6J1AHhA==

GET
H2 200 post-30206.css
arcticwolf.com/wp-content/uploads/elementor/css/ 11 KB
2 KB 1224ms
1214ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30206.css?ver=1690222407

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

e4ce460b67637c8b03e885990e209b977d4ce829be256289a3a762b9a6290e5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: hWug4M5dJV1BsPWlyxasNlQ1YK5djGi6
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 f655cacd0d6f7c5dc935ea687af6f3c0.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:44 GMT
server: AmazonS3
etag: W/"fe6010012f568e0af7f7c499032d9fc6"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: zmEfDB-_If1Lwqy3TeqWuJc8T3Q3nVknJvy7jRdIUzc9XIZc_eoM8g==

GET
H2 200 pa-global.min.css
arcticwolf.com/wp-content/plugins/premium-addons-pro/assets/frontend/min-css/ 16 KB
3 KB 267ms
257ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-pro/assets/frontend/min-css/pa-global.min.css?ver=2.9.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

22abe5db26a8526eadb13cd4b84d4dadbcb5198452fd9d826a93acc9f0ac2597

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: Ow3CoF97XlRdREjeYzX3TdrtX04KoPjd
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 2dc050ab05a5052054de7d000d6c5f50.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 17:47:13 GMT
server: AmazonS3
etag: W/"7e13749830e83ea150bf940dd2d74fec"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: YKDHYqLmXgs-qYhZtxXfYf7uYS6P1JrDD6ofEs87e2svQIFg5kn1Zg==

GET
H2 200 post-30264.css
arcticwolf.com/wp-content/uploads/elementor/css/ 4 KB
1 KB 1345ms
1335ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30264.css?ver=1690222402

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

8f09b9458edd2ecf125cb4d6c96904d57f8096ff1079bbe42d28f77b7c74d2bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: .Z1niZKlFnAFtwmJn3xg764dwk92pAc5
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 c149c6b8a4d6f497cac6f2d9e9e6be40.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:40 GMT
server: AmazonS3
etag: W/"d85bdd2ba6ed9d698f0218037eb735e6"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: HK_4dwDQQRWVOkGfJiM0wYmbHZz0CTfgbipCGoqedgnb68lbK2mjQA==

GET
H2 200 post-30269.css
arcticwolf.com/wp-content/uploads/elementor/css/ 4 KB
1 KB 1377ms
1367ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30269.css?ver=1690222402

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

adf33b8aad77547072f626414623ad5581862c4fd92dd5c5484c861d7adb7edb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: qqIFboPq.I16QI_TSatkmqDFwXJfQCu9
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:43 GMT
server: AmazonS3
etag: W/"acc6d7cd2a22f964b2a4e5d2d7ae9897"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 51cR00oc592XKvGSF1m-XsOKnjetI1iHCfAChqGjcGT25bTQ6MeAOw==

GET
H2 200 post-30274.css
arcticwolf.com/wp-content/uploads/elementor/css/ 4 KB
1 KB 498ms
489ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30274.css?ver=1690222402

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

2699ce8497fb6b97e382188efa325eb5aeb604b5e5a20f4551190054c29bf654

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: v7X_4_REj8g9a3UdoZoTpT5Edf9CifgD
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 0f34c0d3b0e50b8875bcbb7d41684a58.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:40 GMT
server: AmazonS3
etag: W/"9150247c7a1f16750e3e31b29f7c7d2f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 9IO-11YmzBI_3r_JOqWNW9L3lzuGz0NG4dU5H1CD7ufKLj6-gP4X3A==

GET
H2 200 post-30284.css
arcticwolf.com/wp-content/uploads/elementor/css/ 4 KB
1 KB 513ms
503ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30284.css?ver=1690222402

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

90c0376a25244c9c8d082f63713c65825f6e150178dcf839edfebfc7594a8dc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: AhPosRbZzBuYW10c.ZJu3K8PFlOiQcmO
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:42 GMT
server: AmazonS3
etag: W/"dcfb37a323840a1fba5ea9ef679f1106"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: zQHGKy7ekcXDLDr44t-rUOjYYL18UqduTlXwGKReh2E-w6xAAjV7Cg==

GET
H2 200 post-30279.css
arcticwolf.com/wp-content/uploads/elementor/css/ 4 KB
1 KB 491ms
482ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/uploads/elementor/css/post-30279.css?ver=1690222402

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a825c1076d2ad637268b08fe1857324b50d1a5824f98ddf0be538fa8a835059f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: pqoeTpV6acRutVIQDuy1WjUTyfJdnWTo
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 25fe70cc18ad9b2503949e3460083640.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Mon, 24 Jul 2023 18:23:41 GMT
server: AmazonS3
etag: W/"bdb2f9943b7a114dc1d2dcb6e43ba6b6"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: RP6BaTPjCJOpw3DAKHauLk02uCDArPrHV1tzFrnqdaPF1f7YBb7-bw==

GET
H2 200 slick.min.css
arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-css/ 6 KB
2 KB 100ms
91ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-css/slick.min.css?ver=4.10.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

50ab33fc354407ebf6a0bc0c49ddf4d38c33106a78d9f855269543ba55a095f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 04:10:10 GMT
x-amz-version-id: btLMXTdCLM6BSAWMt1P.h.NzAP2TPv6b
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 30219
via: 1.1 edd6d90087c4f2b49e182778a2273adc.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Wed, 26 Jul 2023 16:57:26 GMT
server: AmazonS3
etag: W/"0e7a426ae2b159e940a4647ea5c27c27"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: c_XPDx6rU2GfAogERg9iC-neuU0_1cuYvjYT3q4b4GXPBaPtlKlEww==

GET
H2 200 table-of-content.min.css
arcticwolf.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/ 5 KB
2 KB 1271ms
1262ms Stylesheet
text/css 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/table-of-content.min.css?ver=5.8.4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1dfd989ac7b6ae27f9e54d8590bebaa1d1db80e13e3056efbf6d0f06505f1bb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: 1FCM4f18yBc8KjukOJobEN8l_eWWMBpV
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 ec5c4a66c1200ddcc562c6e98f77a48c.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:40:55 GMT
server: AmazonS3
etag: W/"d3c4893721b037e314e63a247450f094"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: fMdJwBBGEb02l2hLwArDUf9Rb2sTv9XM1qLaunbJiTwl-X5uAYQAIg==

GET
H3 200 css
fonts.googleapis.com/ 11 KB
692 B 60ms
53ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Encode+Sans+Condensed%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1ebf26a016b0a10fd7546384189a040fbadc9a9ab44ae0be5e72f4e69c765648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 31 Jul 2023 12:33:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 12:33:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 31 Jul 2023 12:33:48 GMT

GET
H2 200 smush-lazy-load.min.js Show response
arcticwolf.com/wp-content/plugins/wp-smush-pro/app/assets/js/ 8 KB
4 KB 108ms
99ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: rUZRQI2J.Lk9Gqu3_0VLUCD4Zfy9JMd1
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 d3fdd96b3ada000b1a8c2d522534c124.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:40:54 GMT
server: AmazonS3
etag: W/"75b90c4351b6e079459237e66836ef4e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: KVGKM46teieyrMsTs58079cPWvmhzQiUqjlvJmJyF7os_H8QpnE8cw==

GET
H2 200 general.min.js Show response
arcticwolf.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/ 9 KB
4 KB 109ms
100ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.8.4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3f9de756b0ed57cc0baffd54c3b4f6d038179760f5090d0d2ff6eab693eb46e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: qelrVLVKnwe74XI6iaQV6V.ern8y_mgQ
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 4b28b963946514dd2cf9a90f74a8034a.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:40:57 GMT
server: AmazonS3
etag: W/"e741f35d3498ad5174884e3309124363"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: uu3qEKwHnUFxnPcaaTnXaQwHfW-AzF6ljNrHDkKKAfftH_oYsjkWGw==

GET
H2 200 happy-addons.min.js Show response
arcticwolf.com/wp-content/plugins/happy-elementor-addons/assets/js/ 40 KB
9 KB 112ms
103ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/happy-elementor-addons/assets/js/happy-addons.min.js?ver=3.8.5

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

36fe13eb7b91edf7c78330917907ecc709ead04ced47a90a7af3d658a7ace01e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: ivQ6VLQe4AA02JhQQORqDC413287SZgO
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 25fe70cc18ad9b2503949e3460083640.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:06 GMT
server: AmazonS3
etag: W/"3f8a7895e76bc26eca2a5bb3b21e3ffe"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: ISMs3ZbSHrEiijWqPT9bbt4aqNwwSJ-fgYK-BE5RuDVU1D9A7vRevQ==

GET
H2 200 hoverIntent.min.js Show response
arcticwolf.com/wp-includes/js/ 1 KB
1 KB 109ms
101ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/js/hoverIntent.min.js?ver=1.10.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: 0jOwBwxQ4IKtOM1T4U.ggk.vh.j8My_R
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227655
via: 1.1 f5e34f7c59830a3caffb7df5f36b4dae.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:46 GMT
server: AmazonS3
etag: W/"8c0498e2f1f7a684a8d2a3feb934b64b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: IIBRMzM_mzlNp_hYYgigvXL2ql6Q_Vc5YPAMPJ0J9la32MeZj1qDcw==

GET
H2 200 maxmegamenu.js Show response
arcticwolf.com/wp-content/plugins/megamenu/js/ 32 KB
6 KB 110ms
102ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/megamenu/js/maxmegamenu.js?ver=3.2.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c532d1d7922f4b22b44f24f25d0a2317013412a19376a543eb130db19fdbeb33

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: 3Zt9qA6tJBog5DeW_UkVRpgy0pU_z_nL
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 edd6d90087c4f2b49e182778a2273adc.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:01 GMT
server: AmazonS3
etag: W/"697ee198df2d278e57359f3d0b368612"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: kyPamuRPoiFto-l6l8PwAq8ttPC2B2uunoWUhaq9BH7MYxjr2dLyFg==

GET
H2 200 public.js Show response
arcticwolf.com/wp-content/plugins/megamenu-pro/assets/ 24 KB
5 KB 96ms
88ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/megamenu-pro/assets/public.js?ver=2.2.8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

8f42f88d459fb1bd9cfb240a58be441f7733441009f14aad204895e373b480ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: EK_MzgT_TySYSXj_w1OXxGDvA4q6ihMG
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 6642832e0f3e501fb9fdc5f35d4351d8.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:51 GMT
server: AmazonS3
etag: W/"3701ccec3ef1c97a4ee66a5967bc3774"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 9fY0p1ADxWe9l9F8O-V58HwJhN31TpBJ79sGvGpxH-v_MPCpU9RuOg==

GET
H2 200 waypoints.min.js Show response
arcticwolf.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
4 KB 122ms
113ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: 9fuNv7G0qe1Z6v74zkc5dfGR6gfRqZfa
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227655
via: 1.1 26cdacf328fe4eb4e28173938ab3e92c.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:33 GMT
server: AmazonS3
etag: W/"3819c3569da71daec283a75483735f7e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: b3nnvUsROW8FGuhsgKC8V4XnNiIT8w60HALUxUJJBQhDwB698Zrm2w==

GET
H2 200 lottie.min.js Show response
arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/ 279 KB
72 KB 112ms
104ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/lottie.min.js?ver=4.10.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

68ad0f17e1cc8c6ee4255f50385313e19d9d59798b25f2be68980ef46c75a14f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 00:57:50 GMT
x-amz-version-id: ICcA4ItMkWkWL1y9elc_jLVa413TIyas
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 214559
via: 1.1 0f34c0d3b0e50b8875bcbb7d41684a58.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 18:40:34 GMT
server: AmazonS3
etag: W/"8dde9a8d26fa121e3ed554f8c7a9c568"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: VijQaKyKtmsfda4K1mHq9HLMANlYE_PfHmcnQDwJ54NjKZkIv3-KsA==

GET
H2 200 premium-addons.min.js Show response
arcticwolf.com/wp-content/plugins/premium-addons-pro/assets/frontend/min-js/ 74 KB
20 KB 145ms
137ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-pro/assets/frontend/min-js/premium-addons.min.js?ver=2.9.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f6d4e99f874940ca9f53da06745e1630a69d8c5f171a06b8761ee736886a2096

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 00:57:50 GMT
x-amz-version-id: PNhk_y2ogOU6fLLfYQZzDBV7g1OImkWK
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 214559
via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Wed, 26 Jul 2023 16:57:19 GMT
server: AmazonS3
etag: W/"cd9e4720f6b7e8b0d944d08d78b6a4fb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: WNcNSRVIjFPNKbCBAmSp9eu8DaBkvaArQk_ZLFRodwk5uX1goEgRrg==

GET
H2 200 premium-addons.min.js Show response
arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/ 58 KB
17 KB 141ms
133ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/premium-addons.min.js?ver=4.10.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

dcfea649d2c53356e7748de7af8fcdcc41b29fa06aa6d01366803ecfa8c85c58

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 10:16:45 GMT
x-amz-version-id: gsLvffVzBxzyI3fFlFoLuybmJIVuBOOs
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 181024
via: 1.1 de31699a6e25448909328bb7c6028f6a.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 18:40:32 GMT
server: AmazonS3
etag: W/"876fa2a55cd2ce7820d6c98e8139277f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 337jBHNvyqL_5dVygyPSwYnxFoyLL059iV5qSzsSnoihyXj0mKWxgA==

GET
H2 200 TweenMax.min.js Show response
arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/ 69 KB
28 KB 1428ms
1421ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/TweenMax.min.js?ver=4.10.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

67f26ee67035628c2e4301de97067726fcc16a63c9edd440bf989599533346b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: cXLekXv1LBuc_ndrTkiprHkW0bRdGXZ3
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 8a5da1dacdf44356dd0f5d8a61106c9a.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Wed, 26 Jul 2023 14:44:35 GMT
server: AmazonS3
etag: W/"db887d210da2d03cb736746e67791a24"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: X4oZWdyfm1wao6Y-qZjSYGANiI9Dod96_h0wknA4A1nJVl16yxL0bA==

GET
H2 200 universal-tilt.min.js Show response
arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/ 9 KB
3 KB 142ms
134ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/universal-tilt.min.js?ver=4.10.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

45fea66af44d9826903fc07fa91cb5cc8b4b85fdf27907682811f46a28566174

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 00:57:50 GMT
x-amz-version-id: 3jIQl0P4JMLzUQQngejh2KIafYjbgh.P
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 214559
via: 1.1 3649c20f8adf8628b43dbef00864e392.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Wed, 26 Jul 2023 14:44:33 GMT
server: AmazonS3
etag: W/"09e1b07a878c25cb465422ab88aff2c4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: O7eyr9vYt5gOC1bt6HJNqCfKwFS64Jf_oHi0uJgBGGT2Wk-jK8E8Og==

GET
H2 200 anime.min.js Show response
arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/ 17 KB
7 KB 145ms
138ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/anime.min.js?ver=4.10.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

87530a2baa39b3f6f02816034c7d38a3412936b1c633783128c5f01c01dff8b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 11:00:50 GMT
x-amz-version-id: dFc1GEKLBi0Z5dzm76.e4nJOjMm0EwGM
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 178379
via: 1.1 697a26790d3ab8292d8546ca9be87bbc.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Wed, 26 Jul 2023 16:57:19 GMT
server: AmazonS3
etag: W/"58f50dd658be75a2e9485a1be9807d9f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: -ej84C5EUwPXsXXaeqbVR-YQhuIGW8Tzfy3uY8Njke9wkCCM88-tFg==

GET
H2 200 anime.min.js Show response
arcticwolf.com/wp-content/plugins/happy-elementor-addons/assets/vendor/anime/lib/ 17 KB
8 KB 422ms
415ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/happy-elementor-addons/assets/vendor/anime/lib/anime.min.js?ver=3.8.5

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5cbda29ea5096ac9404c59c77493a2f467d0eb4a27f16c750b61fc0d888dd716

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: vLX8pQLDcUebrHJExokmYPiUd25z5Bmd
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 b61409af370dbf025ffc910b1252c65e.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Sun, 16 Jul 2023 13:24:39 GMT
server: AmazonS3
etag: W/"572d66e85091711b6ee76609573a8364"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: vn3-I9Mxw7s-_nCoaUMaukL8M-VUL6jlmp9hLNeFQtKgA4VgyZp5xQ==

GET
H2 200 scrollTrigger.min.js Show response
arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/ 60 KB
24 KB 1487ms
1480ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/scrollTrigger.min.js?ver=4.10.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7715cffc4e9aba52a7b79cb2c6029d3b2d6422a36ae19ac3a3058fb9a6341e8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: JAEbr.mGW.5VvirGjt2lwJPUUbZpne8O
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 25fe70cc18ad9b2503949e3460083640.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Sun, 23 Jul 2023 16:56:49 GMT
server: AmazonS3
etag: W/"4fece85d314653f5b68b8caebd35f75c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: dQ_QiiljvekLnKejPF5sxTLDga6XGksVsB9H6gYNcvjNXJB3xoPRmA==

GET
H2 200 premium-hscroll.min.js Show response
arcticwolf.com/wp-content/plugins/premium-addons-pro/assets/frontend/min-js/ 13 KB
5 KB 1393ms
1385ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-pro/assets/frontend/min-js/premium-hscroll.min.js?ver=2.9.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d9ba9e6e9683becd7e4bd57b35350ffa981e7615125fef623482e4e6a8ff435d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: lMdE.0Y0HG3uQ6ay_bgoOA0XAvqeQemM
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 b8eaad25e4131c15c21d3d50aac2684c.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Sun, 23 Jul 2023 16:56:49 GMT
server: AmazonS3
etag: W/"7e510045dbc82a95fa81e5a3ab2b4b55"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 6mIVTFOoHAgfdjYnnScJRd95Bl-ShEn9ScmuzZIIgtImq-AJyKMlNQ==

GET
H2 200 particles.min.js Show response
arcticwolf.com/wp-content/plugins/premium-addons-pro/assets/frontend/min-js/ 195 KB
46 KB 1458ms
1451ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-pro/assets/frontend/min-js/particles.min.js?ver=2.9.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

8a775d5562ead2b7a69e5e39bb905d660252059561da1150b152df1960f4471d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: lj0U.8KpzKpJDSJJBGKVFqicoe6Digw3
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 4445c4223f8c2460ef5d29a08d1cc6ac.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Sun, 23 Jul 2023 16:56:44 GMT
server: AmazonS3
etag: W/"8bf4222127e26215ac45b5e9cd48eef5"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: wobfw4RGn6oveAJ0o2mlwVBWIEM86QUQO2jeSmnito14Fk5JS1S89g==

GET
H2 200 slick.min.js Show response
arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/ 43 KB
11 KB 147ms
140ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/premium-addons-for-elementor/assets/frontend/min-js/slick.min.js?ver=4.10.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

64bfe05478454245e962771172010666bc231cf7d0fa1e295627777d226e7724

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 04:10:10 GMT
x-amz-version-id: Fzp5WefT6ZaaFJw8RUc.UZFtNzKGHBI5
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 30219
via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Wed, 26 Jul 2023 16:57:24 GMT
server: AmazonS3
etag: W/"44720f40a011ff5cb456e9c04846e52c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: AYybQkYPoak-Ec6CF_f20pQoj8NI3sayJ1m4G1v7xzDfJJniENJYSw==

GET
H2 200 table-of-content.min.js Show response
arcticwolf.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/ 7 KB
3 KB 618ms
611ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/table-of-content.min.js?ver=5.8.4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0131619310400e1b3f9c31771f6284da7e280d9078f0c97b8c7b9f136c724d4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: rF.Trv4VxCuVa03gpOEVuaesg2XlrKxR
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
via: 1.1 1bc76a14967a660022b25f573baec632.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:40:50 GMT
server: AmazonS3
etag: W/"77cb0c47b3bffc30caf8066a103ce564"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: l7NuEtKgQ5wHWOpjbj_j8Cd2YDGGDsp-6FbmNRiiD_jmHJxYwE63VQ==

GET
H2 200 webpack-pro.runtime.min.js Show response
arcticwolf.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
3 KB 118ms
111ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c2ed4b80cc0bfd8b35c13b9becb418d96d58f9f44048b24d6e45dba4938cac69

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: x_q5fd5Xa8CPAArv99yzqhkbAz7Lhw07
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227655
via: 1.1 0f34c0d3b0e50b8875bcbb7d41684a58.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:06 GMT
server: AmazonS3
etag: W/"402ff6c68de34874710c04c21a2a13b7"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: -0FK_La1nGHY7FoVK2vpQVqDNm0OWRUvwhwPmUBJwH92tue1FmpNbw==

GET
H2 200 webpack.runtime.min.js Show response
arcticwolf.com/wp-content/plugins/elementor/assets/js/ 5 KB
3 KB 119ms
112ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a3e7c89de8ec9f11eee1605a0367e23585548b1deab4cca3a4a17d5a23a90f79

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: WgXSt.d2HJcZDa8IGpW45lSezsCLuv7V
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 b61409af370dbf025ffc910b1252c65e.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:53 GMT
server: AmazonS3
etag: W/"adc45a6cc95b4e68467868aa9a2779ae"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: TNm8OMMpkcJRPa4qlB_p7AQog81HfGmk1hlETXuwEcX3LuwZ2xmXXg==

GET
H2 200 frontend-modules.min.js Show response
arcticwolf.com/wp-content/plugins/elementor/assets/js/ 52 KB
16 KB 127ms
120ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

76efc435fc139294153b2304af750ccd6857bf3349577af166308db9eb0a2fdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:35 GMT
x-amz-version-id: nQC92N5t49DIZX56lVIbNQ2vAK5KCfop
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 2e0227ef3f0af98f7b4e1f8452f59f84.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:17 GMT
server: AmazonS3
etag: W/"06311f8f725bbc18e55fc9851ad4fcdf"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: dB5TWOHcHf-u6A-0JvTdTG6DgXMGtQJiRYpP5l5NyNc_YrXZvEeshw==

GET
H2 200 wp-polyfill-inert.min.js Show response
arcticwolf.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 122ms
115ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: ddQimEOu3KN6P_HP_NsdEueHRBoa53v_
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 58a361324cd2b1576fcc05c5471b9b12.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:56 GMT
server: AmazonS3
etag: W/"dda652db133fddb9b80a05c6d1b5c540"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: yB5Shk-lKGO7C7XYd5_d39mWD4H_4UiwetWkfKUtY9_gVMl7jLaasA==

GET
H2 200 regenerator-runtime.min.js Show response
arcticwolf.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 122ms
116ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:35 GMT
x-amz-version-id: zFT5L9fPYcXyNmcO0t6N9hDosTcB7Gbq
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 a36403421b18ef7385d5575765e6c414.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:01 GMT
server: AmazonS3
etag: W/"9a4f28a615173df36cb84be2b345816e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 9DM8kcffXS32FxeL5Tu9U-6oacBvN11KfuvMsiRO0nhnHXoSKHjenw==

GET
H2 200 wp-polyfill.min.js Show response
arcticwolf.com/wp-includes/js/dist/vendor/ 17 KB
7 KB 124ms
118ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: xYgtKBNmoy3kFwLr9GeUSyoFP8wzHLfr
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 4fa61644a4cc2dfcb32e66f7e29f0076.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:03 GMT
server: AmazonS3
etag: W/"e495a4709e3eae31c67f8263f25d2d39"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: DMJJJ0gtpciGX2ueN4j36kqx5X1wNIPpMTHubKwVfZRA5tUOifshng==

GET
H2 200 hooks.min.js Show response
arcticwolf.com/wp-includes/js/dist/ 5 KB
2 KB 120ms
114ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:35 GMT
x-amz-version-id: ETl9lKBc8tmNwe5w0X1DpEcQhbJb_8uH
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 4e4c50c641418e6aad9ec09cb0f22844.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:23 GMT
server: AmazonS3
etag: W/"b33ab4d5dcf02436276a717e9d1b7c18"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: sWqsSfQgx9DQNtmE8KOPuLQ-2bptUi03Mckz-9OagaqcxFUEOcHCGA==

GET
H2 200 i18n.min.js Show response
arcticwolf.com/wp-includes/js/dist/ 10 KB
4 KB 123ms
117ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: LBW8CIcBOughlwpzEAVBnGBVKOZc6asT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 3542cbb3a5773810405fca7ba271be44.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:09 GMT
server: AmazonS3
etag: W/"8cd696505481e74ffee89b4995f37379"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: _hSV93sTJ536NxkVGXGzG5dRr5GC5VoqBVPcZLYhoq-g88ToSJoRDg==

GET
H2 200 frontend.min.js Show response
arcticwolf.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
7 KB 123ms
117ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

51187f64d3c89b9bba020ac511217aed3ea94cfc82aa3c5450b6132cfab4c039

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: r2t6LeyAw1_ZT_IzZGyyBZz1evtimgLM
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227655
via: 1.1 38f6d324a75dff585b0ce25920fd4bda.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:13 GMT
server: AmazonS3
etag: W/"6ff2abe57b013a0a305b4d22e46db67f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: PDAm2ep-UeZ5pbS9Im76RKTmnxVx6M5aJn_09tuaSpwU4FUmg5ZILQ==

GET
H2 200 core.min.js Show response
arcticwolf.com/wp-includes/js/jquery/ui/ 21 KB
8 KB 125ms
119ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:35 GMT
x-amz-version-id: Ie6K5GbENZn2ifxFuNKHGug0TAP1TCwk
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 b911c551065b8f78ad33b4c4564141be.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:33 GMT
server: AmazonS3
etag: W/"c4e68a0f3463c0bd3c39eab38815e881"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 1VZBhtZXm40pGyx9hgjnwn_LzTqFqlOgbjoJb9i4iHsnDTKgp3VRSA==

GET
H2 200 swiper.min.js Show response
arcticwolf.com/wp-content/plugins/elementor/assets/lib/swiper/ 136 KB
35 KB 128ms
122ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: eHjswSHJY3WFhvKmAm0jPajPHV0EMS.3
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5c.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:07 GMT
server: AmazonS3
etag: W/"15bb2b8491fc7e84137d65f610e1685a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: Hay5WhanEi4gTEU4w5Whgz3IQOR8e3AUM-M1x1DW5H9UEpgmYqf5Sw==

GET
H2 200 share-link.min.js Show response
arcticwolf.com/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
2 KB 138ms
132ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: BbVOniAVywefNRToQ3QCjtxeSt5RyE23
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227655
via: 1.1 b8eaad25e4131c15c21d3d50aac2684c.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:47 GMT
server: AmazonS3
etag: W/"020e87460ce58802842e34a3aac97d83"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: YTakiY_i2KV7FczQrtRtgkubcfedpBml124Xk2wEQPEB0InW4yshQw==

GET
H2 200 dialog.min.js Show response
arcticwolf.com/wp-content/plugins/elementor/assets/lib/dialog/ 10 KB
4 KB 132ms
127ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

e9ba3d0c5d5408e00becd36ad394fa9ad9c0616741ebdd6dddc8e837db3605ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: rNhIotktm7.wdJt8CRKg0pzCiQ6BbTX0
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 4e4c50c641418e6aad9ec09cb0f22844.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:33 GMT
server: AmazonS3
etag: W/"21f3b77d2002ceb93aa7d53df93d8819"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: EMtQ4XuxsIIeMO9aAdzcEuQvDC2AtYdD7A5UPIgbossTrEm0hkrVMQ==

GET
H2 200 frontend.min.js Show response
arcticwolf.com/wp-content/plugins/elementor/assets/js/ 40 KB
13 KB 136ms
130ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

46b04afecdaf08e04385a7cabaec357f6edfc6a8b2b156d8c624c2621894f3de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: J2Z2S2qmH01M8pVh_UFMruIy2Ai6xKpL
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 23776effa8a63b2e2dccd702e73b0c86.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:13 GMT
server: AmazonS3
etag: W/"d1a4ffdaebec74ca023f78d3bd4b042e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: tIdWx7vElxpZNQdHjU6ZicbKXu313UkIC6Rb0FShSDLTVpC8U5gCpQ==

GET
H2 200 preloaded-elements-handlers.min.js Show response
arcticwolf.com/wp-content/plugins/elementor-pro/assets/js/ 164 KB
39 KB 129ms
124ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

2fdaf549542c19d303a61dd53d8558a115ff3a1296d974b3392f9e47cb64fd5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: EXsICSDShdP7R2Pn0HwZTGuSAAG1UEpw
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 80826ca6c4fd6005aeacf5a03c8d42e8.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:53 GMT
server: AmazonS3
etag: W/"2cb8cefb74487b61433058547dd18499"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: HmaatRX4gbJIhaRETafw2qtqBJzsK7l1KL0EFx7MiBAitoxsLZ_IvQ==

GET
H2 200 preloaded-modules.min.js Show response
arcticwolf.com/wp-content/plugins/elementor/assets/js/ 41 KB
13 KB 133ms
128ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

af0b0dbfec18aecd0518daf2ae4b6d60b0b148de91978fd182e2831ce659b5a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:34 GMT
x-amz-version-id: eQY_CWDcDHI7FtFBOsW7prCzHjQ42dOR
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 2b298af2bb6f21ab0dee9e764d8bcb28.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:28:09 GMT
server: AmazonS3
etag: W/"424890977c6897910af143b55f72f181"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: Xt3OiN29l5aROECK4KfwALwxVgKF0eNRttGyRg_6FMrtIc_gio-vVA==

GET
H2 200 jquery.sticky.min.js Show response
arcticwolf.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 4 KB
2 KB 127ms
121ms Script
application/javascript 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.14.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:35 GMT
x-amz-version-id: p.fdCQ2VhVQwbPVd1Sv4ExT7477XyCjD
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227654
via: 1.1 f5e34f7c59830a3caffb7df5f36b4dae.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
last-modified: Fri, 28 Jul 2023 20:29:06 GMT
server: AmazonS3
etag: W/"3e31a0ddb1f910fc672d22e6435b95ed"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: E3MERcX10V4pqNxy5tgLURi44IlIzxZWZSuK_c3lTTdA8pi2Ri-7TQ==

GET
H2 200 db482b86-7cc0-40a4-94cb-f20d32869a3b.json Show response
cdn.cookielaw.org/consent/db482b86-7cc0-40a4-94cb-f20d32869a3b/ 5 KB
2 KB 124ms
57ms XHR
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/db482b86-7cc0-40a4-94cb-f20d32869a3b/db482b86-7cc0-40a4-94cb-f20d32869a3b.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a5fd0df06232bca788b1f96dd4ec44161c7514cba646b07ae2049a2e2949597

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 31 Jul 2023 12:33:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1750
content-md5: TGvCWKUrCm7yNjvd7ZgGeg==
content-length: 1744
x-ms-lease-status: unlocked
last-modified: Fri, 07 Oct 2022 19:49:51 GMT
server: cloudflare
etag: 0x8DAA89D1921AE5F
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f7f58c8b-f01e-00a6-4de1-5ae0f8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ef5df35f91276dd-LHR
expires: Tue, 01 Aug 2023 12:33:48 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 486 KB
125 KB 251ms
152ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5cbda13c6da86499271de5160e3ef03d92880ba87f2499f433d4daa574d0a576

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128165
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 31 Jul 2023 12:33:48 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 AW_LOGO_REVERSE-334.png
marvel-b1-cdn.bc0a.com/f00000000241276/arcticwolf.com/wp-content/uploads/2021/11/ 3 KB
4 KB 226ms
105ms Image
image/webp 2600:9000:218e:4a00:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000241276/arcticwolf.com/wp-content/uploads/2021/11/AW_LOGO_REVERSE-334.png
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218e:4a00:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad35c96a8104ac3ccd60c7ce3cd073f9804e816c496c48b90197672e87ab7623

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: 7mtQO29SdDOvYq2vfeY1ho74V0ZAYmDm
date: Mon, 31 Jul 2023 02:19:28 GMT
via: 1.1 7d935e83126b0b85ded112b940f9c85c.cloudfront.net (CloudFront)
x-amz-request-id: 7MNSMR6RRZ9MZ80V
x-amz-cf-pop: CDG52-P1
age: 36861
x-cache: Hit from cloudfront
content-length: 3006
x-amz-id-2: r9Gw+bKb8T9iEwV48fNMLHV014W8Q74x1U1+IZM94C2vtQE0F7gxRpJtlmqvF7yzHTCpw1DH8F8=
x-amz-expiration: expiry-date="Fri, 14 Feb 2025 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Fri, 20 May 2022 18:47:57 GMT
server: AmazonS3
etag: "f4a87a6a0f906e089b9a969ec024c377"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: BbpvAqceWEEjxQcgngXFhDUgeDFEY__PWpvV9lgh70tEr2mnlukSYQ==

GET
H2 200 white-mag-icon.png
arcticwolf.com/wp-content/uploads/2020/03/ 286 B
827 B 52ms
51ms Image
image/png 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2020/03/white-mag-icon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

70473bd0b0e7e7184f687732de1aecf333cd42fea1bd239d95d9319b3fe7cd7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 09:35:47 GMT
x-amz-version-id: vRpsNFPPi7mUSlbSrnV0otSRHfArAMFc
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 d3fdd96b3ada000b1a8c2d522534c124.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 183482
x-cache: Miss from cloudfront
content-length: 286
last-modified: Wed, 15 Feb 2023 19:15:46 GMT
server: AmazonS3
etag: "08f8b78ae229b78ed0ed615a42f85c69"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-id: y_Pplpx749pbxxH2q90Kx6pIA9jYDmAPb0_rpolCTPgFn0Gj0Ry6gg==

GET
H2 200 icon-white-AW-globe-fluent02.png
arcticwolf.com/wp-content/uploads/2021/05/ 2 KB
2 KB 55ms
39ms Image
image/png 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2021/05/icon-white-AW-globe-fluent02.png

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/themes/blankslate-child/style.css?ver=6.2.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

458a0bfc433743487169403d4a82cfe6f703c488619ad7bd9568930ba95d5cc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/wp-content/themes/blankslate-child/style.css?ver=6.2.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:19:36 GMT
x-amz-version-id: b4fg_BRLzhsK6mInSyl6V4RU7eB8Tyu1
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 4e4c50c641418e6aad9ec09cb0f22844.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 227653
x-cache: Miss from cloudfront
content-length: 1914
last-modified: Fri, 23 Jun 2023 16:57:59 GMT
server: AmazonS3
etag: "289f3827ec7de87d6e947ec05798a2f8"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-id: ItuEazsmPOB8q4O4jq6ZD5uo78JLBX2sR3ueNmepXxJ36Ztt77Egug==

GET
H2 200 3d-binary-bg-1.jpg
arcticwolf.com/wp-content/uploads/2021/07/ 189 KB
190 KB 1337ms
1320ms Image
image/jpeg 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2021/07/3d-binary-bg-1.jpg

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5d217422afd593f6c2137ee8f84f4a48e65353f050c0261fcee027afee506888

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: rt6H_4_8IuYdpH4bhzKMqU4WiMqT2VdV
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
last-modified: Fri, 23 Jun 2023 16:57:56 GMT
server: AmazonS3
via: 1.1 6642832e0f3e501fb9fdc5f35d4351d8.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
etag: "67d7eafa9932798de56f5e8459602795"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 193529
x-amz-cf-id: Q3oKvW4-bqQvilE0-tqoBXdxChEUWoEh8_D2xCF02bM5pW_ycsGV0Q==

GET
H2 200 bluebg.jpg
arcticwolf.com/wp-content/uploads/2021/05/ 115 KB
115 KB 1196ms
1180ms Image
image/jpeg 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2021/05/bluebg.jpg

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c94f4be873febccf5892142ba97f462fc698aa4319d33045b368a5063f359716

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: LaaPqD.dVWcjtXr6eJrnloqSs7QgCeqh
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
last-modified: Fri, 23 Jun 2023 16:57:55 GMT
server: AmazonS3
via: 1.1 58a361324cd2b1576fcc05c5471b9b12.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
etag: "3280dc5705380a307a0a293cefeb7eb8"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 117597
x-amz-cf-id: yYavasrWq-KMIlVmmiV7T2regbMIlC-sVdTRnukNPrkzd1a0EABcAQ==

GET
H2 200 aw-3d-binary-bg-1-flipped-blurred.jpg
arcticwolf.com/wp-content/uploads/2021/07/ 204 KB
204 KB 1377ms
1360ms Image
image/jpeg 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2021/07/aw-3d-binary-bg-1-flipped-blurred.jpg

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

fd0ffdf406831f19c420a98f72496543bd94c06844e867c843da2fa8dc0da5f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: s_JGb6u_vBSJVkWP7EguZfhy7DHofx8Q
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
last-modified: Fri, 23 Jun 2023 16:57:58 GMT
server: AmazonS3
via: 1.1 f5e34f7c59830a3caffb7df5f36b4dae.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
etag: "32134c8a5197ed99a780ce51305f7794"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 208473
x-amz-cf-id: _HSlo0GImzXvaScoTOy5HLJNVE4uVp_bOhciwLD3DkJ7bZHAXcGGiA==

GET
H2 200 aw-sf-291-13-blue-purple-neon-quote-notext-scaled-1.jpg
arcticwolf.com/wp-content/uploads/2021/07/ 62 KB
63 KB 1281ms
1264ms Image
image/jpeg 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2021/07/aw-sf-291-13-blue-purple-neon-quote-notext-scaled-1.jpg

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

6e747240a41ab3683385d620cac524e92721981002d10ab1e3ccee31efecff4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: wkD7bbKm7INEFMD3vtCssdHAoX1xoa0t
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
last-modified: Fri, 23 Jun 2023 16:57:59 GMT
server: AmazonS3
via: 1.1 0f34c0d3b0e50b8875bcbb7d41684a58.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
etag: "e18d32f1c3d55879980ce2b4538869c9"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 63661
x-amz-cf-id: 5NElykIdrggXYDpx9R73WToH_UuFKW0J_geBzx6W1wZgIZCgGaiOwg==

GET
H2 200 BG_14-scaled-1.jpg
arcticwolf.com/wp-content/uploads/2021/07/ 120 KB
121 KB 438ms
422ms Image
image/jpeg 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2021/07/BG_14-scaled-1.jpg

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7419952e850bbbe0c457ee9f42eabc5aaf50bacbc192ad90cbd07dc26fe948c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
x-amz-version-id: wbz5ocXgbA_ckORVW21wPl4qexydHJgO
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
last-modified: Fri, 23 Jun 2023 16:57:53 GMT
server: AmazonS3
via: 1.1 a36403421b18ef7385d5575765e6c414.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
etag: "083658fa758928fd6c70e00c0b75722e"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 123161
x-amz-cf-id: 77TAuixD-xJPMoChbXAUvNMMhON9iPayK-cixvI4FpPlzvhewXCh-g==

GET
H2 200 AW-horiz-scroll-sect1b-bg-210624.jpg
arcticwolf.com/wp-content/uploads/2021/07/ 171 KB
171 KB 1320ms
1303ms Image
image/jpeg 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2021/07/AW-horiz-scroll-sect1b-bg-210624.jpg

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d0bdb174b4b74f61ff0a508b88d84c5d32bd05458d7850bf426cebb9c18c0122

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: 5I5MMedw4RXO3mczKWa9BwUYSpflvJHy
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
last-modified: Fri, 23 Jun 2023 16:58:02 GMT
server: AmazonS3
via: 1.1 0f34c0d3b0e50b8875bcbb7d41684a58.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
etag: "98187d06c3c942ad13faab72ca0be6bb"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 174834
x-amz-cf-id: SKBguqIqF-Aah4u67Mwoj27XfTDpfs4PRRP4ahLIGDqgSM4alzz6kg==

GET
H2 200 AW-timeline-bg-001.jpg
arcticwolf.com/wp-content/uploads/2021/07/ 112 KB
113 KB 1261ms
1245ms Image
image/jpeg 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2021/07/AW-timeline-bg-001.jpg

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

464604220f85e83ecf4b1efde51626f3c5ab77b7abc2302c5b12721bdd6a6b53

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: BFqn2NQuOr024tvAMb_hFAQW.sV6t2Bw
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
last-modified: Fri, 23 Jun 2023 16:58:04 GMT
server: AmazonS3
via: 1.1 edd6d90087c4f2b49e182778a2273adc.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
etag: "5834a5f22ac7a75b0496a42083b31d0b"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 114797
x-amz-cf-id: KtpAdkLNKhdWdEPxWkpY4f8N1khAPuonnZiLpdXJccxkgM847ToQOA==

GET
H2 200 AW-IA-BG_21b-scaled-1.jpg
arcticwolf.com/wp-content/uploads/2021/07/ 106 KB
107 KB 1397ms
1396ms Image
image/jpeg 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2021/07/AW-IA-BG_21b-scaled-1.jpg

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3251d9d7369ec04a40eb4b39b44d361d588cbe7a8bedf0e0b982adbd59de5b17

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: i3d1mH.7EKIAx79UQEkJic5qfb8.wfGI
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
last-modified: Fri, 23 Jun 2023 16:57:52 GMT
server: AmazonS3
via: 1.1 3542cbb3a5773810405fca7ba271be44.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
etag: "bae72a5b8ee0cf9e17a76df628f88e4d"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 108402
x-amz-cf-id: DzMTDMJVlhCSODXIXoAjVIQyJ2OMhjvUVFMRQIZHEIO68hi8u_dM6w==

GET
H2 200 AW-IA-BG_19-scaled.jpg
arcticwolf.com/wp-content/uploads/2021/07/ 138 KB
138 KB 1297ms
1297ms Image
image/jpeg 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://arcticwolf.com/wp-content/uploads/2021/07/AW-IA-BG_19-scaled.jpg

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0e1726275acb8741cebb6ec76b0d2722efdcdcbf1d8d59b78c1b4a966217c607

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/wp-content/uploads/elementor/css/post-30031.css?ver=1690222415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-amz-version-id: NQT3bW4IwHQGtHP_NshV4ktzjI3fdOHA
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
last-modified: Fri, 23 Jun 2023 16:57:52 GMT
server: AmazonS3
via: 1.1 4fa61644a4cc2dfcb32e66f7e29f0076.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
etag: "efbaf5e1d9277bef2f68c798913683d4"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 140822
x-amz-cf-id: 9XcKifxmlKWRCYJpYrgJpYL4KNqGtAw6XGeysevNrVICT4zGvkpRvQ==

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 146ms
44ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Encode+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CLato%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CBarlow%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 02:30:15 GMT
x-content-type-options: nosniff
age: 209013
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Jul 2024 02:30:15 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 186ms
84ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 03:38:46 GMT
x-content-type-options: nosniff
age: 377702
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Jul 2024 03:38:46 GMT

GET
H2 200 fa-solid-900.woff2
arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 76 KB
77 KB 44ms
43ms Font
font/woff2 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=4.10.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=4.10.3
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:50:36 GMT
x-amz-version-id: wsbjirFQLB50jN5bSUL6JesNJNgY1w2d
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 2e0227ef3f0af98f7b4e1f8452f59f84.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 225792
x-cache: Miss from cloudfront
content-length: 78196
last-modified: Sun, 16 Jul 2023 13:22:53 GMT
server: AmazonS3
etag: "e8a427e15cc502bef99cfd722b37ea98"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-max-age: 600
access-control-allow-methods: GET, POST, PUT
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
x-frame-options: SAMEORIGIN
x-amz-cf-id: 93dVtd9k-8v2s8ZoMeOsekU4PLrzQG7_F9zkW4x8BQMDlYbLHWTmNQ==

GET
DATA 200
OK truncated
/ 31 KB
31 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855

Request headers

Referer
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 LDIhapOFNxEwR-Bd1O9uYNmnUQomAgE25imKSbHLSMA6.woff2
fonts.gstatic.com/s/encodesans/v19/ 27 KB
27 KB 232ms
131ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/encodesans/v19/LDIhapOFNxEwR-Bd1O9uYNmnUQomAgE25imKSbHLSMA6.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84d61e7247b5194fedf074ca201a7bbc68d3ee141236b4e7cb5030abf9ab58c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 19:14:05 GMT
x-content-type-options: nosniff
age: 235183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27320
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 20:55:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jul 2024 19:14:05 GMT

GET
H2 200 S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 203ms
104ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 19:35:22 GMT
x-content-type-options: nosniff
age: 233906
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23236
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jul 2024 19:35:22 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
314 B 128ms
51ms XHR
application/json 2606:4700::6812:1d26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d26 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26e34b9fbbd2ecafe25af980f19ddc63342ffad01477b0fe851ac8c35bfea847

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7ef5df3798b123bd-LHR
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202209.1.0/ 376 KB
90 KB 45ms
45ms Script
application/javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bcbd83d020ff272645c59dff179841df9374a6295f324eee00b9de4e67bc1cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 31 Jul 2023 12:33:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 229oLfugqvtMNLM3e0uPaA==
age: 58643
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 91423
x-ms-lease-status: unlocked
last-modified: Tue, 11 Oct 2022 04:36:30 GMT
server: cloudflare
etag: 0x8DAAB422B1E6529
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 3ff92f43-501e-0082-4bae-7379b6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ef5df383c4e7332-LHR

GET
H2 200 getForm Show response
cybersecurity.arcticwolf.com/index.php/form/ 25 KB
6 KB 724ms
724ms Script
application/javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cybersecurity.arcticwolf.com/index.php/form/getForm?munchkinId=840-OSQ-661&form=4723&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F&callback=jQuery112407068195172554448_1690806828781&_=1690806828782
Requested by: Host: cybersecurity.arcticwolf.com
URL: https://cybersecurity.arcticwolf.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c51d2f7f7f77d98310f6931282896d49ca352deb54dd17c8ef658ab4d8cbd581

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-form-service-request-id: 13473#189abf0c001
x-marketo-source: Form Service
cf-ray: 7ef5df387f433622-MAN
cached: false

OPTIONS
H2 200 init
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 413ms
118ms Preflight 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/init?image=&title=&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&clientId=LB-52456ADF-10926
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-208-41-101.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
access-control-max-age: 7200
date: Mon, 31 Jul 2023 12:33:49 GMT

GET
H2 200 init Show response
jukebox.pathfactory.com/api/public/v1/ 6 KB
3 KB 1093ms
838ms XHR
application/json 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/init?image=&title=&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&clientId=LB-52456ADF-10926

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-208-41-101.compute-1.amazonaws.com

Software

Resource Hash

40f37d2df8593443c15e9068f98b87c737afd2365692ea115dd95643f06ab445

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy
content-encoding: gzip
x-request-id: cbcb6ba7-9544-4b04-9922-0ab54dcee0fc
x-runtime: 0.716041
referrer-policy: no-referrer-when-downgrade
etag: W/"40f37d2df8593443c15e9068f98b87c7"
access-control-max-age: 7200
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
access-control-allow-credentials: true
cache-control: max-age=0, private, must-revalidate

GET
H2 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 22 KB
22 KB 45ms
43ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:39:44 GMT
x-content-type-options: nosniff
age: 312845
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22504
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:12:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Jul 2024 21:39:44 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 48 KB
14 KB 192ms
44ms Script
application/javascript 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jul 2023 16:27:10 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64b9605e-bf6f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14190
expires: Mon, 31 Jul 2023 12:33:49 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/943679881/ 3 KB
2 KB 202ms
84ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/943679881/?random=1690806829184&cv=11&fst=1690806829184&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&hn=www.googleadservices.com&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&auid=103245672.1690806829&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20bfa7c6c108b703de14c2ccb71e89a502db4a1abf769ba1b0669cb2fe077506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1504
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 167ms
46ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-etou8220043-FRA

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 164ms
46ms Script
application/x-javascript 2a02:26f0:780::210:a40a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a40a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=79458
accept-ranges: bytes
content-length: 4862

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 92ms
26ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H2 200 iframe_api Show response
www.youtube.com/ 1006 B
2 KB 180ms
62ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

985d2443766f9808d937fd868ce48ef047c921e499fae5d41a26e0253a57ee12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Mon, 31 Jul 2023 12:33:49 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 158ms
48ms Script
application/x-javascript 23.197.137.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-137-224.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Mon, 31 Jul 2023 12:33:49 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 bat.js Show response
bat.bing.com/ 42 KB
13 KB 153ms
44ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 31 Jul 2023 12:33:48 GMT
last-modified: Fri, 28 Jul 2023 18:19:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5968F209C35A4FB5BD8BB6D6C9608F30 Ref B: LTSEDGE1819 Ref C: 2023-07-31T12:33:49Z
etag: "806f3b1280c1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12469

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 171 KB
47 KB 153ms
45ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

52ea134848cf261f25b89a48cf302f4d97f3d69ef6db75c3648ff1ea6cd6fb3a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 31 Jul 2023 12:33:49 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 47009
x-xss-protection: 0
pragma: public
x-fb-debug: 67OtvgxL9vMdEBfVmdQJDte4UdJR4X1oAzWmr38GSzpADaCdFkqxVbLc5sb+Mdjwfw97/wSdPhpqLzFypfFNmA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 3545.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 450ms
375ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/3545.js?p=https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&e=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: f19420db-032d-41f8-b843-3596d0f95049
x-runtime: 0.006284
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7ef5df3b2da974a9-LHR

GET
H2 200 uWhJBalAQeFpeNitJUHH Show response
ws.zoominfo.com/pixel/ 0
649 B 254ms
160ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/uWhJBalAQeFpeNitJUHH

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7ef5df3bc93b069a-LHR
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 zaxd53bdwtvy.js Show response
js.driftt.com/include/1690806900000/ 213 KB
60 KB 302ms
177ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1690806900000/zaxd53bdwtvy.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

521b858a4fcc33d56f0248f7aa72997c4acf17e0843bbb00e144f8ae41a40f82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: Keekb6kZnpYaUsja4pqi_bkfDDfkvdzU
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Mon, 31 Jul 2023 12:33:49 GMT
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 62
last-modified: Fri, 28 Jul 2023 18:57:24 GMT
server: istio-envoy
etag: W/"eeb61db8ecbbdf93bc87a27f6322a98b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7mgdMyXbUwyPIGWzw1SLtXOjDe-2V3Wom_QWqoJwSeBezbFATzYZ0A==

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 147ms
75ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 70005
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 7ef5df3c1e7a414c-LHR
expires: Mon, 31 Jul 2023 12:53:49 GMT

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 26 KB
6 KB 114ms
33ms Script
application/javascript 35.244.142.80
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:42 GMT
content-encoding: gzip
age: 7
x-guploader-uploadid: ADPycdvBmEYne-l45-Pfw_ZKNSeQLAQPdsYYSfoaISsXSbW8bNF5WsTsHy0bfAI1oHHNWdQnboqNViKVlonZ5wRnjbsdTg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5774
last-modified: Fri, 28 May 2021 20:34:03 GMT
server: UploadServer
etag: "d001d1c9f5a942fa5524eeacb047e819"
vary: Accept-Encoding
x-goog-generation: 1622234043862937
x-goog-hash: crc32c=oKoi/w==, md5=0AHRyfWpQvpVJO6ssEfoGQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 5774
accept-ranges: bytes
content-type: application/javascript;
expires: Mon, 31 Jul 2023 13:33:42 GMT

GET
H2 200 siteanalyze_6145655.js Show response
siteimproveanalytics.com/js/ 52 KB
14 KB 136ms
41ms Script
application/javascript 2606:4700:e0::ac40:6824
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6145655.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6824 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2070b66678531603157b65e7d2941b93fee78adbe9f90f7325227cf5855566b0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: KXXGJN88RAFGH6R9
age: 5813
alt-svc: h3=":443"; ma=86400
content-length: 13441
x-amz-id-2: iBK5dZFdES0fVay5Trskx65BtuMydcKaVAK6tFKvNTcebv22XKzqryT4p4l3R0LXOLVzfkujLlE=
last-modified: Fri, 28 Jul 2023 18:21:14 GMT
server: cloudflare
etag: "aee16fba25c08b60e369c7a920f01a6b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HfV6tWT0YHDK55zrIzhkmBuWemZMC4007ywjBJRQzmZQSh6yFGswSiXA1u%2BJvadwJWin%2BV82vZ7ml8TG1TiUCysDX1DD27SMyCa2U8TEGTjpXHMx8C7wGKnSO7Pu2X3IIJwwgg7o7sAXnpQhfXZvJDP9dgksMoo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, no-transform
accept-ranges: bytes
cf-ray: 7ef5df3c4e6a71de-LHR

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 6 KB
7 KB 185ms
68ms Script
text/javascript 23.35.228.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/event/js?mt_id=1630382&mt_adid=252398&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-210.deploy.static.akamaitechnologies.com
Software: MT3 1031 59fd23a master cdg cdg-pixel-x33 config_version:"1438" /
Resource Hash: b8ecc12e32efafcf95321fa2c3d3dda6eda40d71735ad8013ee5041ac525c749

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Mon, 31 Jul 2023 12:33:49 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x33 config_version:"1438"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 6323
Expires: Mon, 31 Jul 2023 12:33:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 175 KB
63 KB 75ms
74ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-11592367&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

65d8e50f33b942ee9417d9c48487e482247e0419edc4afe59378c9c9e96f7cd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64811
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 31 Jul 2023 12:33:49 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 146ms
43ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 31 Jul 2023 11:49:45 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2644
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 31 Jul 2023 13:49:45 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/db482b86-7cc0-40a4-94cb-f20d32869a3b/62af48bc-36fc-4a72-90f4-79446e5b053e/ 94 KB
20 KB 61ms
60ms Fetch
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/db482b86-7cc0-40a4-94cb-f20d32869a3b/62af48bc-36fc-4a72-90f4-79446e5b053e/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a18bfb4399ff65752af3ddc73cdc18f2b2593e77ee0713a608aecedb71e6d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 57397
content-md5: 6rqkYt7P/GsoZhAjuXKRJw==
content-length: 20198
x-ms-lease-status: unlocked
last-modified: Fri, 07 Oct 2022 19:49:56 GMT
server: cloudflare
etag: 0x8DAA89D1C72F3A8
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 62bc258a-101e-014d-1be3-5a5851000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ef5df3bab3076dd-LHR
expires: Tue, 01 Aug 2023 12:33:49 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 55ms
54ms Script
application/x-javascript 23.197.137.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-137-224.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Mon, 31 Jul 2023 12:33:49 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Wed, 08 Nov 2023 12:33:49 GMT

GET
H2 200 26066703.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 44ms
44ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/26066703.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

040e7b516a60105fbbd09dfba5e37c49539ce6b22b78aab284468c1185530f3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Mon, 31 Jul 2023 12:33:48 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 65F33A3C940147F4BF67E6947ED51911 Ref B: LTSEDGE1819 Ref C: 2023-07-31T12:33:49Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/50605/domain/arcticwolf.com/ 36 B
377 B 156ms
43ms XHR
application/json 2600:9000:20eb:d600:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/50605/domain/arcticwolf.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:d600:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:19:12 GMT
content-encoding: gzip
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 877
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=24584
x-amz-cf-id: hkwoGepzD6jL54gOvwnrAXhb5xYGp5PDOXjLuU_f42PGqBwXDkZevA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806829401&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806829401&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%2...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D50605%26time%3D1690806829401%26url%3Dhttps%253A%252F%252Farcticwolf.com%252Fincid...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806829401&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%2...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806829401&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%...

0
266 B

232ms
162ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806829401&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&cookiesTest=true&liSync=true&e_ipv6=AQLNSnnWK_sLogAAAYmr8MWeI0PoXujnk9W8hE5viBt98U2G9StsrBkrZ4EtK-E7ai4j
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 64FFB9D968F34B138460678CC06A9664 Ref B: MAN31EDGE0506 Ref C: 2023-07-31T12:33:50Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYBx6SIHUC9NmH8ssG10Q==

Redirect headers

date: Mon, 31 Jul 2023 12:33:50 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 69CBB85976DA43B4990BCC41845E90A3 Ref B: LTSEDGE0820 Ref C: 2023-07-31T12:33:50Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806829401&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&cookiesTest=true&liSync=true&e_ipv6=AQLNSnnWK_sLogAAAYmr8MWeI0PoXujnk9W8hE5viBt98U2G9StsrBkrZ4EtK-E7ai4j
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYBx6SD203tWSqg1SwaQQ==

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 212ms
129ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1690806829405&id=t2_6iqx4ime&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=c1566614-fd9e-4e71-bb0d-fec90426b30a&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 adsct
t.co/i/ 43 B
378 B 192ms
122ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=d3aed364-df1f-4ad8-ba8f-7b9bca0ec930&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=357626c2-c2ec-41a4-bd42-2d7601531f74&tw_document_href=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxet7&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-response-time: 89
date: Mon, 31 Jul 2023 12:33:48 GMT
strict-transport-security: max-age=0
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 23bc5b8c834c9852
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 526b1883b35475f16609c48591080f4841d5affa2bc2a5311da254673342b384
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
397 B 292ms
209ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=d3aed364-df1f-4ad8-ba8f-7b9bca0ec930&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=357626c2-c2ec-41a4-bd42-2d7601531f74&tw_document_href=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxet7&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-response-time: 166
date: Mon, 31 Jul 2023 12:33:49 GMT
strict-transport-security: max-age=631138519
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 435a9fef139c70e8
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 51179806d6db6d506e323d9d8ed9b6fabfabe54278b312afd79483bcc0e6d5df
content-length: 43

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/9824df5d/www-widgetapi.vflset/ 203 KB
63 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9824df5d/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6e1a9cb6313bb6d04d32b237c96ff4e5bfaaa4522d1dea84292cd7869a47ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:26:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 427
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64127
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 20:15:30 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 30 Jul 2024 12:26:42 GMT

GET activityi;src=11592367;type=home;cat=allsi0;ord=8548564205194;auiddc=103245672.1690806829;u1=%5BMarket%5D;u2=%5BURL%5D;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https...
11592367.fls.doubleclick.net/ Frame C875 0
0

GET
H2 200 /
www.google.com/pagead/1p-user-list/943679881/ 42 B
455 B 166ms
64ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/943679881/?random=1690806829184&cv=11&fst=1690804800000&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&fmt=3&is_vtc=1&random=539184631&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.uk/pagead/1p-user-list/943679881/ 42 B
455 B 211ms
76ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/943679881/?random=1690806829184&cv=11&fst=1690804800000&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&fmt=3&is_vtc=1&random=539184631&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 480386592743035 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 110ms
108ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/480386592743035?v=2.9.119&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ce145cf39a28f57c1f06b1c321e542beb551c7a76c183a3e1d18bb2f96716145

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 31 Jul 2023 12:33:49 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: HYnAi2jCQdXBvI/Bx6t0sOWGPRjRwsT4kfU1zlIEpIzRC9KU5lb7uLvEi6839QBy8dECA4OYp84aNnQzOgThjQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 otFloatingFlat.json Show response
cdn.cookielaw.org/scripttemplates/202209.1.0/assets/ 10 KB
3 KB 50ms
49ms Fetch
application/json 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/otFloatingFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: F4B+/RlyrlF0UtYV/kDZHw==
age: 57397
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2702
x-ms-lease-status: unlocked
last-modified: Tue, 11 Oct 2022 04:36:22 GMT
server: cloudflare
etag: 0x8DAAB4225FF58D6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f0748580-e01e-005c-36e1-5a291f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ef5df3cfdeb76dd-LHR

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202209.1.0/assets/v2/ 62 KB
13 KB 51ms
50ms Fetch
application/json 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3e634eb4bc8fc909bd1ea389002b9036063e2fe86f1a423fb2eb577baaf7e1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: eeLeQFlL9c7wmvR8bYV+Vw==
age: 57397
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13334
x-ms-lease-status: unlocked
last-modified: Tue, 11 Oct 2022 04:36:23 GMT
server: cloudflare
etag: 0x8DAAB4226FAD215
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 952d1683-801e-0065-64e1-5a69bb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ef5df3d0ded76dd-LHR

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202209.1.0/assets/ 22 KB
5 KB 46ms
45ms Fetch
text/css 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 31 Jul 2023 12:33:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: B55i3ZY9miZIaUrwjufy0w==
age: 57397
x-ms-lease-status: unlocked
last-modified: Tue, 11 Oct 2022 04:36:34 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 62babe8e-101e-014d-67e1-5a5851000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7ef5df3d0dee76dd-LHR

GET
H2 200 26066703 Show response
www.clarity.ms/tag/uet/ 827 B
1 KB 308ms
190ms Script
application/x-javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/26066703
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/26066703.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e9f9ed7d81f247d2cd07fd3c7be9266f225df735359b39cda7caec6386c481e6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: -1
date: Mon, 31 Jul 2023 12:33:49 GMT
x-azure-ref: 20230731T123349Z-hyr2zbntzd15mauvk671wgm6vc0000000530000000025wd7
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 827
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

POST
H/1.1 200
OK visitWebPage
840-osq-661.mktoresp.com/webevents/ 2 B
318 B 1074ms
176ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://840-osq-661.mktoresp.com/webevents/visitWebPage?_mchNc=1690806829594&_mchCn=&_mchId=840-OSQ-661&_mchTk=_mch-arcticwolf.com-1690806829594-35094&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&_mchHo=arcticwolf.com&_mchPo=&_mchRu=%2Fincident-response-timeline-ransomware%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=utm_source%3Demail__-__utm_medium%3Dnurture__-__mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Mon, 31 Jul 2023 12:33:50 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: db99ebff-3f55-4cfa-bf7b-34fb0803ea5a

OPTIONS
H2 200 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ Frame 0
0 264ms
135ms Preflight
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 22
content-type: text/html; charset=utf-8
date: Mon, 31 Jul 2023 12:33:49 GMT
etag: W/"2-ROqGvmcGDXooyAXFZHZ+i4au1yQ"
function-execution-id: yjc6y482oc23
server: Google Frontend
x-cloud-trace-context: 306e44ee2eb82192742df005f70be292
x-powered-by: Express

POST
H2 204 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ 0
0 167ms
166ms Fetch
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by: Host: cdn.pdst.fm
URL: https://cdn.pdst.fm/ping.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash

Request headers

Accept: application/json
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
server: Google Frontend
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by: Express
access-control-allow-methods: GET, POST
content-type: text/html
access-control-allow-origin: *
x-cloud-trace-context: c936db0880ee9053eabc8e44fa26eea8
function-execution-id: wyd44tu9nbd8
access-control-allow-headers: Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
467 B 135ms
134ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2977641&r=1690806829618&ref=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 2977641
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
via: 1.1 google
x-guploader-uploadid: ADPycduZRIN0V8LkqYS4YZcDPzrjBJ3rtz4fkYDxIf2Ph79iKrC3F6efJ5COJ9Noo7b4ph1pFVClDs_qNEzz1HzJHjoCkA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Mon, 31 Jul 2023 13:33:49 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 239ms
122ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=2977641&r=1690806829618&ref=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 31 Jul 2023 12:33:49 GMT
expires: Mon, 31 Jul 2023 12:33:49 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdvHD6kTy-TILvnUxOYT_CnaUNKEW3PCQRwd1M_9HptkOcKitNplI2OVB_hIqbwTOLgPap1OGqGhmDyHEOrKpSQgHXdEs2X-

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
208 B 54ms
53ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=722153469&t=pageview&_s=1&dl=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&ul=en-us&de=UTF-8&dt=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAACAAI~&jid=1858618153&gjid=1014978547&cid=175781712.1690806830&tid=UA-67837305-1&_gid=1606525572.1690806830&_r=1&_slc=1&gtm=45He37q0n81PMV4652&z=1809712256

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://arcticwolf.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

src=12016171;dc_pre=CLD06KP6uIADFaAHogMdBIgODQ;type=invmedia;cat=arcti0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord= Show response
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=12016171;type=invmedia;cat=arcti0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=
https://ad.doubleclick.net/ddm/activity/src=12016171;dc_pre=CLD06KP6uIADFaAHogMdBIgODQ;type=invmedia;cat=arcti0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_c...
https://adservice.google.com/ddm/fls/z/src=12016171;dc_pre=CLD06KP6uIADFaAHogMdBIgODQ;type=invmedia;cat=arcti0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_co...

42 B
401 B

200ms
81ms

Script
image/gif

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/z/src=12016171;dc_pre=CLD06KP6uIADFaAHogMdBIgODQ;type=invmedia;cat=arcti0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=

Requested by

Protocol

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:50 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/src=12016171;dc_pre=CLD06KP6uIADFaAHogMdBIgODQ;type=invmedia;cat=arcti0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK iframe Show response
pixel.mathtag.com/sync/ Frame 65A5 677 B
1 KB 86ms
76ms Document
text/html 23.35.228.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=09fd64c7-aa2d-4500-b292-fe899938fff8&no_iframe=1&mt_adid=252398&source=mathtag
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/event/js?mt_id=1630382&mt_adid=252398&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-210.deploy.static.akamaitechnologies.com
Software: MT3 1031 59fd23a master cdg cdg-pixel-x31 config_version:"1438" /
Resource Hash: 3ef64e4a0001cd55211fff6bd306290f29c7482a6006d070ee21e52484b7ef22

Request headers

Referer: https://arcticwolf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 677
Content-Type: text/html
Date: Mon, 31 Jul 2023 12:33:49 GMT
Expires: Mon, 31 Jul 2023 12:33:48 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 1031 59fd23a master cdg cdg-pixel-x31 config_version:"1438"

GET
H2 200 forms2.css
cybersecurity.arcticwolf.com/js/forms2/css/ 13 KB
3 KB 45ms
41ms Stylesheet
text/css 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.arcticwolf.com/js/forms2/css/forms2.css

Requested by

Host: cybersecurity.arcticwolf.com
URL: https://cybersecurity.arcticwolf.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
age: 290
etag: "66020e-3437-60062cdee3780"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7ef5df3d8a0c3622-MAN
content-length: 2623
expires: Mon, 31 Jul 2023 16:33:49 GMT

GET
H2 200 forms2-theme-simple.css
cybersecurity.arcticwolf.com/js/forms2/css/ 826 B
330 B 59ms
56ms Stylesheet
text/css 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.arcticwolf.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: cybersecurity.arcticwolf.com
URL: https://cybersecurity.arcticwolf.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
age: 6797
etag: "23c1f27-33a-60062cdee3780"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7ef5df3d8a0f3622-MAN
content-length: 242
expires: Mon, 31 Jul 2023 16:33:49 GMT

GET
H3 200 css
fonts.googleapis.com/ 717 B
370 B 71ms
68ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato

Requested by

Host: cybersecurity.arcticwolf.com
URL: https://cybersecurity.arcticwolf.com/js/forms2/js/forms2.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

eb91e77384f9aff2e81a868ae4f2ae6fb5940c573d0e39088ff637414b4ffed9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 31 Jul 2023 12:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 11:53:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 31 Jul 2023 12:33:49 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/comp/ 0
489 B 109ms
58ms Image
image/gif 23.35.228.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-210.deploy.static.akamaitechnologies.com
Software: MT3 851 9bd98ae master cdg-pixel-x13 config_version:"1438" /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Mon, 31 Jul 2023 12:33:49 GMT
Server: MT3 851 9bd98ae master cdg-pixel-x13 config_version:"1438"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Mon, 31 Jul 2023 12:33:48 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
351 B 138ms
38ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-67837305-1&cid=175781712.1690806830&jid=1858618153&gjid=1014978547&_gid=1606525572.1690806830&_u=YGBACEAABAAAACAAI~&z=971622358

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 31 Jul 2023 12:33:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://arcticwolf.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 161ms
48ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=480386592743035&ev=PageView&dl=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&rl=&if=false&ts=1690806830097&sw=1600&sh=1200&v=2.9.119&r=stable&ec=0&o=30&fbp=fb.1.1690806830096.1990923244&cs_est=true&it=1690806829552&coo=false&exp=a0&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 31 Jul 2023 12:33:50 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 j8_46_LD37rqfuwxyIuaZhE6cRXOLtm2gfT-PYqZAC4I.woff2
fonts.gstatic.com/s/encodesanscondensed/v10/ 21 KB
21 KB 47ms
47ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/encodesanscondensed/v10/j8_46_LD37rqfuwxyIuaZhE6cRXOLtm2gfT-PYqZAC4I.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Encode+Sans+Condensed%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d52f1f1c0e3e9e237c7604afefa8d784064f688c76293e3f1102dab32a830925

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 01:16:44 GMT
x-content-type-options: nosniff
age: 213426
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21624
x-xss-protection: 0
last-modified: Thu, 21 Apr 2022 16:59:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Jul 2024 01:16:44 GMT

GET
H2 200 AW_LOGO_REVERSE-334.png
marvel-b1-cdn.bc0a.com/f00000000241276/arcticwolf.com/wp-content/uploads/2021/07/ 3 KB
4 KB 502ms
501ms Image
image/webp 2600:9000:218e:4a00:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000241276/arcticwolf.com/wp-content/uploads/2021/07/AW_LOGO_REVERSE-334.png
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218e:4a00:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad35c96a8104ac3ccd60c7ce3cd073f9804e816c496c48b90197672e87ab7623

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: eLGRTtjbTCWz_GVr10P8Q1QfWkx_o8t7
date: Mon, 31 Jul 2023 12:33:51 GMT
via: 1.1 7d935e83126b0b85ded112b940f9c85c.cloudfront.net (CloudFront)
x-amz-request-id: TRBTWCMYHG4D4QW2
x-amz-cf-pop: CDG52-P1
x-cache: RefreshHit from cloudfront
content-length: 3006
x-amz-id-2: ZdDt3ahFdtZvXPzycBUQNLEkzrNdjoY1ZR1jotvdzGWE0BBO4qSY6KJJPNA60ptu2BZqXKsp5nQ=
x-amz-expiration: expiry-date="Fri, 14 Feb 2025 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Fri, 20 May 2022 19:52:01 GMT
server: AmazonS3
etag: "f4a87a6a0f906e089b9a969ec024c377"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: j51w9-cWb4FaH_P1nQlttjYylzvjmthMTyBYbPFNhqvwEJ7c5Deb_w==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 84ms
82ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-67837305-1&cid=175781712.1690806830&jid=1858618153&_u=YGBACEAABAAAACAAI~&z=1425707426

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
107 B 82ms
76ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-67837305-1&cid=175781712.1690806830&jid=1858618153&_u=YGBACEAABAAAACAAI~&z=1425707426

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 XDFrame Show response
cybersecurity.arcticwolf.com/index.php/form/ Frame FC43 2 KB
766 B 203ms
203ms Document
text/html 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.arcticwolf.com/index.php/form/XDFrame

Requested by

Host: cybersecurity.arcticwolf.com
URL: https://cybersecurity.arcticwolf.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c375e284cb478a8f21e391c99fb79c9174682d0c21e13a3ed69aa0afa6fa073b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arcticwolf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 7ef5df41094e3622-MAN
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 31 Jul 2023 12:33:50 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H/1.1 200
OK img
pixel.mathtag.com/comp/ Frame 65A5 0
489 B 63ms
63ms Image
image/gif 23.35.228.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=09fd64c7-aa2d-4500-b292-fe899938fff8&no_iframe=1&mt_adid=252398&source=mathtag
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-210.deploy.static.akamaitechnologies.com
Software: MT3 933 7933424 master cdg-pixel-x32 config_version:"1438" /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=09fd64c7-aa2d-4500-b292-fe899938fff8&no_iframe=1&mt_adid=252398&source=mathtag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Mon, 31 Jul 2023 12:33:50 GMT
Server: MT3 933 7933424 master cdg-pixel-x32 config_version:"1438"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Mon, 31 Jul 2023 12:33:49 GMT

GET
BLOB 200
OK 5dd11da2-10df-4012-a3c8-3f50dbd16e4c
https://arcticwolf.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://arcticwolf.com/5dd11da2-10df-4012-a3c8-3f50dbd16e4c
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET

loadUrl
marvel-processor.bc0a.com/snowcloud/v1/api/
Redirect Chain

https://marvel-b1-cdn.bc0a.com/f00000000241276/blob:https://arcticwolf.com/5dd11da2-10df-4012-a3c8-3f50dbd16e4c
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000241276&url=https://blob:https://arcticwolf.com/5dd11da2-10df-4012-a3c8-3f50dbd16e4c

0
0

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.8/ 57 KB
24 KB 74ms
74ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.8/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/26066703
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 9987dcc652130026523219440b654a3e307d16f186019031ad60a28d6f73aa2a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
content-encoding: br
last-modified: Thu, 27 Jul 2023 08:09:50 GMT
etag: W/"0x8DB8E78D98F76CC"
vary: Accept-Encoding
x-azure-ref: 20230731T123350Z-hyr2zbntzd15mauvk671wgm6vc0000000530000000025wh8
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 83f9b973-401e-0025-1867-c087a7000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H/1.1 200
OK st.js Show response
s.swiftypecdn.com/install/v2/ 416 KB
110 KB 141ms
25ms Script
text/javascript 151.101.128.143
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.swiftypecdn.com/install/v2/st.js
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.128.143 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2d7c7930eb39d59cd8c2dc00652977da3ed72347e7cd465f7b540e10e2121c22

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Mon, 31 Jul 2023 12:33:50 GMT
Content-Encoding: gzip
Via: 1.1 varnish
Age: 262
X-Cache: HIT
Connection: keep-alive
Content-Length: 112326
X-Served-By: cache-man4124-MAN
X-Timer: S1690806830.495411,VS0,VE0
ETag: "644bc383-1b6c6"
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, public, max-age=300, public
Accept-Ranges: bytes
X-Cache-Hits: 13

GET
H2 200 forms2.min.js Show response
cybersecurity.arcticwolf.com/js/forms2/js/ Frame FC43 208 KB
69 KB 57ms
57ms Script
application/x-javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.arcticwolf.com/js/forms2/js/forms2.min.js

Requested by

Host: cybersecurity.arcticwolf.com
URL: https://cybersecurity.arcticwolf.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cybersecurity.arcticwolf.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
age: 1106
etag: "23c1f69-34099-60062cdee3780"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 7ef5df427c8e3622-MAN
expires: Mon, 31 Jul 2023 16:33:50 GMT

GET
H2 200 font-awesome.min.css
cdn-app.pathfactory.com/web-fonts/font-awesome/ 28 KB
7 KB 45ms
45ms Stylesheet
text/css 13.32.99.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/web-fonts/font-awesome/font-awesome.min.css
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 14b6cfd9b2a41bf5ee498086b1fbe2e8a31b1f99d5e040d55bdbe2d95702b6ac

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
date: Sun, 30 Jul 2023 16:14:30 GMT
last-modified: Mon, 27 Mar 2023 14:54:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 73161
x-amz-server-side-encryption: AES256
etag: W/"d96f1330ac4b04ce0b20d2206236e62c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-id: XRty6evzKd9frP_upXpK8DTdLv36Q-9jeIvwfAa6coYDzSXZU2vY1g==

GET
H2 200 roboto_lato.css
cdn-app.pathfactory.com/web-fonts/roboto_lato/ 5 KB
1 KB 46ms
46ms Stylesheet
text/css 13.32.99.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/roboto_lato.css
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a3e647bd139028a8b14cd0c42545d61fe316a4a42436a5602b44df99d8d416f3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
date: Mon, 31 Jul 2023 01:35:38 GMT
last-modified: Mon, 27 Mar 2023 14:55:14 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 39493
x-amz-server-side-encryption: AES256
etag: W/"6339b6205ef670ae453a1fa9e8740fd8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-id: OBBsf1zNsiLxeLTdmYE1vgzJ_nyUoDeDv9S1Q1K_Wc_G8AoKtQnVdA==

HEAD
H/1.1 200
OK tp2
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ 0
0 506ms
117ms Fetch
image/gif 52.3.28.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.3.28.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-28-106.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Mon, 31 Jul 2023 12:33:50 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43

GET
H2 204 website_forms Show response
jukebox.pathfactory.com/api/public/v1/ 0
409 B 145ms
145ms XHR
text/plain 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/website_forms?pfVisitorUuid=&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&clientId=LB-52456ADF-10926

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-208-41-101.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.019688
date: Mon, 31 Jul 2023 12:33:50 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
access-control-max-age: 7200
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
vary: Origin
x-request-id: 0ad86b9a-7d34-48d4-abfa-870796f96d30

OPTIONS
H2 200 website_forms
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 123ms
122ms Preflight 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/website_forms?pfVisitorUuid=&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&clientId=LB-52456ADF-10926
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-208-41-101.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
access-control-max-age: 7200
date: Mon, 31 Jul 2023 12:33:50 GMT

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
294 B 339ms
108ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://arcticwolf.com
Date: Mon, 31 Jul 2023 12:33:50 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H2 200 fontawesome-webfont.woff2
cdn-app.pathfactory.com/web-fonts/font-awesome/ 69 KB
70 KB 187ms
95ms Font
binary/octet-stream 13.32.99.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/web-fonts/font-awesome/fontawesome-webfont.woff2?v=4.6.1
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/web-fonts/font-awesome/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d

Request headers

Referer: https://cdn-app.pathfactory.com/web-fonts/font-awesome/font-awesome.min.css
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 30 Jul 2023 14:53:31 GMT
x-amz-version-id: null
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 78020
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 70728
last-modified: Mon, 27 Mar 2023 14:54:50 GMT
server: AmazonS3
etag: "926c93d201fe51c8f351e858468980c3"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
vary: Origin
accept-ranges: bytes
x-amz-cf-id: SxE-FfefdFwFYqvdwGKBFlDtwu9Hn-K7Yt6GHgMJV48Nv7ln7CoWgQ==

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
cdn-app.pathfactory.com/web-fonts/roboto_lato/ 14 KB
14 KB 140ms
52ms Font
binary/octet-stream 13.32.99.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/roboto_lato.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 07c94892c3e0ac93d2bcb3a9cb88aa67ea47b3d1aa89bc39dfcc2b025dcd8988

Request headers

Referer: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/roboto_lato.css
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: null
date: Sun, 30 Jul 2023 22:05:27 GMT
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 52104
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 13976
last-modified: Mon, 27 Mar 2023 14:55:27 GMT
server: AmazonS3
etag: "e7e52c955aa33e618baf437a16539524"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
vary: Accept-Encoding,Origin
accept-ranges: bytes
x-amz-cf-id: QxuLUAKSW4WEuAsoQgotSactvy43PNHjHaW4Eh4maGvJqeNJH8eqIA==

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
cdn-app.pathfactory.com/web-fonts/roboto_lato/ 14 KB
14 KB 146ms
58ms Font
binary/octet-stream 13.32.99.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/roboto_lato.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b8e094ad64704c2e4836153e641e432b22159b03d5b240b6dd303461be83f542

Request headers

Referer: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/roboto_lato.css
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 31 Jul 2023 07:32:01 GMT
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 18110
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 14148
last-modified: Mon, 27 Mar 2023 14:55:28 GMT
server: AmazonS3
etag: "69b28056044be6438ce7e5214c66ba82"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
vary: Accept-Encoding,Origin
accept-ranges: bytes
x-amz-cf-id: 0C0BSfCx_ugt9SImgBO3Z5oCS6evWw0V-wE4_fLurC_hJ52Rm8TWPw==

GET
H/1.1 200
OK hAHV5duyMncMddL773fq.json Show response
s.swiftypecdn.com/install/v2/config/ 19 KB
5 KB 706ms
650ms XHR
application/json 151.101.128.143
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://s.swiftypecdn.com/install/v2/config/hAHV5duyMncMddL773fq.json

Requested by

Host: s.swiftypecdn.com
URL: https://s.swiftypecdn.com/install/v2/st.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.143 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

17184fd3335ad72ab651cd752ec591c5234985af840dbaaec580ac0464343dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Mon, 31 Jul 2023 12:33:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Via: 1.1 varnish
X-Permitted-Cross-Domain-Policies: none
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 4250
X-XSS-Protection: 1; mode=block
X-Request-Id: d251c0d7771cd88cdd4daa326fe13eb4
X-Served-By: cache-man4145-MAN
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 29 May 2020 02:15:38 GMT
X-Timer: S1690806831.805678,VS0,VE625
ETag: W/"f8d7acb49f60ab0bf76694cc2dccecad"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Access-Control-Max-Age: 7200
Access-Control-Allow-Methods: GET, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=300, public
Access-Control-Allow-Credentials: true
Vary: Accept-Encoding, Origin
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H2 200 fa-brands-400.woff2
arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 75 KB
76 KB 47ms
47ms Font
font/woff2 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=4.10.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://arcticwolf.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=4.10.3
Origin: https://arcticwolf.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 21:50:38 GMT
x-amz-version-id: Pu2OT4EdV6w6WPb3TNtv5T4bv2RdIyEt
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 4b28b963946514dd2cf9a90f74a8034a.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1, AMS50-C1
age: 225793
x-cache: Miss from cloudfront
content-length: 76764
last-modified: Sun, 16 Jul 2023 13:22:00 GMT
server: AmazonS3
etag: "f7307680c7fe85959f3ecf122493ea7d"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-max-age: 600
access-control-allow-methods: GET, POST, PUT
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
x-frame-options: SAMEORIGIN
x-amz-cf-id: pebgTItebUWLh3VYrJm5e94BlDz_X4_NVVSnVLz5KGdCMPBO0rxGuw==

GET
H3

200

/ Show response
www.facebook.com/tr/ Frame 3701
Redirect Chain

https://www.facebook.com/tr/
https://www.facebook.com/tr/?redirect=0

0
18 B

43ms
43ms

Document
text/plain

2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/?redirect=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://arcticwolf.com
Referer: https://arcticwolf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 31 Jul 2023 12:33:50 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 31 Jul 2023 12:33:50 GMT
expires: 0
location: /tr/?redirect=0
pragma: no-cache
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 poweredBy_ot_logo.svg
cdn.cookielaw.org/logos/static/ 3 KB
2 KB 47ms
47ms Image
image/svg+xml 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 31 Jul 2023 12:33:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: LpuayL42jB78xRllx0vkOw==
age: 51623
x-ms-lease-status: unlocked
last-modified: Thu, 27 Jul 2023 06:30:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 0bf930f6-001e-0030-55d4-c082cc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7ef5df458dbb7332-LHR

GET
H2 200 AW_LOGO-sm-ovcqcufy1u4fl1l0t77kguta5h9cju2hs4beul3neq.png
marvel-b1-cdn.bc0a.com/f00000000241276/cdn.cookielaw.org/logos/1a8208da-88f2-4102-bad8-e9cf7a89fe0a/856c91be-407b-423f-b181-9f3d03d3cc05/0563ccbb-c642-4106-82b0-dc259bef1d45/ 4 KB
5 KB 82ms
82ms Image
image/webp 2600:9000:218e:4a00:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000241276/cdn.cookielaw.org/logos/1a8208da-88f2-4102-bad8-e9cf7a89fe0a/856c91be-407b-423f-b181-9f3d03d3cc05/0563ccbb-c642-4106-82b0-dc259bef1d45/AW_LOGO-sm-ovcqcufy1u4fl1l0t77kguta5h9cju2hs4beul3neq.png
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218e:4a00:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 977f17a2a9f337ba1b4de255e4d8e20ad993c5e7eccfaec6922e1a2e8247f31c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: 1Dd04HfdPqrflXc8h6ip.O6Nk8v_Azxi
date: Mon, 31 Jul 2023 02:54:23 GMT
via: 1.1 7d935e83126b0b85ded112b940f9c85c.cloudfront.net (CloudFront)
x-amz-request-id: RBCTF23T47DBKZSK
x-amz-cf-pop: CDG52-P1
age: 34768
x-cache: Hit from cloudfront
content-length: 4490
x-amz-id-2: kUzdKEyzuXx+kTBuJ5xdOuk8bp8ZMmhvpBp+D0kl3l0fHkeYn8AaZlr+xJgEBhNxVM55/jyowcw=
x-amz-expiration: expiry-date="Fri, 14 Feb 2025 00:00:00 GMT", rule-id="delete-old-images"
last-modified: Fri, 20 May 2022 22:36:48 GMT
server: AmazonS3
etag: "85afbec98eaa315fbd17970975393032"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 74n0pgyPqiTNwGYEXZBq761O8vT76NYgSBRsynu6N0dmyj4YHSF_vQ==

GET
H2 200 image.aspx
6145655.global.siteimproveanalytics.io/ 34 B
473 B 176ms
49ms Image
image/gif 35.158.224.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6145655.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&title=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&res=1600x1200&accountid=6145655&rt=7598&prev=54bfe1df-5e39-d4b2-fb2a-5dedebf37f27&luid=a47479dc-f95e-4707-59a8-915d7ace2d11&rnd=61809
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.224.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-224-20.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-type: image/gif
date: Mon, 31 Jul 2023 12:33:51 GMT
cache-control: max-age=0
content-length: 34
expires: Mon, 31 Jul 2023 12:33:51 UTC

GET
H2 200 9decd3b0fe5c0841dd43a5375baa5a71.js Show response
ob.robotflowermobile.com/i/ 93 KB
34 KB 171ms
49ms Script
text/javascript 2600:9000:2057:400:1c:f10a:ad80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.robotflowermobile.com/i/9decd3b0fe5c0841dd43a5375baa5a71.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:400:1c:f10a:ad80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: 3424005a512b91236e4fbdd8390d22328c63407f8c648e07c17207064c29a484

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 02:48:51 GMT
content-encoding: gzip
via: 1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: FRA6-C1
age: 40971
etag: "1738b-OvG1jBI7ZPyWpsuH7GYmt1OXAF8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=43200
content-length: 34524
x-amz-cf-id: KdrBOiWuJLpmAFDQ7hWOmvipuVd4upC6jUq_ZEAPBjEdFZy9O-9ruQ==
expires: Mon, 31 Jul 2023 13:11:00 GMT

OPTIONS
H2 200 associate
jukebox.pathfactory.com/api/public/v1/page_views/ Frame 0
0 119ms
118ms Preflight 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/page_views/associate
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-208-41-101.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
access-control-max-age: 7200
date: Mon, 31 Jul 2023 12:33:51 GMT

OPTIONS
H2 200 page_views
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 120ms
120ms Preflight 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/page_views
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-208-41-101.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
access-control-max-age: 7200
date: Mon, 31 Jul 2023 12:33:51 GMT

POST
H2 204 associate Show response
jukebox.pathfactory.com/api/public/v1/page_views/ 0
473 B 132ms
132ms XHR
text/plain 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/page_views/associate

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-208-41-101.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.011536
date: Mon, 31 Jul 2023 12:33:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy
access-control-max-age: 7200
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
vary: Origin
x-request-id: 979fbcc0-4f16-45b1-bcca-b1117a2ac349

GET
H2 200 sp.min.js Show response
cdn-app.pathfactory.com/libraries/tracker/2.17.3/ 76 KB
26 KB 45ms
45ms Script
application/javascript 13.32.99.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/libraries/tracker/2.17.3/sp.min.js
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-99.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a876a773b46aea97d22c1f84dac918fbc98ee3c1e1729f21cef7911de52f141e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
date: Mon, 31 Jul 2023 01:20:13 GMT
last-modified: Tue, 17 Jan 2023 18:22:37 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 40419
x-amz-server-side-encryption: AES256
etag: W/"adc64ce76490600da947214718dc8528"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: OUkuv8Nr6d3nGjDIyh13QO1-TR2wVHvFREEjfrl_WWj6c1bbQaoyvQ==

POST
H2 200 page_views Show response
jukebox.pathfactory.com/api/public/v1/ 153 B
758 B 164ms
163ms XHR
application/json 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/page_views

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-208-41-101.compute-1.amazonaws.com

Software

Resource Hash

c1b33c23e7dbf19dbeb7f90352f4b64d182249a976b903daa88e2b0499e16f6d

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 31 Jul 2023 12:33:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy
content-encoding: gzip
x-request-id: 1af46c1c-e922-452d-be89-3e45ec2fc233
x-runtime: 0.039464
referrer-policy: no-referrer-when-downgrade
etag: W/"c1b33c23e7dbf19dbeb7f90352f4b64d"
access-control-max-age: 7200
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
access-control-allow-credentials: true
cache-control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK new_embed-2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241.css
s.swiftypecdn.com/assets/ 89 KB
34 KB 25ms
25ms Stylesheet
text/css 151.101.128.143
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.swiftypecdn.com/assets/new_embed-2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241.css
Requested by: Host: s.swiftypecdn.com
URL: https://s.swiftypecdn.com/install/v2/st.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.128.143 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

X-Cache-Hits: 1106
Date: Mon, 31 Jul 2023 12:33:51 GMT
Content-Encoding: gzip
Via: 1.1 varnish
Age: 246614
X-Cache: HIT
Connection: keep-alive
Content-Length: 33983
X-Served-By: cache-man4124-MAN
X-Timer: S1690806832.577676,VS0,VE0
ETag: "62b9d076-84bf"
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
Expires: Sat, 27 Jul 2024 16:03:37 GMT

GET
BLOB 200
OK 5dd11da2-10df-4012-a3c8-3f50dbd16e4c
https://arcticwolf.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://arcticwolf.com/5dd11da2-10df-4012-a3c8-3f50dbd16e4c
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 ct Show response
obs.robotflowermobile.com/ 5 KB
2 KB 686ms
137ms Script
text/javascript 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.robotflowermobile.com/ct?id=13034&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1690806831686&hl=2&op=0&ag=2163289357&rand=84129218582019825097180521521062232820389555290491192526606153698211298709826052&fs=1600x1200&fst=1600x1200&np=win32&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDg1NzhdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiaW50ZWwgaW5jLlwiLFwiclwiOlwiaW50ZWwgaXJpcyBvcGVuZ2wgZW5naW5lXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjUsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJzZWZcIjozNjk4NTE4NzEwLFwic2VjXCI6XCJcIn0iXSxbMzcsIlszMzE2MjI0MDQ5LGZ1bmN0aW9uKG5ld1ZhbHVlKSB7XG4gICAgICAgICAgICAgIGFkZENvbnRlbnRXaW5kb3dQcm94eSh0aGlzKVxuICAgICAgICAgICAgICAvLyBSZXNldCBwcm9wZXJ0eSwgdGhlIGhvb2sgaXMgb25seSBuZWVkZWQgb25jZVxuICAgICAgICAgICAgICBPYmplY3QuZGVmaW5lUHJvcGVydHkoaWZyYW1lLCAnc3JjZG9jJywge1xuICAgICAgICAgICAgICAgIGNvbmZpZ3VyYWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgd3JpdGFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHZhbHVlOiBfc3JjZG9jXG4gICAgICAgICAgICAgIH0pXG4gICAgICAgICAgICAgIF9pZnJhbWUuc3JjZG9jID0gbmV3VmFsdWVcbiAgICAgICAgICAgIH1dIl0sWyJjYiIsIjAsMCwwLDAsMCwwLDAsMSwwLDIsMSwwLDcsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMTEsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsOCwwLDAsMCwwLDEiXSxbLTEsIi0iXSxbLTIsIjYsZWNYR1gxOW5ucnZWTzJKZGxOaHhCS1FrTHZTRmRBUUJDbGgxNFZVVkZBbEY3K0NBSXFYUkJGQ0UxNkZZa29WVXBBV2hBU0lEMmtaNU50VSs2OWIvMSs1ODdjeldSSkFQbEdsOSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwibWhqZmJtZGdjZmpiYnBhZW9qb2ZvaG9lZmdpZWhqYWlcIixcImludGVybmFsLW5hY2wtcGx1Z2luXCJdIl0sWy00LCItIl0sWy01LCItIl0sWy02LCItIl0sWy03LCItIl0sWy04LCItIl0sWy05LCIrIl0sWy0xMCwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIl19Il0sWy0xMiwibnVsbCJdLFstMTMsIi0iXSxbLTE0LCItIl0sWy0xNSwiW1wiPGRpdiBpZD1cXFwicHJlbWl1bS1oc2Nyb2xsLXdyYXAtNThlMjZkZTZcXFwiIGNsYXNzPVxcXCJwcmVtaXVtLWhzY3JvbGwtd3JhcCBwcmVtaXVtLWhzY3JvbGwtYXJyb3dzLWhpZGRlblxcXCIgZGF0YS1zZXR0aW5ncz1cXFwieyZxdW90O2lkJnF1b3Q7OiZxdW90OzU4ZTI2ZGU2JnF1b3Q7LCZxdW90O2Rpc2FibGVTbmFwJnF1b3Q7OjAsJnF1b3Q7b3BhY2l0eSZxdW90OzowLCZxdW90O2tleWJvYXJkJnF1b3Q7OiZxdW90O3RydWUmcXVvdDssJnF1b3Q7cGFnaW5hdGlvbiZxdW90OzowLCZxdW90O2Fycm93cyZxdW90OzpmYWxzZSwmcXVvdDtkb3RzJnF1b3Q7OnRydWV9XFxcIiBzdHlsZT1cXFwidHJhbnNsYXRlOiBub25lOyByb3RhdGU6IG5vbmU7IHNjYWxlOiBub25lOyB0cmFuc2Zvcm06IHRyYW5zbGF0ZSgwcHgsIDBweCk7IGxlZnQ6IDBweDsgdG9wOiAwLjAwMXB4OyBtYXJnaW46IDBweDsgbWF4LXdpZHRoOiAxNjAwcHg7IHdpZHRoOiAxNjAwcHg7IG1heC1oZWlnaHQ6IDEyMDBweDsgaGVpZ2h0OiAxMjAwcHg7IHBhZGRpbmc6IDBweDsgYm94LXNpemluZzogYm9yZGVyLWJveDsgcG9zaXRpb246IGZpeGVkO1xcXCI%2BXCIsXCI8ZGl2IGNsYXNzPVxcXCJwcmVtaXVtLWhzY3JvbGwtYXJyb3cgcHJlbWl1bS1oc2Nyb2xsLWFycm93LWxlZnQgcHJlbWl1bS1oc2Nyb2xsLWFycm93LWhpZGRlblxcXCI%2BXCIsXCI8ZGl2IGNsYXNzPVxcXCJwcmVtaXVtLWhzY3JvbGwtYXJyb3cgcHJlbWl1bS1oc2Nyb2xsLWFycm93LXJpZ2h0XFxcIj5cIl0iXSxbLTE2LCIwIl0sWy0xNywiNCJdLFstMTgsIlswLDAsMCwxXSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjAwLDE2MDAsMTIwMCwwLDAsMCwwLFwiLVwiLFwiLVwiLDE2MDAsMTIwMF0iXSxbLTIwLCIxNzU3ODE3MTIuMTY5MDgwNjgzMCJdLFstMjEsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yMywiKyJdLFstMjQsIltcInNheXN3aG9cIiwwLDEsMSwxXSJdLFstMjUsIi0iXSxbLTI2LCJ7XCJ0amhzXCI6NTY4MDAwMDAsXCJ1amhzXCI6NDQ3MDAwMDAsXCJqaHNsXCI6Mzc2MDAwMDAwMH0iXSxbLTI3LCJbMCwxMCwwLFwiNGdcIixudWxsXSJdLFstMjgsImVuLVVTLGVuIl0sWy0yOSwiLSJdLFstMzAsIltcInZcIiwwXSJdLFstMzEsImZhbHNlIl0sWy0zMiwiLSJdLFstMzMsIi0iXSxbLTM0LCItIl0sWy0zNSwiWzE2OTA4MDY4MzE2NDcsMF0iXSxbLTM2LCJbXCI0LzNcIixcIjQvM1wiXSJdLFstMzcsIi0xNDQtNjYtMTgwLSJdLFstMzgsImksLTEsLTEsMzk2MCwwLDEsMCwyOSw4Myw0OTIsLTEsMCw1MjgxLjEsNTI4MS4xLDgyODUsODI4NSJdLFstMzksIltcIjIwMDMwMTA3XCIsNCxcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCx0cnVlLDgsZmFsc2UsbnVsbCwzLGZhbHNlLHRydWVdIl0sWy00MCwiMzMiXSxbLTQxLCItIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDExMTAxMTAwMTAxMTAxMDAwMDAiXSxbLTQ0LCIwLDAsMCw1Il0sWy00NSwiNjIwLDY3NywwLDAsMCw1NjIsMCwwLDY0OCwwLDAsMCwwLDAsMCwwLDAsMCwwLDY4NCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstNDYsIjAiXSxbLTQ3LCJFdGMvVW5rbm93bixlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTQ4LCIwLDAiXSxbLTQ5LCItIl0sWy01MCwiLSJdLFstNTEsIi0iXSxbLTUyLCItIl0sWy01MywiMTAwIl0sWy01NCwie1wiaFwiOltcIl8zXCIsXCIzMjk5OTEzNjlcIixcIl8xXCIsXCI0MTg4MDU1MDcxXCJdLFwiZFwiOltdLFwiYlwiOltcIjI3NzIxNDMzNjhcIixcIjI5NTYyOTMyOTdcIl0sXCJzXCI6MX0iXSxbLTU1LCIxIl0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTU3LCJXRTBaVjF4T2NWaFhYVlZjU3hjRldsWlVTVXhOWEYwSEdXSllTaGxZU1VsVlFHUVpFVnhQV0ZVWldFMFpCVmhYVmxkQVZGWk1TZ2NaRVFNT0F3Z01DUTRJQVJBVkdRVllWMVpYUUZSV1RFb0hBd2dCQXdvSkVCVllUUmw0UzB0WVFCZHlTeGtSVVUxTlNVb0RGaFpXV3hkTFZsdFdUVjlWVms1Y1MxUldXMUJWWEJkYVZsUVdVQllBWFZ4YVhRcGJDVjljREZvSkFRMElYVjBOQ2xnTUNnNE1XMWhZREZnT0NCZFRTZ01JQXc4TkN3a0JFQlZZVFJsTkYxeEJTVlpMVFVvWkVWRk5UVWxLQXhZV1Zsc1hTMVpiVmsxZlZWWk9YRXRVVmx0UVZWd1hXbFpVRmxBV0FGMWNXbDBLV3dsZlhBeGFDUUVOQ0YxZERRcFlEQW9PREE9PSJdLFstNTgsIi0iXSxbLTU5LCJkZWZhdWx0Il0sWy02MCwxMF0sWy02MSwie1wid2dzbFwiOlwiMDtcIixcInBjZlwiOlwiYmdyYTh1bm9ybVwifSJdLFsiZGRiIiwiMCw1LDAsMCwyLDAsMCwwLDAsMCwxLDAsMCwwLDYsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMSwwLDAsMCwwLDAsMSwzLDksMCwxMiwxLDAsMCwwLDAsMCwxLDAsMCwwLDEsMCw3LDAiXSxbImJuY2giLDg5XSxbImFibmNoIiw4OV1d&dep=0&pre=0&sdd=%7B%7D&cri=ucSG6ltCdO&pto=8325&ver=55&gac=175781712.1690806830&mei=&ap=&fe=1&duid=1.1690806831.zmA9kSLE7QY3HiyF&suid=1.1690806831.xWAz87pHDN3ImLYE&tuid=1.1690806831.FYNdKoriYff9budl&fbc=1.1690806830096.1990923244&gtm=WyJjb252ZXJzaW9uIiwiT25lVHJ1c3RMb2FkZWQiLCJPcHRhbm9uTG9hZGVkIiwiT25lVHJ1c3RHcm91cHNVcGRhdGVkIl0%3D&it=184%2C7612%2C214&fbcl=-&gacl=&gacsd=-&rtic=-&bgc=8113e0402f9e11eeb866a3fe52fb294d&spa=1&urid=0
Requested by: Host: ob.robotflowermobile.com
URL: https://ob.robotflowermobile.com/i/9decd3b0fe5c0841dd43a5375baa5a71.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 524034ded2f6e108928b95369b2ef18fb6155e9da9b2d39ac1d83fab8e662628

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-type: text/javascript
pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 2172
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 create_event
jukebox.pathfactory.com/api/public/v1/page_views/ Frame 0
0 120ms
120ms Preflight 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/page_views/create_event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-208-41-101.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
access-control-max-age: 7200
date: Mon, 31 Jul 2023 12:33:51 GMT

POST
H2 204 create_event Show response
jukebox.pathfactory.com/api/public/v1/page_views/ 0
473 B 133ms
132ms XHR
text/plain 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/page_views/create_event

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-208-41-101.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.012256
date: Mon, 31 Jul 2023 12:33:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy
access-control-max-age: 7200
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
vary: Origin
x-request-id: 3eba9dcc-0245-4444-8302-7b8a80f66d94

GET
H2 200 e5a6a46d-c0ab-4144-9f87-eb00eaad7da1.jpg
cdn.pathfactory.com/assets/10926/thumbnails/622249/ 241 KB
242 KB 685ms
544ms Image
image/jpeg 65.9.66.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.pathfactory.com/assets/10926/thumbnails/622249/e5a6a46d-c0ab-4144-9f87-eb00eaad7da1.jpg
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-23.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1fee1667af032f2cf9a26ec7b92a8e5138fc95ca06c7f9a95203aa48bc568a30

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:53 GMT
via: 1.1 d947c3ab534102b2c9a7f0a4541d2ed8.cloudfront.net (CloudFront)
last-modified: Wed, 14 Jun 2023 21:04:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
etag: "5229600a2dd7c02cbdcca60dc903be3d"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=60, must-revalidate
accept-ranges: bytes
content-length: 247032
x-amz-cf-id: n4P01ls9MZe01Td-FMFWK67Y9nYF4WXE8egSJO6foPg7KHmmATlvXQ==

GET
H2 200 5de6a737-b314-41d5-a7b7-ab690e677510.jpg
cdn.pathfactory.com/assets/10926/thumbnails/497384/ 46 KB
46 KB 635ms
493ms Image
image/jpeg 65.9.66.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.pathfactory.com/assets/10926/thumbnails/497384/5de6a737-b314-41d5-a7b7-ab690e677510.jpg
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-23.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a389161ef795e43a29b7ce8dafeb70495884a5cb41d61e68ace519ed884f427e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:53 GMT
via: 1.1 d947c3ab534102b2c9a7f0a4541d2ed8.cloudfront.net (CloudFront)
last-modified: Tue, 23 Aug 2022 16:48:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
x-amz-server-side-encryption: AES256
etag: "0448442dc731ee500f6fe3ec42278dc1"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
cache-control: max-age=60, must-revalidate
accept-ranges: bytes
content-length: 46849
x-amz-cf-id: M0SAfxrHu65LiI9XK2o1xmR88zWwctVS-2LF2gsMT5N1pkSaKZb11w==

GET
H2 200 3d8e2cdc-caea-4608-9104-4e54982db278.jpg
cdn.pathfactory.com/assets/10926/thumbnails/497432/ 65 KB
65 KB 582ms
441ms Image
image/jpeg 65.9.66.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.pathfactory.com/assets/10926/thumbnails/497432/3d8e2cdc-caea-4608-9104-4e54982db278.jpg
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-23.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3fa687375c6b66e730d285e17f84e59d3bfbf349c65604af77e10a648b0c2ed0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:53 GMT
via: 1.1 d947c3ab534102b2c9a7f0a4541d2ed8.cloudfront.net (CloudFront)
last-modified: Tue, 23 Aug 2022 17:23:03 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
x-amz-server-side-encryption: AES256
etag: "c28431d742a57ba306a384c4df1b0b67"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
cache-control: max-age=60, must-revalidate
accept-ranges: bytes
content-length: 66591
x-amz-cf-id: yLVM8kMqIvvKVxlrIoxmgXTJBfh-1MB9FYDpWZIByxC6fVCAQtuCeg==

OPTIONS
H/1.1 200
OK tp2
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ Frame 0
0 117ms
117ms Preflight 52.3.28.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.3.28.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-28-106.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://arcticwolf.com
Access-Control-Max-Age: 5
Connection: keep-alive
Content-Length: 0
Date: Mon, 31 Jul 2023 12:33:51 GMT
Server: akka-http/10.0.9

OPTIONS
H2 200 tp2
jukebox.pathfactory.com/com.snowplowanalytics.snowplow/ Frame 0
0 119ms
118ms Preflight 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-208-41-101.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
access-control-max-age: 7200
date: Mon, 31 Jul 2023 12:33:51 GMT

POST
H/1.1 200
OK tp2 Show response
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ 2 B
459 B 470ms
117ms XHR
text/plain 52.3.28.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/libraries/tracker/2.17.3/sp.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.3.28.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-28-106.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Mon, 31 Jul 2023 12:33:52 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://arcticwolf.com
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 2

POST
H2 200 tp2 Show response
jukebox.pathfactory.com/com.snowplowanalytics.snowplow/ 0
509 B 136ms
136ms XHR
text/html 44.208.41.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/com.snowplowanalytics.snowplow/tp2

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/libraries/tracker/2.17.3/sp.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.208.41.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-208-41-101.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy
X-Content-Type-Options	nosniff

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

x-runtime: 0.011252
date: Mon, 31 Jul 2023 12:33:51 GMT
content-security-policy
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
access-control-max-age: 7200
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: text/html
access-control-allow-origin: https://arcticwolf.com
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
x-request-id: fbbbdeb3-78fa-4da8-98df-1eda901ead09

GET
H/1.1 200
OK cc.js
cc.swiftype.com/ 43 B
279 B 612ms
152ms Image
image/gif 169.48.138.204
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.swiftype.com/cc.js?engine_key=igWoUt9mRmYC3HT9zxHR&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 169.48.138.204 Dallas, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: cc.8a.30a9.ip4.static.sl-reverse.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/gif
Date: Mon, 31 Jul 2023 12:33:52 GMT
Cache-Control: no-cache
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Content-Length: 43
Expires: Mon, 31 Jul 2023 12:33:51 GMT

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
294 B 108ms
108ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://arcticwolf.com
Date: Mon, 31 Jul 2023 12:33:51 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
294 B 333ms
230ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://arcticwolf.com
Date: Mon, 31 Jul 2023 12:33:52 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

POST
H/1.1 200
OK tp2
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ 2 B
459 B 118ms
117ms Ping
text/plain 52.3.28.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/libraries/tracker/2.17.3/sp.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.3.28.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-28-106.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

Date: Mon, 31 Jul 2023 12:33:52 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://arcticwolf.com
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 2

OPTIONS
H/1.1 200
OK tp2
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ Frame 0
0 119ms
118ms Preflight 52.3.28.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.3.28.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-28-106.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://arcticwolf.com
Access-Control-Max-Age: 5
Connection: keep-alive
Content-Length: 0
Date: Mon, 31 Jul 2023 12:33:52 GMT
Server: akka-http/10.0.9

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 264 KB
87 KB 113ms
112ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-33RYRGB9LX

Requested by

Host: ob.robotflowermobile.com
URL: https://ob.robotflowermobile.com/i/9decd3b0fe5c0841dd43a5375baa5a71.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

de44ddd2c43625ffbc1b4fe2326f20f372b0cd58227c389ec76cb3b66900ea1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88768
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 31 Jul 2023 12:33:52 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 264 KB
87 KB 95ms
94ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-33RYRGB9LX&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4a11069c6788f70e35c15b6234bbde2c786a08c17ef5a5b68a1b6923e504374a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88864
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 31 Jul 2023 12:33:52 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 196 KB
70 KB 134ms
133ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-410966486

Requested by

Host: ob.robotflowermobile.com
URL: https://ob.robotflowermobile.com/i/9decd3b0fe5c0841dd43a5375baa5a71.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

50929c81b016e51828d0828be4758e8536e8db822a5a4632ff9a47cded9c9630

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71342
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 31 Jul 2023 12:33:52 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 196 KB
70 KB 77ms
76ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-410966486&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMV4652

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

805f4b50daea87eb254e7b760b8f394c5f756c790e609f1180763b67f484099a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71475
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 31 Jul 2023 12:33:52 GMT

GET
H2 200 / Show response
arcticwolf.com/cheq-ppc-invalid-users/ Frame 9042 753 B
1 KB 52ms
51ms Document
text/html 52.222.139.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arcticwolf.com/cheq-ppc-invalid-users/

Requested by

Host: ob.robotflowermobile.com
URL: https://ob.robotflowermobile.com/i/9decd3b0fe5c0841dd43a5375baa5a71.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-122.ams50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

639d0d582c4d7e66bddd8a2a18d2f1e0274a0c3b3c5952ad5cf4263e4e71d4fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 74804
cache-control: must-revalidate, max-age=0, s-maxage=86400
content-length: 753
content-type: text/html
date: Sun, 30 Jul 2023 15:47:09 GMT
etag: "a677bc49a380e66b9eeaebb822a9a91c"
last-modified: Tue, 18 Jul 2023 17:25:56 GMT
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
via: 1.1 edd6d90087c4f2b49e182778a2273adc.cloudfront.net (CloudFront), 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-cf-id: QvwqLkPIzOK52fYhritfre1S2eiOOQ1cdTNvQP62oGzaJCHbY_u20g==
x-amz-cf-pop: AMS54-C1 AMS50-C1
x-amz-version-id: pKt7pQ47tjUDPDPdf6HShqbXLB5mIxMD
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H2 200 bat.js Show response
bat.bing.com/ Frame 036B 42 KB
12 KB 44ms
44ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 31 Jul 2023 12:33:52 GMT
last-modified: Fri, 28 Jul 2023 18:19:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 554CA68E8EE041E9BB6AFC0465A32DDE Ref B: LTSEDGE1819 Ref C: 2023-07-31T12:33:52Z
etag: "806f3b1280c1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12472

GET
H2 200 tc_imp.gif
obs.robotflowermobile.com/tracker/ 43 B
79 B 110ms
110ms Image
image/gif 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.robotflowermobile.com/tracker/tc_imp.gif?e=37dfbd8ee84e001363eecf35ec4f899f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5f128d6e2317071a10acf9f29f671886858c522e6d12fc707251873ad864c604660c24c053085e600158c0b63e4a77be26bb25cb43e2913bf05365ac5c7e721bda53ee47f497d7df68bb2807ff7ecaa8556d8e0e3143714493d60265f760b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4a7a4918677a0d8d953eb489d593e72aeb9cce4b46d8fd9e16c893008c3e5db6e4d57e56b7dacc54763ecdaf2758a57fc13e68d1a941ace9a7c9531679fc873d0659381eff09df3f1477fe425b4bafc294d26f9913f82be50eb0102419457459a8193c9d7f78425c524d4d2b48577a37777358f7e2c9882de5e20c1fa7ea710e0dc5b9d78a8734947538326bc01cdcaa16abb973f8a41f099d3e676834e546cfa01135c7d427083bb75bb78dbcb812fb2913af1873ccc95f9f93980b9f162707381b67362e8a2276d59c2dbd366a644c09f2d9e9159c70ffb31d357b514d2f664c44c46ecf5f33b505d087f5b570774c39cf5349653e3424b1b6cfdf20b83e25e5da8e1bcf3f60c9dadbdbaefa9d1b90d12749f3cfbc72e168b040566b53e370e19837cf0005d9fb0b325e565ab57f3dd7396d208ca7c5b4e22740354c9bf9ad84d3329dd0a5987878ca9bacb4f17dce5ec3ec9916171dbd11b207baa83d34456c535994dcd08e93e87009e9901f2be2ef0d9dd84cd0520baa229699064ba9fe3f304967e674e50d56c0310e2b1439db2458cc0cc991094d8d921042519ac21b952fb26eed83cc8763a7553306f7ee65f89893252b86ddea6f33cd9c74d8a7c70af03603ec9baa25603bb2fb1f744c80d230154bd3d2582a7d76ec3543e9a8c15bfded4f6804bd85e572611e06b3710c0820637bb20faf8c02b93ceef065e60a168261407cc1e4cfb9ae9110d8d6471d28b9a47c9d0a6d25a24be2ca6046c56d053257fd7bd1853df93ba82f0b801e024a768dc25c98f04cceef9357db2f74999fdc2c7c392bfce4c1bc5903749897cd753c94cebf62ab6cecbdc71ba86d3f0f84765dc8697b44bc614f02668616b35b6f94c24c077ae188cde24a70529fc6c58c730bb8e797ca6666e672ce2a0a372c78237742f4e7e958b81a88e3ad455edbe3855fb9e044a4f187b333eff31e7aa3f0682f88394a0fff9f2de9a7fbbaad40d207c5b70217f244f800d5401e9a1ada926ffc76b5e98d611ee855cd9d09f9480ffef5fb544cb4bf332bd8bef91816f799795d7e075694625a7c8ecac6053faca17300ca039f77c2a4ba8&cri=ucSG6ltCdO&ts=728&cb=1690806832415
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
BLOB 200
OK e97b6a2d-3e55-4d78-83c0-0408c703d1cd
https://arcticwolf.com/ 261 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arcticwolf.com/e97b6a2d-3e55-4d78-83c0-0408c703d1cd
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 335d98ebb147dad9a8d9267aa953bf7f508c316c0cd2b55eb28bb65ffa26fd67

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Length: 261
Content-Type

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame 9042 13 KB
5 KB 49ms
48ms Script
application/x-javascript 2a02:26f0:780::210:a40a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: arcticwolf.com
URL: https://arcticwolf.com/cheq-ppc-invalid-users/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a40a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=79455
accept-ranges: bytes
content-length: 4862

GET
H2 200 295006432.js Show response
bat.bing.com/p/action/ Frame 036B 4 KB
2 KB 47ms
47ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/295006432.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

41034890cce103c8bb5af53c090b8431802103e3ef948df4b38d034ebff4f9af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Mon, 31 Jul 2023 12:33:52 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A59095B0955F4117AEA56A9386E56ACF Ref B: LTSEDGE1819 Ref C: 2023-07-31T12:33:52Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H2 204 0
bat.bing.com/action/ Frame 036B 0
284 B 71ms
70ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=295006432&Ver=2&mid=2e272e17-155f-4bf0-9a5a-89f8dde3a1cb&sid=8113c6e02f9e11ee8c60ef2f49c81cee&vid=8113e0402f9e11eeb866a3fe52fb294d&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&r=&lt=1&evt=pageLoad&ifm=1&sv=1&rn=349944

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 31 Jul 2023 12:33:52 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3BF2E5ACD55A4211A8C62FEA631F523E Ref B: LTSEDGE1819 Ref C: 2023-07-31T12:33:52Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/ Frame 9042
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806832574&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%2...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806832574&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%...

0
144 B

164ms
163ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806832574&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&e_ipv6=AQLrEkAQgXAT1gAAAYmr8M4Uc8ndrJMqjXYq1Vq3nHUYq045wzqF9QBbu2KGiODGE270
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/cheq-ppc-invalid-users/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:52 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 7D737D26FF484CC7BB29A9472B606688 Ref B: MAN31EDGE0506 Ref C: 2023-07-31T12:33:52Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYBx6SoMiZ40sQhpuyo/w==

Redirect headers

date: Mon, 31 Jul 2023 12:33:52 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 33A5A23BDFD64A698C4F7E307C5D29F2 Ref B: LTSEDGE0820 Ref C: 2023-07-31T12:33:52Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50605&time=1690806832574&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&e_ipv6=AQLrEkAQgXAT1gAAAYmr8M4Uc8ndrJMqjXYq1Vq3nHUYq045wzqF9QBbu2KGiODGE270
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYBx6Sk5Vb/z1Iv1WdrJA==

GET
H2 200 295006432 Show response
www.clarity.ms/tag/uet/ Frame 036B 828 B
1 KB 115ms
113ms Script
application/x-javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/295006432
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/295006432.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: bbd113130c7dac23f5a47905ca9e595fd45cb27971920df2340f0367ab3f17c4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: -1
date: Mon, 31 Jul 2023 12:33:52 GMT
x-azure-ref: 20230731T123352Z-hyr2zbntzd15mauvk671wgm6vc0000000530000000025wz5
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 828
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/410966486/ 3 KB
2 KB 90ms
89ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/410966486/?random=1690806832636&cv=11&fst=1690806832636&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&hn=www.googleadservices.com&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&auid=103245672.1690806829&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-410966486&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d794189224620cb3660234fa5744ba6f9ae7f5d704c6a78d4b259f75974560b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1524
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/410966486/ 3 KB
2 KB 193ms
88ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/410966486/?random=1690806832653&cv=11&fst=1690806832653&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&label=lzDbCJmv1ocYENaz-8MB&hn=www.googleadservices.com&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&gtm_ee=1&auid=103245672.1690806829&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-410966486&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f2.1e100.net

Software

cafe /

Resource Hash

7945e31328e2939c6be7a97c1b0be792e6699fafe33c77e2e1822e0f3cf59ff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1755
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
244 B 120ms
40ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-33RYRGB9LX&gtm=45je37q0&_p=722153469&_gaz=1&cid=175781712.1690806830&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1690806832&sct=1&seg=0&dl=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&dt=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&en=CQ&_fv=1&_ss=1&_ee=1&up.cq_category=bots
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-33RYRGB9LX&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://arcticwolf.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 38ms
37ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-33RYRGB9LX&cid=175781712.1690806830&gtm=45je37q0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-33RYRGB9LX&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://arcticwolf.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 87ms
86ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-33RYRGB9LX&cid=175781712.1690806830&gtm=45je37q0&aip=1&z=840544736

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.8/ Frame 036B 57 KB
24 KB 81ms
80ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.8/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/295006432
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 9987dcc652130026523219440b654a3e307d16f186019031ad60a28d6f73aa2a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:52 GMT
content-encoding: br
last-modified: Thu, 27 Jul 2023 08:09:50 GMT
etag: W/"0x8DB8E78D98F76CC"
vary: Accept-Encoding
x-azure-ref: 20230731T123352Z-hyr2zbntzd15mauvk671wgm6vc0000000530000000025x0e
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 83f9b973-401e-0025-1867-c087a7000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2

200

c.gif
c.clarity.ms/ Frame 036B
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=81B32A20668545F99194F378EFD85A77&RedC=c.clarity.ms&MXFR=27D96165CE62623506E8723ACA626C56
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=81B32A20668545F99194F378EFD85A77&MUID=30A10492562C6192373117CD57E76020

42 B
441 B

45ms
45ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=81B32A20668545F99194F378EFD85A77&MUID=30A10492562C6192373117CD57E76020
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
last-modified: Tue, 06 Jun 2023 17:31:23 GMT
server: Microsoft-IIS/10.0
etag: "dca6ffb69c98d91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 19A572D212314D2CB82A9CB99FCF9335 Ref B: LTSEDGE1819 Ref C: 2023-07-31T12:33:52Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=81B32A20668545F99194F378EFD85A77&MUID=30A10492562C6192373117CD57E76020
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/410966486/ 42 B
64 B 58ms
57ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/410966486/?random=1690806832636&cv=11&fst=1690804800000&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=317488780&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.co.uk/pagead/1p-user-list/410966486/ 42 B
64 B 56ms
56ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/410966486/?random=1690806832636&cv=11&fst=1690804800000&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=317488780&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.co.uk/pagead/1p-conversion/410966486/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/410966486/?random=512245519&cv=11&fst=1690806832653&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcti...
https://www.google.com/pagead/1p-conversion/410966486/?random=512245519&cv=11&fst=1690806832653&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-...
https://www.google.co.uk/pagead/1p-conversion/410966486/?random=512245519&cv=11&fst=1690806832653&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Finciden...

42 B
64 B

61ms
61ms

Image
image/gif

2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-conversion/410966486/?random=512245519&cv=11&fst=1690806832653&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&label=lzDbCJmv1ocYENaz-8MB&hn=www.googleadservices.com&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&gtm_ee=1&auid=103245672.1690806829&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOExlZHBnWVEyTFQ1anBEUXJ2SmxFaVVBSHRxR0cwcjZmVDNtSlRpWWxxNVBLa0E3bXd1Mkx1bDNFV3JsTjg2dVBKYjdLV3g3GlhDaEVJOExlZHBnWVFfdS1YbTZYbW5icXpBUkl0QUhaODBUZHZWTmdEeVhUX2djMTVfX2ZVOXN1SnpjRUFLaVhEaENUZTI5QXRFb3ZIdWotZm9Yak9ldnh5IhMI3d6cpfq4gAMVIUAeAh08twv8&is_vtc=1&ocp_id=MKrHZN2GMaGA-cAPvO6u4A8&cid=CAQSKQBpAlJWaMb34XS9DDeAK77uK5_njBJPvjc35kl6MEUkYBGZk-2DVzw-&random=1862634495&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.co.uk/pagead/1p-conversion/410966486/?random=512245519&cv=11&fst=1690806832653&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&label=lzDbCJmv1ocYENaz-8MB&hn=www.googleadservices.com&frm=0&tiba=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&gtm_ee=1&auid=103245672.1690806829&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJOExlZHBnWVEyTFQ1anBEUXJ2SmxFaVVBSHRxR0cwcjZmVDNtSlRpWWxxNVBLa0E3bXd1Mkx1bDNFV3JsTjg2dVBKYjdLV3g3GlhDaEVJOExlZHBnWVFfdS1YbTZYbW5icXpBUkl0QUhaODBUZHZWTmdEeVhUX2djMTVfX2ZVOXN1SnpjRUFLaVhEaENUZTI5QXRFb3ZIdWotZm9Yak9ldnh5IhMI3d6cpfq4gAMVIUAeAh08twv8&is_vtc=1&ocp_id=MKrHZN2GMaGA-cAPvO6u4A8&cid=CAQSKQBpAlJWaMb34XS9DDeAK77uK5_njBJPvjc35kl6MEUkYBGZk-2DVzw-&random=1862634495&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ Frame 036B 0
294 B 106ms
106ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://arcticwolf.com
Date: Mon, 31 Jul 2023 12:33:53 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H2 200 / Show response
c.6sc.co/ 7 B
192 B 55ms
44ms XHR
text/html 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-251.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:53 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://arcticwolf.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 17 B
297 B 203ms
55ms XHR
text/html 2a02:26f0:7100::210:172
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9ce048634d8fcf44322a58bea95aacc92ea158ef28fbed9b7fabc1df47ca9111

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:53 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://arcticwolf.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:ac8:21:e::12
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469668_34603374_482950852_19_861_42_0_219";dur=1
content-length: 17
expires: Mon, 31 Jul 2023 12:33:53 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 234ms
233ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=468ce208ecea2d45efbf04ec75c998b4&svisitor=null&visitor=bd20f5ca-06f2-41c1-8a9c-537780e4d3d4&session=b6915fad-3577-4ff7-895c-94ae37695b48&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2031%20Jul%202023%2012%3A33%3A49%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2031%20Jul%202023%2012%3A33%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22468ce208ecea2d45efbf04ec75c998b4%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2031%20Jul%202023%2012%3A33%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2031%20Jul%202023%2012%3A33%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2293d84380defe58ab6807a488e1f54b53e6882408%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2031%20Jul%202023%2012%3A33%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Take%20a%20real-world%20look%20at%20how%20Concierge%20Security%20experts%20within%20Arctic%20Wolf%E2%80%99s%20industry-leading%20Security%20Operations%20workflow%20triage%20investigated%2C%20escalated%20and%20remediated%20a%20ransomware%20attack%20on%20a%20local%20government%20organization.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&pageViewId=30626be1-b331-4287-88ea-7889b591ec85&v=1.1.5

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:53 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 core Show response
js.driftt.com/ Frame 51E1 2 KB
1 KB 150ms
150ms Document
text/html 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1690806900000/zaxd53bdwtvy.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

70560ba9138d04a53b3d50ad24c6ba38a16a2cacb591ddaf7aabb312f0330a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://arcticwolf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 31 Jul 2023 12:33:53 GMT
etag: W/"07075ae30994d62a00de2f301bdfb11a"
last-modified: Fri, 28 Jul 2023 18:57:16 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-id: ykPDmd0PuyVn0WrfVIJ_99LhVkA8-vSu3liYU_pqH9bUFTAvsjFT7g==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: PE8zep.NHo.o1SZeIPA0xq.0zsXy2Uat
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 18

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 6695 2 KB
1 KB 396ms
395ms Document
text/html 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1690806900000/zaxd53bdwtvy.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

70560ba9138d04a53b3d50ad24c6ba38a16a2cacb591ddaf7aabb312f0330a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://arcticwolf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 31 Jul 2023 12:33:53 GMT
etag: W/"07075ae30994d62a00de2f301bdfb11a"
last-modified: Fri, 28 Jul 2023 18:57:16 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-id: bz8Qq0SbRScu5bRCO_1rKX6tBb4uEu6f8yjAtKz0zYP-XMtiRwGJPg==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: PE8zep.NHo.o1SZeIPA0xq.0zsXy2Uat
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 187ms
46ms Script
application/javascript 52.222.236.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: arcticwolf.com
URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-102.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c365a59132dd34b492cb3a77d534078dd35cbbf75dbb2eabbe328642b74a291b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: Rt6XPSKiJ8UdHSAhNzDbvtFnl_cNNgVn
content-encoding: gzip
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
date: Mon, 31 Jul 2023 01:26:39 GMT
last-modified: Mon, 24 Jul 2023 07:50:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 63422
etag: W/"4eb0c668e820abe414d19a11b92dd0fa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: W472opFDgG0zw5keuxZCUWdYYbp42JU5tR0ThUXZuLuv4bRZrwx7Tw==

GET
H2 200 c.gif
c.clarity.ms/ 42 B
81 B 40ms
40ms Image
image/gif 68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/26066703
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:52 GMT
last-modified: Tue, 06 Jun 2023 17:31:23 GMT
server: Microsoft-IIS/10.0
etag: "dca6ffb69c98d91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 750 B
586 B 173ms
61ms XHR
application/json 18.197.22.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.22.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-22-0.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 76ae8e543977138f688ef3152041faae2e3268cab73f47ec485b6e1a6b7ea4ba

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
Authorization: Token 93d84380defe58ab6807a488e1f54b53e6882408
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
X-6s-CustomID: WebTag1.0 468ce208ecea2d45efbf04ec75c998b4

Response headers

date: Mon, 31 Jul 2023 12:33:53 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://arcticwolf.com
access-control-allow-credentials: true
content-length: 402

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 159ms
52ms Preflight 18.197.22.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.22.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-22-0.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://arcticwolf.com
access-control-max-age: 1800
date: Mon, 31 Jul 2023 12:33:53 GMT
server: nginx

GET
H2 200 runtime~main.d3870f72.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 6 KB
3 KB 46ms
46ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d74324ac5719aa202221018cd0181776040570d0d6b94112fef8e841ef3d6c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: nYREScR.bpGpZR41m1r79Ea9oNUo0dkc
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 236198
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 28 Jul 2023 18:55:12 GMT
server: istio-envoy
etag: W/"ee97d74de0a92e3518199e701c19ee0f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ycDf3VmjjGwMW635XQDztarzWA0FMorGC909U7qL9Nw-sHclxTqdKA==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 35 KB
13 KB 50ms
50ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15966537
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gteae_qyPsMOTbrwX0zMGCoOmOfLOCoQ_GiP_w3TuKVHQwdtlZv_qA==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 7 KB
3 KB 52ms
51ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:46 GMT
x-amz-version-id: _6ChWa7QfxwgvKvHcksc0_7OHMp8jBKX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3532327
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 20 Jun 2023 14:23:11 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JFG-le_-fiDq2vTiaRAqjz99Cvv3e-yoAJ_N8EsfTkFk0HPY1DtWSw==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 269ms
268ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=468ce208ecea2d45efbf04ec75c998b4&svisitor=null&visitor=bd20f5ca-06f2-41c1-8a9c-537780e4d3d4&session=b6915fad-3577-4ff7-895c-94ae37695b48&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A21%3Ae%3A%3A12%22%7D&isIframe=false&m=%7B%22description%22%3A%22Take%20a%20real-world%20look%20at%20how%20Concierge%20Security%20experts%20within%20Arctic%20Wolf%E2%80%99s%20industry-leading%20Security%20Operations%20workflow%20triage%20investigated%2C%20escalated%20and%20remediated%20a%20ransomware%20attack%20on%20a%20local%20government%20organization.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&pageViewId=30626be1-b331-4287-88ea-7889b591ec85&v=1.1.5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:53 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 23 KB
8 KB 51ms
47ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: 5TonZ2q4BzUrPKpbgBIsyV0ypFLgVCeU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3577553
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xSSfWvHb4ynDLs4rd2a9dLVgAsvQ1EQwQiv5pIbEkWvy3k0m1kpNkA==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 36 KB
10 KB 54ms
50ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:30:14 GMT
x-amz-version-id: qXDwNGmcU.i_gy6zABPrFxJLJu0M1pqs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2207019
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kGkpPseaP3nbjJvBknA5U9LX-XhdEE9DdGLY9t4CW1MkUhlRngoAAg==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 32 KB
11 KB 58ms
54ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: zK.I5gIdSwLDVz8paigwY_NlFGMXuMgL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3532326
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eFB0y6YEGie7cSLHWjm0K46zfB2ECTgGGXuNNQUWs8Oi3GdYbeQN2A==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 17 KB
6 KB 60ms
56ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 06:35:14 GMT
x-amz-version-id: NhB69SBKJZmuUtXDH0xsEetKhzurSV2H
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4859919
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bUyLuQSdgSrKtUy-6adVHTiLYobLqOF67-c4yhMI9_6LWOgPAtd0Gw==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 25 KB
8 KB 64ms
60ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 03:25:03 GMT
x-amz-version-id: aw1f3uGwXuU6S2OomkpX1DCMYaDfscU9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2106529
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: isgofUMiGQvJaHCFrKBsxon4QZmrd3ryYODm9bv3szm5kURwWtF7iw==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 74 KB
23 KB 76ms
72ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ukuXMqZaBoE6xID056KmWB0xEHmIXKmX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3577553
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 69
last-modified: Fri, 16 Jun 2023 20:26:54 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wSkvdZnCGiidD-T7hH7869qQ_QBm6wgJJLFBBiw5FOTYmOD_kgcoEA==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 66 KB
20 KB 77ms
73ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 25 May 2023 07:08:48 GMT
x-amz-version-id: pbTO4uU1iA_kBPCkMqV8rm3AioPcDtRp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5808305
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Wed, 24 May 2023 17:36:06 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ah4VbC-MTNE0NN0pVR7YDw0gWs4mJ6oXw7aA5Z3XskgOskltL2xYCg==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 91 KB
28 KB 99ms
95ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 12:05:00 GMT
x-amz-version-id: SrUur3gTkOE1yjoDcy53ibL6t3rDB5tT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2075333
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 30 Jun 2023 16:16:08 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: h0Wmqazgs3Y47gUQc0KJFHYhSzjGdx7oEuLPTtX0_g0A1vdrkWv6gw==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 23 KB
7 KB 101ms
97ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 30 May 2023 11:02:53 GMT
x-amz-version-id: IgOK_MQbEszp7MebOhF6oyS1BThWXb5o
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5362260
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 26 May 2023 19:24:42 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Sd5do64eUfjhypjzSpRL5RB5ldzK4xnxyEY7u155y0vzVUz6kd_3Zg==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 62 KB
20 KB 103ms
99ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:01:51 GMT
x-amz-version-id: 4sXKEKnf1MP6Oxg8R9s.0Ul7nOjxTe89
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2889122
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Mon, 26 Jun 2023 20:12:19 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZiXjXRUN6LK7uZcsvLDQq9OsKKYw1-6d_NWmJjJOCb-_ETuLUegXoQ==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 105 KB
34 KB 109ms
105ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: gBpCCsntSn2IWEffEf2F8DC2OtX8qv0J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3577553
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 100
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: F5fN19NZ20hiJJkykYyDmRSwpHdD6wiEDC4urp66onSFYt86kcanyA==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 12 KB
4 KB 136ms
133ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 26 May 2023 02:53:30 GMT
x-amz-version-id: d.D0r_vXgX7w1FTWdc3SLpv412I4sjOB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5737223
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 44
last-modified: Wed, 24 May 2023 17:52:54 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qWlW0chRlgbRLR-j_DJAMmnLd4nIuAseDPx2DdM27RuKMG8VdwRbcw==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 13 KB
6 KB 137ms
134ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ncEfPgGiy8bvtpJNwnTX.NMziBwYghK4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3577553
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kB5DdUlAbbpto_nWu7BSyyhx6cW9jaUA1BIPgVb2APc91eGI60xKPA==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 17 KB
7 KB 139ms
136ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 09:24:39 GMT
x-amz-version-id: VsfA8TLYa9RNEpzywKZv5LmrplRhx_G6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4849754
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 72
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mTAK8kZluuEMN0_Bxywhv_5kzdN19G9fB8dcYuyA2n2y3QkkzTo-cw==

GET
H2 200 8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 51E1 31 KB
4 KB 133ms
131ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: a7.YLqd37JZcdeCbrfXC3CfVjfFxsQd4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3577553
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 16 Jun 2023 14:07:10 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 39O-wjPi5JIFn8-uWLmKnIlqAsnr0fN4h9wdkUWfPLJPYaVlkhKPbQ==

GET
H2 200 8.94b86ac7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 81 KB
25 KB 139ms
137ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.94b86ac7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 20:11:10 GMT
x-amz-version-id: sKS3NtYZ5xBkpnwyRKt297s4ZL0aCKra
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1182163
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Mon, 17 Jul 2023 15:59:42 GMT
server: istio-envoy
etag: W/"c01af04dcc374efd61d695b2f1e6a2c5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8MXutZCm14Mfh-RMgNz0HavpxIXehIOnncdazVYouZatHLVaIM4NiQ==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 51E1 24 B
695 B 140ms
139ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: C6GeoJGSzHnxQmfIIaJPtsDdeomKLjJo
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 6909862
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 24
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: sbJtgW8LenhpzcGIrxhNB9T9XR5KM45YsrjszwqVxkTcTwv-wQ4Urw==

GET
H2 200 16.8bd9e5a9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 91 KB
23 KB 141ms
140ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.8bd9e5a9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8879c5372c9cdd8a63f0482260b11c03651fb6bf5a216ab4478fdb30394ee24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: rzljacJzqN37r9cYvWsZXzr5I9pj.xER
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 236198
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"ef144ff505a111b4fe4731aaba1cffed"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bGoY3NyrYuUqmqWyRmjr6kAH3Dtd8adrkl24U2N_wANhD35h3p0LSg==

GET
H2 200 24.1fcb23fd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 50 KB
14 KB 142ms
141ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.1fcb23fd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6e60af994c94f52d951f4ba72ce1ad110d02331dc2ab55b61110cd3be60c83f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: mhEzNs3jM3iyiDrVTPsVGu6p3AXJxHOl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 236198
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"dfa4b7771ab513175144a5ffeb70e72d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Czqf9oHvGTm0TOVErRGUBQvXj18CVFSIBgWFZxYh67t5MlUsp3uKCw==

GET
H2 200 17.a71bb070.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 40 KB
13 KB 144ms
143ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.a71bb070.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6fa317686874e2babbb154c505e6d34dea75adf4cc6621773e1b40970a89419b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: W_RhZ8nhV9MfFiIuzCtGrNuJHr5uhnLe
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 236198
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"8f716b28dee3e1937ef5c37d59f4213c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iSlpwgR1wkkFcGbPeUpPjeG7xai_l3k86AsvLoW73CWB9gLLgqomnw==

GET
H2 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 199 B
562 B 194ms
193ms Fetch
application/json 52.222.236.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-102.fra56.r.cloudfront.net
Software: / Express
Resource Hash: cc472918f012f11d6f59c7681969da54d0fd572d9863883ce00a08a07f46c845

Request headers

Content-Type: application/json
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
Authorization: Bearer 66a7a829411679931395
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
visited_url: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw

Response headers

date: Mon, 31 Jul 2023 12:33:53 GMT
via: 1.1 a823be133adad65df6d3bf471a742792.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-powered-by: Express
etag: W/"c7-rPr/iWxNmcrrVFfBcyb+6TNcDUI"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 199
apigw-requestid: I7eH0jAGvHcESIA=
x-amz-cf-id: 0eQWnMZvoGfbAC-uZibOk1Qj39ivi-weW29udvOyUoSlLVmbntHQOg==

OPTIONS
H2 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 285ms
189ms Preflight 52.222.236.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-102.fra56.r.cloudfront.net
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: I7eHyhcHPHcES2A=
date: Mon, 31 Jul 2023 12:33:53 GMT
vary: Access-Control-Request-Headers
via: 1.1 a823be133adad65df6d3bf471a742792.cloudfront.net (CloudFront)
x-amz-cf-id: logQCiC6n8rxyXBkfvmrK3ScAqJJyOPwt0LV_g5ANd_Ec0plNMG3Sg==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-powered-by: Express

POST
H2 200 mon Show response
obs.robotflowermobile.com/ 0
146 B 114ms
114ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.robotflowermobile.com/mon
Requested by: Host: ob.robotflowermobile.com
URL: https://ob.robotflowermobile.com/i/9decd3b0fe5c0841dd43a5375baa5a71.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://arcticwolf.com
date: Mon, 31 Jul 2023 12:33:53 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 runtime~main.d3870f72.js Show response
js.driftt.com/core/assets/js/ Frame 6695 6 KB
3 KB 65ms
63ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d74324ac5719aa202221018cd0181776040570d0d6b94112fef8e841ef3d6c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: nYREScR.bpGpZR41m1r79Ea9oNUo0dkc
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 236198
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 28 Jul 2023 18:55:12 GMT
server: istio-envoy
etag: W/"ee97d74de0a92e3518199e701c19ee0f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4o7SJ4UN_RncTyveZYrV2svXtns7_FbpGTDURjab0AW6TiHenStb_w==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 35 KB
13 KB 64ms
63ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15966537
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ev1cXuhAD4Sd7jyhaolgvZ4P9qgjiapzfCbl0HOjidI7ED5hvPDm0w==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 7 KB
3 KB 65ms
65ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:46 GMT
x-amz-version-id: _6ChWa7QfxwgvKvHcksc0_7OHMp8jBKX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3532327
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 20 Jun 2023 14:23:11 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: k54KBm2CfgNpwCdLHRuPbRDkcwbRTxpseGVi8IqTiWWOk0d47IYpAw==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 9 KB
3 KB 49ms
47ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 24 May 2023 04:23:57 GMT
x-amz-version-id: GhA8rzRSUOsszJIxxjXIx4g.f98pPnBY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5904596
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Tue, 23 May 2023 23:00:49 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5DAfJOtuYIeDhHL6dWQz3_tXkQu9cG7ihlUxpmSEj8eIPX8c0sEEeQ==

GET
H2 200 27.01c2bea5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 35 KB
10 KB 50ms
49ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.01c2bea5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:02:59 GMT
x-amz-version-id: nle0j8birQ7TqZcCTCj2_Aiuc4PU4FBJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3580254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Fri, 16 Jun 2023 14:07:13 GMT
server: istio-envoy
etag: W/"04a233a42dcf8c50a83bfecea8ba552d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: b36v62iwgyoYGNzrhpjSuTw4E1C4QoLXArWG5MQq64C1LcVXC3Gl7Q==

GET
H2 200 28.b5e8f5e1.chunk.css
js.driftt.com/core/assets/css/ Frame 51E1 8 KB
2 KB 47ms
46ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/28.b5e8f5e1.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 13:30:40 GMT
x-amz-version-id: o5Mqj_3FT3WjX9660DbCXWXmwKjwNZDi
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 428593
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Wed, 26 Jul 2023 13:12:09 GMT
server: istio-envoy
etag: W/"e7107bc29ccb3c6d928f0f8f10a0f22d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IBNFipxuCEduIRwAt3YD0X5CPT1L_wHYOpU_NT7LYQOfltgmhvc6Fw==

GET
H2 200 28.bdd92ff2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 14 KB
6 KB 50ms
49ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.bdd92ff2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6eabf982ec86c7a2d08d260cdd257c9d1f1d9b589cb52a812be0dc5c7cf1af9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: FN2mK9FP.1iG0EPXu5GaP7vFrDcTGt2G
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3532326
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"260fbabe310bd2cae5c44538f3d833ad"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: w8T39s1C4uf287iGgSNCI5kLVH-ScajfY62EfgKIgmKwcMc1DcOobQ==

GET
H2 200 25.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 51E1 365 B
1 KB 51ms
50ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/25.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: ZuuQmAv287PLv09x8YJDQ63ijAfFLcLS
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 3532326
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
content-length: 365
last-modified: Tue, 20 Jun 2023 14:23:06 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: unGwaoC0BABAKIcKKKKRJocpxhNWis_MD_t-hr_CXjf5AlZQu9Ldww==

GET
H2 200 25.a9a52994.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 91 KB
25 KB 53ms
52ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.a9a52994.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d21b490fa72e9cd90e09db07c73ef43c0d65bf38de6a41dfd1c53338f71549a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 20:11:11 GMT
x-amz-version-id: gwpLuUCx14LwmyLJHh.v9ArijcPAHA0d
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1182162
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 67
last-modified: Mon, 17 Jul 2023 15:59:41 GMT
server: istio-envoy
etag: W/"34109a0bf2906f78b21b4a9f5fa4ab8c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ENb9xxRmuHry89e_CzeVXGY-bj-LSX60-6xX4WRi6Hjt1QmUokxFWQ==

POST
H2 200 mon Show response
obs.robotflowermobile.com/ 0
16 B 111ms
110ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.robotflowermobile.com/mon
Requested by: Host: ob.robotflowermobile.com
URL: https://ob.robotflowermobile.com/i/9decd3b0fe5c0841dd43a5375baa5a71.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://arcticwolf.com
date: Mon, 31 Jul 2023 12:33:53 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 23 KB
8 KB 46ms
45ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: 5TonZ2q4BzUrPKpbgBIsyV0ypFLgVCeU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3577553
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: C15tsYEwiKqXGnEsKPIVVRuZgxtA5edjDBhBqEziJlehp-5D6gqbBQ==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 36 KB
10 KB 48ms
39ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:30:14 GMT
x-amz-version-id: qXDwNGmcU.i_gy6zABPrFxJLJu0M1pqs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2207019
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RnlDhj-09IwXHtt81AsaScPFDaWg_h7Z6P3bh173lkgULAc6kpZ76g==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 32 KB
11 KB 49ms
41ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: zK.I5gIdSwLDVz8paigwY_NlFGMXuMgL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3532326
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: o0B17-cG_Pm2QEOPeoJP8361yfBfkhNXkElpj0Kv3oaTyJYfBT452w==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 17 KB
6 KB 50ms
42ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 06:35:14 GMT
x-amz-version-id: NhB69SBKJZmuUtXDH0xsEetKhzurSV2H
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4859919
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rMv3gq9RYIzw6B0Z46F0l2GJSopE5zxViv0eJKK2bNxDgGVT8XQtxg==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 25 KB
8 KB 57ms
48ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 03:25:03 GMT
x-amz-version-id: aw1f3uGwXuU6S2OomkpX1DCMYaDfscU9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2106529
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PLfM9_XziIlJgmbdY2LcI8dGjHOD3-8s6cft31OVY71yGWkrOWfPQg==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 74 KB
23 KB 57ms
49ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ukuXMqZaBoE6xID056KmWB0xEHmIXKmX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3577553
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 69
last-modified: Fri, 16 Jun 2023 20:26:54 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: We2QFAFgdNWjPVv17wsgHoF-jvuMwzCQ-qJ9WfKPOezndUcWqwA_AQ==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 66 KB
20 KB 60ms
51ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 25 May 2023 07:08:48 GMT
x-amz-version-id: pbTO4uU1iA_kBPCkMqV8rm3AioPcDtRp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5808305
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Wed, 24 May 2023 17:36:06 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PibKMnFKtSIdjL-qDYnIp5kmbyA5fOPJS9Beg3Xm_uGCFGlzSYyMJg==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 91 KB
28 KB 61ms
53ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 12:05:00 GMT
x-amz-version-id: SrUur3gTkOE1yjoDcy53ibL6t3rDB5tT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2075333
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 30 Jun 2023 16:16:08 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IAE38tkTcnbF1ylhboO9WrDIYaKFXZokfB09FeQBDluWB5sBAnU4ow==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 23 KB
7 KB 64ms
56ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 30 May 2023 11:02:53 GMT
x-amz-version-id: IgOK_MQbEszp7MebOhF6oyS1BThWXb5o
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5362260
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 26 May 2023 19:24:42 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: leHbHN1RxEFGo1A2MA1umLK_KAc-TV0DF9Fc6COLgIeb2ZZK_kxnLQ==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 62 KB
20 KB 66ms
58ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:01:51 GMT
x-amz-version-id: 4sXKEKnf1MP6Oxg8R9s.0Ul7nOjxTe89
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2889122
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Mon, 26 Jun 2023 20:12:19 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iW9MpZEXzy3b0ecjsuVUBSD8394PQswuwe_HFPlToAdCrne4UCA_jw==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 105 KB
34 KB 67ms
59ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: gBpCCsntSn2IWEffEf2F8DC2OtX8qv0J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3577553
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 100
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eHfojj5OTX5PLHsUgdlMhLnEz4PusVQyig1PlXWudW1YSEB48D3ykg==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 12 KB
4 KB 71ms
63ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 26 May 2023 02:53:30 GMT
x-amz-version-id: d.D0r_vXgX7w1FTWdc3SLpv412I4sjOB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5737223
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 44
last-modified: Wed, 24 May 2023 17:52:54 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ewysWb5_XnOhorG_tKniWH5FVDsTF-HiWowlvTgkg0FrdSfrjEDqdw==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 13 KB
6 KB 71ms
64ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ncEfPgGiy8bvtpJNwnTX.NMziBwYghK4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3577553
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cpO7rHAyopOKzhH3sXCcwGadTM-wN5qMrtafO3pP6vzXkQ54cKZzJg==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 17 KB
7 KB 72ms
65ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 09:24:39 GMT
x-amz-version-id: VsfA8TLYa9RNEpzywKZv5LmrplRhx_G6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4849754
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 72
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _j4nQXQDAZkkj95lLovKqMui3kCAmolqU2_xIb0yQBFIAZzLhNaLww==

GET
H2 200 8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 6695 31 KB
4 KB 63ms
56ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: a7.YLqd37JZcdeCbrfXC3CfVjfFxsQd4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3577553
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 16 Jun 2023 14:07:10 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AXvL0BMhYlGFDm1jzMErTlj_QCyzKl298aiskxirpQI292-B1YtFPw==

GET
H2 200 8.94b86ac7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 81 KB
25 KB 73ms
65ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.94b86ac7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 20:11:10 GMT
x-amz-version-id: sKS3NtYZ5xBkpnwyRKt297s4ZL0aCKra
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1182163
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Mon, 17 Jul 2023 15:59:42 GMT
server: istio-envoy
etag: W/"c01af04dcc374efd61d695b2f1e6a2c5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: No3GhtBnq0CuxWFQyfTUuACtG6OH0fXoyXIAIUgy4JEiCdw9RK8__Q==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 6695 24 B
695 B 72ms
64ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: C6GeoJGSzHnxQmfIIaJPtsDdeomKLjJo
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 6909862
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 24
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: nNmxYPr_5Knsu_aBGiT-VKYXZeqMc6fRVqhb0cwOMwXonEVeRNqwBg==

GET
H2 200 16.8bd9e5a9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 91 KB
23 KB 73ms
66ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.8bd9e5a9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8879c5372c9cdd8a63f0482260b11c03651fb6bf5a216ab4478fdb30394ee24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: rzljacJzqN37r9cYvWsZXzr5I9pj.xER
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 236198
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"ef144ff505a111b4fe4731aaba1cffed"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: s7E0frKkKYNwFHSdLCHuOPSFx7jRT6bMawD32YJIS0KuXYXfjTGQ4w==

GET
H2 200 24.1fcb23fd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 50 KB
14 KB 74ms
68ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.1fcb23fd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6e60af994c94f52d951f4ba72ce1ad110d02331dc2ab55b61110cd3be60c83f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: mhEzNs3jM3iyiDrVTPsVGu6p3AXJxHOl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 236198
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"dfa4b7771ab513175144a5ffeb70e72d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XfkKAb-qQHd2H0-yO9pcnQb175S1cE-IbSn4OKN0UdMGy1unGzg3Kg==

GET
H2 200 17.a71bb070.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 40 KB
13 KB 75ms
69ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.a71bb070.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6fa317686874e2babbb154c505e6d34dea75adf4cc6621773e1b40970a89419b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: W_RhZ8nhV9MfFiIuzCtGrNuJHr5uhnLe
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 236198
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"8f716b28dee3e1937ef5c37d59f4213c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: O2Kf5rqkJntXtVCcSZtgVK2gKYyicaWGknSSErIti6iHEnx1trUupw==

GET
H2 200 37.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 6695 3 KB
1 KB 51ms
51ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/37.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 00:43:49 GMT
x-amz-version-id: 6S9dem0QqRNKdsXJa9pt.hiZoFHo8G8.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2202604
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 58
last-modified: Fri, 30 Jun 2023 16:16:07 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ap1cOZ9BGaoXqn-1DMGIs5NPBI2NlTi-Syu-ta9HrCZpeczmfPOZZQ==

GET
H2 200 37.298cbb69.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 3 KB
2 KB 52ms
52ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.298cbb69.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 04:59:35 GMT
x-amz-version-id: Fv09MwZ9_aib0TbI3DWT7N_8oqF8DxL_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3569658
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 16 Jun 2023 14:07:13 GMT
server: istio-envoy
etag: W/"86b289eeb2bf9d30034f30d9794e8041"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zHbYaI26XKhENNCrs-46tOlPfqOgI4NX-7DrhTdwXzkVN58vxg0eIA==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 9 KB
3 KB 62ms
61ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 24 May 2023 04:23:57 GMT
x-amz-version-id: GhA8rzRSUOsszJIxxjXIx4g.f98pPnBY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5904596
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Tue, 23 May 2023 23:00:49 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2kDs3V7_0pk5stU_HmdLTG9xOCmW0YtggLSbzZ-r9kGIxPOgOE2rvQ==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 6695 7 KB
2 KB 63ms
62ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 26 May 2023 01:55:58 GMT
x-amz-version-id: mj1uBZn49IegQv8DQD1iQuBHBtNoawj8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5740675
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 136
last-modified: Wed, 24 May 2023 17:36:04 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tsv4zXOeAdjzNv8GYq0SViV8ieUaI3Yh1C1yISCwFeLXU2vclJk4Fg==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 54 KB
15 KB 65ms
64ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 29 May 2023 23:15:04 GMT
x-amz-version-id: FE5y8IPJ04Yp7NIoBaxWwnwnvwyWwyRX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5404729
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 116
last-modified: Fri, 26 May 2023 19:24:43 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mjhAFVrsWb1GYtXn44iuxyQv-6cSfPcG-yxbifzrCtkPsL_ObxMsLg==

GET
H2 200 1.12ba17b6.chunk.css
js.driftt.com/core/assets/css/ Frame 6695 44 KB
7 KB 63ms
62ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.12ba17b6.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 19:01:02 GMT
x-amz-version-id: 19YOPtagzF0I0emgnq_seBKB.3mPQekh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 927171
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 62
last-modified: Thu, 20 Jul 2023 18:22:08 GMT
server: istio-envoy
etag: W/"3b8ba82e1bac13ee29e9764a55620d99"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JvWmADPYE3CeQla50TxXvRZSydhpzY1PRjJ5UtKUPlAa0WyKLJqyoA==

GET
H2 200 1.be8346b1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 54 KB
17 KB 66ms
65ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.be8346b1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

14c31b1fc92b43518a568d37d84d9f67783605ba8a894a17e2eef5d7de283f9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: PLfb_l_4aFe.aYN3FEG.I5zIcM2Rb4sy
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2741224
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 29 Jun 2023 18:36:38 GMT
server: istio-envoy
etag: W/"c2bd45f4e9f02db923342d39137bf141"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fpcMQmJz3qAMxjDNjIMr-ehXIb6Okw3B2lPI7CKWNNho53qj85UeCw==

GET
H2 200 4.9d776499.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 23 KB
10 KB 68ms
68ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.9d776499.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

622373f59cdda9ea36f307c5f7bef0cfd8e140018c995b6394468a26ef499dec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 25 Jul 2023 18:55:58 GMT
x-amz-version-id: uGJ36CDXFf5jc7zFgfXUohqg1i8mPHWM
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 495475
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 25 Jul 2023 18:08:15 GMT
server: istio-envoy
etag: W/"cc02ad980b6b04f3bba61e68883356d4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Rt06R_pbnrGR3jutccYyN3A0wHzMB1s7OMMi5rZc45Tp2jBrRVqF8w==

GET
H2 200 34.0504aac4.chunk.css
js.driftt.com/core/assets/css/ Frame 6695 16 KB
3 KB 69ms
69ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.0504aac4.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2b74bc303570faa3cd261b240078960cd0c28f811ae71cb72352809a42d20f6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: Y0eUMP8TZIUm_xphXPO8Cb7kobR8Sp8P
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2741224
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 29 Jun 2023 18:36:37 GMT
server: istio-envoy
etag: W/"95b017fb41a8751bd7175f8a73f035f8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BcxaozoUlH4xjnLO-WqcXdo2sr73JUa31UUI1QIzWKST4jJxElWIog==

GET
H2 200 34.26535e57.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 12 KB
5 KB 70ms
70ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.26535e57.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c7076a6235cd12720cc675334102d16bd5e46a33910f1b3ada0425b74ed020d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: pP4ZKQ0wl7_jYctuYheBxCj9PF_v.ESa
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2741224
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"d1f726d8d49e4c3e218775f6ce78039f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9thYnxXFLeqMbL-O3C29Z8xQTxXB-pD-wPIsW_rXFzfSrGv4UyhfkA==

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 51E1 146 B
588 B 416ms
136ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

25dad2a4108b49a45658965de973ba2c5ac3a53c682f5e607a873deaa9ad16b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 31 Jul 2023 12:33:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 839364adc511f872
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 146

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/uWhJBalAQeFpeNitJUHH/ Frame 0
0 221ms
175ms Preflight
text/html 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/uWhJBalAQeFpeNitJUHH/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type
Access-Control-Request-Method: GET
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
access-control-allow-origin: https://arcticwolf.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7ef5df583a6e23cb-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 31 Jul 2023 12:33:54 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 56 KB
17 KB 83ms
69ms Script
application/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f03450bb6efbf09d31b7d62bd7b5ebe3e21ca4c132341b929dcfd2d0e21f133e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:53 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 3587
x-guploader-uploadid: ADPycduJL52BMc4arFkz31sKdg-azxE9Mukuzeu6nHv-49HlcrnXyGQavEAREjr0lqMF7p9nHISxH0P4zElbvfJ72Gvq-IsoVSgx
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 16 May 2023 09:01:21 GMT
server: cloudflare
etag: W/"98af2c9e21e222c751d8c61f27ca2f67"
x-goog-hash: crc32c=hquDPQ==, md5=mK8sniHiIsdR2MYfJ8ovZw==
x-goog-generation: 1684227681426057
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 57282
cf-ray: 7ef5df580f6e069a-LHR
expires: Mon, 31 Jul 2023 12:34:06 GMT

GET
H2 200 / Show response
ws.zoominfo.com/pixel/uWhJBalAQeFpeNitJUHH/ 3 KB
1 KB 278ms
276ms Fetch
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/uWhJBalAQeFpeNitJUHH/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

cc06955c38d52ed04f49faa1b2be7f39b14072b0d16651b7a7c6337da5370538

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
_vtok: MjE3LjEzOC4xOTYuMTA2
_zitok: 7a8a8d221dac37af15bd1690806833
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/javascript

Response headers

date: Mon, 31 Jul 2023 12:33:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://arcticwolf.com
access-control-allow-credentials: true
cf-ray: 7ef5df5958ce069a-LHR
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 168ms
168ms Preflight
text/html 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://arcticwolf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://arcticwolf.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7ef5df58ab1223cb-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 31 Jul 2023 12:33:54 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 634 B
682 B 210ms
209ms Fetch
application/json 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

fb77c038cc434f85e19d2b50fc346886d472ef2e6b8a9fb372aaf3a797b6bd0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
Authorization: bearer 0a190541422eb542fed35325908f47
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 31 Jul 2023 12:33:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
etag: W/"27a-NM1OHfLq2P8DxYOEtPvE6qrsIWM"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arcticwolf.com
access-control-allow-credentials: true
cf-ray: 7ef5df59beee71da-LHR
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
alt-svc: h3=":443"; ma=86400

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 233ms
233ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 51E1 25 B
89 B 168ms
141ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 31 Jul 2023 12:33:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 96fa3f3999161ce5
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame 51E1 30 KB
9 KB 920ms
916ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

a3e268032fe98e023f15ca2a46963871cb10de88b21f3b49c2d56175ab5c61d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 31 Jul 2023 12:33:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: f9a9e98535c16905
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 799
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ Frame 036B 0
294 B 116ms
115ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://arcticwolf.com
Date: Mon, 31 Jul 2023 12:33:54 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 240ms
240ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:55 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
294 B 208ms
207ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://arcticwolf.com
Date: Mon, 31 Jul 2023 12:33:55 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

POST
H2 200 mon Show response
obs.robotflowermobile.com/ 0
39 B 123ms
123ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.robotflowermobile.com/mon
Requested by: Host: ob.robotflowermobile.com
URL: https://ob.robotflowermobile.com/i/9decd3b0fe5c0841dd43a5375baa5a71.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://arcticwolf.com
date: Mon, 31 Jul 2023 12:33:55 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

POST
H2 200 track Show response
event.api.drift.com/ Frame 51E1 828 B
888 B 119ms
118ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

bb46a7d8b2f249d390b1efa4da5979a20e1827cff19ea7514917169de7190600

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODk5NzAxNjI5MSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEyNjQyMTUiLCJleHAiOjE3MjI0MjkyMzUsImlhdCI6MTY5MDgwNjgzNX0.XRlqOVpMoUHbu8oCxCJ5vMLLQyhcNnkOwY1CwmfDbt218xRJz6VdN2lsG3kmenw0cFlgZehkLmueZtUgnQlNiA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 31 Jul 2023 12:33:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 65882fa3f28ac431
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 828

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 133ms
122ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 31 Jul 2023 12:33:56 GMT
requestid: drift82652084d51a0b98c89997231ad
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

OPTIONS
H2 200 evaluate_with_log
targeting.api.drift.com/targeting/ Frame 0
0 128ms
118ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 31 Jul 2023 12:33:56 GMT
requestid: drifta24b56c45e293574000c96859fd
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 200 evaluate_with_log Show response
targeting.api.drift.com/targeting/ Frame 51E1 2 KB
880 B 121ms
121ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

83c7035c26edcdcdeb8078dd670f94639793c003cdaff7e71f7983130e12250d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODk5NzAxNjI5MSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEyNjQyMTUiLCJleHAiOjE3MjI0MjkyMzUsImlhdCI6MTY5MDgwNjgzNX0.XRlqOVpMoUHbu8oCxCJ5vMLLQyhcNnkOwY1CwmfDbt218xRJz6VdN2lsG3kmenw0cFlgZehkLmueZtUgnQlNiA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 31 Jul 2023 12:33:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 1b4ec35266a8340e
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 816

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 231ms
231ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:56 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 render_initial_v3 Show response
flow.api.drift.com/flows/ Frame 51E1 3 KB
2 KB 164ms
163ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

a450fb5b3cb595e170ecba241503152079cebfa6748b4460f39c947cd183aadd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODk5NzAxNjI5MSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEyNjQyMTUiLCJleHAiOjE3MjI0MjkyMzUsImlhdCI6MTY5MDgwNjgzNX0.XRlqOVpMoUHbu8oCxCJ5vMLLQyhcNnkOwY1CwmfDbt218xRJz6VdN2lsG3kmenw0cFlgZehkLmueZtUgnQlNiA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 31 Jul 2023 12:33:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 8903f2e26dee5e8c
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 44
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 1927

OPTIONS
H2 200 render_initial_v3
flow.api.drift.com/flows/ Frame 0
0 128ms
118ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 31 Jul 2023 12:33:56 GMT
requestid: driftad99c06434f956235f83f47d9b9
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 2

OPTIONS
H2 200 widget
targeting.api.drift.com/impressions/ Frame 0
0 120ms
119ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 31 Jul 2023 12:33:56 GMT
requestid: drift9b16a604aacac69e9a333cae558
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 204 widget Show response
targeting.api.drift.com/impressions/ Frame 51E1 0
38 B 132ms
130ms XHR
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODk5NzAxNjI5MSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEyNjQyMTUiLCJleHAiOjE3MjI0MjkyMzUsImlhdCI6MTY5MDgwNjgzNX0.XRlqOVpMoUHbu8oCxCJ5vMLLQyhcNnkOwY1CwmfDbt218xRJz6VdN2lsG3kmenw0cFlgZehkLmueZtUgnQlNiA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 31 Jul 2023 12:33:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 81b40ebbb3f51ebb
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 11
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 19 KB
7 KB 51ms
50ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:16:11 GMT
x-amz-version-id: gdLzK0_qjU8jtmmLbxCIMiiKO3ne3if8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2935065
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Mon, 26 Jun 2023 20:12:20 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BS01M1VKpq-W0Z0trKU4zlsrMFgEGy79z3mPse4UTrNp5wdDO5-vLg==

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 51E1 19 KB
7 KB 45ms
44ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zaxd53bdwtvy&eId=zaxd53bdwtvy&region=US&forceShow=false&skipCampaigns=false&sessionId=47ee7a58-026e-42d1-a790-1856662250bb&sessionStarted=1690806833.094&campaignRefreshToken=a354b455-d761-4bb4-8149-a1f8713e6171&hideController=false&pageLoadStartTime=1690806827928&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:16:11 GMT
x-amz-version-id: gdLzK0_qjU8jtmmLbxCIMiiKO3ne3if8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2935065
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Mon, 26 Jun 2023 20:12:20 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XfyHQj0QWj84InIVs7GSdlYKfGzsRS8LAc0RY7G99wKMq-2XQssPgg==

GET
H2 200 43.e483d03f.chunk.css
js.driftt.com/core/assets/css/ Frame 6695 900 B
2 KB 54ms
54ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/43.e483d03f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

12ffe3ad71f763d9057baf43e0f1c1482bb9a0372602020554c4d52f52b37981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:34 GMT
x-amz-version-id: eQojblS7iq9zWv866tsQZ.q3mPuIhEYW
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 6909862
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 129
content-length: 900
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: "0bd11a8facc0a9d41713c64ed1ba1289"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VcxKqWN0QeU-NHKHm1b8QcMWZ8Sc-aKYtWXJxt8reoEXTSpCeIfKPA==

GET
H2 200 43.bd189648.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6695 303 B
997 B 55ms
55ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/43.bd189648.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e6fe88a41144fac0a75be6c94627d7ddbe2d58e0ccea7d714ea7108e1be694de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690806827928
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 20:17:59 GMT
x-amz-version-id: _FXY75ELCVXJGZNSAbvUc96rltQngzGr
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 3946557
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
content-length: 303
last-modified: Thu, 15 Jun 2023 16:23:06 GMT
server: istio-envoy
etag: "64c5c459373f38cfa09d006a64744acb"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7iHCCpVAgSBuJAjfDT4gfWoqza7ROzMiXnY0tl4DAKug5lK47pofcQ==

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame 6695 14 KB
14 KB 56ms
47ms Font
font/woff2 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

07c94892c3e0ac93d2bcb3a9cb88aa67ea47b3d1aa89bc39dfcc2b025dcd8988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 17 May 2023 00:10:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 6524577
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 43
content-length: 13976
last-modified: Fri, 03 Mar 2023 14:35:52 GMT
server: istio-envoy
etag: "e7e52c955aa33e618baf437a16539524"
access-control-allow-methods: GET, POST, OPTIONS
content-type: binary/octet-stream,font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CWuieXxS2vX4cu0HzPa27myOuvRqb5SipQ7yld4lX_Qjf-ioilyrvQ==

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame 6695 14 KB
14 KB 57ms
49ms Font
font/woff2 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b8e094ad64704c2e4836153e641e432b22159b03d5b240b6dd303461be83f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 01:06:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 8162875
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 45
content-length: 14148
last-modified: Fri, 03 Mar 2023 14:35:52 GMT
server: istio-envoy
etag: "69b28056044be6438ce7e5214c66ba82"
access-control-allow-methods: GET, POST, OPTIONS
content-type: binary/octet-stream,font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XCEePhMc97uEbv4oHiNDIfWHaTLEON94Ouw655tKBWBMIOHULa1s2A==

GET
H2 200 https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F1702199%252F0a9ac18c304c88717f48acb372c335f35kxpb2fu82ea%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w...
driftt.imgix.net/ Frame 51E1 7 KB
7 KB 152ms
45ms Image
image/png 2a04:4e42:8d::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F1702199%252F0a9ac18c304c88717f48acb372c335f35kxpb2fu82ea%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3D7009d7741c289274b8f9520b62d2a6b9?fit=max&fm=png&h=200&w=200&s=e50ab7dedd04f05e59f405d346b18282

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:8d::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

e5ae789d81390b4ac4878c633977260b0a910a549d589e4613f647c3f8149873

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:56 GMT
x-content-type-options: nosniff
age: 4735474
x-cache: HIT, HIT
x-imgix-id: baddba7ddcc43f48abf7345afed8c144658f3681
cross-origin-resource-policy: cross-origin
content-length: 7138
x-served-by: cache-sjc1000113-SJC, cache-fra-eddf8230116-FRA
x-imgix-render-farm: 01.139824
last-modified: Tue, 06 Jun 2023 17:09:22 GMT
server: imgix
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame 51E1 14 KB
14 KB 46ms
45ms Font
font/woff2 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

07c94892c3e0ac93d2bcb3a9cb88aa67ea47b3d1aa89bc39dfcc2b025dcd8988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 17 May 2023 00:10:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 6524577
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 43
content-length: 13976
last-modified: Fri, 03 Mar 2023 14:35:52 GMT
server: istio-envoy
etag: "e7e52c955aa33e618baf437a16539524"
access-control-allow-methods: GET, POST, OPTIONS
content-type: binary/octet-stream,font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ud3MAlrAjePrE8Iv6hnE5Vz2yBB3s7A9SNH09MoS78ei9wzvdx8jOw==

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame 51E1 14 KB
14 KB 47ms
47ms Font
font/woff2 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b8e094ad64704c2e4836153e641e432b22159b03d5b240b6dd303461be83f542

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 01:06:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 8162875
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 45
content-length: 14148
last-modified: Fri, 03 Mar 2023 14:35:52 GMT
server: istio-envoy
etag: "69b28056044be6438ce7e5214c66ba82"
access-control-allow-methods: GET, POST, OPTIONS
content-type: binary/octet-stream,font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 342vqHq-5UcYUTgMNTQc_ek9okuMvU6p9t7ZKSbdHJTAMt47xg5RZA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 233ms
233ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:57 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event3/ Frame 51E1 25 B
107 B 130ms
130ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event3/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 31 Jul 2023 12:33:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: e129521317c601ca
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 mon Show response
obs.robotflowermobile.com/ 0
39 B 108ms
108ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.robotflowermobile.com/mon
Requested by: Host: ob.robotflowermobile.com
URL: https://ob.robotflowermobile.com/i/9decd3b0fe5c0841dd43a5375baa5a71.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://arcticwolf.com
date: Mon, 31 Jul 2023 12:33:57 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

POST
H2 200 mon Show response
obs.robotflowermobile.com/ 0
16 B 114ms
112ms XHR
application/json 2600:1f18:e8a:cd06:e361:a2ce:b047:17c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.robotflowermobile.com/mon
Requested by: Host: ob.robotflowermobile.com
URL: https://ob.robotflowermobile.com/i/9decd3b0fe5c0841dd43a5375baa5a71.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://arcticwolf.com
date: Mon, 31 Jul 2023 12:33:57 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 236ms
234ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:58 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 41ms
39ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-33RYRGB9LX&gtm=45je37q0&_p=722153469&cid=175781712.1690806830&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1690806832&sct=1&seg=1&dl=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&dt=Incident%20Response%20Timeline%20-%20Ransomware%20-%20Arctic%20Wolf&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-33RYRGB9LX&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 12:33:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://arcticwolf.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 237ms
237ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 12:33:59 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
294 B 106ms
106ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://arcticwolf.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://arcticwolf.com
Date: Mon, 31 Jul 2023 12:33:59 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H/1.1 200
OK img
pixel.mathtag.com/comp/ 0
503 B 53ms
53ms Image
image/gif 23.35.228.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-210.deploy.static.akamaitechnologies.com
Software: MT3 1031 59fd23a master cdg cdg-pixel-x11 config_version:"1438" /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://arcticwolf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Mon, 31 Jul 2023 12:33:59 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x11 config_version:"1438"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Mon, 31 Jul 2023 12:33:58 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: arcticwolf.com
URL: https://arcticwolf.com/wp-content/uploads/2021/11/AW_LOGO_REVERSE-334.png

Domain: 11592367.fls.doubleclick.net
URL: https://11592367.fls.doubleclick.net/activityi;src=11592367;type=home;cat=allsi0;ord=8548564205194;auiddc=103245672.1690806829;u1=%5BMarket%5D;u2=%5BURL%5D;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw?

Domain: marvel-processor.bc0a.com
URL: https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000241276&url=https://blob:https://arcticwolf.com/5dd11da2-10df-4012-a3c8-3f50dbd16e4c

Verdicts & Comments Add Verdict or Comment

312 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

62 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cybersecurity.arcticwolf.com/	1970-01-20 13:40:08	Name: __cf_bm Value: .Pq9sqJ34ik3SlAOIdq224PjwqkAcnNYKSPKLVFKEdU-1690806828-0-AThRX0VOU172rWAcMdthS9pVEOVybg+AxJFWm50LEldqbuWdtx30TNQcVd4adITotGAf0FtRByWqRqAjhTSDRsQ=
.arcticwolf.com/	1970-01-20 15:49:42	Name: _gcl_au Value: 1.1.103245672.1690806829
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 1N0eZibuXb8
.youtube.com/	1970-01-20 17:59:18	Name: VISITOR_INFO1_LIVE Value: nvUmje-Kuio
.arcticwolf.com/	1970-01-20 15:49:42	Name: _rdt_uuid Value: 1690806829404.c1566614-fd9e-4e71-bb0d-fec90426b30a
.techtarget.com/	1970-01-20 13:40:08	Name: __cf_bm Value: _mwmiJF_NCqrvwhcwSwPWTPtZJSNZu.dhVBYaxUSEVg-1690806829-0-AbG6xdwPE1FOIiTrY5oXOnhk6eJaQ/+2V3RULQ4Ae5PM7Cu72woj0OIYqITrEDEj1b+1lLqjFgjjOq7HQUAMyas=
.zoominfo.com/	1970-01-20 13:40:08	Name: __cf_bm Value: 4LncVP2VB900hvJgKKCJN_P.5vKL4jmTgNuTL1VYZu4-1690806829-0-AV95lHxdeaocNwdHP0NPd3H9J8sG7XbNEOy1S+X1G1t+i//P4UNFK3UjDuOgNPbOveiH/a3a00WNXC5r8bcFrJg=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: dozPLRCAf567TxQSJkd_DGSMBhCX3tWi_SktT8PJh.U-1690806829536-0-604800000
.mathtag.com/	1970-01-20 23:06:02	Name: uuid Value: 09fd64c7-aa2d-4500-b292-fe899938fff8
cybersecurity.arcticwolf.com/	1969-12-31 23:59:59	Name: BIGipServersj21web-nginx-app_https Value: !RNWtJ3EY7ogcaNe6vCJNuEQ8FVxgELKcwM9WucTQFX7qG/WqkJ8Vnt49hTxJZfrBx+Iugk2ZO0dIn0c=
.arcticwolf.com/	1970-01-20 23:16:06	Name: _mkto_trk Value: id:840-OSQ-661&token:_mch-arcticwolf.com-1690806829594-35094
arcticwolf.com/	1970-01-20 22:25:42	Name: __pdst Value: 1dc6e60228a8430791fb167911456254
arcticwolf.com/	1970-01-20 13:41:33	Name: ln_or Value: eyI1MDYwNSI6ImQifQ%3D%3D
.arcticwolf.com/	1970-01-20 13:41:33	Name: _gid Value: GA1.2.1606525572.1690806830
.arcticwolf.com/	1970-01-20 13:40:06	Name: _gat_UA-67837305-1 Value: 1
tracking.g2crowd.com/	1970-01-20 14:00:16	Name: _session_id Value: 6d0e9f5154c71e1c0cd6f51d7ead472b
.g2crowd.com/	1970-01-20 13:40:08	Name: __cf_bm Value: q8lCuVebcIY21QPTqrSQfaImGJC5_64..DpFuo6aVfE-1690806829-0-ATDQgw0nz+1bT4SropSlxWJfvfotdJuBTZpgjyrODFSM3FlzMWFl8Ur+Io1r5/MKoHxy2kPe9pFlpQ+MkExE+MM=
.t.co/	1970-01-20 23:16:06	Name: muc_ads Value: 82be8af1-e4d6-4ec0-ba10-a3895fa64b3b
.linkedin.com/	1970-01-20 15:49:42	Name: li_sugr Value: 495784f0-539b-4903-825d-a3320f74c317
.linkedin.com/	1970-01-20 22:25:42	Name: bcookie Value: "v=2&63feab39-1647-4107-80e7-770b3e07897a"
.linkedin.com/	1970-01-20 13:41:33	Name: lidc Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2568:u=1:x=1:i=1690806829:t=1690893229:v=2:sig=AQGi2H38NgiXw45_WoqzWYR1UioHH-r5"
.twitter.com/	1970-01-20 23:16:06	Name: personalization_id Value: "v1_gqXGKK+XMolnTN25Wzy14A=="
.mathtag.com/	1970-01-20 14:23:18	Name: mt_misc Value: mt_bt:1
www.clarity.ms/	1970-01-20 22:25:42	Name: CLID Value: 4cda9fd9502f4e538517b7aa2c6ac895.20230731.20240730
.linkedin.com/	1970-01-20 14:23:18	Name: UserMatchHistory Value: AQK06Z7tqQzFngAAAYmr8MM_2DsXeNfJcIuaLeQIE1KiPslA1b9SMg4Sqo8piUqRJqF6flgqByrjQw
.linkedin.com/	1970-01-20 14:23:18	Name: AnalyticsSyncHistory Value: AQL1dNsvOX9mRQAAAYmr8MM_a41wO6sAkyeDhYl6iwOnyY6H9k3HkezpRVV1I6utyHUkRjL7qwqBZXeOI5pCEA
.arcticwolf.com/	1970-01-20 15:49:42	Name: _fbp Value: fb.1.1690806830096.1990923244
.doubleclick.net/	1970-01-20 23:01:42	Name: IDE Value: AHWqTUkkYAOKHnt3gg-rQDGd1KuMViXC7naMXCbhqd3dUBdIzGG8qCtr3S-y8pNsOFU
.www.linkedin.com/	1970-01-20 22:25:42	Name: bscookie Value: "v=1&20230731123350591f5c5d-cfa6-4212-862f-a9313184cc17AQEsupokhTuJfEdJorzEwJBqpbiCMNIR"
.linkedin.com/	1970-01-20 17:59:18	Name: li_gc Value: MTswOzE2OTA4MDY4MzA7MjswMjH4P1XoqFVa+QAlGEtWmedF1VmTnHfgawmkuIK7rG1udw==
.arcticwolf.com/	1970-01-20 22:25:42	Name: _clck Value: t39mp4\|2\|fdr\|0\|1307
.arcticwolf.com/	1970-01-20 17:59:18	Name: dpi_utmVals Value: %7B%22UTM_Medium__c%22%3A%22nurture%22%2C%22UTM_Source__c%22%3A%22email%22%2C%22UTM_Campaign__c%22%3A%22NULL%22%2C%22UTM_Content__c%22%3A%22NULL%22%2C%22UTM_Term__c%22%3A%22NULL%22%2C%22utm_adgroup__c%22%3A%22NULL%22%2C%22GCLID__c%22%3A%22NULL%22%7D
.arcticwolf.com/	1970-01-20 17:59:18	Name: dpi_utmOrigVals Value: %7B%22utm_orig_medium__c%22%3A%22nurture%22%2C%22utm_orig_source__c%22%3A%22email%22%7D
.facebook.com/	1970-01-20 15:49:42	Name: fr Value: 0ylnoElMge6NReGXU..Bkx6ou...1.0.Bkx6ou.
.arcticwolf.com/	1970-01-20 22:25:42	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Jul+31+2023+12%3A33%3A50+GMT%2B0000+(GMT)&version=202209.1.0&isIABGlobal=false&hosts=&consentId=934c8cc7-06f9-4727-9812-ecd416e0e39b&interactionCount=0&landingPath=https%3A%2F%2Farcticwolf.com%2Fincident-response-timeline-ransomware%2F%3Futm_source%3Demail%26utm_medium%3Dnurture%26mkt_tok%3DODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw&groups=C0004%3A0%2CC0003%3A0%2CC0001%3A1%2CC0002%3A0
.arcticwolf.com/	1970-01-20 23:16:06	Name: nmstat Value: 54bfe1df-5e39-d4b2-fb2a-5dedebf37f27
6145655.global.siteimproveanalytics.io/	1970-01-20 13:50:11	Name: AWSALBCORS Value: /0jXSAITjrpB4W2SbtfTzcOimNi76/LF7Q+01ztbjvwp/vGfzeYGft3ZVrwDeAkwnF5OjjIs3NGuxIMcnG891653h52X+6keY/LdFQ0pJWpZpP6s5yDdaY2tQJoS
.arcticwolf.com/	1970-01-20 23:16:06	Name: vid Value: a22c1381-2d28-41bb-b5c0-a103cf5a5fb8
.arcticwolf.com/	1970-01-20 15:51:30	Name: _cq_duid Value: 1.1690806831.zmA9kSLE7QY3HiyF
.arcticwolf.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1690806831.xWAz87pHDN3ImLYE
.arcticwolf.com/	1970-01-20 13:40:08	Name: _pf_ses.2b27 Value: *
.arcticwolf.com/	1970-01-20 23:16:06	Name: _pf_id.2b27 Value: a22c1381-2d28-41bb-b5c0-a103cf5a5fb8.1690806832.1.1690806832.1690806832.88491444-ef11-4931-bf7f-e810e3ff47ae
obs.robotflowermobile.com/	1970-01-20 21:43:57	Name: cg_uuid Value: a465e2b9285e017610f97c181e5768e5
.arcticwolf.com/	1970-01-20 13:41:33	Name: _uetsid Value: 8113c6e02f9e11ee8c60ef2f49c81cee
.arcticwolf.com/	1970-01-20 23:01:42	Name: _uetvid Value: 8113e0402f9e11eeb866a3fe52fb294d
.bing.com/	1970-01-20 23:01:42	Name: MUID Value: 30A10492562C6192373117CD57E76020
.arcticwolf.com/	1970-01-20 23:16:06	Name: _ga Value: GA1.1.175781712.1690806830
.c.bing.com/	1970-01-20 13:50:11	Name: MR Value: 0
.c.bing.com/	1970-01-20 23:01:42	Name: SRM_B Value: 30A10492562C6192373117CD57E76020
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 23:01:42	Name: MUID Value: 30A10492562C6192373117CD57E76020
.c.clarity.ms/	1970-01-20 13:50:11	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 13:40:07	Name: ANONCHK Value: 0
arcticwolf.com/	1970-01-20 23:16:06	Name: _gd_visitor Value: bd20f5ca-06f2-41c1-8a9c-537780e4d3d4
arcticwolf.com/	1970-01-20 13:40:21	Name: _gd_session Value: b6915fad-3577-4ff7-895c-94ae37695b48
arcticwolf.com/	1970-01-20 13:40:08	Name: drift_campaign_refresh Value: a354b455-d761-4bb4-8149-a1f8713e6171
.arcticwolf.com/	1970-01-20 13:41:33	Name: _clsk Value: 138trft\|1690806833259\|2\|1\|q.clarity.ms/collect
.6sc.co/	1970-01-20 23:16:06	Name: 6suuid Value: f72a3517d17d010031aac7643a020000b7cbab00
.arcticwolf.com/	1970-01-20 23:16:06	Name: _zitok Value: 7a8a8d221dac37af15bd1690806833
arcticwolf.com/	1970-01-20 23:16:06	Name: drift_aid Value: 097e31c9-8b12-4d63-a152-bb13a5d741f3
arcticwolf.com/	1970-01-20 23:16:06	Name: driftt_aid Value: 097e31c9-8b12-4d63-a152-bb13a5d741f3
.arcticwolf.com/	1970-01-20 23:16:06	Name: _ga_33RYRGB9LX Value: GS1.1.1690806832.1.1.1690806836.56.0.0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://arcticwolf.com/incident-response-timeline-ransomware/?utm_source=email&utm_medium=nurture&mkt_tok=ODQwLU9TUS02NjEAAAGECk0v4Q05nh3fQ8kQm_RXLAlkSYMIhtad75hu5vtlJvafiSyzPopivYaNxvmxTKMAGH8wPMRmZOEE7oFtmkBv_5LBHFokZ5c7d_2FOweON3AxLw(Line 3857) Message: Refused to execute script from 'https://adservice.google.com/ddm/fls/z/src=12016171;dc_pre=CLD06KP6uIADFaAHogMdBIgODQ;type=invmedia;cat=arcti0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=' because its MIME type ('image/gif') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000241276&url=https://blob:https://arcticwolf.com/5dd11da2-10df-4012-a3c8-3f50dbd16e4c Message: Failed to load resource: net::ERR_INVALID_REDIRECT
worker	verbose	URL: blob:https://arcticwolf.com/e97b6a2d-3e55-4d78-83c0-0408c703d1cd(Line 1) Message: Error

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11592367.fls.doubleclick.net
6145655.global.siteimproveanalytics.io
840-osq-661.mktoresp.com
ad.doubleclick.net
adservice.google.com
alb.reddit.com
analytics.twitter.com
app.cdn.lookbookhq.com
arcticwolf.com
b.6sc.co
bat.bing.com
bootstrap.api.drift.com
c.6sc.co
c.bing.com
c.clarity.ms
cc.swiftype.com
cdn-app.pathfactory.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
cdn.pathfactory.com
cdn.pdst.fm
connect.facebook.net
cybersecurity.arcticwolf.com
driftt.imgix.net
epsilon.6sense.com
event.api.drift.com
flow.api.drift.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.zi-scripts.com
jukebox.pathfactory.com
marvel-b1-cdn.bc0a.com
marvel-b2-cdn.bc0a.com
marvel-processor.bc0a.com
metrics.api.drift.com
munchkin.marketo.net
ob.robotflowermobile.com
obs.robotflowermobile.com
pixel.mathtag.com
protect-eu.mimecast.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.clarity.ms
region1.analytics.google.com
s.swiftypecdn.com
siteimproveanalytics.com
snap.licdn.com
spcollector.pathfactory.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
targeting.api.drift.com
tracking.g2crowd.com
trk.techtarget.com
us-central1-adaptive-growth.cloudfunctions.net
ws-assets.zoominfo.com
ws.zoominfo.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.youtube.com
11592367.fls.doubleclick.net
arcticwolf.com
marvel-processor.bc0a.com
104.17.71.206
104.244.42.195
104.244.42.69
13.107.42.14
13.249.9.129
13.32.99.99
142.250.186.70
146.75.120.157
151.101.128.143
151.101.65.140
169.48.138.204
18.197.22.0
18.66.112.55
192.28.147.68
20.231.53.73
2001:4860:4802:32::36
2001:4860:4802:36::36
216.58.206.34
23.197.137.224
23.35.228.210
23.53.42.251
2600:1f18:e8a:cd06:e361:a2ce:b047:17c
2600:9000:2057:400:1c:f10a:ad80:93a1
2600:9000:20eb:d600:2:53b2:240:93a1
2600:9000:218e:4a00:0:f267:a5c0:93a1
2606:4700::6810:a852
2606:4700::6812:1d26
2606:4700::6812:1e49
2606:4700::6812:aa72
2606:4700::6812:d9f
2606:4700:e0::ac40:6824
2620:1ec:21::14
2620:1ec:46::45
2620:1ec:c11::200
2a00:1450:4001:806::2004
2a00:1450:4001:806::2008
2a00:1450:4001:808::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:810::2003
2a00:1450:4001:813::2003
2a00:1450:4001:827::200e
2a00:1450:4001:828::200a
2a00:1450:4001:82b::200e
2a00:1450:400c:c00::9d
2a02:26f0:7100::210:172
2a02:26f0:780::210:a40a
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42:400::396
2a04:4e42:8d::720
34.111.208.231
35.158.224.20
35.201.125.192
35.244.142.80
44.208.41.101
52.222.139.122
52.222.236.102
52.3.28.106
54.147.21.139
65.9.66.23
68.219.88.97
91.220.42.215
0131619310400e1b3f9c31771f6284da7e280d9078f0c97b8c7b9f136c724d4c
01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874
040e7b516a60105fbbd09dfba5e37c49539ce6b22b78aab284468c1185530f3d
04546ab6f2007d9dc6a58248b868f47da93b8404f7f4341c685a00b3184b230a
07c94892c3e0ac93d2bcb3a9cb88aa67ea47b3d1aa89bc39dfcc2b025dcd8988
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0e1726275acb8741cebb6ec76b0d2722efdcdcbf1d8d59b78c1b4a966217c607
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
12ffe3ad71f763d9057baf43e0f1c1482bb9a0372602020554c4d52f52b37981
138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47
14b6cfd9b2a41bf5ee498086b1fbe2e8a31b1f99d5e040d55bdbe2d95702b6ac
14c31b1fc92b43518a568d37d84d9f67783605ba8a894a17e2eef5d7de283f9c
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
17184fd3335ad72ab651cd752ec591c5234985af840dbaaec580ac0464343dd1
178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795
179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
190db2ea37186511e3cdfaeb6e37e68830c90647a9c18840f33ce00c03a05bd0
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1a5fd0df06232bca788b1f96dd4ec44161c7514cba646b07ae2049a2e2949597
1a8b62e10f603963a4181f69f6f169bb76486d865648be0b183df5d4c2506b41
1aeb9107928bb523947c28e17358efb50a07b942e15ed0a72259a5794ea2ca96
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b
1d256f8e79f97cc601f418fc564c0e52df806184b7d153bcea234dc8b32007e8
1dfd989ac7b6ae27f9e54d8590bebaa1d1db80e13e3056efbf6d0f06505f1bb0
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1ebf26a016b0a10fd7546384189a040fbadc9a9ab44ae0be5e72f4e69c765648
1fee1667af032f2cf9a26ec7b92a8e5138fc95ca06c7f9a95203aa48bc568a30
2070b66678531603157b65e7d2941b93fee78adbe9f90f7325227cf5855566b0
20bfa7c6c108b703de14c2ccb71e89a502db4a1abf769ba1b0669cb2fe077506
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
22abe5db26a8526eadb13cd4b84d4dadbcb5198452fd9d826a93acc9f0ac2597
2552d8d62d9c60f59b3b11a5d083d1ebd090c72de809fc7c76fb339825302241
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
25dad2a4108b49a45658965de973ba2c5ac3a53c682f5e607a873deaa9ad16b7
261774a6aad24d6e79e6998664f830b37bf553aee6bbb28526d119808b9bf3f8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2699ce8497fb6b97e382188efa325eb5aeb604b5e5a20f4551190054c29bf654
26e34b9fbbd2ecafe25af980f19ddc63342ffad01477b0fe851ac8c35bfea847
2a18bfb4399ff65752af3ddc73cdc18f2b2593e77ee0713a608aecedb71e6d72
2a39504ff0e8230cff9511b4027a386c4b2a54601d27524c751e7dc6f0a6e6f9
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2b74bc303570faa3cd261b240078960cd0c28f811ae71cb72352809a42d20f6e
2d7c7930eb39d59cd8c2dc00652977da3ed72347e7cd465f7b540e10e2121c22
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e
2fdaf549542c19d303a61dd53d8558a115ff3a1296d974b3392f9e47cb64fd5f
3251d9d7369ec04a40eb4b39b44d361d588cbe7a8bedf0e0b982adbd59de5b17
335d98ebb147dad9a8d9267aa953bf7f508c316c0cd2b55eb28bb65ffa26fd67
3424005a512b91236e4fbdd8390d22328c63407f8c648e07c17207064c29a484
34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68
36fe13eb7b91edf7c78330917907ecc709ead04ced47a90a7af3d658a7ace01e
37bab6cd583982e8eff58501a99d7c5c4d63664c1ca34f9e3b7cf526c5b73ae2
3963b8591050c4af2f0edf8a96662113f01900444868e6936c5d192bc44dfe6d
3a4c7a4655fde43b981e138f8c2b8ee77873e6862c5a47dee0205ab800e04157
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3e584003b5c6df9bc2854b2775e527ef7240f3d1cae4047e9aa504cdfbc109f9
3ef64e4a0001cd55211fff6bd306290f29c7482a6006d070ee21e52484b7ef22
3f9de756b0ed57cc0baffd54c3b4f6d038179760f5090d0d2ff6eab693eb46e6
3fa687375c6b66e730d285e17f84e59d3bfbf349c65604af77e10a648b0c2ed0
40f37d2df8593443c15e9068f98b87c737afd2365692ea115dd95643f06ab445
41034890cce103c8bb5af53c090b8431802103e3ef948df4b38d034ebff4f9af
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
458a0bfc433743487169403d4a82cfe6f703c488619ad7bd9568930ba95d5cc2
45fea66af44d9826903fc07fa91cb5cc8b4b85fdf27907682811f46a28566174
464604220f85e83ecf4b1efde51626f3c5ab77b7abc2302c5b12721bdd6a6b53
46b04afecdaf08e04385a7cabaec357f6edfc6a8b2b156d8c624c2621894f3de
481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
4a11069c6788f70e35c15b6234bbde2c786a08c17ef5a5b68a1b6923e504374a
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
50929c81b016e51828d0828be4758e8536e8db822a5a4632ff9a47cded9c9630
50ab33fc354407ebf6a0bc0c49ddf4d38c33106a78d9f855269543ba55a095f9
51187f64d3c89b9bba020ac511217aed3ea94cfc82aa3c5450b6132cfab4c039
5156dff19f3da0b22f54fae9883fdc4a140ab79ec89aac752751e9fc643159bc
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
521b858a4fcc33d56f0248f7aa72997c4acf17e0843bbb00e144f8ae41a40f82
524034ded2f6e108928b95369b2ef18fb6155e9da9b2d39ac1d83fab8e662628
52ea134848cf261f25b89a48cf302f4d97f3d69ef6db75c3648ff1ea6cd6fb3a
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
58c855e7eb9b917e71e6b733e73c542c25bacb986f3ba7df2be1570200312135
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
5bcbd83d020ff272645c59dff179841df9374a6295f324eee00b9de4e67bc1cd
5cbda13c6da86499271de5160e3ef03d92880ba87f2499f433d4daa574d0a576
5cbda29ea5096ac9404c59c77493a2f467d0eb4a27f16c750b61fc0d888dd716
5d217422afd593f6c2137ee8f84f4a48e65353f050c0261fcee027afee506888
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1
622373f59cdda9ea36f307c5f7bef0cfd8e140018c995b6394468a26ef499dec
639d0d582c4d7e66bddd8a2a18d2f1e0274a0c3b3c5952ad5cf4263e4e71d4fb
64bfe05478454245e962771172010666bc231cf7d0fa1e295627777d226e7724
65d8e50f33b942ee9417d9c48487e482247e0419edc4afe59378c9c9e96f7cd9
67f26ee67035628c2e4301de97067726fcc16a63c9edd440bf989599533346b5
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
68ad0f17e1cc8c6ee4255f50385313e19d9d59798b25f2be68980ef46c75a14f
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
6d19f681486e8ab7ff9f0c1d94bfd9e7b93bcc42b2733a694bca5152845e0c0d
6d794189224620cb3660234fa5744ba6f9ae7f5d704c6a78d4b259f75974560b
6e60af994c94f52d951f4ba72ce1ad110d02331dc2ab55b61110cd3be60c83f3
6e747240a41ab3683385d620cac524e92721981002d10ab1e3ccee31efecff4a
6eabf982ec86c7a2d08d260cdd257c9d1f1d9b589cb52a812be0dc5c7cf1af9a
6fa317686874e2babbb154c505e6d34dea75adf4cc6621773e1b40970a89419b
70473bd0b0e7e7184f687732de1aecf333cd42fea1bd239d95d9319b3fe7cd7c
70560ba9138d04a53b3d50ad24c6ba38a16a2cacb591ddaf7aabb312f0330a9f
71e61808aa8662515cda96301f406318ef49040de08a5b35983760393f08e337
7419952e850bbbe0c457ee9f42eabc5aaf50bacbc192ad90cbd07dc26fe948c2
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
76ae8e543977138f688ef3152041faae2e3268cab73f47ec485b6e1a6b7ea4ba
76efc435fc139294153b2304af750ccd6857bf3349577af166308db9eb0a2fdc
7715cffc4e9aba52a7b79cb2c6029d3b2d6422a36ae19ac3a3058fb9a6341e8c
7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787
7945e31328e2939c6be7a97c1b0be792e6699fafe33c77e2e1822e0f3cf59ff2
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
805f4b50daea87eb254e7b760b8f394c5f756c790e609f1180763b67f484099a
83c7035c26edcdcdeb8078dd670f94639793c003cdaff7e71f7983130e12250d
84d61e7247b5194fedf074ca201a7bbc68d3ee141236b4e7cb5030abf9ab58c5
85d4f543bdcd23982777f3fa8c7882c9621bd91773a6f9d7e609cf8dfdd3fbeb
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
87530a2baa39b3f6f02816034c7d38a3412936b1c633783128c5f01c01dff8b7
8879c5372c9cdd8a63f0482260b11c03651fb6bf5a216ab4478fdb30394ee24a
8a775d5562ead2b7a69e5e39bb905d660252059561da1150b152df1960f4471d
8f09b9458edd2ecf125cb4d6c96904d57f8096ff1079bbe42d28f77b7c74d2bc
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
8f42f88d459fb1bd9cfb240a58be441f7733441009f14aad204895e373b480ce
90c0376a25244c9c8d082f63713c65825f6e150178dcf839edfebfc7594a8dc0
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
93782ddf0e56d9337912140c04414253fd17fac6ed1520ea517dfce09975f83c
977f17a2a9f337ba1b4de255e4d8e20ad993c5e7eccfaec6922e1a2e8247f31c
97a354619589bfea9f81aaaa4d0e3ce6327f1e24cd2b545daafec99e677bf1ae
97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
985d2443766f9808d937fd868ce48ef047c921e499fae5d41a26e0253a57ee12
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9987dcc652130026523219440b654a3e307d16f186019031ad60a28d6f73aa2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9babe27bc02fe4d0b02c5119b7257a15a4cc31ebdc2e25580197a61a184c7b38
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
9ce048634d8fcf44322a58bea95aacc92ea158ef28fbed9b7fabc1df47ca9111
a0c3e823a07498a845daa25db9e85afdb4a985866f00b4cf1518f363336cd030
a389161ef795e43a29b7ce8dafeb70495884a5cb41d61e68ace519ed884f427e
a3e268032fe98e023f15ca2a46963871cb10de88b21f3b49c2d56175ab5c61d2
a3e647bd139028a8b14cd0c42545d61fe316a4a42436a5602b44df99d8d416f3
a3e7c89de8ec9f11eee1605a0367e23585548b1deab4cca3a4a17d5a23a90f79
a4070c8c1e9a3ec5f00c5072b23a70a87e32f2c336956bb4d12f515bc05b8196
a450fb5b3cb595e170ecba241503152079cebfa6748b4460f39c947cd183aadd
a526f7e1a82516f99f2639fc48cd8033545c9d1ddae99c01942dede8116d4ee5
a825c1076d2ad637268b08fe1857324b50d1a5824f98ddf0be538fa8a835059f
a876a773b46aea97d22c1f84dac918fbc98ee3c1e1729f21cef7911de52f141e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad35c96a8104ac3ccd60c7ce3cd073f9804e816c496c48b90197672e87ab7623
adf33b8aad77547072f626414623ad5581862c4fd92dd5c5484c861d7adb7edb
ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af0b0dbfec18aecd0518daf2ae4b6d60b0b148de91978fd182e2831ce659b5a2
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804
b441f50a6dbac69ad97ee1f9c6f4f7c1ebbdee148b80a218c61b7b1c32b86cb8
b836876c6014c346a749c23f680845562679daf29c640c99a3d92797a6244b4d
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b8e094ad64704c2e4836153e641e432b22159b03d5b240b6dd303461be83f542
b8ecc12e32efafcf95321fa2c3d3dda6eda40d71735ad8013ee5041ac525c749
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46a7d8b2f249d390b1efa4da5979a20e1827cff19ea7514917169de7190600
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bbd113130c7dac23f5a47905ca9e595fd45cb27971920df2340f0367ab3f17c4
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855
bcf38f64dc776acb4dbb6986b1674e1a467f625b79db226b98bfffb2302e07bd
bdd09ae9f057518bb63173753996460f13fda67e4fa826b78821db4edf47657b
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c1b33c23e7dbf19dbeb7f90352f4b64d182249a976b903daa88e2b0499e16f6d
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c2ed4b80cc0bfd8b35c13b9becb418d96d58f9f44048b24d6e45dba4938cac69
c365a59132dd34b492cb3a77d534078dd35cbbf75dbb2eabbe328642b74a291b
c375e284cb478a8f21e391c99fb79c9174682d0c21e13a3ed69aa0afa6fa073b
c4047043368afb4baf1aed25d358a5c2a333842a3b436b58491ab36aeee65b9d
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c51d2f7f7f77d98310f6931282896d49ca352deb54dd17c8ef658ab4d8cbd581
c532d1d7922f4b22b44f24f25d0a2317013412a19376a543eb130db19fdbeb33
c55902832fb84522d02ea1a60a30747403a140d8651fa748f13ba398b0c0df3a
c5904cf8f871eff63432d228df275b03148a0f5e8cc30abfed54f8a8dac1966a
c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2
c6e1a9cb6313bb6d04d32b237c96ff4e5bfaaa4522d1dea84292cd7869a47ace
c7076a6235cd12720cc675334102d16bd5e46a33910f1b3ada0425b74ed020d3
c7d91aa0b45c98f76ea2bfd58ea76caa71cb1dcbb2d2c4755011dae9934da658
c94f4be873febccf5892142ba97f462fc698aa4319d33045b368a5063f359716
c95bab0c7d4bbed3ae9b1aecfd4d43e506a4fce9e5345597a8eb2e9aa2510e73
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342
cbbcc1940575cb460e3fc9b5a883408b569ea12175913f5c3814a92ca0da217f
cc06955c38d52ed04f49faa1b2be7f39b14072b0d16651b7a7c6337da5370538
cc472918f012f11d6f59c7681969da54d0fd572d9863883ce00a08a07f46c845
ce145cf39a28f57c1f06b1c321e542beb551c7a76c183a3e1d18bb2f96716145
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d0bdb174b4b74f61ff0a508b88d84c5d32bd05458d7850bf426cebb9c18c0122
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d21b490fa72e9cd90e09db07c73ef43c0d65bf38de6a41dfd1c53338f71549a3
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d
d4cfd9de608164ad8ccc5cdabac2fd0db590394035c29e79c845987c1a955000
d52f1f1c0e3e9e237c7604afefa8d784064f688c76293e3f1102dab32a830925
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
d74324ac5719aa202221018cd0181776040570d0d6b94112fef8e841ef3d6c13
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
d8c74ee45a98e87beef8bb7a31b368645a2febd509e2a11e521649559742e2f8
d9ba9e6e9683becd7e4bd57b35350ffa981e7615125fef623482e4e6a8ff435d
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dcfea649d2c53356e7748de7af8fcdcc41b29fa06aa6d01366803ecfa8c85c58
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de33d25c348c9ed3bb8039156b407860db0cdc5eee5cdb26689276bfeef7a17f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de44ddd2c43625ffbc1b4fe2326f20f372b0cd58227c389ec76cb3b66900ea1e
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e634eb4bc8fc909bd1ea389002b9036063e2fe86f1a423fb2eb577baaf7e1c
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e4ce460b67637c8b03e885990e209b977d4ce829be256289a3a762b9a6290e5e
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e5ae789d81390b4ac4878c633977260b0a910a549d589e4613f647c3f8149873
e6fe88a41144fac0a75be6c94627d7ddbe2d58e0ccea7d714ea7108e1be694de
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
e9ba3d0c5d5408e00becd36ad394fa9ad9c0616741ebdd6dddc8e837db3605ba
e9f9ed7d81f247d2cd07fd3c7be9266f225df735359b39cda7caec6386c481e6
eb91e77384f9aff2e81a868ae4f2ae6fb5940c573d0e39088ff637414b4ffed9
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f03450bb6efbf09d31b7d62bd7b5ebe3e21ca4c132341b929dcfd2d0e21f133e
f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424
f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce
f659239ecec7a1d39d6da7c6325d6287efb8511241df1df3ef0d09d54246f886
f6d4e99f874940ca9f53da06745e1630a69d8c5f171a06b8761ee736886a2096
f7bb442b06bfb13ecfee3c3ec2b6b19440a33e080ca9378f8d6f161281bd01ed
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
fb77c038cc434f85e19d2b50fc346886d472ef2e6b8a9fb372aaf3a797b6bd0a
fca5eb2f7f0e369ce02c777e7c947f792a56d9cd843b274e5a535da2dc7211c8
fd0ffdf406831f19c420a98f72496543bd94c06844e867c843da2fa8dc0da5f1
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
feb76453ca3f8d8bef5068a68e73dc7fe6f34600622a230ca28f00b26ac42a6a

arcticwolf.com Open in urlscan Pro 52.222.139.122 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

359 Requests

97 %HTTPS

50 %IPv6

47 Domains

73 Subdomains

60 IPs

6 Countries

5622 kBTransfer

15948 kBSize

62 Cookies

12 Outgoing links

Page URL History

Redirected requests

359 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

arcticwolf.com Open in urlscan Pro
52.222.139.122 Public Scan

Screenshot
Live screenshot

Full Image

359
Requests

97 %
HTTPS

50 %
IPv6

47
Domains

73
Subdomains

60
IPs

6
Countries

5622 kB
Transfer

15948 kB
Size

62
Cookies

359 HTTP transactions
2 data transactions