www.picussecurity.com Open in urlscan Pro
199.60.103.29 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Submission: On September 10 via api (September 10th 2024, 8:57:20 am UTC) from IN — Scanned from DE

Summary HTTP 159 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 39 IPs in 5 countries across 32 domains to perform 159 HTTP transactions. The main IP is 199.60.103.29, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.picussecurity.com.
TLS certificate: Issued by WE1 on July 23rd 2024. Valid for: 3 months.

This is the only time www.picussecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
51	199.60.103.29 199.60.103.29	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	2606:4700:440... 2606:4700:4400::ac40:9284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
3 11	172.67.166.202 172.67.166.202	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.98.25.165 3.98.25.165	16509 (AMAZON-02) (AMAZON-02)
11	23.53.42.251 23.53.42.251	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a9a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 17	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:ac5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	143.204.205.137 143.204.205.137	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
3	2600:9000:249... 2600:9000:2490:4000:c:77c4:d500:93a1	16509 (AMAZON-02) (AMAZON-02)
1	172.67.75.100 172.67.75.100	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	157.240.252.13 157.240.252.13	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	104.18.26.50 104.18.26.50	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:350... 2a02:26f0:3500:10::210:a99	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:33:3... 2620:1ec:33:3::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6812:8d11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4f8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6dfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:f36c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	185.89.210.153 185.89.210.153	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:e30... 2a02:26f0:e300::5f64:9219	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
3	2600:1f14:50b... 2600:1f14:50b:9a02:4049:4df4:24f2:ab7d	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:264... 2600:9000:2646:9c00:b:8c20:bf40:21	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2600:9000:264... 2600:9000:2644:9000:10:fb15:b700:21	16509 (AMAZON-02) (AMAZON-02)
159	39

51 199.60.103.29 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.picussecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:9284 (United States)

ASN13335 (CLOUDFLARENET, US)

39666904.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
7048931.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.67.166.202 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.popt.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
display.popt.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.popt.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.98.25.165 (Montreal, Canada)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-98-25-165.ca-central-1.compute.amazonaws.com

p.visitorqueue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.53.42.251 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-42-251.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700::6810:7674 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:ac5b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.205.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-205-137.fra53.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh6.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2490:4000:c:77c4:d500:93a1 (United States)

ASN16509 (AMAZON-02, US)

t.visitorqueue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.75.100 (United States)

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.252.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.26.50 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:33:3::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8d11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6dfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f36c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.153 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:e300::5f64:9219 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f14:50b:9a02:4049:4df4:24f2:ab7d (Boardman, United States)

ASN16509 (AMAZON-02, US)

tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2646:9c00:b:8c20:bf40:21 (United States)

ASN16509 (AMAZON-02, US)

d3lopmpcew67el.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2644:9000:10:fb15:b700:21 (United States)

ASN16509 (AMAZON-02, US)

d362h7pxdteoyk.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	picussecurity.com www.picussecurity.com	762 KB
17	hubspot.com 2 redirects no-cache.hubspot.com — Cisco Umbrella Rank: 34139 js.hubspot.com — Cisco Umbrella Rank: 8139 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 8074 app.hubspot.com — Cisco Umbrella Rank: 10634 static.hubspot.com — Cisco Umbrella Rank: 51540 track.hubspot.com — Cisco Umbrella Rank: 5359 forms.hubspot.com — Cisco Umbrella Rank: 11636	45 KB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 12402 c.6sc.co — Cisco Umbrella Rank: 16017 ipv6.6sc.co — Cisco Umbrella Rank: 12823 b.6sc.co — Cisco Umbrella Rank: 6896	22 KB
11	hsforms.com forms-na1.hsforms.com — Cisco Umbrella Rank: 15115 perf.hsforms.com — Cisco Umbrella Rank: 36274 perf-na1.hsforms.com — Cisco Umbrella Rank: 8524 forms.hsforms.com — Cisco Umbrella Rank: 9382	7 KB
11	popt.in 3 redirects cdn.popt.in — Cisco Umbrella Rank: 48611 display.popt.in — Cisco Umbrella Rank: 48120 fonts.popt.in — Cisco Umbrella Rank: 122088	75 KB
5	cloudfront.net d10lpsik1i8c69.cloudfront.net d3lopmpcew67el.cloudfront.net d362h7pxdteoyk.cloudfront.net	571 KB
5	linkedin.com 1 redirects platform.linkedin.com — Cisco Umbrella Rank: 7061 px.ads.linkedin.com — Cisco Umbrella Rank: 669 px4.ads.linkedin.com — Cisco Umbrella Rank: 7330	163 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 5067	28 KB
4	gstatic.com fonts.gstatic.com	117 KB
4	visitorqueue.com p.visitorqueue.com — Cisco Umbrella Rank: 379830 t.visitorqueue.com — Cisco Umbrella Rank: 230930	5 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	3 KB
3	on.aws tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws — Cisco Umbrella Rank: 118495	5 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 534	15 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	212 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	38 KB
3	hubspotusercontent-na1.net 39666904.fs1.hubspotusercontent-na1.net — Cisco Umbrella Rank: 204552 7048931.fs1.hubspotusercontent-na1.net	7 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 18992	737 B
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 9601 forms.hscollectedforms.net — Cisco Umbrella Rank: 9837	25 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
2	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1868	28 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	89 KB
2	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 12087	6 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3123
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 764	705 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 7580	1 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 5135	25 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 10675	24 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 7189	4 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 11009	92 KB
1	mouseflow.com cdn.mouseflow.com — Cisco Umbrella Rank: 11558	460 B
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 23254	770 B
1	googleusercontent.com lh6.googleusercontent.com — Cisco Umbrella Rank: 1399	806 KB
159	32

	Domain	Requested by
51	www.picussecurity.com	www.picussecurity.com js.usemessages.com
8	b.6sc.co
6	cdn.popt.in	www.picussecurity.com cdnjs.cloudflare.com
5	track.hubspot.com
4	forms-na1.hsforms.com	www.picussecurity.com
4	cta-service-cms2.hubspot.com	1 redirects js.hubspot.com www.picussecurity.com
4	js.hs-banner.com	www.picussecurity.com js.hs-banner.com
4	fonts.gstatic.com	fonts.googleapis.com
4	no-cache.hubspot.com	www.picussecurity.com cdnjs.cloudflare.com
4	fonts.googleapis.com	www.picussecurity.com js.hs-banner.com
3	d362h7pxdteoyk.cloudfront.net	tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws
3	tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws
3	fonts.popt.in	3 redirects
3	perf.hsforms.com	www.picussecurity.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.picussecurity.com
3	t.visitorqueue.com	www.picussecurity.com t.visitorqueue.com
3	www.googletagmanager.com	www.picussecurity.com www.googletagmanager.com
3	cdnjs.cloudflare.com	www.picussecurity.com cdnjs.cloudflare.com
2	epsilon.6sense.com	j.6sc.co
2	display.popt.in	cdnjs.cloudflare.com
2	forms.hsforms.com	www.picussecurity.com
2	perf-na1.hsforms.com	www.picussecurity.com
2	snap.licdn.com	www.googletagmanager.com js.hsadspixel.net
2	platform.twitter.com	www.picussecurity.com platform.twitter.com
2	connect.facebook.net	www.picussecurity.com connect.facebook.net
2	static.hsappstatic.net	www.picussecurity.com
2	j.6sc.co	www.picussecurity.com j.6sc.co
2	39666904.fs1.hubspotusercontent-na1.net	www.picussecurity.com
1	region1.google-analytics.com	www.googletagmanager.com
1	d3lopmpcew67el.cloudfront.net	cdnjs.cloudflare.com
1	forms.hubspot.com	js.hsleadflows.net
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	static.hubspot.com	1 redirects
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	px4.ads.linkedin.com	www.picussecurity.com
1	api.hubapi.com	js.hsadspixel.net
1	app.hubspot.com	www.picussecurity.com
1	js.hscollectedforms.net	www.picussecurity.com
1	js.hs-analytics.net	www.picussecurity.com
1	js.usemessages.com	www.picussecurity.com
1	js.hsadspixel.net	www.picussecurity.com
1	js.hsleadflows.net	www.picussecurity.com
1	cdn.mouseflow.com	www.googletagmanager.com
1	7048931.fs1.hubspotusercontent-na1.net	www.picussecurity.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	lh6.googleusercontent.com	www.picussecurity.com
1	d10lpsik1i8c69.cloudfront.net	www.picussecurity.com
1	js.hubspot.com	www.picussecurity.com
1	platform.linkedin.com	www.picussecurity.com
1	p.visitorqueue.com	www.picussecurity.com
159	53

This site contains links to these domains. Also see Links.

Domain
events.picussecurity.com
discover.picussecurity.com
app.picussecurity.com
insights.picussecurity.com
academy.picussecurity.com
cta-service-cms2.hubspot.com
news.sophos.com
twitter.com
www.linkedin.com
www.facebook.com
support.picussecurity.com
www.youtube.com

Subject Issuer	Validity	Valid
www.picussecurity.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
hubspotusercontent-na1.net WE1	`2024-08-29` - `2024-11-28`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
upload.video.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
popt.in WE1	`2024-08-31` - `2024-11-29`	3 months	crt.sh
p.visitorqueue.com Amazon RSA 2048 M03	`2024-08-02` - `2025-08-31`	a year	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-03-29` - `2025-03-28`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hsappstatic.net WE1	`2024-09-06` - `2024-12-05`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
*.google-analytics.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.googleusercontent.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.visitorqueue.com Amazon RSA 2048 M02	`2024-02-15` - `2025-03-15`	a year	crt.sh
luckyorange.net WE1	`2024-07-26` - `2024-10-24`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-19` - `2024-09-17`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-08` - `2025-07-07`	a year	crt.sh
cdn.mouseflow.com Cloudflare Inc ECC CA-3	`2023-10-25` - `2024-10-23`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
hsleadflows.net WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
hs-banner.com WE1	`2024-07-27` - `2024-10-25`	3 months	crt.sh
hsadspixel.net WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
usemessages.com WE1	`2024-08-08` - `2024-11-06`	3 months	crt.sh
hs-analytics.net WE1	`2024-08-09` - `2024-11-07`	3 months	crt.sh
hscollectedforms.net WE1	`2024-07-25` - `2024-10-23`	3 months	crt.sh
hsforms.com WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
hubapi.com WE1	`2024-09-09` - `2024-12-08`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-08-27` - `2025-02-27`	6 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Frame ID: 4CC5B50A887A4DCA47E8C3F7A5A6561D
Requests: 163 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.picussecurity.com
Frame ID: 18B7023F3A248A0D3F6170239D85D8F6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BlackByte Ransomware Bypasses EDR Products via RTCore64.sys Abuse

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Mouse Flow (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.mouseflow\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?slick-theme\.css
(?:/([\d.]+))?/slick(?:\.min)?\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

159
Requests

97 %
HTTPS

66 %
IPv6

32
Domains

53
Subdomains

39
IPs

5
Countries

3187 kB
Transfer

7662 kB
Size

41
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://events.picussecurity.com/exposure-validation-briefing?hsLang=en-us
Title: REGISTER NOW >>

Search URL Search Domain Scan URL

URL: https://discover.picussecurity.com/start-your-free-trial?hsLang=en-us
Title: Free Trial

Search URL Search Domain Scan URL

URL: https://app.picussecurity.com/signin
Title: Login

Search URL Search Domain Scan URL

URL: https://discover.picussecurity.com/start-your-free-trial
Title: Free Trial

Search URL Search Domain Scan URL

URL: https://events.picussecurity.com/demo-picus-platform
Title: Request a Demo

Search URL Search Domain Scan URL

URL: https://insights.picussecurity.com/know-your-cyber-threats
Title: Actionable Threat Intelligence Report

Search URL Search Domain Scan URL

URL: https://academy.picussecurity.com/
Title: Purple Academy

Search URL Search Domain Scan URL

URL: https://events.picussecurity.com/beyond-cloud-security-posture-management?hsLang=en-us

Search URL Search Domain Scan URL

URL: https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/click?encryptedPayload=AVxigLL%2BPh5RDe%2FCP4NVJcyfyyV%2FT3fbv80nna%2Bp0JhrGzHga8tEbRexs9NpUNQROlK%2BhGV%2FRhVaLjNo7Fz6zm05VNAbtANVIQKi2tJq6QelW5%2FdjM7%2FQAxGJAaU5qPfF42KWU9NMBAi%2BcsIO%2Fq26u2o05K%2B1XBYPoB%2B0tx6JDRHEGzy1kKdl2UiG7NZrtrsOCY%3D&portalId=7048931&webInteractiveId=286429421129&containerType=EMBEDDED&pageUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageTitle=BlackByte+Ransomware+Bypasses+EDR+Products+via+RTCore64.sys+Abuse&referrer=&userAgent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F128.0.0.0+Safari%2F537.36&hutk=6613c1105e9cd5aa448c8b7903f05863&hssc=51282614.1.1725958634778&hstc=51282614.6613c1105e9cd5aa448c8b7903f05863.1725958634778.1725958634778.1725958634778.1&pageId=87726724166&analyticsPageId=87726724166&hsfp=2507617663&canonicalUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&contentType=blog-post&__hstc=51282614.6613c1105e9cd5aa448c8b7903f05863.1725958634778.1725958634778.1725958634778.1&__hssc=51282614.1.1725958634778&__hsfp=2507617663
Title: GET A DEMO

Search URL Search Domain Scan URL

URL: https://news.sophos.com/en-us/2022/10/04/blackbyte-ransomware-returns/
Title: https://news.sophos.com/en-us/2022/10/04/blackbyte-ransomware-returns/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&text=BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Search URL Search Domain Scan URL

URL: https://support.picussecurity.com/
Title: Customer Support

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/picus-security
Title: .st0{fill:#FFFFFF;}

Search URL Search Domain Scan URL

URL: https://twitter.com/PicusSecurity

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC5mXhfkplWvuVW2Jx9MvOIw

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1725958634254&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1725958634254&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&tm=gtmv2&e_ipv6=AQJ4HQeV0Lp4tgAAAZHbJrtqwbLaEbqkWyzSylFcJ8SSYo5wngkLPhsrp8lVznJC2p4Dj3nLAOhN

Request Chain 117

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/view?webInteractiveId=286429421129&containerType=EMBEDDED&portalId=7048931&audienceId=null&pageUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageTitle=BlackByte+Ransomware+Bypasses+EDR+Products+via+RTCore64.sys+Abuse&userAgent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F128.0.0.0+Safari%2F537.36&pageId=87726724166 HTTP 307
https://static.hubspot.com/img/trackers/blank001.gif HTTP 301
https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

Request Chain 140

https://fonts.popt.in/?family=Poppins&display=swap HTTP 302
https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Poppins&display=swap

Request Chain 159

https://fonts.popt.in/?family=Poppins&display=swap HTTP 302
https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Poppins&display=swap

Request Chain 160

https://fonts.popt.in/?family=Yeseva+One&display=swap HTTP 302
https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Yeseva+One&display=swap

159 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse Show response
www.picussecurity.com/resource/blog/ 143 KB
30 KB 695ms
630ms Document
text/html 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

047e26bb00e76e6e10f34ea70ee0f11b9174126bb6c2399babeb03c704d5a332

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-87726724166,CG-35190412163,P-7048931,W-32488136213,W-32488279843,W-32488280065,W-34050730072,CW-106636205147,CW-113292746136,CW-127211604583,CW-153850846592,CW-154512175274,CW-157190659966,CW-158831692418,CW-161965429884,CW-39038130957,CW-41162016556,E-117283871284,E-119013969479,E-125740770973,E-153853753872,E-154512352373,E-154797347330,E-155086192011,E-158844553760,E-158846858310,E-160359389297,E-161959088385,E-32300259976,E-32300424271,E-32300424286,E-32379253675,E-32379319518,E-32497563799,E-39027126556,E-81509078165,MENU-32488136213,MENU-32488279843,MENU-32488280065,MENU-34050730072,PGS-ALL,SW-3,B-35190412163,GC-113292746618,GC-150405732755,GC-153854563894,GC-153854773788,GC-158552791130,GC-161964680253,GC-161965565511
cf-cache-status: EXPIRED
cf-ray: 8c0e358c598f04a3-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-security-policy-report-only
content-type: text/html;charset=utf-8
date: Tue, 10 Sep 2024 08:57:12 GMT
edge-cache-tag: CT-87726724166,CG-35190412163,P-7048931,W-32488136213,W-32488279843,W-32488280065,W-34050730072,CW-106636205147,CW-113292746136,CW-127211604583,CW-153850846592,CW-154512175274,CW-157190659966,CW-158831692418,CW-161965429884,CW-39038130957,CW-41162016556,E-117283871284,E-119013969479,E-125740770973,E-153853753872,E-154512352373,E-154797347330,E-155086192011,E-158844553760,E-158846858310,E-160359389297,E-161959088385,E-32300259976,E-32300424271,E-32300424286,E-32379253675,E-32379319518,E-32497563799,E-39027126556,E-81509078165,MENU-32488136213,MENU-32488279843,MENU-32488280065,MENU-34050730072,PGS-ALL,SW-3,B-35190412163,GC-113292746618,GC-150405732755,GC-153854563894,GC-153854773788,GC-158552791130,GC-161964680253,GC-161965565511
last-modified: Tue, 10 Sep 2024 08:57:12 GMT
link: </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G6vUsTKbgnQMoE0OCBb61bsgpg7sRPTWQD8c1pNuotxHf7GZFU563OgXZCx%2FryeoPE69%2FE2RmzLZD5nXOBNTVpfrtOtywAdpvFEx79LqQ%2BU%2FxQUXSvgM6eZxY1IpHl56Bp9lOOhFZg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 374
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-js-rendering-td/envoy-proxy-fcd8d5b6f-c2ktv
x-evy-trace-virtual-host: all
x-frame-options: sameorigin
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 87726724166
x-hs-hub-id: 7048931
x-hubspot-correlation-id: 740f6610-6fd9-40c1-b49e-29d371038c02
x-request-id: 740f6610-6fd9-40c1-b49e-29d371038c02

GET
H3 200 project.js Show response
www.picussecurity.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 87ms
86ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
via: 1.1 a2ce61e5ddc66736c9e2bfb6581fa2da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1309575
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JaAyGw1ij302YZomHTdF%2Blot1J30JfS%2FNno0uVPFujL3MH%2FpSK3R9QsEhqIAXh9KAZoOxSgrJT1Kfn8Q8emmQTsP7XL%2BaZtUbLJH2m36Eq5Gjt%2BG4OphvDJvAq4eqaqKtmj0SCHWdw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8c0e35904cd504a3-FRA
x-amz-cf-id: am7XuUpzgZ44gWC9uZHQXtJ4bHkVqmd66-PXMSp85hKSj5xpJB6Nng==
expires: Wed, 10 Sep 2025 08:57:13 GMT

GET
H3 200 project.js Show response
www.picussecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 95ms
94ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 15614659
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FLDh%2BgtA1hU9YyRRGLnCEBw%2BSnAEAnPxN7QQgLufIaQ2qmD%2FvQOSccDZOmv0Cs7roJWwZf2OAXSoNp1kzUqNDT7aLMejN0n8LnOx%2FgT7Gq5xmj8QYh9DR9va8PaVpJwGec9q5rjHaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8c0e35904cd704a3-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Wed, 10 Sep 2025 08:57:13 GMT

GET
H3 200 v2.js Show response
www.picussecurity.com/_hcms/forms/ 483 KB
161 KB 105ms
105ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 403
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5999/bundles/project-v2.js&cfRay=8bd6880c43f392fe-ARN
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"6baa082bb753a0d6d6e8a595ed1a8003"
vary: accept-encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5999/bundles/project-v2.js
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: AFaf8mWb39Qooe1K5qzICbDOfESNQB7s
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 82a87069-a174-4a04-8bf6-c6c22b946f16
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 82a87069-a174-4a04-8bf6-c6c22b946f16
last-modified: Tue, 03 Sep 2024 14:36:36 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z1F89tUT066Clq38lp9kUmIrWcnG1f4v4u4xJn62fKOOnEPzRVAJTJ%2FaRCUHpD9EFYpDq8AJ1%2B%2FA%2BtSux3dcbssilhq7e2nLCBQy%2F34djlwzlXtRc4OBO1cRpggHkm6bWrmcJDIwgA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-jfqmf
cf-ray: 8c0e35904cdb04a3-FRA
x-amz-cf-id: GfWF64iWgwAqdoEl1BhiU1p8LwtSJT0SiIi_7W4YyTqRKMNtYGQzkA==

GET
H3 200 main.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1725536934420/Shield/css/ 62 KB
17 KB 84ms
83ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1725536934420/Shield/css/main.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c33a226e9787ec90b6c8ecf1f539b51592df0ed7cac9a0e4d2674a4377ed463d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 171
x-amz-request-id: HZRFC2TYWHJFXFE5
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"28ae1591e13a25755173aa333d9f0c4d"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1725536935400
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: LRk6GwpfmENuoLQ1jdRSxMDv5Mt_BU7T
x-cache: Miss from cloudfront
x-hubspot-correlation-id: be37cb2e-0071-460c-989c-3e4fd6adb933
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 144
alt-svc: h3=":443"; ma=86400
x-amz-id-2: FpNhhZ/pvmqRzDHsv5Le01A3D60bJTTiX02DuzEKtcOSl7c8aSaZHxKJWh7aoWVUpmOW1s04ZbA=
x-evy-trace-route-configuration: listener_https/all
x-request-id: be37cb2e-0071-460c-989c-3e4fd6adb933
last-modified: Thu, 05 Sep 2024 11:48:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BB0Unn72FPe1HHc3%2FcuJ8AvSD600l5F632S94BE3wWqLJMdNDdZf%2BcTD9ZOt0wp7urVRq9GNuA%2B2zh44VaPhRcQB4B2rdrV%2B01hkyXx%2B5tcqWTavxWkyOcIUzh%2BZLXKAPe%2FNfmWXg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-r22c5
access-control-allow-credentials: false
cf-ray: 8c0e35904cde04a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: vnzZB_51PAxWzkzOLVY6fYSui6it8w9POgDjv9F9TfKStAydxL3k_w==

GET
H3 200 theme-overrides.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424286/1711704470960/Shield/css/ 19 KB
7 KB 84ms
82ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424286/1711704470960/Shield/css/theme-overrides.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

616a7f16e89518adbc89002f178ebfac5756fc3e96ca30a807ce65ee0e7e4530

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 171
x-amz-request-id: DR2KB6HJMGC3TV54
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"07f9f0ec26d491d70da1865437d30ea9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1711704471664
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: n7FSIrJj.QJIuwKIz3DUmVp9IJPz6b56
x-cache: Miss from cloudfront
x-hubspot-correlation-id: ffbf4ca4-c01a-4ec0-96bc-696b31da4b49
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 176
alt-svc: h3=":443"; ma=86400
x-amz-id-2: tvinc57mcaA0KU698m+dUdI3hVSdQi709XCn8GoIA9lO+8K33yZRfD+MIerQ3wo5xh9vRlRdj5cEcoXQEM5Am45GUPqI+PH0u6eHfHBVlPU=
x-evy-trace-route-configuration: listener_https/all
x-request-id: ffbf4ca4-c01a-4ec0-96bc-696b31da4b49
last-modified: Fri, 29 Mar 2024 09:27:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JEyJig5qxWuxfPI%2BfrGSwMxO7rc1Ti4w922%2Bb2C5Lwi1uCI9621LHeNXhu0Di7M6npu0QF2UwjA7O2iFDogIZoO1nAONdb5K8dZoG8z3Hi9tvGfZu4l8gw45LiVOXEbx91NiL4bRCw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-7lgrh
access-control-allow-credentials: false
cf-ray: 8c0e35905ce104a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: iU4Pr_NqqI8ZwTtCLe7vo9o7aOXznIkPkzxvYTzz8aRaJtgv4IsdRQ==

GET
H3 200 shield-animate.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379319518/1682685745883/Shield/css/ 15 KB
4 KB 87ms
82ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379319518/1682685745883/Shield/css/shield-animate.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad35b390ce3898cfef7bb94973d42ab290ec56f7315e0b459f4ba017eac96f07

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 1592
x-amz-request-id: 3PGW0MHQQTC61DK0
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"dc33969eb4c5a40ef5e6be0462874811"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682685747003
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: O4dE7lsH.Q5zJBakndHS_xCk2kcdIjSC
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 2883406e-0b04-4bd4-a4e6-1cbef667efde
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 190
alt-svc: h3=":443"; ma=86400
x-amz-id-2: B4nHZx/1nqq/eN2neju8NzLasF4uorHo+TzPLXgNfwh/QSomSqYO+tOAbLt7ATmDPj0YLKYKSPI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2883406e-0b04-4bd4-a4e6-1cbef667efde
last-modified: Fri, 28 Apr 2023 12:42:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LGjEecsWd1OllFwUXWUx4q2eSTzMMSUImynFTpb2QmwzWNPG7KR1%2FzqGCOmKL12FEkSS5je%2BLeoON8PYA16mKTW5kDj48CW8LiadLXZpvBVPWwsJC60Xx0mdBvHf49x31ScyEtuxKg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-bkstl
access-control-allow-credentials: false
cf-ray: 8c0e35905ce904a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: mYLk-qrQXaP78g739Y0yAyJQG27nOnhxMqy7G8NVu1n7aGReejz41Q==

GET
H3 200 slick-theme.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/119013969479/1686049622830/Picus_IL_Shared/Shared_by_Themes/asset/ 3 KB
2 KB 90ms
83ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/119013969479/1686049622830/Picus_IL_Shared/Shared_by_Themes/asset/slick-theme.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f80603874c68fef25ac9ffe412a6c6056ab267d7e4d044f090c8282ab80c4da5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 170
x-amz-request-id: YFMF978R336GK3V1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fa83e77758ea493769a6cef5ef0df9c8"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1686049623451
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: QzIQ8NfUG.gmqRzMZ_BnITV8_s.CjjH6
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 02065cc7-176f-458a-bade-571acc1cb9d7
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 196
alt-svc: h3=":443"; ma=86400
x-amz-id-2: B3qKXgJeX4rCwyCH3MFbdaPgWbH+Q4/zlJd2H0NMcMp70WthWD1dQwDvgb4xmbPru60H0nLHWBbi2Pq7QJKeOMUkihk9BFVt
x-evy-trace-route-configuration: listener_https/all
x-request-id: 02065cc7-176f-458a-bade-571acc1cb9d7
last-modified: Tue, 06 Jun 2023 11:07:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=98NRr%2Bti1g%2BVl5pK7A4FSbLy7ovPPCV1okosK1Noe%2Frcoie3jExfOiN6uMnx1T3hlOvlchZwMjlVR39bMOAcb8BlRIkokFGgpeSLAN%2FYyLzxz03S2aTXLx0m2xDpJbH%2FGhPjR9xPog%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-vj5j8
access-control-allow-credentials: false
cf-ray: 8c0e35905cea04a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: 9IbUXM1GRHQRnUP0DhyKFLMdbvh65kPaUc3h93A4iSU9-bcJee1RNQ==

GET
H3 200 module_113292746136_Announcement_Bar.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/113292746136/1718373690090/ 2 KB
2 KB 107ms
100ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/113292746136/1718373690090/module_113292746136_Announcement_Bar.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dab4ed514d39f2a7cf4ccf6215d9cd4c851d24c9ccf85839cc73e4097d38df61

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 1592
x-amz-request-id: GK6GPNJ0BCG9V9ZM
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"79fa9e889ffd3ba71b4c382b42cec4bc"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1718373690090
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 5eb5e19c1a78889d10ff38f1551ed2aa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: DlVKubb8m9tNJJbjBr5gyu5yWs3XFFwv
x-cache: RefreshHit from cloudfront
x-hubspot-correlation-id: 0c2a838f-ee27-4545-a21e-0a6e36ae9dc3
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 167
alt-svc: h3=":443"; ma=86400
x-amz-id-2: sQpFqVbWQKxCTyPbWMH7OxYB8X0hDR7EAFW8TF2uMyAX9ytgOz6KBqvWESkuVvPcxIbVvvctMsA=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 0c2a838f-ee27-4545-a21e-0a6e36ae9dc3
last-modified: Fri, 14 Jun 2024 14:01:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4soq%2FF11fEupJnopl3DIHSLx8Pz8liZXExCi1GimU3lbBHni4adrQuOpNG3eMAcbLNYJ7usKrovL98fzq8KFXTCQlA5pAR%2F83FIPAgwX8rU6l5YcvJy92OIeqLmdXvQ3B11imXGlQg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials: false
cf-ray: 8c0e35905ceb04a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: kas5_YR8p5amAJUTo3mPCHAqGQ7c7La0st_YnOBbnvgxwDysFxpHgw==

GET
H3 200 slick.css
www.picussecurity.com/hubfs/ 2 KB
2 KB 141ms
134ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hubfs/slick.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88652463641,P-7048931,FLS-ALL
age: 596590
x-amz-request-id: GCNFC8BX6RENVQP2
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88652463641,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f38b2db10e01b1572732a3191d538707"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666163679669
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: POcUM6CkvZEPNg.2EBNI3HQQEk16JIcL
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88652463641,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: rCh+NJDGRaRbrzWcBPuQkr0dTI6CJXkG0SJjxva0G0N4h2m033e2XLJOBkQTRZn7uLC30BXDOws=
last-modified: Wed, 19 Oct 2022 07:14:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ILnmUt8rVxBJbnNe5Wb98dFL3FO2QqI0WrbbBsuORgTNSabykgl%2FmEyZ%2FvUdOGS6gHLEltzLoxoGsGV2sB8Zgjsx2Cp8JwmH0Vs7ILOkhjfxQ4V1cc74UUFB4KLVvFcK1H0PPsjzvw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e35905cee04a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: GWbutZLiMyMY-dwt4Hhj3xtXjrMIXv40j9eNIkYIbv9DfzKsAORfFw==

GET
H3 200 slick-theme.css
www.picussecurity.com/hubfs/ 3 KB
2 KB 141ms
135ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hubfs/slick-theme.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b7290b38b86182592c3a60c491c3a977318c034959142a61d92a75025b3c334

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88672063121,P-7048931,FLS-ALL
age: 596589
x-amz-request-id: 7TJ8T11R13N3YDY8
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88672063121,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"70713b38259ac3a32f8157845e0701f3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666163804020
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 c0db8c417b5a375429fc7f3c54841604.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: beuNhPPn9XCcdaYz_J0NljSiu1XSNKQi
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88672063121,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lTRq+eOtRT7v2XN5K6UjsOnN9zrTdlnynSiDmIJjkPW/FYq9coESoAUB1Mc8wNB5hdqFtcXdXvI=
last-modified: Wed, 19 Oct 2022 07:16:45 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tS%2FoSlPTCw%2BkKbik7Z57xkH0jHvzFiAyZdVecxXzihP52AYfteYOOCHGOZjoTGONfYvqoYiX8rucf%2FO3GfYQo4P28BzskCkuzj6t7jgm2BKlm5L3lqVY4C55ZZ1cRNgwO2xq5SnlLg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e35905cf004a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: PcrIq0Sc16ygCPPiy3bQiaSFb29SphCSnGMoh38pkxUkq6jR6gGNfQ==

GET
H3 200 buttons_24_live_temp.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/155086192011/1711467339040/Shield/css/elements/ 2 KB
2 KB 106ms
99ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/155086192011/1711467339040/Shield/css/elements/buttons_24_live_temp.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

633600072534f800c00ce54b60270678545462434c28e1865dde26273d8b00d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 170
x-amz-request-id: DR2WX245FGYP6E2X
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"57dd5c7e70071fad5326af68ed136256"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1711467339681
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: 7OWdRx4_wRnZy_TqVwi.z5ut8ubwppC5
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 093fc8f5-e082-421e-a641-0c9a7d9fe10b
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 175
alt-svc: h3=":443"; ma=86400
x-amz-id-2: nXdu4WWq7VwhLkIkcRClAd38ZvrjdtKvQCmA0ALljbzn+sOKGnkXVPJZK/oIoD26fxYkKEmzvFo=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 093fc8f5-e082-421e-a641-0c9a7d9fe10b
last-modified: Tue, 26 Mar 2024 15:35:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j%2FmZu5LKFRsHuxi2HBcafnw5xXB%2B7xGCAG3569SipW1PsQoBDy7MVuf9qXHjmP0kTl9ewHklnLS3doyxRNkAZIUy4sFUZQ1UnhsVNFxgcFtz%2B38SUKsWJPEHJ5qph1PhP6SZN9MEwg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-zrbfk
access-control-allow-credentials: false
cf-ray: 8c0e35905cf104a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: qRBxhxqCBUA1HS0TOqslrEblCIDG9Vvb60GSXb0ZA4ALv_Vq9r4bcA==

GET
H3 200 module_39038130957_Lead-Magnet-Banner.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/39038130957/1608575808109/ 521 B
2 KB 141ms
135ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/39038130957/1608575808109/module_39038130957_Lead-Magnet-Banner.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5458bb001fbaee0822a06901d6989a7568457bc97c78ce726d8884c34f665910

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 170
x-amz-request-id: DR2WXHT750ATQHKP
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"b598cb9f535e9d39bea6fb4c7afc98a2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1608575808109
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: _6kG0Z6N7nb2Amvf0P3QvVEgQec_PKrh
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 67a76c45-f112-4ac4-a3f4-6b9685986e69
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 233
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Ul65vAQ3E9XqyOIxGZg1QqbkDDtobxCLy6WBT+YYrnv/Gy9ipxytMOGmBAHamsey15C0iOqc35cuS9RM2BW8b3q2333E1Cc9HY38zPQNqnI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 67a76c45-f112-4ac4-a3f4-6b9685986e69
last-modified: Mon, 21 Dec 2020 18:36:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E%2Fb%2FuslmF1Ibfzls00wFWViJ9hlFdZi7dL7igt41mtMEcBQe%2FzJZuSNa7ah7%2BzD7wd9jAi4bGVrps73D9rY7G9lTAP2abVeF1AUxV3cZuECZUckMh8WPOZthqTWO8imsJIzz0tckug%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-j4svf
access-control-allow-credentials: false
cf-ray: 8c0e35905cf204a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: 0AcYqzavYVHEMNQOxQT_9tsyM2U8vY2gpW_ZgfQHq-NztONEPUlkQg==

GET
H3 200 main-blog.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/158846858310/1718643038303/Shield/templates/partials/blog-post-layouts/css/ 746 B
2 KB 141ms
135ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/158846858310/1718643038303/Shield/templates/partials/blog-post-layouts/css/main-blog.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d042ae177f7d076320fa923d0bfc2d3f831e3dacec0ff6fffc1328d4e36f2f9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 170
x-amz-request-id: 5H7BGB6QKJB2KABF
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c8a0733f23e3d47a998103c206215b1c"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1718643038991
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 67zOSufRDoTrJsiIpgZ.VHGK38h9xBf_
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 3caf8a8d-6288-460f-83b3-cf0a54fc5639
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 213
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hdmcdkkJEYw5P5omXXYM/WUiQsefLK2+2JowceJZjpVD+lI0snQ61ZMkzFgasABHWnWVK30lVbQ=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3caf8a8d-6288-460f-83b3-cf0a54fc5639
last-modified: Mon, 17 Jun 2024 16:50:39 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s6AleVzhsAPCXE2GMsQnmYkCcBE6nhB2NNcMVJlSFYUccwsu3%2B1zC5GHjJfPa9DnnAu%2FdlEHFkamibbob4Fg4%2BZb08sFSYC3yKnSyKUYHvbcgKQ78W8dBlQy%2FA2nLsiOWb0wunFVag%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-tn96w
access-control-allow-credentials: false
cf-ray: 8c0e35905cf404a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: idm-xLbzUc0GOqbRf_gPX5a6538QXwvEW2pxVP_c3cbo5lDLMssfjw==

GET
H3 200 module_158831692418_promotion-box-v2.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/158831692418/1722507877768/ 265 B
2 KB 74ms
68ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/158831692418/1722507877768/module_158831692418_promotion-box-v2.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

041685b0e5a31c63c4c06ffc86484bdd0c56100f1f0b36c91571e6a00bcec715

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2706
x-amz-request-id: Q7MG5XJE3RKW1SP9
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"24d6a4097278d1fd6d98de8011279fb7"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1722507877768
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: R2tkIutFE4R55yodW8QuYHz4reXF6E66
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 8719ad47-cb09-4db5-a90c-547aa7dc9c0e
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 139
alt-svc: h3=":443"; ma=86400
x-amz-id-2: grcWb40Ke7OrygCtw1HponaC3cnKg9s99X2CHGic56Scj6J9/1lYm/ChNrWD7blfiD9j+ouP/h0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 8719ad47-cb09-4db5-a90c-547aa7dc9c0e
last-modified: Thu, 01 Aug 2024 10:24:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JlR3ENLWtoKNA2MZic8C6zDthBwRDdNh7SC%2BCg7HwkgBmQCjlg86oOA%2Fw8jhNBhmRUILFMAtdHTkuHRC0rOmFh0yzFR2O5wDuU%2Bt0O%2BOxRApc9SoZ46DHcy%2B0ZF7Emcz70L8lQIctQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-9rsxc
access-control-allow-credentials: false
cf-ray: 8c0e35905cf704a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: kIz_qpKqupZRrfqGUCBkwOoAanifar1pAcLK4wu5b_r7JJ0ng-VJ-Q==

GET
H3 200 s2-slick-style.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154797347330/1706590050697/Shield/css/components/ 2 KB
2 KB 142ms
136ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154797347330/1706590050697/Shield/css/components/s2-slick-style.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dfc056c1cd1756705fa1b3b34bba1b4712b6360c7c146f2156dcd46aed56de9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 170
x-amz-request-id: XGM82K2HJ82535CA
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fcbf1776c5438c3b6570823df66bc6c2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1706590051352
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: 6_WeeomsxVTV.moTEJ5CXSm8uOU1p2u5
x-cache: Miss from cloudfront
x-hubspot-correlation-id: fbb5f242-f44a-4b20-90e9-9c04a4e1bafb
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 195
alt-svc: h3=":443"; ma=86400
x-amz-id-2: n1UAIuStpP8YYhw+2fNFQ7fq2kbyDfp2yanJscdJpwK1dQktqOGjCl25bKLxckHLtvKnMrQxZnQV0TI4nFglHQ==
x-evy-trace-route-configuration: listener_https/all
x-request-id: fbb5f242-f44a-4b20-90e9-9c04a4e1bafb
last-modified: Tue, 30 Jan 2024 04:47:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OSYQ28atE6Pdvqq8%2Fi0glai5A8o7%2FkJmtYJSJWeKXIGyNPXGgHl9DpLVTIOU%2F7EBPdBv%2BxibCjfHD2y1SVuO6h9Np89cRNtfguUEeE4t6dycqutwbLwMMgBAxGbqSAGmDbwmWTrLCw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8c0e35905cf904a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: rlenip5GPQEDOxq9H8e35rXijIH18TNNVjdGfWEJRoIqaHFqCSDf4A==

GET
H3 200 s2-generic-2024.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154512352373/1724338266966/Shield/css/templates/ 15 KB
5 KB 71ms
65ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154512352373/1724338266966/Shield/css/templates/s2-generic-2024.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

abb4f8005856e20f330bf9504ca11b26640495da6d4fbf2b1d46be1761f49f5d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 1592
x-amz-request-id: VEBX6JTWZ62M4TY0
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"8fe0706fbae70956b374e516508b53b9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1724338267843
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 d640ec12547ee097cb75dd5bdc8787b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-amz-version-id: orWY4i_5gBjXvRBR4tUUmqOEvPR0C0dd
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 99c87555-90ed-45cc-81dd-e88120283556
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 208
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xx5+h2xOeMqD6pRvTCvEx80K58lqkdGh5IQfmRHLHW4soPI9067ebgfHB3ZBYaSRm6bBIzmz0iNdMIUmTMu1KPKD84qCBNUn
x-evy-trace-route-configuration: listener_https/all
x-request-id: 99c87555-90ed-45cc-81dd-e88120283556
last-modified: Thu, 22 Aug 2024 14:51:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2boNWsOB2XilWZT5L%2FJqhHxWzeQ%2BSuEnFWi1ZcjxraB86xOxA7bIw7NjH4qbG5%2B18GRwvuWqdj8Sc43BlyKEKocb94EkqMDkPsSDvBLwPn5TrWvZTB6y6%2FhJhSIAGZm861oFNrZzhw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-nnksg
access-control-allow-credentials: false
cf-ray: 8c0e35905cfa04a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: p7BYF47jABthAsLq7tuCFZMxdaEMsG3Jdlo2dKcA6miQ-YeVL_hKHg==

GET
H3 200 module_153850846592_footer-subscribe-column.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/153850846592/1711461276903/ 2 KB
2 KB 67ms
61ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/153850846592/1711461276903/module_153850846592_footer-subscribe-column.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

794559db00f5a68a8a82dc14f100cd1f9a970cbea66701ca8a43dee9919ffe03

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 169
x-amz-request-id: ZWB6ZE4N76MNWHY2
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f0bb9c2921cb8261ba425f19ee6a96cf"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1711461276903
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: eXne9q1JzSZgmx3FIoxMEAYoI0TuCmV.
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 159779de-0583-471e-826d-c9ad2b54eae7
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 196
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YFUQkGl2oRL+8nq/I9acuJ9hlHvIai2DGlLi2gDjd5nPirhyqRJTb5xbKwpRyn2+4hK8irGnRec=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 159779de-0583-471e-826d-c9ad2b54eae7
last-modified: Tue, 26 Mar 2024 13:54:37 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ZeESw6xE6lHgP%2BkQFEafeOEgpiinWd4Ht2obA09vIIlM8%2FwyCk1Av%2F75ByENUXLqvRohlqb1ZNdmv0dnn8N%2BblToZz6kGiz7FDtsyGHaIVpnlPgGMCZeWU94S9xhJiIoQo3uUe5hQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-vj5j8
access-control-allow-credentials: false
cf-ray: 8c0e35905cfd04a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: JccxZmC_cfq-2HWn8U-yr21viVy9f48nMI4Kg9WKHCvZqEfwCs_FIw==

GET
H2 200 TrackPlayAnalytics-b0403829.css
39666904.fs1.hubspotusercontent-na1.net/hubfs/39666904/raw_assets/media-default-modules/master/373/js_client_assets/assets/ 6 KB
2 KB 106ms
45ms Stylesheet
text/css 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://39666904.fs1.hubspotusercontent-na1.net/hubfs/39666904/raw_assets/media-default-modules/master/373/js_client_assets/assets/TrackPlayAnalytics-b0403829.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0403829bc66fd1f26c7ad7f42a2560787fe44f34417d357ed83d107ab32d983

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-177771420949,FD-177771098215,P-39666904,FLS-ALL
age: 301060
x-amz-request-id: 0JZYZDG7X3RM7EAF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-177771420949,FD-177771098215,P-39666904,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-not-indexable
etag: W/"65806cc0ba70516e6b234221657321ef"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1725632104836
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 c42c7d102b7b0ab944385204966ce2d4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: biGZLJbxbnRfj.q.nMa4qxWhPHw69d6i
x-amz-cf-pop: MRS52-P5
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-177771420949,FD-177771098215,P-39666904,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-id-2: byLmuGY1CZewQBcoUlCYpDLiu8Q6/p25NFYrNf2Y2yPq7wyw9XoZqaEz8DGkWSctKdZy+xK2j00HDMBXstTZIJ0Akxl7I+OsjcVf9SL+jEs=
last-modified: Fri, 06 Sep 2024 14:15:05 GMT
server: cloudflare
cf-ray: 8c0e3590bc49d262-FRA
timing-allow-origin: 39666904.fs1.hubspotusercontent-na1.net
x-amz-cf-id: opmV9MHI4aZiEOg88VvAjA7E7Nq0pPXtvZRuWgEy-q2bX8oH5d2a9w==

GET
H2 200 Tooltip-4a948cad.css
39666904.fs1.hubspotusercontent-na1.net/hubfs/39666904/raw_assets/media-default-modules/master/373/js_client_assets/assets/ 3 KB
2 KB 103ms
43ms Stylesheet
text/css 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://39666904.fs1.hubspotusercontent-na1.net/hubfs/39666904/raw_assets/media-default-modules/master/373/js_client_assets/assets/Tooltip-4a948cad.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a948cad1525b333f4615fb0203e3dcf4a5fdef9409adb657fceeab1dcb37f7d

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-177771420940,FD-177771098215,P-39666904,FLS-ALL
age: 301059
x-amz-request-id: 0JZJ7W58SKB942WA
x-amz-server-side-encryption: AES256
edge-cache-tag: F-177771420940,FD-177771098215,P-39666904,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-not-indexable
etag: W/"983d8d84588e7c3f88e069694360be07"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1725632104154
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 9ec406dc5379d974fc3d9f41dd497bf0.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: 91q8xOYido6U516xdUsREuxsOgVXnIDI
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-177771420940,FD-177771098215,P-39666904,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-id-2: 3MhSTvhHfC283MSpsgL+yxBvXXLe3SNBJNMv/2cQYCyLW/ldqXThGCDFd2Uto8QgstX2mewPafoJFcTlf7ybwXAjfLuUaiZ3Ex9bL9PR7MM=
last-modified: Fri, 06 Sep 2024 14:15:05 GMT
server: cloudflare
cf-ray: 8c0e3590bc44d262-FRA
timing-allow-origin: 39666904.fs1.hubspotusercontent-na1.net
x-amz-cf-id: vEg44KGriH5t9Dl0gbve_jyiq6WDsSxzNWMHGm9f1RKn3HweolR9Uw==

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 69ms
39ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2210316
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Rb%2FgSS70y6yWL8QyzH%2FdfbitPZ%2BiKJqYshId3uCMGSgbmFD2x5RvukUW5gC64F8OyAgCkMaJtEpo6FG4PfecryeqbnyRaXWDAV3zgaXLl9oWfILEWcNwghGChzgButgBTyqm3xD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c0e35908ba99bb2-FRA
expires: Sun, 31 Aug 2025 08:57:13 GMT

GET
H3 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/ 11 KB
4 KB 64ms
34ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/jquery-migrate.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 457083
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3718
last-modified: Wed, 18 Nov 2020 00:51:42 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5fb4701e-2c03"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NT%2FIDyc7zQi271h%2BhmQfe82e2LsYn9GcClV9QpqgW6yyNND14WGxOi4%2FrYPRxUDFkCOcW3S7%2B2d6ulSekAYMi7A4wDrSe0dLQUTT82hT%2FQGRecIFlovFeYZShSNRTMHAUiF6dkDo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c0e35908ba59bb2-FRA
expires: Sun, 31 Aug 2025 08:57:13 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 93ms
32ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:400,400i,500,700&display=swap

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5b192b4a7f8e139934a7574e3a3460152a3a43f5cbd9fdeecad1c69e000baaa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 10 Sep 2024 08:50:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 10 Sep 2024 08:57:13 GMT

GET
H3 200 pixel.js Show response
cdn.popt.in/ 228 KB
52 KB 118ms
80ms Script
application/javascript 172.67.166.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/pixel.js?id=64d678615e3d0
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.202 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0b8513bbf50c1af615575215ef85bf4c3af5166c013c808bfe96fd21b2067b3

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
x-amz-version-id: Oc6FMDfUi9n07HxBwBck.x0jbaCg1aFr
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS1-P1
age: 2699
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 08 Sep 2024 10:11:41 GMT
server: cloudflare
etag: W/"ac44e9a546afb0f7ea95cbb6500a0412"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jKFNvjA%2BlOOUB%2FKJvvgQeev6wD9cKWNHOeZ5Mw1o3HlFlGPbh2XoVdeluQlZBs04rpFiJGlmLt5Nz23K%2FNjHS9JjuwdNuCSMtHfLTGwdc3S%2BTnKM2oYexCL40idjDg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 8c0e3593dd88973a-FRA
x-amz-cf-id: Qy5BKjmI0r2kx_YvZDb2_fyCKp3mHPcmrIG4pHEuIHYLZZ3UhHAUwg==

GET
H2 200 67ab0ee7-fcba-400b-8cb3-db7bb1cc0033.css
p.visitorqueue.com/styles/ 0
117 B 352ms
112ms Stylesheet
text/css 3.98.25.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.visitorqueue.com/styles/67ab0ee7-fcba-400b-8cb3-db7bb1cc0033.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.98.25.165 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-98-25-165.ca-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 10 Sep 2024 08:57:13 GMT
access-control-request-method: *
access-control-allow-headers: *
content-length: 0
content-type: text/css

GET
H2 200 8aaca2fd-5cd9-4888-ba4c-a92130465f35.js Show response
j.6sc.co/j/ 1002 B
890 B 497ms
421ms Script
application/javascript 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/8aaca2fd-5cd9-4888-ba4c-a92130465f35.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-251.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4c92a856ef5f00e2ac59b76a4960d24a2dc57e80fe559acaabf141494ef00081

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: JLNEtGotk8b6dmhKDZy.dxdNRH2fgtRS
content-encoding: gzip
date: Tue, 10 Sep 2024 08:57:13 GMT
x-amz-cf-pop: FRA60-P1
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 507
last-modified: Thu, 30 Nov 2023 08:48:17 GMT
server: AmazonS3
etag: "8bac6645b92976ce9ddc83f7e77c4cfc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=1800
accept-ranges: bytes
x-amz-cf-id: QyoU1UrB1rl5kF6nO8gQqLMQW7eFEe-i4vZuDwOXCmlvzjzGUqF20g==
expires: Tue, 10 Sep 2024 09:27:13 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 181ms
35ms Script
text/javascript 2a02:26f0:3500:10::210:a9a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

5b4134fc9963276fb840bb8178d62e95d0efa733909f6eeef3f364d4d60f0777

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
server: Play
x-li-pop: prod-lva1-x
x-cdn: AKAM
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lva1
cache-control: public, max-age=3600
x-li-proto: http/1.1
content-length: 163630
x-li-uuid: AAYhv7CDjgX43MipIDpbBg==
expires: Tue, 10 Sep 2024 09:30:44 GMT

GET
H2 200 2ec64bce-ef80-4a8d-9c85-e2ce8c0b923f.png
no-cache.hubspot.com/cta/default/7048931/ 2 KB
3 KB 199ms
144ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/7048931/2ec64bce-ef80-4a8d-9c85-e2ce8c0b923f.png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

445f46602799290b686e3923ec7ca10f1f7152fc8e77fcdc1a8280acda8442b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
x-amz-version-id: imnPJE4JVHV7d7LBLQ9_AdIjMfYLxVjA
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: FK74B639D7J69CTJ
x-amz-server-side-encryption: AES256
content-length: 2036
x-amz-id-2: nN+TTcjS3Ll62fjxINJjdmOWi/vyZy+dlkmcA/LCL+NvXWLKuyqMrunxj6Vj8JlsYLjKV4vuhCbMuJhR3bEIZ/DWEQFGv3Et
last-modified: Tue, 20 Aug 2024 14:28:20 GMT
server: cloudflare
etag: "03c293bf9b5000266b0d9d719ba87668"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YsFa8Jo2Ig%2BJv%2Fyw%2FdAlXkDSXdKCJWCI8d52NnC5rurLWZeFwokJRATfIHHishTN1WwPOwpKKf4ZH0l%2F4zkdUZabATpTBoHoUX3X8e8rAjKxzmmE3MuXTGoJAIpeWD95%2F4XWetVbFBTTUcpnGiMHys9Z"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8c0e3590ddbdd2de-FRA

GET
H3 200 current.js Show response
www.picussecurity.com/hs/cta/cta/ 18 KB
8 KB 119ms
118ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/cta/cta/current.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ad1bae6d460c542914e6daf142d4bdcbd71aabebe3c551ac3cb82408e71a77c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 73
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.313/bundles/current.js&cfRay=8c0e33c7f32a8ed5-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"27612678f14836c22ef91a2045a3ae92"
vary: accept-encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.313/bundles/current.js
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: E.yaflAURLVj1zF1slBBxWyM1axLMwRT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 4b422ee0-90d4-46b1-aaa0-de270cd495eb
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4b422ee0-90d4-46b1-aaa0-de270cd495eb
last-modified: Thu, 05 Sep 2024 16:33:22 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CuJwB5O%2BWp%2Bw%2FO33Bpp3B%2BJ%2B2ioNOnPhg8KboiH6XDRcCUTjM%2BMujJH03RgNKxIcYgQJ%2F1ysm6eiJRe2qMSV0sze9qydnMYxE5WUWzGHKO2oihLW5nO0kvPDHBdxBo4zhUf6aZbiGg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-ps9qc
cf-ray: 8c0e35908d3c04a3-FRA
x-amz-cf-id: DKJHmt1E_jIaDWRQPB8NDUOkMq4UeiZGUSIlHeof_LPMFV-TIBBKgg==

GET
H2 200 61d02fe2-1599-4842-8786-dd623fa8a4a5.png
no-cache.hubspot.com/cta/default/7048931/ 2 KB
3 KB 154ms
154ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/7048931/61d02fe2-1599-4842-8786-dd623fa8a4a5.png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb9ad934a9764fae7d120816af46ced418c42678eb4f8ca666d9bed82b7e554b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
x-amz-version-id: UYVbXcoew11BEZ1Gr9OxQSiPoPdpKB5E
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: FK741N3YDQ090PC8
x-amz-server-side-encryption: AES256
content-length: 1812
x-amz-id-2: zZLK2ebZAH3oPPmy1SLMaKjdSJqz19dckJngo9ciGAVoVwhuGBNSgot8xnU1eyJZBDyd5/BzG73kH1qXsjTF134Vb1lALFHl
last-modified: Wed, 07 Aug 2024 07:16:50 GMT
server: cloudflare
etag: "b37fa7d5e8dc41a82e1c54579ff8fbeb"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gE0cX%2FdGsgXJ5ylpic4x6W86NAUmzorc4W8F%2BHpxhre%2BGR3Wy%2B2O6N%2Fnmk4VugS5FtBuvHLIxYtEwNUbBXD8ovXyVPT1MbmQsdnCHe7yB8KG6UT7UvuOnOExgZt76NkBpDgB1BEGlp4Rx%2FbfTllGzMDS"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8c0e35916f12d2de-FRA

GET
H3 200 light_logo-original-SVG.svg
www.picussecurity.com/hubfs/ 3 KB
3 KB 105ms
100ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/light_logo-original-SVG.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

21036da1013e88ad1be39946746a916786b081557a7a72b6a194c153c175aa59

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-75149788735,P-7048931,FLS-ALL
age: 596589
x-amz-request-id: YZZ3BJ6NBN0JE941
x-amz-server-side-encryption: AES256
edge-cache-tag: F-75149788735,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"48ed4add03225d471676e998d8262bb9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1654140894047
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 fa6ccc8f7e7d948277c6904aeb2ae7a2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2bbLkTbvsvFQW3gHMJyxn2VjG1fJz2sZ
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-75149788735,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: AHswWkJns9JjMNGUiVZ9D09vGEbPK1r7x9+GMIVGpkv8B/hU/Rh6tLjKWgeUuUGs5oGwtGvRejg=
last-modified: Thu, 21 Mar 2024 08:53:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=95BXYiilJtdZfNYGedrLoZyqS1FKZQgxruGrEFJTew1rCrQ66f09QgHrzr8sd5sGKRdK8FDIg%2BtW1zj07blJQSgv60k%2F5pX4xCccWFF4OqWYN1ZJsgVQhntMUnGbEt42Hbzu2Xb6Og%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3593a84004a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 0xxThdc-MyYowgnJsuXgfQLyXY_o4O1ZObz7zZVnIJQoT0-0IIrMaw==

GET
H3 200 report%20(1).svg
www.picussecurity.com/hubfs/ 5 KB
3 KB 56ms
55ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/report%20(1).svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf773224fb7b3fd5978d7b527d003387334f71f37ed57e9ea50fe7b9bf4d6a76

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-162786143818,P-7048931,FLS-ALL
age: 596589
x-amz-request-id: XBHH3158SC6V961S
x-amz-server-side-encryption: AES256
edge-cache-tag: F-162786143818,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"9e7e94a90a4311547fb36c1f1dd7ef9c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1711971924316
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .CzJW_cs2EkiJ0JohZpoME2Kp1Jni00a
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-162786143818,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 9EZDGFdzHj+rRD48TaZ9V9L+3lf3Z4ykcxtpqW4BcdYlAy17JHLbgJnOf7gHyhjzYzVMTHIWT9Y=
last-modified: Mon, 01 Apr 2024 11:45:25 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p7L2jFU260hm%2F%2F8Woiy4%2BbOBWNsGFq8TQMUlsOtakOwPDqJX8cUymz3Fti1PvhMar2gkO5HLO1a96gh2TiBVkDnhbo89BHgG39XcUh9RAr4DkeaQLFE8o0bQ482EuoMKl59ri%2BIReQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3591ce8004a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: WV7yNIQ9LYZU_RTuX3r4DZsnDnQjvgGxE2TUXTTZoN6_DHuVd6JU-w==

GET
H3 200 white%20paper.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/ 2 KB
2 KB 52ms
52ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/white%20paper.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3ca2178c03aa90413665605224901388a8a7694be710ccf31d1c9546f6bb558

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-162784353194,FD-162786929972,P-7048931,FLS-ALL
age: 596589
x-amz-request-id: HAHS27HPT5JXPSZB
x-amz-server-side-encryption: AES256
edge-cache-tag: F-162784353194,FD-162786929972,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"66405d9753202d06b0b9b8c0731c122e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1711973283545
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 dc929648f0c936ae1fcea0675ad0382c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: qKWviCmcUVpCSakC.wZPgGk71W9rF9zO
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-162784353194,FD-162786929972,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: I9QeNpd6T4etF3sc5wHokVNTcVIKg9KGMvUogrH0y9dG6rPHdhjFlT4Rk4BY9RSkAR9TsGMOAoY=
last-modified: Mon, 01 Apr 2024 12:08:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BFPJVmZPLCVo2XltyCmaDq7UGRhFFnKAiqnr7y%2BHHSMioNLY4VyC4cacdPOSnCpAn1w3lEC%2Bwl4W9vG9k9oe%2BYgGTeL7xiacnAPuZ0X0IfeTso1QkSx%2Fhr8dJdOBQaYK0fXZviIwog%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e35921ecf04a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 9oaaHBe2UfmwCcXgBAgegzhmVq_8HH66IsVd4njUHZMqzcfqCi7nIA==

GET
H3 200 Group.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/ 2 KB
2 KB 53ms
52ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/Group.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

228f08d7d79b9a75e9df18997ee260c139fe2d538924d5f05037e047d3f41d38

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-161968113191,FD-106424384934,P-7048931,FLS-ALL
age: 596589
x-amz-request-id: ZKSMWYNV6PZFEPJ7
x-amz-server-side-encryption: AES256
edge-cache-tag: F-161968113191,FD-106424384934,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"8f574252daab27008baf3457366fe0bc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1711360026267
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 3e28473376ca49b2cafcfef86a39cf34.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Y4m6PvMsT0hDs0VfCSSE5aTeXjUonr7R
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-161968113191,FD-106424384934,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pHK/TukOC4ah6dT9XMYHkEd32rE0bEAIcSO8Y5wY0woE5xeaK8IaOJ1xRg8aXUNPj6HBfwZEBa5hkSQ7C8uTdtzhZkFy1XyK
last-modified: Mon, 25 Mar 2024 09:47:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LHdJevBSLg5JykRRnXwTpQ570SVGYbBNse0zIuXNtngBN8Jk10UREYDH2FlVVhDIQ4%2BaNzoynYgaZ1OKcWkCaU%2BpcIfYuKoyPdUPOgKss%2F3k%2BL5t3nTjbGaDJa74IQ27cN5OLjGPGA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e35925f0304a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: xm_dvk3xD3KX2UEsP_aT8lVvbOiDbu4wrvf9TLkkTD6yw3FPrXXFdA==

GET
H3 200 webinar.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/ 2 KB
2 KB 105ms
101ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/webinar.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4071465b2c0223da0e296a2d9ed8fbec379caa2d8eccacf96113afa481d7714a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-162787310732,FD-162786929972,P-7048931,FLS-ALL
age: 596589
x-amz-request-id: XBHVEMK9B7VCBKAA
x-amz-server-side-encryption: AES256
edge-cache-tag: F-162787310732,FD-162786929972,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"1870d43d00ab230724e0509f1d40c007"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1711973283530
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 6ca8e27dbbf453f10039db7154486394.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Wb4ah8A.92KNq.UjMkeG8TpLY3dVHhNK
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-162787310732,FD-162786929972,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: +RD4qxLjmlbUnjquEOqB+c69XjAMd+wD/MTk76/UqqXi4kamCYJv7/UVPMx68OtOcWPrbbAowWw=
last-modified: Mon, 01 Apr 2024 12:08:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ez7QjZzAqEuzwphPb3bEx%2BYTunpNztuPil3f%2FQeD%2FFgcHMRYUXJVY1Ts9tI4mafwVqu9J2aw8PG%2B7L4ge%2BUIajfLpfObNwXBT4giqHG0FDUvXWavt1yAel7Lc2g5OXxUccbp3byfGg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3593a84204a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 0yzybQlo42RowldxxeV_CowHTc7xfhKbEUXX1mVYHP-qLtovHnw1AA==

GET
H3 200 report%20(1).svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/ 5 KB
3 KB 106ms
102ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/report%20(1).svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf773224fb7b3fd5978d7b527d003387334f71f37ed57e9ea50fe7b9bf4d6a76

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-162786139288,FD-162786929972,P-7048931,FLS-ALL
age: 593953
x-amz-request-id: VNFFSZKE9WNE5QPH
x-amz-server-side-encryption: AES256
edge-cache-tag: F-162786139288,FD-162786929972,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"9e7e94a90a4311547fb36c1f1dd7ef9c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1711973283596
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 6ca8e27dbbf453f10039db7154486394.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: vLyxAfyxINwLbl8l.uvRN1DJ6FrzhUON
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-162786139288,FD-162786929972,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: tyU/No0E+Prw6nYq596zZbMexRBp1Uk8Z75CSyo0k3+vcSiNYajQ/ncHUVxnTPLrWHwaGnvZSTk=
last-modified: Mon, 01 Apr 2024 12:08:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M8gpHl05uZWF6mR1NGoAYk2LC1yqDm8Uu6bWLU2jLfDxykGElMsYOyxTGYmWEkA5BS4WbJurpJ5gXD%2F%2FsFRXsYlfla8HH%2Brfml8k3I6drfCaM69lDqXHOV38dg7lNSnJC5nsixKKFg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3593a84504a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: F9BYrMuVCZzt_WoTmNNbLXLNevngPeHp0iSguJ7ocfHiyjMIs6DjdQ==

GET
H3 200 Data%20sheet.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/ 2 KB
2 KB 105ms
101ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/Data%20sheet.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d24d7930883c81a956a8d25026d6befdf264a901da8570a7fa27b6db580c2bf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-162787304607,FD-162786929972,P-7048931,FLS-ALL
age: 592325
x-amz-request-id: P5EKWD1PKM333V9S
x-amz-server-side-encryption: AES256
edge-cache-tag: F-162787304607,FD-162786929972,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"2978bb799a23d124f5407472f883155a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1711973283543
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 56df5811b9d89103539b9b0b5fd9b262.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: aGCl_khANGAehik.SERmQr2ajrV713hJ
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-162787304607,FD-162786929972,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: CHyT+7lE8UB77pIh1BrLJv4W3h4JehqgTfIVogNRviitaHMcMvEu+D7w2RPjx2iqLZhpgs4dJ/Q=
last-modified: Mon, 01 Apr 2024 12:08:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d1aNMC2hRxNAdm47i2yrCKw5m2bECZMA7U0xck0z%2FdTd9PUn%2Bd2VR5UUI4%2F0QNbz2qZTr%2BbwXMvUkojT7iKtd%2BqLPY1M6v3yTWZJJk4kzefDRK9wLwvYYSVqHY%2BX2rHzw9Cgufm8RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3593a84604a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: e2-cuddWdWM9N7O_VfTfbM72Ejsb-fYV1IBESMt3GyUPbpGJ6b4eeQ==

GET
H3 200 linkedin_black.svg
www.picussecurity.com/hubfs/ 1 KB
2 KB 107ms
103ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/linkedin_black.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

34350dee947083733dcd88d858cf65df7a4f282846c465b8f9627090aa5da3c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 27fe4928fb2081beeb65fdbf439bb418.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-26106634639,P-7048931,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 596353
x-amz-cf-pop: ZRH50-C1
x-amz-request-id: XBHR9PRD2KPWSNZV
content-encoding: br
edge-cache-tag: F-26106634639,P-7048931,FLS-ALL
cache-tag: F-26106634639,P-7048931,FLS-ALL
x-amz-version-id: cxF8LRaoHAeGt3BhM7bUzN7AlCshNAnL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: l1UyCFQO1g6r0Eb67a16Ty8t2GFByZIBlef3OTpBA0ZXe0v7/QQaRUQNpX1n887i7aQ2VeH/2+U=
last-modified: Thu, 20 Feb 2020 04:30:55 GMT
server: cloudflare
etag: W/"cb53f1d14fd4d15a3313d2a24a524fb8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCesEZwwGPmro82bhqfN4eNJsDs1aO3lf1nYSEYZfMjJYR0NmgbrDvipcT8O6c6ZnOskjL4RAvaMmA3qGPSA5Zs53Eybe42ZsfNVjJ%2Bh5x5P%2FQjo8Mc7jDFokiX89nTgn2mTNTYUHw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 8c0e3593a84704a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: oeUhCVSuJ18tOp5fJxj1Ixs7mE8X0cd8RnPsKyeHbpuaaTzT8S1N5w==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 facebook_black.svg
www.picussecurity.com/hubfs/ 669 B
1 KB 110ms
107ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/facebook_black.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8acd930d7a72da64980a950dea0c1507411900cb1459aa8c743e003df27444dd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 1903071a927324e2fb28199ee96c4bb2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-26106634638,P-7048931,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 583567
x-amz-cf-pop: FRA60-P7
x-amz-request-id: E5WCKJDZQHTG18GH
content-encoding: br
edge-cache-tag: F-26106634638,P-7048931,FLS-ALL
cache-tag: F-26106634638,P-7048931,FLS-ALL
x-amz-version-id: 8CJrjrvqFB2TaFMkKGP3y_iXgtaroa19
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hye3cBwxHYkqO6ktJ7LXReaPupZGu0JbSVhz5kj8Mz9vuetmlLxE+4RuypmWyaOvSixiF8sVbGU=
last-modified: Thu, 20 Feb 2020 04:30:53 GMT
server: cloudflare
etag: W/"655ebdf8c830e8540b691af2f06d81c4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oACHd3odOjPASYj6o8K3KxX45S2amaVIUd7pTKtpJFNB9emCTrL1fWOzEWtqnJBlcLum2LB%2BFcVETE3Nh4EnugTIR6pae8pBqyu37KaDGB8ewzlh5GxJGLgDSXPuXr4Wnbr5JChwxw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 8c0e3593a84904a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: EI9feesuUHN1-NU2fAbKSdhYoMj-Nm1DAhEaf5_0WbLjljMaK6Ypiw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.971/ 13 KB
5 KB 88ms
33ms Script
application/javascript 2606:4700::6811:ac5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.971/embed.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ac5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
x-amz-version-id: 1gm1MaaLzWiIBc2FerIVtLdckhSMSaY7
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 1092393
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jun 2024 15:05:39 GMT
server: cloudflare
etag: W/"26c40482b55a607cd44486a2958741d4"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NKSmKQ9%2FN5SEgHKMilvnvri4WeipyPXDnf30LUjP1muXmC3rNhXtkbBDdr2ehW%2FsigLMrODpBacSoaYHA4KdgugpRvhdkAi9LAAH2EXB8gbMG%2BLNHnohrkkkeRNZp2S9EFLIzxl9QgLc69QBDuncWds23fM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8c0e3593fefad2be-FRA
x-amz-cf-id: 4KGI5t64pXc0VBpiZlqrGzYDMFRUiAtNY-kZWNgC73HhfnStC05rHQ==
expires: Wed, 10 Sep 2025 08:57:13 GMT

GET
H3 200 main.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300259976/1723556952814/Shield/js/ 3 KB
3 KB 54ms
54ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300259976/1723556952814/Shield/js/main.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

664f728f41b178d1022d70bae50ce587b3793c9286a0b739f082189bd6c87f6c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1591
x-amz-request-id: F3841WSFHDP2N7GP
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"bc8095d83b2ba1fbe3b7cad30e86e477"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1723556953020
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Z3uX9qM._r6iwlTAQLsQgUTGsDAf2F9U
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: c135e656-7f0c-4ae4-a4cc-2d403de3e093
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 139
alt-svc: h3=":443"; ma=86400
x-amz-id-2: TUpaxE2Ffwef3XnA1PsUC6Sul0IPEb+/bfhYkBbBZlBWXg812xCQG9EVfTLOGya8GYFkqTwUQuA=
x-evy-trace-route-configuration: listener_https/all
x-request-id: c135e656-7f0c-4ae4-a4cc-2d403de3e093
last-modified: Tue, 13 Aug 2024 13:49:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4mVF980ELW9CargjMCSFK1UaXmStffh5zUHz1DnyhhspFt%2FJGl8ETSOCBfJpjxg7P5Wc3El2zWlvNte5NX%2F5aUfZAjPxxqBrGspN6hNkKS13Ix44P6KeU1Ub%2BbNFlHnnk4LKakQmVA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-rfl4p
access-control-allow-credentials: false
cf-ray: 8c0e35926f2004a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: 5FB8XDi3zNxjMVhPOtmyyceR-FjvqGNx8whr-C9__0fySZD1iY1Qog==

GET
H3 200 shield-wow.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379253675/1682685740703/Shield/js/ 8 KB
4 KB 52ms
51ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379253675/1682685740703/Shield/js/shield-wow.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4efcc099f128e3655108f269adb8e838c24ee54d98c3903a22dec225e3e1221

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1591
x-amz-request-id: 9VPJ22623V5W2AWW
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"6309bf850dea6345af0b537f2e628964"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682685740979
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3Y6ojRbIJ3_a2L0i1cyLjVOzG5krJ8PT
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: e82faf03-6994-449f-b2bb-f2b505b4b557
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 188
alt-svc: h3=":443"; ma=86400
x-amz-id-2: v+cytHbhtlc4ZhyixwjZ1bzFtEJHpe4vnW4vQgTtAV0wgQiHZB/B0aVlm3eSr3e/Q2d0oz1hhWRk/4QnJzr6t3TWtJ7lwOBVNkkiXdkpB+s=
x-evy-trace-route-configuration: listener_https/all
x-request-id: e82faf03-6994-449f-b2bb-f2b505b4b557
last-modified: Fri, 28 Apr 2023 12:42:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f12Kyg%2B7oy78ommHyUP3YFTXVOR9t0TgudKTq1Gr3hpMX6zv6WPu6jDIXFtDsFyNzEQ6cT%2B9lE6AcqvWI2r2nzRNuoIv8MNJJSktD626hJaQuL5bW6%2BZSh8LECHMb0Cp1lHBDAapqA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-xzd77
access-control-allow-credentials: false
cf-ray: 8c0e3592af5c04a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: nfVh0VE5fiDSIapr4duRaMn4yTGpJ5HZ3f60gtuJgz45RmQLtQ91iA==

GET
H3 200 slick.min.js Show response
www.picussecurity.com/hubfs/ 42 KB
12 KB 47ms
47ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hubfs/slick.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88670129552,P-7048931,FLS-ALL
age: 592325
x-amz-request-id: ZKSQKW5HKDK3YK8Q
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88670129552,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"d5a61c749e44e47159af8a6579dda121"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666162980835
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4f2a14569b371893f3851a804b6ae8dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: rscA3GqdMhf_6Xt5rKM52hFVPQ.2lsXw
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88670129552,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BURVESmAY5EGsU03EMLtu5jMHx85h62R06Dmp7e1Lih17onPpWRNQfIcKmwcRxdOr+ukmqB5heU=
last-modified: Wed, 19 Oct 2022 07:03:01 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fuJRMQVRv5grMqsYf5bcTXMs0MrKdeRNBzvoWG99Fmq49LeYA%2FrTpkWiTBR19AIQ7R69DnMkysNg1TvpQGsuMFyQ8%2BVuRnPIEC%2FkuvmlpKFad5MhEki%2FhE9Fg%2Bezq4wdGhfyftw3Sg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3592cf7704a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: gq88_Vq6C54TfKQZY_654TZNnagznkGFfzihWpTq6ifLFS0ejwmT0Q==

GET
H3 200 module_161965429884_Mega_Menu_24.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/161965429884/1713367775592/ 3 KB
2 KB 170ms
169ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/161965429884/1713367775592/module_161965429884_Mega_Menu_24.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

43ffc04fc9feaf3e018ef29811c774bd365508ef79d33f9e63c5156a6fc90bf8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 9W665VV9Y8K1KMF5
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"5e8e1af8b761868a7a5d5620027358a8"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1713367775592
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: GKpaZFZI5BLQ7OoJV0T6kHZuSTVmSeWQ
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: bf0c4e7f-95ec-43b9-934e-760845605b4e
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 174
alt-svc: h3=":443"; ma=86400
x-amz-id-2: RZfOAn/Tt5jEKtM0i+sAZYw6vVStzCNHPXg4a6pUAt5XM2zl5eCAHfAjAXlqQrg3KOxyW0u0DU0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: bf0c4e7f-95ec-43b9-934e-760845605b4e
last-modified: Wed, 17 Apr 2024 15:29:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tGNopaQayHkJ4%2FPHJzAUGmtSlsJAp%2FVuspdlmJoCPOHuz4MngYI%2FqyE%2BYGxop6wP0eQicbVqxyWN884xDKtE8fdtljnUcKLsaQbzM7TV7vAfsuT0Vne8RhiDh3IQzSKEE8IFOthwrg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials: false
cf-ray: 8c0e35930fa704a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: FvvEsXIkjxvw2u9S7hGcP9LLeMpob2W2AtTyGVP926I_5FzgAGxDCA==

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 83 KB
24 KB 43ms
34ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
x-evy-trace-route-service-name: envoyset-translator
age: 203
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1426/bundles/project.js&cfRay=8ba6f38aadb63761-ARN
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"edf91c1320ba2916398ed791b63187bc"
vary: accept-encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.1426/bundles/project.js
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-version-id: 7DwgQA9YoOwDB6Raj9_RIwKNzf1Sd5R0
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 66f1651a-0436-4345-adc8-a25a6d1d62f8
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-request-id: 66f1651a-0436-4345-adc8-a25a6d1d62f8
last-modified: Wed, 28 Aug 2024 20:01:26 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f3qESNIuzugX2kDG7YDiEvvngaVHflw%2FR3pXxRmnDA4u%2FCvI14eccmLbA0MHpv%2B%2BHO85lpzssiZcbm7G1XftlGzbUsPjkO9bxx7UaidBngIkQAUFzF9oA%2BMpwucU%2BDQFHIY0P0xaHdr0O74M"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-6hnsv
cf-ray: 8c0e3593ad23d2de-FRA
x-amz-cf-id: vN_ru4Yll7SQc-9CZpg04dNapCwYNDrI3a7KIFoTIuzxzbPMynRymw==

GET
H3 200 header_height.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/117283871284/1723556727031/Shield/templates/assets/shared/ 738 B
2 KB 186ms
186ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/117283871284/1723556727031/Shield/templates/assets/shared/header_height.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f16de7b1b4aaefe1a073fd179d639c5264e6451ea208b8b9cf72ef0d846b308f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: ZA9X1SYS0ZMZCWDF
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"92119b8f6e821b04443cc2c8f724a1aa"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1723556727202
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: qOltGM6xekzHdTLGg5xGyd_.gll1rzUO
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 84b25eac-54b3-4236-b58b-44b8b42f6b1a
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 125
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ahqvRzg3oVBcyl09lxyQ3ZJ/Ybh6gTt+ZoRsTurqSTa3bW4Cm8xMPX6HZSsS4usDZKiUVW7y3nY=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 84b25eac-54b3-4236-b58b-44b8b42f6b1a
last-modified: Tue, 13 Aug 2024 13:45:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Ya08W7o3cK87zJTZwtSAHhIAXHB5raaWEAFOByzAL2O5J4xUSVx2MBvciOPRQqjO4UU8SrVqOynbqLpNkdlflvat0yVhX%2BOvzvVjKV0LJow7gieV%2Bj8DCsOrX3EElvt1WY7yQi%2BOg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-4mpqn
access-control-allow-credentials: false
cf-ray: 8c0e35931fb304a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: 5Bi5y0M8z-7lgxEsYmPfggTkKQkT5nwNLoJVHhxpNVfU8gVAn-kMLQ==

GET
H3 200 main-blog.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/158844553760/1709201799605/Shield/templates/partials/blog-post-layouts/js/ 744 B
2 KB 75ms
73ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/158844553760/1709201799605/Shield/templates/partials/blog-post-layouts/js/main-blog.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e26ec70efb18de158d5d9d027b4ab3a2af136473bfc11a88a73690089b0c8f12

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3583
x-amz-request-id: BGM1SHX9P2MSESBJ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"b70bbf46cc7527049558da47bd240bb4"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1709201799773
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 85fc1201a1918facbeb30836e7391660.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: VKB8UCXvhUtkTSdwx5g6YCnZoMI.lsi_
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: d5ea2ef4-b058-446a-975e-ae2b03daaafb
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 169
alt-svc: h3=":443"; ma=86400
x-amz-id-2: IgG8NVfqteC7aoXF+nLuZQM0imHk4WVHLSV6/AWtX3PINdjNr0u8RfBj1ZF8blElDIdF/R2elis=
x-evy-trace-route-configuration: listener_https/all
x-request-id: d5ea2ef4-b058-446a-975e-ae2b03daaafb
last-modified: Thu, 29 Feb 2024 10:16:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OwAxer4Vk0J83KXc%2Fo2DonLSPNTmZs%2FGF2cYwormvs%2BdUZgbNzF%2BHSgzXG0qaHJHnGMwkBUSlyyumN%2FLFYvCiOx9ieqx56P6VEQC8MwiaqyNvAm3P2BEtiAFCK4AqawRTndVlh1g4g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
cf-ray: 8c0e3593983704a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: VCNDIOJpY6kxfhdGLDICh06LRAMlGGkMzFR2gHytYhHtr_LJpiBxUQ==

GET
H3 200 slick.min.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32497563799/1619786241508/Shield/js/ 42 KB
12 KB 108ms
104ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32497563799/1619786241508/Shield/js/slick.min.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d875f9a2038e25a599452c9e774403240c3bc83df261ed41188bd7ecdf71fee0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1591
x-amz-request-id: DAYFGAR66X2S86BW
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a8efc8a1f019dce7f17886f4d81411ca"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1619786242195
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ZPb_r_lrZScln9b_.gUpWD_pgBVu7aX9
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: fae0b256-5a28-4305-9c3e-e80d38ab10be
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 202
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 09SA3iQuvExsg/mbuH2y/tmFAte/KzlH0K4sMwMHY6tt58tJ9+vv72L2TniJEvOZDvLkatBoQa09P1ENS6c+vU6xy7RMXvJBtuD2pX7ABAA=
x-evy-trace-route-configuration: listener_https/all
x-request-id: fae0b256-5a28-4305-9c3e-e80d38ab10be
last-modified: Fri, 30 Apr 2021 12:37:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrbDjazk4sXI4rGVJpEziDf5nj0DtPnyFKHEZswXEk9emGb4FONu8ddPJ8jg0BlM03RZaH%2FAWGld7WQBynomWFEcGj04SQQALwQQJj6DUZVfgBC8qMApgQumVFGWFKY0FTAU8tDdSw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials: false
cf-ray: 8c0e3593a83d04a3-FRA
timing-allow-origin: www.picussecurity.com
x-amz-cf-id: nYXJQmh57K4JS_IzMelLBdYZpSGuMI592tg9yc44QSMWuRRRjmA61w==

GET
H3 200 7048931.js Show response
www.picussecurity.com/hs/scriptloader/ 3 KB
2 KB 205ms
202ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/scriptloader/7048931.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

094ef67e90a16cdd61744c2b39d58c85685517720c80e22ff7cf3b7f460554a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ba253a8f-6d01-46af-8445-b27cf58c3fc2
content-security-policy: upgrade-insecure-requests
x-envoy-upstream-service-time: 26
alt-svc: h3=":443"; ma=86400
content-length: 733
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ba253a8f-6d01-46af-8445-b27cf58c3fc2
last-modified: Tue, 10 Sep 2024 08:57:13 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-58bbf9c46c-sms6p
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c80QweIbVU%2Bob5M0%2Bg0AU92p%2FtkSPEuUqlf02N36obGf8G4a1wFXgrzBVBp%2BILgS%2Fz0cM8EJfAt8epkY%2FI7t%2B2NzOIeck8kRjmH8HX%2BDffHH8C7YWAFiKEsn4kEmojQ4VJ%2B94CBxHg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8c0e3593a84b04a3-FRA
expires: Tue, 10 Sep 2024 08:58:43 GMT

GET
H3 200 index.js Show response
www.picussecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 12 KB
5 KB 111ms
108ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
via: 1.1 b2340053ff948864db4d5e3c0ab3f3ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1604355
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Miss from cloudfront
x-amz-version-id: O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 21 Aug 2024 20:24:20 GMT
server: cloudflare
etag: W/"3ef0deda0631561665e95645daf500a2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wZSG1xch1%2Bxm8Rj3PlHGuWRWlF7r6VZXfXcyFE256lVuj8KkiaDJ6osfPyTo3mDTVM7PPdX2hkVYFj8djpIfkr5K7Rcdvv6VR5uEAVwlguycCVWngssS6IsapjNKJvx1um4D2J0%2FfA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8c0e3593a84d04a3-FRA
x-amz-cf-id: XkjYDcbQn4Wnk7ON60BrRI9ITI9ADYYIjU_nGEphN4iS_-uzV9NnvA==
expires: Wed, 10 Sep 2025 08:57:13 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
712 B 31ms
31ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@600&display=swap

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154512352373/1724338266966/Shield/css/templates/s2-generic-2024.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8ea176ad3c5bdc02628d7ac76ce4dee69a30afdca17cecff76c2d48518305c7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154512352373/1724338266966/Shield/css/templates/s2-generic-2024.min.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 10 Sep 2024 08:38:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 10 Sep 2024 08:57:13 GMT

GET
H2 200 css2
fonts.googleapis.com/ 12 KB
859 B 33ms
32ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;800;900&display=swap

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424286/1711704470960/Shield/css/theme-overrides.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

27e00fa0d68fdea374a2a329d8c037fcda2c60846e2395db9b7e3b7a37b90fa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424286/1711704470960/Shield/css/theme-overrides.min.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 10 Sep 2024 08:57:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 10 Sep 2024 08:57:13 GMT

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 79ms
23ms Script
application/javascript 143.204.205.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.205.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-205-137.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: gzip
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
last-modified: Thu, 25 Jan 2024 18:19:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
etag: W/"e31293f40e8a324de552ff593ee76a9b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: naTryFAUmHdFtZgoNME-sEafa74sm69ye-3alpvZafi2VMKPq3F4Bw==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 324 KB
105 KB 102ms
51ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5838502472e71a515543a162e7b064dec69300aa7976cddfb19c13c478360548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 107242
x-xss-protection: 0
last-modified: Tue, 10 Sep 2024 06:58:35 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 10 Sep 2024 08:57:13 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 28ms
27ms Script
application/javascript 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/8aaca2fd-5cd9-4888-ba4c-a92130465f35.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

aea136527ca962a15eea8eb338c7667b5a44d98bff65dc09a36f5493ddbacb99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Sep 2024 16:37:55 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "66d9de63-10fec"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, proxy-revalidate, max-age=10800
accept-ranges: bytes
content-length: 18709
expires: Tue, 10 Sep 2024 11:57:13 GMT

GET
DATA 200
OK truncated
/ 160 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1af850eed9d8f478503ae0d24ebdd78691a15ed523db6f16df44b9da327c0d5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 mega-menu-down-arrow.png
www.picussecurity.com/hubfs/Shield/Images/ 98 B
1 KB 98ms
97ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/Shield/Images/mega-menu-down-arrow.png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

387fafc4558eb44d4303fb1710ec85e39755ffa9378b8cdf982c7e66db79c463

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-39029899220,FD-32586780943,P-7048931,FLS-ALL
age: 596589
x-amz-request-id: 2FW3VX8BT2E7DWVQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-39029899220,FD-32586780943,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="mega-menu-down-arrow.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "8e2b3f8a9be7c266f20ac70b5ef7c9ef"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1608564034330
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 56df5811b9d89103539b9b0b5fd9b262.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: oVZ1tmPGae_LgGyoO.g0kL81yj6KC.HE
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=121
x-cache: RefreshHit from cloudfront
cache-tag: F-39029899220,FD-32586780943,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 98
x-amz-id-2: Ae3vM+BSYlyi6FJ4agiEvUEggs7sxT7FQyHajjIl5XLVsZTBQ5NYc0YOwoLqQurEvBCMAdoiqAbpc00p9djc2w==
last-modified: Mon, 21 Dec 2020 15:20:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Ezu9gqWD8%2BHsDV2JF6CRarAxHFrXnhO4j72G7StJzP8ayDZxSVv5FdG54H9XOHzMi76MF1WP35KGA%2FhqZqfZfu4cACGC4jPzLcFRkxkiWABmgHiTJ0eXPa7KH5pumsABOoQLkIPbg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8c0e3593b85904a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 5FKpN-8gl_y0_fR9XFlD1VwZM6LE75aKpc4jijecyuT8mjnW1ngnEA==

GET
H3 200 dropdown-bg.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/ 31 KB
15 KB 54ms
54ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/dropdown-bg.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bf7bbe2ff34569ca8208b5df957ae1bd37d2403d378146fb4e993155cb9820d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-161975016249,FD-106424384934,P-7048931,FLS-ALL
age: 593673
x-amz-request-id: MNGV9EFY7Y1RTVAZ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-161975016249,FD-106424384934,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"9f9d4423178b24188abc6b47edb3cdc4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1711364057618
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 69114e4ea0aa4e532a5be63a75c51e2c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: GOOL_26Jvo0IEgl0bjBjQHkckzY3zQ9q
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-161975016249,FD-106424384934,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: HNKAmnLnfHMRtDj0WKjsOrDhNGwoqh6aBbZwYjOcwQMU5iK5aV9s7fTwyXesW05Wvwzl4/s4+aM=
last-modified: Mon, 25 Mar 2024 10:54:26 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ktzyaK5FjE91wdybW7x65V0Cxom05u4HTpP5TJYiegiNlUAmT663TPV8WWB1954xaA%2F8uKa82gHac%2BQpVCAVrzLWsdJAi1NsLLx51dHg9xW021NmBDCmrHpQrT1VZd7wNGMXzpplbw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3593b85a04a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: _SQMy8ai5zTnmHcUAlpt6Ubxc1UZqDgr9RzJO1h9n0v-RK1ECELldQ==

GET
H3 200 Rectangle%20102.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/ 197 B
1 KB 55ms
55ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/Rectangle%20102.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea40563dac288d2a4e806100888a28be233519095512b5b0f44f02d4a4b23aea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-161969425522,FD-106424384934,P-7048931,FLS-ALL
age: 593901
x-amz-request-id: HAHW9G0FBZKPPX5V
x-amz-server-side-encryption: AES256
edge-cache-tag: F-161969425522,FD-106424384934,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"977c98d8ef6f43bbf2d0b84be827e3f4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1711363942083
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 5dbb5d54ce8d1d6f8480679ed6115d1c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 6SKLAgGDi0sGrjUFBlWH1sxZJTNCi3le
x-amz-cf-pop: ARN53-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-161969425522,FD-106424384934,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: qAgwGD83+4mLIpaiZ2m+evrAphvM3FB0+51LgC0WiS7Z3COxPFmPxBLxZiFF+IRnST64mIft7U8=
last-modified: Mon, 25 Mar 2024 10:52:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zRzMINjGne%2BFX7Qd07gTLG0P2GkA2lyiG1xK%2FjfH5pxZ9A3%2Ba4VHiOv%2BLwrGyBh4Md0Dn%2Bpc31UJx3x3aP1GBijCiEgyxJfFMcVA3tYAoB2JXyzAQedgwetk9v9INxe5ofyNif%2B5DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3593b85b04a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: ftnF-sR2onP8RpW9yIkI1z36GKnkqblvOcAj7gfo36ge0sE0dImAHw==

GET
H3 200 bg-resources-hero.png
www.picussecurity.com/hubfs/2023%20-%20Optimization/ 271 KB
272 KB 58ms
58ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/bg-resources-hero.png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1725536934420/Shield/css/main.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d853f486dc84fdc7d1b073cbe0567f4ad79b211fc28ed46186bbb0c8cd1ad26

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1725536934420/Shield/css/main.min.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-157034522480,FD-106424384934,P-7048931,FLS-ALL
age: 18273
x-amz-request-id: ZTAS46BCPXV9VG5F
x-amz-server-side-encryption: AES256
edge-cache-tag: F-157034522480,FD-106424384934,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="bg-resources-hero.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "d0fee8b958d9057e647a94f7db3c9a78"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1707999225481
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 e7901684d85170d527aec3a64956def6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: EcSxbCGIawRyFaBBkybAUOhnSjgonGVI
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=604050
x-cache: Miss from cloudfront
cache-tag: F-157034522480,FD-106424384934,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 277185
x-amz-id-2: Mfv8bcBU/an1Y49Bc8EGVsrrrx/SQHRGsuTIxmRewCStj3TOTSqyGrkq4Y1cVHkv7fJBkriwIywuyg5Hv2cq6CZMmKDdfza3pyOKUQOvd9s=
last-modified: Thu, 15 Feb 2024 12:13:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B3lJf2eDefKxtmaQdxk1m%2Fo99jxmRroV1cH2y%2BrCP%2FOhNIpAGveUf1RoqH%2Fg%2FgTibbqwzr8Exjhi0mxp8kaJKUzym6nvQNZB13KCLfJBxs9RPNvIzsLhufCRJdnmaPdTZbsLPtQI6g%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8c0e3593b85d04a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: Y_2W_rdNOJHgZp1mDGcqqDYFwEiSVD3O1_L28E5JeJJtNFMJR1PIFg==

GET
H3 200 700.woff2
www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/ 17 KB
18 KB 66ms
64ms Font
font/woff2 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/700.woff2

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b71a29ecd59a83648619466fa24609d9030aa3eb31b3cedc7f9b424d2da1a270

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 1d04caaed0a43993076e404ebf3738da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1590
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-amz-request-id: HNXQJF388PMAZ7KP
x-cache: RefreshHit from cloudfront
x-amz-version-id: KahUgouBaZZ1E.9UjJ8HK_wfBZBvTyiS
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 17464
x-amz-id-2: 51I6sy9J23+n2yhyLvPANZI73Jkabcuc7lDuWbDtcVW7UyxXQ6ha9UP+un+lC9LxxjkqVNIGebw=
last-modified: Sat, 17 Aug 2024 17:39:03 GMT
server: cloudflare
etag: "e07916f3407087b153d29bebb418965b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRVzvwdEdiQYSDULHC9PdZSkGvVkpC15WbljH639gGxKYlNwEhXGiEIqZZ8ftJ8ZT7Eflxc8jgtmKbMx5C6FJVyq0NRoMyB6ZpiQ%2BlZVSnGv2ybTl2nHAN5Rk3j013bPUz06oFVwVw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 8c0e359408a204a3-FRA
x-amz-cf-id: 99bQi0cChuMblCzworfme9WUcpZeYt6zb19U3hhBVbqTotZJkzJzPQ==
expires: Tue, 24 Sep 2024 08:57:13 GMT

GET
H3 200 regular.woff2
www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/ 16 KB
17 KB 63ms
62ms Font
font/woff2 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/regular.woff2

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7fdcb805a20649db94783ffc68e227bd61a806f29af381db6c84b52138d2dccd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 df242d25ee40c422308e69e57aadf5e6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1590
x-amz-cf-pop: TXL50-P5
x-amz-server-side-encryption: AES256
x-amz-request-id: HE7XMY5TRPB54NEK
x-cache: RefreshHit from cloudfront
x-amz-version-id: hfhlheyqh1w1l5S.ripi1rlNu_mok_6d
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 16788
x-amz-id-2: YTYvnS0vrUP/N0kDX9SNZTGQ/SR/NurEutNnbvR/bZtXqUBwvK54oRCCy7jMmso3wmU3T+gzwkrcRqne3/Sh/Qux/V3ky090WqtZe0xYPRk=
last-modified: Sat, 17 Aug 2024 17:39:13 GMT
server: cloudflare
etag: "944832f134e36e508e05dbe34a841f6a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EKKlYX16YSy2225h7Wh9H0dpU5uv%2BNBm%2BMx2n2ZkAaUcKjAbwQWQUvybR8ADm4J17f1xWG036GFrT74JJkjwGdneO443nOVWjUz7I5zqmVvwiNglDh7ibDEjLGahzumu39sZX6NGXw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 8c0e359408a304a3-FRA
x-amz-cf-id: RRX6ake8LLtsTlqIn2S_Hv_IXU5a5bJLl8tg83U8C0LB46vj-TXxCg==
expires: Tue, 24 Sep 2024 08:57:13 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
fonts.gstatic.com/s/inter/v18/ 47 KB
48 KB 88ms
24ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 07 Sep 2024 19:12:26 GMT
x-content-type-options: nosniff
age: 222287
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48444
x-xss-protection: 0
last-modified: Mon, 29 Jul 2024 22:51:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Sep 2025 19:12:26 GMT

GET
H2 200 UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuGKYAZ9hiA.woff2
fonts.gstatic.com/s/inter/v18/ 24 KB
24 KB 110ms
46ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuGKYAZ9hiA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62553d159189834af73c9a6264704be5b2bee9a08da66a14768d8e5c6ffd2cdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 08 Sep 2024 00:48:10 GMT
x-content-type-options: nosniff
age: 202143
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24304
x-xss-protection: 0
last-modified: Mon, 29 Jul 2024 22:45:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Sep 2025 00:48:10 GMT

GET
H3 200 regular.woff2
www.picussecurity.com/_hcms/googlefonts/Inter/ 106 KB
107 KB 63ms
62ms Font
font/woff2 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/googlefonts/Inter/regular.woff2

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e095c77cbc278604a08136ba272382190c0c7a12a26777a33ca20fafbb59186

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 134eef7df83fe066fda8a86e722c33dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1590
x-amz-cf-pop: FRA60-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: G15W0B34A01937BD
x-cache: RefreshHit from cloudfront
x-amz-version-id: erk2Ft4hyf1HnwvfL3gvS9H5OoW.Pb_Q
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 108176
x-amz-id-2: ig8CY4lp54Ki+IYXpEE7T5yT5AaY5BLP1nMGPfI8BnuqpT6ZXKMk5gW8jBfL/gzCbctkw97dwih9Y4hD8Hb8kA==
last-modified: Sat, 03 Aug 2024 14:01:14 GMT
server: cloudflare
etag: "7206d65c5fe7587e1efb16144ff41175"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y8GKYsyQe5n%2Bk8Lm5lkffugd430kHZKVvwijaYPFhMe%2FI0j7kIU%2B%2BF%2BDTjpcyGjIsdlXc%2FX0MlhDZBS%2BWmy%2Fw0jaAF7M26TsDwvquAIIRaLeJlLVTBJCR7jf32xCF%2F5USClKgjNZRw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 8c0e359408a504a3-FRA
x-amz-cf-id: UPtnMinyC7lKInLdEsCd_wBi0uCvfAsQbu7-jfzjuxS8Y-l45OJv2g==
expires: Tue, 24 Sep 2024 08:57:13 GMT

GET
H2 200 eDsUm60zAQ9yjY5kxl61AeDcUgISUZXhXIrJLLny6lSH_inW5iCdcUUlbBRJDGnwHrj4wxncEeW1e_QHEvv_rhuBiqtvXZ6NZxpp2MsuIkJTslyz7ltwtj-mGHDSNK64DD2H6Zvdz2PUSmHBPJK6gnNIQKjU8Me-U_dgljwkPMbdwwt7vMG9gZ0VUw
lh6.googleusercontent.com/ 805 KB
806 KB 1515ms
1440ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/eDsUm60zAQ9yjY5kxl61AeDcUgISUZXhXIrJLLny6lSH_inW5iCdcUUlbBRJDGnwHrj4wxncEeW1e_QHEvv_rhuBiqtvXZ6NZxpp2MsuIkJTslyz7ltwtj-mGHDSNK64DD2H6Zvdz2PUSmHBPJK6gnNIQKjU8Me-U_dgljwkPMbdwwt7vMG9gZ0VUw

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f1fac56156eb4c844c9bb902eee624cc862c4a6d47f91edc431882e436ceefed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:15 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="pasted image 0.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 824199
x-xss-protection: 0
expires: Wed, 11 Sep 2024 08:57:15 GMT

GET
H2 200 tracking.min.js Show response
t.visitorqueue.com/p/ 10 KB
5 KB 123ms
32ms Script
text/javascript 2600:9000:2490:4000:c:77c4:d500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.visitorqueue.com/p/tracking.min.js?id=67ab0ee7-fcba-400b-8cb3-db7bb1cc0033
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:4000:c:77c4:d500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b8c3f82457a884c434bd712f0e89c6766d8a89b51a6a5d74fbe83c5a2babd990

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 02:24:48 GMT
x-amz-version-id: LDrTJlVkpGwyeQ0T8ATJDd8LP0ho1GTq
content-encoding: br
last-modified: Tue, 30 Jul 2024 14:55:48 GMT
server: AmazonS3
via: 1.1 f13110b40e6214ad566c753a838f49f4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
etag: W/"0656d43b27e5eda39ed6d8a634624213"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 23546
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: xlQudbYhr2-JaIBBv77qD6I4ByDqp6IsCuLq4ZoiME2IL4oQbAdnDQ==

GET
H2 200 / Show response
settings.luckyorange.net/ 129 B
770 B 194ms
123ms Fetch
application/json 172.67.75.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&s=202290

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.75.100 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4aedc93d1c0050ee019a0f8a838d5de2b64ca89662eb31c45e04da5d3f09b4f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.picussecurity.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AitF2zFuZqebg5wPzzqM4iM%2BN30nSar%2FpiD%2BW09gWJDV9rAMVDoOqQ5O8ibbX15sdbicl%2F5H7UIoWYCEVOvU3xjK6oHkRQfATDNq4sJJMODPYNUuBEtvqV30SPmcqbn1J%2Fwv5muejULlQA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cf-ray: 8c0e3594aa6ad40e-FRA
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since
content-length: 120

GET
H2 200 ajax-loader.gif
7048931.fs1.hubspotusercontent-na1.net/hubfs/7048931/raw_assets/public/Picus%20IL%20Shared/Shared%20by%20Themes/asset/font/ 3 KB
3 KB 73ms
60ms Image
image/gif 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://7048931.fs1.hubspotusercontent-na1.net/hubfs/7048931/raw_assets/public/Picus%20IL%20Shared/Shared%20by%20Themes/asset/font/ajax-loader.gif
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/119013969479/1686049622830/Picus_IL_Shared/Shared_by_Themes/asset/slick-theme.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 568d7b83659993469a2d729ad98daba3a7de2568f74d670d18ae618f118fe353

Request headers

Referer: https://www.picussecurity.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-119013776918,FD-119014686826,P-7048931,FLS-ALL
age: 1306927
x-amz-request-id: 53Y7XNXMBV23FGRF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-119013776918,FD-119014686826,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "c5cd7f5300576ab4c88202b42f6ded62"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1686049611853
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 10 Sep 2024 08:57:13 GMT
via: 1.1 98845fbd1cb14abbe9d464a4caf17976.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: In9ttezEZ_GM9U3eektboBkYWwcorOKA
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origSize=4178
x-cache: Miss from cloudfront
cache-tag: F-119013776918,FD-119014686826,P-7048931,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 2592
x-amz-id-2: zKKztykYiSuq+YJb4+Sfpo12E2yeAtGWZ2kWhU9ykYl1KOEkLp1SG+TFqucfsME0JFp33jRbN/w=
last-modified: Tue, 06 Jun 2023 11:06:52 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8c0e3594af8fd262-FRA
timing-allow-origin: 7048931.fs1.hubspotusercontent-na1.net
x-amz-cf-id: d5FhgmMR0TQs05Dptms5Q5_da3X38bZ2T2MpGFuLv8GRqE8AAOrzhA==

GET
H3 200 json Show response
www.picussecurity.com/_hcms/forms/embed/v3/form/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638/ 7 KB
2 KB 155ms
155ms XHR
application/json 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/forms/embed/v3/form/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

72619c6102fad975af11f4d5021f69db5e91ed5a85b1d370bbc98b7434cf844a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0c7a3775-80b2-410a-b5ae-1d5086af90e4
content-encoding: br
x-envoy-upstream-service-time: 11
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0c7a3775-80b2-410a-b5ae-1d5086af90e4
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-bgvl9
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4UYLcet5u1fHSTwF7osr%2BiYDWm7UAX%2B6C0CE2MUK8yFz3249qIvoMRVljh2L7xeA3vDoQG5OBwnCEvJKPz9fHZlvf0ilfgh4F15bc1iR3rIHKum44U3LxRX5zjf23FyeGLNsvB7Y5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3595daa004a3-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H3 200 json Show response
www.picussecurity.com/_hcms/forms/embed/v3/form/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638/ 7 KB
2 KB 316ms
161ms XHR
application/json 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb4c22e9b33cac2cfafdbf356dc775808d93a17313980b40fb343e1120dc6af7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e71b5e89-beda-41af-a416-262dd11ab107
content-encoding: br
x-envoy-upstream-service-time: 16
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e71b5e89-beda-41af-a416-262dd11ab107
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-sw4qt
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2Bwm0sKuLL5ouCHmjTeE9BFkemEY2jymP0Tww3NdHjo81Tu4y6zrOiIDC6FE7r0UuGX7X4w2vHYnL01Hx73q55AJug2LQIAqPSABTiA%2BPwcMu5YNpCTTNoJxWMc70DHqmWRegs%2B9Iw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3596db9404a3-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 51ms
21ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

4729bfd946aafe126a4693d3dda5dd1927682a5cb213c13ea3b236966908f9b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 10 Sep 2024 08:57:13 GMT
content-md5: jQjthPyLV9iR1duoPoouvg==
document-policy: force-load-at-top
x-fb-server-load: 29
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=23, mss=1232, tbw=4304, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug: Z30dlOgK7fKGzr3FDa6D6On/hP4XR3nfKT1h9IinUhF9bIkEkTJhD0PhRINe5s4nkxk59WgT+PpE7zDV/6UOzA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 744fe43f83ee7c847cbb9182345f74f9
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "63b5236e53f491986a79035bd53ead2a"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Tue, 10 Sep 2024 09:01:45 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 120ms
22ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/675D) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Tue, 10 Sep 2024 08:57:13 GMT
Content-Encoding: gzip
Age: 1109
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/675D)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H3 200 a33e3dc0-7316-4f7d-8ec0-244dbd62e401.js Show response
cdn.mouseflow.com/projects/ 115 B
460 B 72ms
32ms Script
application/javascript 104.18.26.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mouseflow.com/projects/a33e3dc0-7316-4f7d-8ec0-244dbd62e401.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.26.50 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d65e0bb2b93943ac7a72d8f70bda4f8931d6d07c9731bf28dc1d895c1dc4edf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-mf-continent: EU
age: 429070
alt-svc: h3=":443"; ma=86400
x-mf-script-region: enforced-privacy
x-mf-country: DE
last-modified: Mon, 15 Jul 2024 10:14:08 GMT
server: cloudflare
etag: W/"6694f670-73"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
cf-ray: 8c0e35964e75d3c1-FRA
expires: Wed, 11 Sep 2024 08:57:13 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 125ms
37ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=23850
accept-ranges: bytes
content-length: 14628

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 192ms
49ms Script
application/javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 10 Sep 2024 08:57:13 GMT
last-modified: Fri, 06 Sep 2024 21:17:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D7551BB0D9F4CBE911E878A59F52F36 Ref B: LON212050705051 Ref C: 2024-09-10T08:57:14Z
etag: "016326a20db1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14305

POST
H2 200 open
t.visitorqueue.com/p/ 2 B
317 B 126ms
123ms Ping
text/plain 2600:9000:2490:4000:c:77c4:d500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.visitorqueue.com/p/open
Requested by: Host: t.visitorqueue.com
URL: https://t.visitorqueue.com/p/tracking.min.js?id=67ab0ee7-fcba-400b-8cb3-db7bb1cc0033
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:4000:c:77c4:d500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
access-control-request-method: *
via: 1.1 f13110b40e6214ad566c753a838f49f4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-cache: Miss from cloudfront
content-type: text/plain
access-control-allow-origin: *
access-control-allow-headers: *
content-length: 2
x-amz-cf-id: G-Uo7KPVl_uFLTOMql_cu52MEnPAj-l0hwl_NUF3PYmgdbxWFmyjVA==
alt-svc: h3=":443"; ma=86400

GET
H2 200 open
t.visitorqueue.com/p/ 35 B
370 B 122ms
120ms Image
image/gif 2600:9000:2490:4000:c:77c4:d500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.visitorqueue.com/p/open?l=9&q=cGFnZVZpZXdJZD04MTZkYWZiMi1iYmQxLTQ3ZWEtOGRjZi1hMDAyMDcxMGVjNmImcGF0aE5hbWU9L3Jlc291cmNlL2Jsb2cvYmxhY2tieXRlLXJhbnNvbXdhcmUtYnlwYXNzZXMtZWRyLXByb2R1Y3RzLXZpYS1ydGNvcmU2NC5zeXMtYWJ1c2UmdmlzaXRvcklkPTdiYzY5ZmJjLTE1Y2MtNDM1MC05ZTM3LWRkZTMwNTJjODVhMyZ2aXNpdElkPTE2OTUwNzhiLTM1ZTAtNGJlOC1iZGExLTUyY2ViN2UxMmJmMCZuZXdWaXNpdG9yPTEmYWNjZXNzZWRBdD0xNzI1OTU4NjM0JnZxVHJhY2tpbmdJZD02N2FiMGVlNy1mY2JhLTQwMGItOGNiMy1kYjdiYjFjYzAwMzMmb3JpZ2luPXd3dy5waWN1c3NlY3VyaXR5LmNvbSZzY3JpcHRWZXJzaW9uPTIuMy4wJnBhZ2VWaWV3Q291bnQ9MSZ2aXNpdFN0YXJ0PTE3MjU5NTg2MzQ=
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:4000:c:77c4:d500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
access-control-request-method: *
via: 1.1 f13110b40e6214ad566c753a838f49f4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-cache: Miss from cloudfront
content-type: image/gif
access-control-allow-origin: *
cache-control: No-Store
access-control-allow-headers: *
content-length: 35
x-amz-cf-id: lLGdhIpztqES2uDZChzxWHhNJkdq6pPPSho35tyRFyQfo2XelZr0Uw==
alt-svc: h3=":443"; ma=86400

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
92 KB 88ms
30ms Script
application/javascript 2606:4700::6812:8d11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8d11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03acc5c7069d79f53c0902c716cc6c6f1463d8ebb87724d39e5cb03f3f9d7890

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
age: 77283
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1436/bundle/main/lead-flows-release.js&cfRay=8b1d0f6a3ef62bd5-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b6c788efa3b3fd53687b2c92c85a5a5f"
vary: accept-encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1436/bundle/main/lead-flows-release.js
date: Tue, 10 Sep 2024 08:57:14 GMT
via: 1.1 c5f8f8068a88ebb73e505f5e51b5262e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-version-id: TIDmoMti0Vib7LJNFwT63dnpWuuDUZfu
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 4eec35c8-d877-450a-a80f-fbfd0dca2530
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4eec35c8-d877-450a-a80f-fbfd0dca2530
last-modified: Tue, 23 Jul 2024 12:57:23 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-c2t4f
cf-ray: 8c0e35968a48d3b5-FRA
x-amz-cf-id: po515NprqA3dU0H8DbMhLjYkdopGLzGhv1_SHfNAhE5OV_E43KdYyA==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/7048931/ 86 KB
28 KB 97ms
34ms Script
text/javascript 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/7048931/banner.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62f8c146d3acc3fae1dd468cb6704f0c68ebda65db397b1bb9d073d9e313b3fc

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
x-amz-version-id: uWJ6wi3bwHgTO2lwEPM5B8Z0PIi5KJks
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 89WA1PDEVPA1Q7YR
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 36af5af2-217b-40b8-a756-f6a6fa8b0c31
age: 164
x-envoy-upstream-service-time: 50
x-amz-id-2: 5R+W1rS21YGuWU+Eb9rjAhbEegit9Ig5vWYyNvBHfEmDel7rr0shENxx3vQMPaPIrctrVpnilSw=
x-evy-trace-listener: listener_https
x-request-id: 36af5af2-217b-40b8-a756-f6a6fa8b0c31
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 28 Aug 2024 11:54:42 GMT
server: cloudflare
etag: W/"ecad9d1b4f7290a4d6eff9507b8e9bfc"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-mxkcv
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8c0e35968ace9235-FRA
expires: Tue, 10 Sep 2024 08:59:30 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 93ms
32ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eeecc1c14b175e0226295f130c6121ddf605878b3489fd61181911c17c9b2a74

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: gzip
via: 1.1 c5f8f8068a88ebb73e505f5e51b5262e.cloudfront.net (CloudFront)
x-amz-version-id: CKdUucj42qReK_MB.X3dwG61CXEt1Id2
cf-cache-status: HIT
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P3
age: 201
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.595/bundles/pixels-release.js&cfRay=8c0e30aebfead24b-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: f9834b70-5a27-442f-aec3-670ed5e6bdd6
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f9834b70-5a27-442f-aec3-670ed5e6bdd6
last-modified: Thu, 05 Sep 2024 14:32:20 UTC
server: cloudflare
etag: W/"ba2542491f85a69ea1e0553167ab5227"
vary: accept-encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-lkkft
cf-ray: 8c0e35968ba9bbc7-FRA
x-amz-cf-id: YndKy3EymwunMMeeqJqk0HJLauSft7RpGEEG-qbVpoZDyrCV714ZTA==
x-hs-target-asset: adsscriptloaderstatic/static-1.595/bundles/pixels-release.js

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 85 KB
24 KB 94ms
34ms Script
application/javascript 2606:4700::6810:4f8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4f8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c85cff899f9c3f0706cc4451589fac833a980c512d11939c80e4c317ebd63171

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: gzip
via: 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
x-amz-version-id: v5ARyA8RqFEA6QwcRMIxKUTTqNjAhynp
cf-cache-status: HIT
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P3
age: 578
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.17895/bundles/project.js&cfRay=8c0e277a8f140374-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 7aceeaf7-75f3-4d49-8583-77c092284119
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7aceeaf7-75f3-4d49-8583-77c092284119
last-modified: Tue, 03 Sep 2024 15:23:02 UTC
server: cloudflare
etag: W/"af1d95d8e9331455dd6d3df0360e4a77"
vary: accept-encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-tkhns
cf-ray: 8c0e35968d33d236-FRA
x-amz-cf-id: _4GfRx4Q7wePDSx5DWvZ3p2SVTkKSYTeCYpemwR16aBHEQUOI3xawQ==
x-hs-target-asset: conversations-embed/static-1.17895/bundles/project.js

GET
H2 200 7048931.js Show response
js.hs-analytics.net/analytics/1725958500000/ 69 KB
25 KB 95ms
40ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1725958500000/7048931.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 119a6cbc9b730bfc19ee81acbd9d7351f36e01d402aaa5aec0eaebf03bdc8808

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: ESHGWVX6GSS12S28
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 48686890-33bf-4f1d-9f0c-3bbb1c0372d8
age: 53
x-envoy-upstream-service-time: 22
x-amz-id-2: ywl2qX9PnxnsSrbmiODXiAeG7BTyLJBrRYQQArsZtQ38Q+joQZTXQJShVEGzEgCCLUitXDsaI5U=
x-evy-trace-listener: listener_https
x-request-id: 48686890-33bf-4f1d-9f0c-3bbb1c0372d8
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 09 Sep 2024 20:26:48 GMT
server: cloudflare
etag: W/"d3ebdaeb0e46c67182d1215b8c4f83ce"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-m7fc4
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8c0e35969ad0a079-FRA
expires: Tue, 10 Sep 2024 09:01:21 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 91ms
30ms Script
application/javascript 2606:4700::6810:6dfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c78fab07d4ee469def66170220968c4e790992e5adc971a34edc7eabc695e79f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
age: 359
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.586/bundles/project.js&cfRay=8c0e2cd2fb2d7240-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"ac41634810840adc02ea51748cb19c2f"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.586/bundles/project.js
date: Tue, 10 Sep 2024 08:57:14 GMT
x-amz-version-id: FCxgV_B3nWescR00el0uV0Hdj2lazDBZ
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: a7ef13d6-a7df-4c6e-b6e1-4cab152b7727
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-request-id: a7ef13d6-a7df-4c6e-b6e1-4cab152b7727
last-modified: Tue, 23 Jul 2024 12:55:20 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-xdvgv
cf-ray: 8c0e3596eb42d233-FRA
x-amz-cf-id: k0_PM3G--AcDQ9i7bqmkTkSuXyA6gMYW5ao_5KOtxaSOuDdrz5BvOg==

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 912 B
2 KB 199ms
146ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?contentIds=151218727472&portalId=7048931&currentUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&contentId=87726724166

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dede645d4b711cfed232fc9fd755664b3484476c60032a827209102e0c09429c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e3bd1ba1-af21-4b80-bb01-a12158703910
x-envoy-upstream-service-time: 17
content-length: 541
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e3bd1ba1-af21-4b80-bb01-a12158703910
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MYtHLwz5%2BZE3H4uFeL2JJdIEzGjVV73B2uAB472YXTQbtA94fRbfoKV92TIDW6p1o8GjG9PUNTil1u0CK%2F%2BTa62G%2BW9YkHLFrU0PiKR%2FT%2F39G25xlsZFYnHqAhj2YUWjkLA55m5p48gnDmYXLmKS%2B7JLW4CGXAphar4%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8c0e35969ddb6949-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-xq7tw

GET
H2 200 html Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/render/ 754 B
1 KB 248ms
195ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/render/html?contentIds=151218727472&portalId=7048931&currentUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&contentId=87726724166&isHubspotPage=true

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1cc9c80e6ff92ab3aff68e2e23671ccabb9ef8ef36dce9cb0980fbf10e86a83a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0ea711fe-7b6e-49bd-8340-4539092e37bb
x-envoy-upstream-service-time: 56
content-length: 491
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0ea711fe-7b6e-49bd-8340-4539092e37bb
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VqRlMlcKOesPJx7MHQNP5nIqR3z2m%2BYfoq0rHnBOdsFE%2FZJi28GM%2BRxB3%2FFUKToJ9nCDc2lvBUUgOtjyXnizhlcJ%2BoTMtBD%2FaVSKJKQzGD5KZJgbcyVtaHQ%2B9BaR25JkZr9ACp5n3YCCB9y7JvKEIiLcQewYkD7A29Y%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8c0e35969dde6949-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-scbnj

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
477 B 147ms
137ms XHR
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=7048931

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d2a820fe-5a64-43ee-892a-bbdcfd434e7b
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8c0e35965bdcd2de&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: d2a820fe-5a64-43ee-892a-bbdcfd434e7b
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-tkhns
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 8c0e35965bdcd2de-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 330 KB
107 KB 47ms
42ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DB6MKXQ2E6&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b847da4bbfb3b6cda1e6fb54380bf87bdd21ce49750093fb481f957fc3fbaded

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 109014
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 10 Sep 2024 08:57:14 GMT

GET
H2 200 61d02fe2-1599-4842-8786-dd623fa8a4a5.png
no-cache.hubspot.com/cta/default/7048931/ 2 KB
2 KB 152ms
152ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/7048931/61d02fe2-1599-4842-8786-dd623fa8a4a5.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb9ad934a9764fae7d120816af46ced418c42678eb4f8ca666d9bed82b7e554b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
x-amz-version-id: UYVbXcoew11BEZ1Gr9OxQSiPoPdpKB5E
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: W7RK4AZKJBH4TM8P
x-amz-server-side-encryption: AES256
content-length: 1812
x-amz-id-2: JGlG9zal3pJE+av01VFrCYrg4IV9Uvx9GqCFZnxtX1gFhuMy694xzPVGMPX/glmPYnGJd3cALLH1UvITsIUzU0ijfWLnLBUn
last-modified: Wed, 07 Aug 2024 07:16:50 GMT
server: cloudflare
etag: "b37fa7d5e8dc41a82e1c54579ff8fbeb"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zVzUkselHd7AhNZ4U7Is47tbJWOaqVX1an9AxJuy0Ns3GbbDVE24hIzoEMFkP9zglbkAgmGvkRry3ce6VGJFQk74aYCzNrlhbWWtorelHREl5WopNwyRNn%2FOzOlwNn3YaSX8djgqdPsfF5b4FiYrPcoO"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8c0e35968c39d2de-FRA

GET
H2 200 2ec64bce-ef80-4a8d-9c85-e2ce8c0b923f.png
no-cache.hubspot.com/cta/default/7048931/ 2 KB
2 KB 155ms
155ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/7048931/2ec64bce-ef80-4a8d-9c85-e2ce8c0b923f.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

445f46602799290b686e3923ec7ca10f1f7152fc8e77fcdc1a8280acda8442b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
x-amz-version-id: imnPJE4JVHV7d7LBLQ9_AdIjMfYLxVjA
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: W7RXZFYYDFTRY8KY
x-amz-server-side-encryption: AES256
content-length: 2036
x-amz-id-2: RJ7EzOVGFum+qhMhTcMAHkfN3A5I0qoyWDHCIaUIuJjKHPxSntQSAhCWdtKV2244vk19IaYSWh0YLpMkRhjObmMf4lYKKsMg
last-modified: Tue, 20 Aug 2024 14:28:20 GMT
server: cloudflare
etag: "03c293bf9b5000266b0d9d719ba87668"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vw8NQ5KNur3eozbzDuYhxdHlAqHYRr3L0GI2Tb4glWBC5f2uARY1dJfXV4GyEcdKCVKgieiqvswtCtVVFeup5RGSoURmOQwm%2BfJQ%2B%2BMhbmsz%2F%2F1A2pQ0DB8F%2BR0Ckq7wIFRjSBRA85hhOICDUYhs94Me"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8c0e35968c3ed2de-FRA

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a00ac1e97469410d27c7807937a01a9fb37272970d20a0178bad424be0bdf6ae

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 214 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fffcc1196c1beb2cd92264e3b6efe6fdebc9129610b8308987eff5d97ebab507

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 6 KB
2 KB 154ms
154ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageId=87726724166&pid=7048931&sv=cta-embed-js-static-1.313&rdy=1&cos=1&df=t&pg=2ec64bce-ef80-4a8d-9c85-e2ce8c0b923f&pg=61d02fe2-1599-4842-8786-dd623fa8a4a5

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

436d419ece00caac66b9cefc42feea170edcf58652dc07be5a7d23ac05aca8fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5f22c6a4-8aed-4444-b25c-377acb935a0c
x-envoy-upstream-service-time: 31
content-length: 1572
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5f22c6a4-8aed-4444-b25c-377acb935a0c
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-57rnd
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CnvzaG9tS8eSO9VI%2Ba%2FfvWMDMeG2G56io%2FOyJVk9Ip9a%2BxH3CGNUv0MBttp2F123KKkmR3PcBY6hxr8mARVlECecx4gPbWjPFOGTvJmGh6K89A%2BZVTLiRFlzMJxsEzEvvfSvFz1R%2B8sjkum6NxFmtSsLt6cQZZgn5ek%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8c0e35969c66d2de-FRA

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 305 KB
87 KB 49ms
23ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=cc780566208b97d8a977e2da1a435982

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

00d518a68679bda2812a08120ea0f48bd85eb6300e58d0b81aa0e6b72ae77992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 10 Sep 2024 08:57:14 GMT
content-md5: 3kF1usSys8QWk2vnGVmgvw==
document-policy: force-load-at-top
x-fb-server-load: 40
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 89220
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=23, mss=1232, tbw=4336, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug: YIWTzvO19FvCA2U6Ke3AfnSUtaKfCwzpaqoDKDqa3fK3AXPjKcq2jxDc/MNnkNuHGrOtb5tXgTbhRBf099/WRw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: f015d30fb0ef6d83326f5ce31eeeac95
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "2fbd3498ea00a17b71b07b34e9592142"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Wed, 10 Sep 2025 07:11:06 GMT

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 18B7 0
0 88ms
20ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.picussecurity.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6712) /
Resource Hash

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 14626182
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Tue, 10 Sep 2024 08:57:14 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6712)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
886 B 166ms
130ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4bcc397d-b4e4-4a91-bb5a-efef5de7490b
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4bcc397d-b4e4-4a91-bb5a-efef5de7490b
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-57rnd
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8c0e359738c4d281-FRA

GET
H3 200 widget Show response
www.picussecurity.com/_hcms/livechat/ 343 B
1 KB 178ms
178ms XHR
application/json 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/livechat/widget?portalId=7048931&conversations-embed=static-1.17895&mobile=false&messagesUtk=2de4b26c22b148cba41f20508b564ce7&traceId=2de4b26c22b148cba41f20508b564ce7

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd15802a3b6fd9115c783df6a1d15c52bb656fabc921a017e47e75c2c393d481

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
X-HubSpot-Messages-Uri: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c50e2b7b-1650-4b0f-874b-c6e57191b140
x-envoy-upstream-service-time: 17
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c50e2b7b-1650-4b0f-874b-c6e57191b140
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-58bbf9c46c-xdgzk
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B3SIUC75aJwU54awsvpkaR22enTeXuEtuEKMolzX49qg3T%2Fx6tvC6DABEOWL9M97yLM6%2FqgtLxMsqibyVElo3zb40Gjf%2BZimvMcTozxcYAa4%2FvEWVH6XNZNQv2iMbtTIzM8H3bPrOA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e35970bdb04a3-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 160ms
122ms Preflight
application/octet-stream 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.picussecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.picussecurity.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8c0e35978a6f3671-FRA
content-length: 0
content-type: application/octet-stream
date: Tue, 10 Sep 2024 08:57:14 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 1
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-7rrd4
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: dd1e2ea0-676b-4fd3-ae9f-4086a0bcc2be
x-request-id: dd1e2ea0-676b-4fd3-ae9f-4086a0bcc2be

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 2 B
145 B 75ms
31ms Fetch
text/plain 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/7048931/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=1500
cf-ray: 8c0e35978a6c3671-FRA
content-length: 2

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 324 KB
0 0ms
0ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5838502472e71a515543a162e7b064dec69300aa7976cddfb19c13c478360548

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: br
last-modified: Tue, 10 Sep 2024 06:58:35 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107242
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 10 Sep 2024 08:57:13 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 114 B
1 KB 221ms
150ms XHR
application/json 2606:4700::6812:f36c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=7048931

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f36c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

109a14abac939df0ab29af6bbf5c0ca592b1cdf7adb33a0052f166c8b303bc37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: eddd916c-1d15-4861-89d1-74df9ac963bc
content-encoding: br
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: eddd916c-1d15-4861-89d1-74df9ac963bc
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-58bbf9c46c-vmjbw
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Np9VqoCmgLt%2BNO%2Fy3Wv1WcUowG2EsvF%2FdH4Kpjfmj20DIcSATcPyCnQJmLy789VKXwX1vl5LAvtgxMkSndZluiQSSKnfozEEziE9uv%2Fyr5ZZ35ECyVSEJ93wnmFIBMae9LvCD4909tUplzQm"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c0e3597b9554d2b-FRA
access-control-allow-headers: *

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
552 B 34ms
32ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/7048931/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 10 Sep 2024 07:24:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 10 Sep 2024 08:57:14 GMT

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 144ms
140ms Fetch 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/7048931/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-hubspot-correlation-id: e974e6ba-ef9e-4d1e-b758-5d95bed010ea
x-envoy-upstream-service-time: 22
x-evy-trace-route-configuration: listener_http/all, listener_https/all
x-evy-trace-listener: listener_http, listener_https
x-request-id: e974e6ba-ef9e-4d1e-b758-5d95bed010ea
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host: all, all
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-7f45f7f95b-xll85, iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-ll4br
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin: https://www.picussecurity.com
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8c0e35985b263671-FRA

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
704 B 251ms
172ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 99A775B28B384F7AB3355C7EF5767312 Ref B: FRAEDGE1418 Ref C: 2024-09-10T08:57:14Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://www.picussecurity.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYhwA9LJm8tB1dmRG5Zlg==

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
849 B 124ms
124ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e06d874a-449c-44d4-afdf-6fcca584d177
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e06d874a-449c-44d4-afdf-6fcca584d177
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-bgvl9
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8c0e35978973d281-FRA

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 26ms
20ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 03 Sep 2024 15:02:44 GMT
x-content-type-options: nosniff
age: 582870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Sep 2025 15:02:44 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 30ms
25ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 07 Sep 2024 09:54:37 GMT
x-content-type-options: nosniff
age: 255757
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Sep 2025 09:54:37 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
818 B 263ms
208ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=2042428&time=1725958634254&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:13 GMT
content-encoding: gzip
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A30C5639395C4B4E9F9FC254F329303D Ref B: DUS30EDGE0410 Ref C: 2024-09-10T08:57:14Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lor1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYhwA9M4TD/emDElzWB/g==
x-fs-uuid: 000621c00f4ce130ff7a60c4973581fe

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1725958634254&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1725958634254&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sy...

0
264 B

287ms
197ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1725958634254&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&tm=gtmv2&e_ipv6=AQJ4HQeV0Lp4tgAAAZHbJrtqwbLaEbqkWyzSylFcJ8SSYo5wngkLPhsrp8lVznJC2p4Dj3nLAOhN
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 88D75862AE9F41F2BE2D903B062AD5B0 Ref B: FRAEDGE1320 Ref C: 2024-09-10T08:57:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYhwA9QpDWEHlnrueA8Yg==

Redirect headers

date: Tue, 10 Sep 2024 08:57:13 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1191D973DF9B4588B2C65E9B7DD443FD Ref B: FRAEDGE1418 Ref C: 2024-09-10T08:57:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1725958634254&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&tm=gtmv2&e_ipv6=AQJ4HQeV0Lp4tgAAAZHbJrtqwbLaEbqkWyzSylFcJ8SSYo5wngkLPhsrp8lVznJC2p4Dj3nLAOhN
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYhwA9L/R8LGSZ7o6GUFQ==

GET
H3 200 cta-loaded.js Show response
www.picussecurity.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 148ms
147ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=7048931&pg=61d02fe2-1599-4842-8786-dd623fa8a4a5&lt=1725958633542&dt=1725958633543&at=1725958634270&ae=1&an=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7a7b1c3b-6385-48f9-b21d-e6e76fccf13a
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7a7b1c3b-6385-48f9-b21d-e6e76fccf13a
last-modified: Tue, 10 Sep 2024 08:57:14 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l9VNHMT888ArfmgM7W%2B%2F17aOzfsxM9IJhss54oAfQw0yn%2FbhtImqOshAXvdTSapYamLXaBycIt4CzMIW21mVF85wMvpGBA9DE%2B%2FmDEouH%2FWOQW8kUODE9bA2tenrFyfroTMx79t1rg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-v4t4c
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8c0e35983d1304a3-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.picussecurity.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 219ms
218ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=7048931&pg=61d02fe2-1599-4842-8786-dd623fa8a4a5&lt=1725958633542&dt=1725958633543&at=1725958634272&ae=1&an=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 30d69a1a-dd4b-4875-a223-e73406746952
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 30d69a1a-dd4b-4875-a223-e73406746952
last-modified: Tue, 10 Sep 2024 08:57:14 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FlHG%2B%2FeTadH%2FlzP1Gi5tcE77bz5PgvXfn%2F%2F2SFJl0dfpz6YO52IZSkcxdUcVxVuTInuw7Rq4dAy48NolK4%2BgMaGSY%2FiIhnXcaxUWzWxLGMx0ii7wR93nsqCPJWNf7nt1EgLpeLR4cA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-4nwxq
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8c0e35983d1504a3-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.picussecurity.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 153ms
153ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=7048931&pg=2ec64bce-ef80-4a8d-9c85-e2ce8c0b923f&lt=1725958633539&dt=1725958633541&at=1725958634273&ae=1&an=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8991f0ad-a453-4428-8199-a90b3a7cd28f
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8991f0ad-a453-4428-8199-a90b3a7cd28f
last-modified: Tue, 10 Sep 2024 08:57:14 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LhtcL4laYC6kypuLi6CTZpAE5%2FWi0X9SzVFD96FGe55p%2FvbULwJuzc4v9t9hy%2B1ahNUWmrxvingWhBHI5UnNBjB%2FaZqMd%2FZXCMxeU5OZaCbQhdtYfybjQveJFqET6fzpy5lNkDfn9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-rhz77
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8c0e35983d1604a3-FRA
x-robots-tag: noindex, follow

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
580 B 150ms
134ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 69082f3d-7a5b-4039-9e5e-37bc91df7ff8
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 69082f3d-7a5b-4039-9e5e-37bc91df7ff8
last-modified: Tue, 10 Sep 2024 08:57:14 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-27bd8
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8c0e35985b05d281-FRA

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
580 B 143ms
127ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 58073960-1e1f-4228-9914-555718f2eb8f
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 58073960-1e1f-4228-9914-555718f2eb8f
last-modified: Tue, 10 Sep 2024 08:57:14 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-99dcv
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8c0e35985b02d281-FRA

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
538 B 125ms
124ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5177071b-673c-439f-a98b-d4cd9407c126
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5177071b-673c-439f-a98b-d4cd9407c126
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-99dcv
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8c0e35987b51d281-FRA

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 135 B
435 B 148ms
135ms XHR
application/json 2606:4700::6810:6dfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=7048931&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0af58bcdda4bce4a998c3c1d32d5a6bbebd8ef7c7007e8888531cb493cc9f64b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b0f93c24-b30d-4db8-bb3e-f853942717d2
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b0f93c24-b30d-4db8-bb3e-f853942717d2
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-wqzr4
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8c0e3598e838d233-FRA

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
0 0ms
0ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=23850
accept-ranges: bytes
content-length: 14628

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
580 B 196ms
187ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1139ce7c-6eb0-4dcd-baac-f54d25a32305
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1139ce7c-6eb0-4dcd-baac-f54d25a32305
last-modified: Tue, 10 Sep 2024 08:57:14 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-fjpmw
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8c0e3598ec65d281-FRA

GET
H2

200

blank001.gif
static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/
Redirect Chain

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/view?webInteractiveId=286429421129&containerType=EMBEDDED&portalId=7048931&audienceId=null&pageUrl=https%3A%2F%2Fwww.picussecur...
https://static.hubspot.com/img/trackers/blank001.gif
https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

43 B
656 B

29ms
29ms

Image
image/gif

2606:4700::6811:ac5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Server

2606:4700::6811:ac5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

115c7f3cf61e4ec19070b9e59e20e78756d39d193eb9b544065059b9935d2491

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
via: 1.1 e0bdfd4f00aaa5b927cf38c4eda059ca.cloudfront.net (CloudFront)
x-amz-version-id: MFfZlkR4U8_6aknbgflTSIqo4fNbniK3
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 1307715
cf-polished: origSize=49, status=webp_bigger
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
cf-bgj: imgq:85,h2pri
last-modified: Thu, 15 Apr 2021 16:47:19 GMT
server: cloudflare
etag: "51416c7ff0b9d7efc8c9b16d84052fab"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WkiXRp9oE3YqdINrNb8bCaKkwhTX9aI6U3qeyKL0LpPCLAzdps7pn7JJkU1kWtIg5x5avkk0yykHMstqLxkZe9%2BII1y4PRKO2A0tnOuXA3gEOB1CvF%2F3rhNKQnSG8f6I8U0h%2FTZ7gyfSuRLRCGvWVvWzHt4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8c0e359a1f57d2be-FRA
x-amz-cf-id: fRIvu9HfgZjouFh37fK-DeFWKMXUGXVCZR6BkfK0ww6NPE0aVerEfA==
expires: Wed, 10 Sep 2025 08:57:14 GMT

Redirect headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kCAWD3iRFoAYCApETxUnPoUcuBNWBs2M1C9bPnSHrNv5J0ScgfP2uS1F2zxxTPR1tiZtzPu0SGK%2B428AJuxBJwvN3B%2FWk6VCynvHXc3XDoz94g6pKFVWAUl9b2IGhwA3yqprCc9rk2St9dGWcOdDxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif
cache-control: max-age=3600
cf-ray: 8c0e3599dcded2de-FRA
content-length: 167
expires: Tue, 10 Sep 2024 09:57:14 GMT

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
578 B 142ms
135ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=inline-interactive-render-success&value=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ca6c513f-5125-4216-8a13-8720e5ed018f
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ca6c513f-5125-4216-8a13-8720e5ed018f
last-modified: Tue, 10 Sep 2024 08:57:14 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-rhz77
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8c0e3598ec62d281-FRA

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
538 B 140ms
139ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8ab1d54d-d05c-471a-9587-6ce33e53917a
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8ab1d54d-d05c-471a-9587-6ce33e53917a
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-hrcvg
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8c0e3598ec5dd281-FRA

GET
H2 200 187145243.js Show response
bat.bing.com/p/action/ 370 B
421 B 49ms
47ms Script
application/javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/187145243.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a791796f72eea3c5febcbe84acc17e5e8e434e71036ea481b168dc4f41f12a9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Tue, 10 Sep 2024 08:57:14 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 99E785A752BC42E2BD98890C3328674D Ref B: LON212050705051 Ref C: 2024-09-10T08:57:14Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H2 204 0
bat.bing.com/action/ 0
180 B 54ms
53ms Image
text/plain 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=187145243&tm=gtm002&Ver=2&mid=742b96cf-c737-48ab-b4d9-e9c53577d3c5&gtm_tag_source=1&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse&p=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&r=&lt=1667&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=654620

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 10 Sep 2024 08:57:14 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8B2C363B538A4E53BC87548FAD6AA55F Ref B: LON212050705051 Ref C: 2024-09-10T08:57:14Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
536 B 140ms
130ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 20117e19-de5c-49cd-8a79-301d816c2a66
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 20117e19-de5c-49cd-8a79-301d816c2a66
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-fjpmw
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8c0e3599eea3d281-FRA

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
705 B 104ms
32ms XHR
application/json 185.89.210.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:14 GMT
an-x-request-uuid: 9bfad77f-00ff-47f2-8844-1c9b7424e8ba
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.picussecurity.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.23; 217.114.218.23; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
197 B 39ms
23ms XHR
text/html 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-251.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.picussecurity.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 23 B
321 B 149ms
39ms XHR
text/html 2a02:26f0:e300::5f64:9219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:e300::5f64:9219 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: f7dee2a88356549b15d6145e3170e69825aa94d38e4809fc690142eb69481484

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:14 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.picussecurity.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:2:240:3247::8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1725958634837_1600426517_2363700606_26_1127_37_44_219";dur=1
content-length: 23
expires: Tue, 10 Sep 2024 08:57:14 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
536 B 145ms
132ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=7048931&pi=87726724166&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&cpi=87726724166&cgi=35190412163&lpi=87726724166&lvi=87726724166&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&t=BlackByte+Ransomware+Bypasses+EDR+Products+via+RTCore64.sys+Abuse&cts=1725958634786&vi=6613c1105e9cd5aa448c8b7903f05863&nc=true&u=51282614.6613c1105e9cd5aa448c8b7903f05863.1725958634778.1725958634778.1725958634778.1&b=51282614.1.1725958634778&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b02bca54-f1a0-44d3-bef6-663d303e7d43
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b02bca54-f1a0-44d3-bef6-663d303e7d43
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j%2FXGMVKuTgutrEHzE81ycv0ITi2Pd60yqIKBYWBz9k%2F8PT7TGl3%2FMnNU82vekCiWNWFGYMQku0jLW5jKWAt6qHKTy6TmKeHMXCSMNyyQpRmIVyVO5UDIcMa3P8bKsAiAkaTv3adXjctQ%2ByriPafC"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-2hswm
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8c0e359b8989d2de-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
580 B 190ms
190ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c8c8f205-0eca-468a-853c-fafb23de2d0d
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c8c8f205-0eca-468a-853c-fafb23de2d0d
last-modified: Tue, 10 Sep 2024 08:57:14 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-sj2pc
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8c0e359b7a7ad281-FRA

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
460 B 142ms
138ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=10a2d0b0-9f91-4cd7-a1e0-1cff39706638&fci=e30f8ff7-20d2-4434-ba09-52c2ca7f1015&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=7048931&pi=87726724166&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&cpi=87726724166&cgi=35190412163&lpi=87726724166&lvi=87726724166&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&t=BlackByte+Ransomware+Bypasses+EDR+Products+via+RTCore64.sys+Abuse&cts=1725958634791&vi=6613c1105e9cd5aa448c8b7903f05863&nc=true&u=51282614.6613c1105e9cd5aa448c8b7903f05863.1725958634778.1725958634778.1725958634778.1&b=51282614.1.1725958634778&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7489defc-ef11-4fd6-9807-59d34357d133
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7489defc-ef11-4fd6-9807-59d34357d133
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FnfuBFVkpVpeK6mzXp60YYD2SpHgeUyk2a8W8rc7LoC60mBOIMW4%2BrTMhp1xEp1nnh2ROCzFK1WRRM%2FocPujavnEBc3hBAri0jGsgHifwdElVVhjAfxNwdMa%2BWNMhU5C0LW76zL62UfjqYDNirkE"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-67rnt
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8c0e359b8985d2de-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
565 B 139ms
136ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%2261d02fe2-1599-4842-8786-dd623fa8a4a5%22%2C%2220738be1-4cd8-4d63-85fc-f3a810c5c5a1%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=7048931&pi=87726724166&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&cpi=87726724166&cgi=35190412163&lpi=87726724166&lvi=87726724166&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&t=BlackByte+Ransomware+Bypasses+EDR+Products+via+RTCore64.sys+Abuse&cts=1725958634793&vi=6613c1105e9cd5aa448c8b7903f05863&nc=true&u=51282614.6613c1105e9cd5aa448c8b7903f05863.1725958634778.1725958634778.1725958634778.1&b=51282614.1.1725958634778&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2a82ad86-1f14-4e13-ab40-a05ca15d5550
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2a82ad86-1f14-4e13-ab40-a05ca15d5550
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RNQk3GrlteEMFFyEbX%2BXznJmhFbzo9%2BhKMExYiHaw3jiUocr08k%2FKTei1lTfr%2BCaeSRB%2Fz%2FmiV8RpMaElfnuJwttVvYgJG2RpQy%2FSy9fIwDEWmcDzGur4X9r6Lb5%2FIO1%2B4MWMRtl63IPgzI9ccgV"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-fgd74
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8c0e359b8982d2de-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
578 B 137ms
134ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%222ec64bce-ef80-4a8d-9c85-e2ce8c0b923f%22%2C%22671a0dec-938e-4058-8f97-feb531c0533c%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=7048931&pi=87726724166&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&cpi=87726724166&cgi=35190412163&lpi=87726724166&lvi=87726724166&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&t=BlackByte+Ransomware+Bypasses+EDR+Products+via+RTCore64.sys+Abuse&cts=1725958634794&vi=6613c1105e9cd5aa448c8b7903f05863&nc=true&u=51282614.6613c1105e9cd5aa448c8b7903f05863.1725958634778.1725958634778.1725958634778.1&b=51282614.1.1725958634778&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ef0bcd66-4dd6-4e54-895d-9551ae256ee4
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ef0bcd66-4dd6-4e54-895d-9551ae256ee4
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XnKXSH75u8nqb4dme3pp5hZTJJOMIuy23CUkMgYHtBRkEQcH5Fsvqg9lgvmp3JL3d3rp%2Fc7ghzKu5%2BhnmdWaDUz5BsmhFJEWE5PwI3nFjbmV66YF%2FMJ12B0FcU8iVgkeWkM%2B0SzOgDzkp8%2BgaM%2B%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-4wmvd
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8c0e359b8986d2de-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
442 B 135ms
134ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=10a2d0b0-9f91-4cd7-a1e0-1cff39706638&fci=e0bf30ae-c209-4743-bfeb-6e6640bd4753&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2507617663&v=1.1&a=7048931&pi=87726724166&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&cpi=87726724166&cgi=35190412163&lpi=87726724166&lvi=87726724166&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&t=BlackByte+Ransomware+Bypasses+EDR+Products+via+RTCore64.sys+Abuse&cts=1725958634794&vi=6613c1105e9cd5aa448c8b7903f05863&nc=true&u=51282614.6613c1105e9cd5aa448c8b7903f05863.1725958634778.1725958634778.1725958634778.1&b=51282614.1.1725958634778&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7ca3e48a-554c-4bfa-8bc5-0be2a92aff5f
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7ca3e48a-554c-4bfa-8bc5-0be2a92aff5f
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Tg2vofwIL78xjGDLPQhCe8gmOa%2FNMDIGUmqo4%2FE3S4SAKaUlUelhMBO648ow5SPhVGgQLBZOrwwrbEN4gJs%2FUuBeNpq9YEVUP6TkNxRPxaWAbEUm1FEf%2FVkL%2BxDU9SpA%2Fo%2Bd7Fde0pR4cRbDZfp"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-964jz
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8c0e359b99afd2de-FRA
x-robots-tag: none

GET
H3 200 64d678615e3d0 Show response
display.popt.in/api/display/ 4 KB
2 KB 292ms
252ms XHR
application/json 172.67.166.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://display.popt.in/api/display/64d678615e3d0?domain=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&referrer=&previous_url=&cookies=%20poptin_old_user%3Dtrue%20poptin_user_id%3D0.aa8tvv7hzeo%20poptin_previous_url%3D%20poptin_new_user%3Dtrue%20poptin_viewed_session%3Dfalse%20&triggers=&cc=false&if_mobile=false&page_title=BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse&origin_landing_page=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&if_page_refreshed=false&poptin_viewed_url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&previous_visited_pages=&shopify_customer_id=0&cart_total_items=0&cart_total_price=0&cart_products_ids_list=&cart_products_org_ids_list=

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.202 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf04c7e30bf8517269ee08640205023b47acc47b05d88c2db3fa3b9d797b0a86

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://bc.popt.in https://.mybigcommerce.com https://.jumpseller.com https://.myshopline.com https://.myshopify.com https://*.grisynava.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:15 GMT
content-security-policy: frame-ancestors https://bc.popt.in https://*.mybigcommerce.com https://*.jumpseller.com https://*.myshopline.com https://*.myshopify.com https://*.grisynava.com
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X9lD1vBarFqIb4dPA9rupo56bxYKbPMhAu9BcQh%2FUpEcsIJsFZ6OrLMrc0Q2LVeG0BHdtdgRv4WUFA5R4dizUromQPvEeqypaQbOZMfnQ31IPPQduG65KCX8YZIoVRLV65w%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 8c0e359bfde39b34-FRA
access-control-allow-headers: Origin, Content-Type

GET
H3 200 favicon.ico
www.picussecurity.com/hubfs/Picus_February2020/images/ 15 KB
3 KB 53ms
52ms Other
image/vnd.microsoft.icon 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hubfs/Picus_February2020/images/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5242ab5df4690e1c975cefd6c70bc7f19037060288e9254c16b3ea0b07f3b222

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 134eef7df83fe066fda8a86e722c33dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-25850183661,FD-25847619727,P-7048931,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 596633
x-amz-cf-pop: FRA60-P7
x-amz-request-id: GX7YDTQ32TZZA8BY
content-encoding: br
edge-cache-tag: F-25850183661,FD-25847619727,P-7048931,FLS-ALL
cache-tag: F-25850183661,FD-25847619727,P-7048931,FLS-ALL
x-amz-version-id: GPbuCeGk..cIOQ1w6ZV9XsM2rrDBylkN
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xxgjGiBxF8EqQrAZXc4H1wIYCosuEPBAC3Xz+uzXCP3vgolXBI1+cwhYuohoLxVPMnnNO/ZBTfg=
last-modified: Fri, 14 Feb 2020 06:16:24 GMT
server: cloudflare
etag: W/"02925aef9384fc19f8c138ed9d04e72f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GSyEOOsTTV9B3gWxfqj7If5m%2FO%2F%2F3liAJd%2Bo2ppin%2FXEp%2BoSKiuovk%2Fd30olGojM28dXiJEAbKD3wwE7rGL8w%2BG%2BJjH53CYmSMNbwyQ23%2FLJkZoNs9OUFxySwdGWWZyFigaKZ4o8lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 8c0e359bb89e04a3-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: q0qqipLm03IOT9EoxxpQS4OZ8Y4lnVgg9ZDU7r40jhPH2JlE5nkTlA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
932 B 169ms
160ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=7048931&utk=6613c1105e9cd5aa448c8b7903f05863&__hstc=51282614.6613c1105e9cd5aa448c8b7903f05863.1725958634778.1725958634778.1725958634778.1&__hssc=51282614.1.1725958634778&contentId=87726724166&currentUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab83cec83199a27a8c5422882df27f3fb2d2325199cdd12a4f69abe207a1bc17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 69f0445b-0627-453e-94be-2bb0977d3fee
content-encoding: br
x-envoy-upstream-service-time: 38
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 69f0445b-0627-453e-94be-2bb0977d3fee
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-virtual-host: all
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-fjpmw
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGINgAt4jdXUQDubY1JiRaaPhA5Y9S%2BE9JihqMhAL2jUgH4xR1c8UJbV7cOx50UsxtfnD0hj9prJoUGoBvl%2Bm4WaPi1Ha0GjEj%2FDPWP2zTlxR52RcR%2FLFWXH%2FKg7FQqCiO%2Fzke0Rn6D64CFGtEbU"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8c0e359bd9ca6949-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 128ms
120ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=5336f6e3-c403-429e-8792-72366f9caf13&session=4de75f46-08c4-416d-811b-95648db335c7&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20Picus%20explains%20how%20BlackByte%20bypasses%20EDRs%20via%20RTCore64.sys%20exploit%20in%20their%20new%20ransomware.%5Cn%5Cn%5Cn%5Cn%5Cn%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageViewId=14b32da3-004f-4c68-8936-8ccc05a45149&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:14 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 08:57:14 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 125ms
117ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=5336f6e3-c403-429e-8792-72366f9caf13&session=4de75f46-08c4-416d-811b-95648db335c7&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2271d66052351c031c506efc6194814a69%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2284665a242656c44c19a4dc3e471bb3355e53cba3%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%228aaca2fd-5cd9-4888-ba4c-a92130465f35%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20Picus%20explains%20how%20BlackByte%20bypasses%20EDRs%20via%20RTCore64.sys%20exploit%20in%20their%20new%20ransomware.%5Cn%5Cn%5Cn%5Cn%5Cn%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageViewId=14b32da3-004f-4c68-8936-8ccc05a45149&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:14 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 08:57:14 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 784 B
737 B 78ms
31ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 2c288cefff7a967f2e05f9f4d70ae37c239fe8c970fc275f467e9ddd188f6c55

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
Authorization: Token 84665a242656c44c19a4dc3e471bb3355e53cba3
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
X-6s-CustomID: WebTag 8aaca2fd-5cd9-4888-ba4c-a92130465f35

Response headers

x-trace-id: 4384377838577362857
date: Tue, 10 Sep 2024 08:57:15 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.picussecurity.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 412

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 84ms
25ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.picussecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.picussecurity.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Tue, 10 Sep 2024 08:57:14 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 5143465577169852985

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 123ms
122ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=5336f6e3-c403-429e-8792-72366f9caf13&session=4de75f46-08c4-416d-811b-95648db335c7&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A2%3A240%3A3247%3A%3A8%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20Picus%20explains%20how%20BlackByte%20bypasses%20EDRs%20via%20RTCore64.sys%20exploit%20in%20their%20new%20ransomware.%5Cn%5Cn%5Cn%5Cn%5Cn%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageViewId=14b32da3-004f-4c68-8936-8ccc05a45149&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2001%3A1b60%3A2%3A240%3A3247%3A%3A8&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:15 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 08:57:15 GMT

GET
H/1.1

200
OK

/
tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/
Redirect Chain

https://fonts.popt.in/?family=Poppins&display=swap
https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Poppins&display=swap

1015 B
1 KB

594ms
200ms

Stylesheet
text/css

2600:1f14:50b:9a02:4049:4df4:24f2:ab7d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Poppins&display=swap
Protocol: HTTP/1.1
Server: 2600:1f14:50b:9a02:4049:4df4:24f2:ab7d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8503bb1f3969798a88dce37ee7f38979711dfd7495f5b8dafd66a19ff24e2d15

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Tue, 10 Sep 2024 08:57:15 GMT
x-amzn-Remapped-host: fonts.popt.in
Connection: keep-alive
x-amzn-RequestId: 9119f923-6e11-493b-96e7-3716e3a27b66
Content-Length: 1015
X-Amzn-Trace-Id: root=1-66e009eb-2e68051876fa56a97989a8d6;parent=09b0f21b8c4f2585;sampled=0;lineage=1:013914a9:0
Content-Type: text/css; charset=utf-8

Redirect headers

date: Tue, 10 Sep 2024 08:57:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=68uN0spyt5zSDh5zmBAfmpu%2F%2FBaGeMT8lzBslNg9yxXoxGPjJ2P1vChA3lOxHfsKEHmtFGjE58YQkkeYrhmoDZhtZF0BlQla5UP%2BEn4SGrZfi10FoBYsaXWwmIFl5JtA"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws?family=Poppins&display=swap
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8c0e359dafa7973a-FRA
content-length: 143
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 heb-fonts.min.css
cdn.popt.in/css/ 22 KB
3 KB 33ms
32ms Stylesheet
text/css 172.67.166.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/css/heb-fonts.min.css
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.202 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7459dd5ce48ddd21da15f490514af4be07ff85f0b0b6b9e118542d68ff5ec91

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:15 GMT
content-encoding: gzip
via: 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront)
x-amz-version-id: qXd_m_chdhWvR5DNrvI834tklGtnWkb9
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
x-amz-cf-pop: AMS1-P1
age: 168316
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 12 Sep 2018 18:05:20 GMT
server: cloudflare
etag: W/"fb58ef8ec15444a0d0cf977973d4f824"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FF4RclTOaXLF3uyF763zUwL4WfxsbejQaLaFKuDe5gT9JXK%2FO%2F31952NDeM8Ts4D2FHF9hO010eO2c2JKTAzIwV2neRRKZXVeKG2In%2B63PNDtCtfNDv2DNsEG4H%2FEA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=30672000
cf-ray: 8c0e359d9f94973a-FRA
x-amz-cf-id: QvRezeN5WKpiTzGSZYAZ-WXLru3unLvEzkO3gQ4zc3E1T5Gmpz83Cw==

GET
H3 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 35ms
34ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1072111
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O95snHM3IDEOdn6k2rbZAokqJIyakIvrJWBwNeShRTnCZ8qoZGgalXJXOly4iA8O98KNaLoJqXpVLq%2Bot2A9sRhbAl4TvkTeC2ZTvHLRNU5XUpempssZe0J%2FrI5TnHniu6qlkZvJ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c0e359d9f669bb2-FRA
expires: Sun, 31 Aug 2025 08:57:15 GMT

GET
H3 200 brands.min.css
cdn.popt.in/css/ 18 KB
5 KB 34ms
33ms Stylesheet
text/css 172.67.166.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/css/brands.min.css
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.202 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5cfa83504aa9c8a4654937559cbe6419ad26c4582eb55be91d5ddf975b5cb807

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:15 GMT
x-amz-version-id: gT1iHlAVlZxCJzqyZ2gXi0FVdCn3kiDS
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 e23d0eac0a6ca583f05a1f92837f650c.cloudfront.net (CloudFront)
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: VIE50-P3
age: 5078
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 07 Nov 2023 12:34:16 GMT
server: cloudflare
etag: W/"37af6636f1692eddc4e241653bbb57ca"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LYlMi4fnRLc9HUrtlNMEAbZFPdMlnWo%2BZ6eK9H2GM9AapyRpMKi%2FBnRt2v23OA9%2BMQPqv4EmMW7Nz8fpHYWbnmLqBPdUtMHBoS3SM9vvXAhx5zYpGIYDvgpW9W1RxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 8c0e359d9f96973a-FRA
x-amz-cf-id: tfbXF2UFEBT7UF960FxoTDAumrEqGXYsxlOcJnlhU9wEcHhAAg23XA==

GET
H3 200 poptin-style-en.css
cdn.popt.in/css/ 33 KB
6 KB 33ms
32ms Stylesheet
text/css 172.67.166.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/css/poptin-style-en.css?ver=10
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.202 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe5ac9f6307d6940b53c34e8e1f7cead57c68910c248c6df8f427074027fc44

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:15 GMT
x-amz-version-id: v3MCiPOY0YxDncH1Vwvr3p5qFuIRv3TV
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 b1b17bb437876627b68f1de6efbed2e8.cloudfront.net (CloudFront)
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: VIE50-P3
age: 2652
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 08 Sep 2024 10:11:42 GMT
server: cloudflare
etag: W/"e86e93675f7a58658189d37ce219f3aa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dm%2FBBNp75rXNCpC%2F9Wmleijk5RzmiEc%2BCpdI744o8WojDZf%2BBynol893gg1cRMAGZfsc2MBZtgPlaldr9dLCkDvg3ZtdCEU04qM%2F1x3RwqN%2FgpvQ67P9AR3H4VY%2B0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 8c0e359d9f97973a-FRA
x-amz-cf-id: YzRcapHoLSMS4Avc2C5wlMiLON9etNdEYS1DnPpN59YSTvTUY4u4EA==

GET
H3 200 poptin-animations.css
cdn.popt.in/css/ 6 KB
2 KB 34ms
33ms Stylesheet
text/css 172.67.166.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/css/poptin-animations.css?ver=10
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.202 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e0e91c655429e89e6f922885ea309f734d5f61c770b759a89713bda73b19ae8

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:15 GMT
x-amz-version-id: GSoboa5O52jCwHGfP3bACm5nEEnig0P7
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 6941fd25181b0a23e67d60483416069a.cloudfront.net (CloudFront)
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: VIE50-P3
age: 1162
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 08 Sep 2024 10:11:42 GMT
server: cloudflare
etag: W/"c4792cc666ef27a117644a46c3b9d6fc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ot3N1sSVqSb9Je%2BXEKM73RqswjP6Z5qXnK9CiOkGvlezLYB0msrJD6k2%2B17RhuNUIOoWIe%2BhpGdpJQQzuC7TWeKZX%2BjVMRUyq0M%2BBKAVpbZa7YWNwbwbl3q62GtR9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 8c0e359d9f98973a-FRA
x-amz-cf-id: LtYSLzKbFSpF9I5kyaFPiWZvZIeNRn8-ksI-5yj-J-whONR-fBiqpQ==

GET
H2 200 account_613f053dd8506_poptin_92655d6888467_2024-09-04_16-45-45_version_9.html Show response
d3lopmpcew67el.cloudfront.net/client_64d678615e3d0/ 708 KB
518 KB 77ms
20ms XHR
text/html 2600:9000:2646:9c00:b:8c20:bf40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3lopmpcew67el.cloudfront.net/client_64d678615e3d0/account_613f053dd8506_poptin_92655d6888467_2024-09-04_16-45-45_version_9.html
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2646:9c00:b:8c20:bf40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 713a69559a57fccd496311f3a27a4ba24635bf35ca0fe5bacfcca71b0f23b7d2

Request headers

Accept: */*
Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 5SkgEwC.CdY0hNvstQUcpo_yvW3m1.iG
content-encoding: gzip
via: 1.1 b459d8cae3f218ce39711fc3ecdcc998.cloudfront.net (CloudFront)
date: Tue, 10 Sep 2024 07:57:49 GMT
x-amz-cf-pop: FRA60-P5
age: 13282
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 06 Sep 2024 07:09:11 GMT
server: AmazonS3
etag: W/"4c73334b55b1df4f0cd46fb9c5002320"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: -yK3BVyAKLHo6XLnUWyCtS8FCXjmLMCqh1f8xN9AyK2opY4HYGDnrw==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 95ms
38ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-DB6MKXQ2E6&gtm=45je4940v872608557za200zb837849470&_p=1725958633167&gcs=G100&gcd=13p3pPp2p5l1&npa=1&dma_cps=-&dma=1&tag_exp=101529665&gdid=dZTQ1Zm&cid=617111039.1725958635&ul=de-de&sr=1600x1200&ir=1&are=1&frm=0&pscdl=denied&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=BA&_s=1&dl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&sid=1725958634&sct=1&seg=0&dt=BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse&en=page_view&_fv=1&_ss=1&ep.page_location_clean=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&ep.anonymizeIp=true&tfd=3010
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DB6MKXQ2E6&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:15 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.picussecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 timer.css
cdn.popt.in/css/v_2/ 8 KB
2 KB 34ms
33ms Stylesheet
text/css 172.67.166.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/css/v_2/timer.css?ver=10
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.202 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50e2fd64f48d997b8e70d8c5374a5c2c5e0e015576234c4ac3b4f4d0e9fb4604

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:15 GMT
x-amz-version-id: CPNqYTYdUVCopqWPFPF9j0hl8GbYjpUL
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 a4b4d7abc0326a3361ae9fdbb50aff96.cloudfront.net (CloudFront)
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: VIE50-P3
age: 1511
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 08 Sep 2024 10:11:42 GMT
server: cloudflare
etag: W/"479981f899b91abe25bc0faf32018c01"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DLMO9%2B9heVeMxYzRRHiPr435nU4TSE4%2BiDRagxXGEOEF30XkLlFxBleNla4soUTNioDgS49d1h6wHSJiDyY0MTiz4m%2Fl6%2BRuG2NZeD7mLphET5XSnj2Po%2B%2FjUwtoeg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 8c0e359f0932973a-FRA
x-amz-cf-id: OT38hqU2riXZLOQ3P9CLp9WazcARGA8uC41rsSIfgOP2ECr-5VriOA==

GET
DATA 200
OK truncated
/ 385 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b19c2b74f5c21d839e1322e361ca06229a799085fdfa6505df8daaf872bbeea

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 122 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b85cdd8c923aa460b2f8a13bad4906ec6d34fc26fa5bee6198fd201f3b93745

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 127ms
126ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=5336f6e3-c403-429e-8792-72366f9caf13&session=4de75f46-08c4-416d-811b-95648db335c7&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A13%20GMT%22%2C%22timeSpent%22%3A%222149%22%2C%22totalTimeSpent%22%3A%222149%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20Picus%20explains%20how%20BlackByte%20bypasses%20EDRs%20via%20RTCore64.sys%20exploit%20in%20their%20new%20ransomware.%5Cn%5Cn%5Cn%5Cn%5Cn%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageViewId=14b32da3-004f-4c68-8936-8ccc05a45149&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2001%3A1b60%3A2%3A240%3A3247%3A%3A8&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 08:57:15 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 146ms
145ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=5336f6e3-c403-429e-8792-72366f9caf13&session=4de75f46-08c4-416d-811b-95648db335c7&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A16%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A15%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223150%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20Picus%20explains%20how%20BlackByte%20bypasses%20EDRs%20via%20RTCore64.sys%20exploit%20in%20their%20new%20ransomware.%5Cn%5Cn%5Cn%5Cn%5Cn%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageViewId=14b32da3-004f-4c68-8936-8ccc05a45149&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2001%3A1b60%3A2%3A240%3A3247%3A%3A8&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:16 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 08:57:16 GMT

GET
H2 200 RedHatDisplay-Bold.ttf
d362h7pxdteoyk.cloudfront.net/custom/64d678615e3d0/RedHatDisplay/ 46 KB
26 KB 89ms
26ms Font
font/ttf 2600:9000:2644:9000:10:fb15:b700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d362h7pxdteoyk.cloudfront.net/custom/64d678615e3d0/RedHatDisplay/RedHatDisplay-Bold.ttf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:9000:10:fb15:b700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6fa5f40c6218b575eacc8e145c84c31789d4576951ad15dc3866c6dab1e026df

Request headers

Referer: https://www.picussecurity.com/
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 04:53:52 GMT
content-encoding: br
via: 1.1 6e4ed2b1996ce238462d61d3bfff667a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 16474
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 02 Feb 2023 12:15:01 GMT
server: AmazonS3
etag: W/"8e3712389d8ab88d3b133fd9e07af04b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/ttf
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: 4LmgNLnoc-LYsWP9HMPz5d7joHuV4ypHUf52yWlYbdeA58nBkyoOig==

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
d362h7pxdteoyk.cloudfront.net/fonts/poppins/ 8 KB
8 KB 85ms
22ms Font
binary/octet-stream 2600:9000:2644:9000:10:fb15:b700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d362h7pxdteoyk.cloudfront.net/fonts/poppins/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by: Host: tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws
URL: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Poppins&display=swap
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:9000:10:fb15:b700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Request headers

Referer: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 01:59:05 GMT
via: 1.1 6e4ed2b1996ce238462d61d3bfff667a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 25119
x-cache: Hit from cloudfront
content-length: 7884
last-modified: Wed, 14 Dec 2022 11:49:37 GMT
server: AmazonS3
etag: "9212f6f9860f9fc6c69b02fedf6db8c3"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: zINR3YDbliYOFgB7VGU_BkiaPG7pr8I4BO7HTa2bfwAB4UiP2KHNmw==

GET
DATA 200
OK truncated
/ 385 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b19c2b74f5c21d839e1322e361ca06229a799085fdfa6505df8daaf872bbeea

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 122 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b85cdd8c923aa460b2f8a13bad4906ec6d34fc26fa5bee6198fd201f3b93745

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
538 B 126ms
126ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7e4413bd-44e7-415c-a823-867e12e987d0
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7e4413bd-44e7-415c-a823-867e12e987d0
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-scbnj
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8c0e35accb6ad281-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 127ms
127ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=5336f6e3-c403-429e-8792-72366f9caf13&session=4de75f46-08c4-416d-811b-95648db335c7&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A16%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224150%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20Picus%20explains%20how%20BlackByte%20bypasses%20EDRs%20via%20RTCore64.sys%20exploit%20in%20their%20new%20ransomware.%5Cn%5Cn%5Cn%5Cn%5Cn%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageViewId=14b32da3-004f-4c68-8936-8ccc05a45149&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2001%3A1b60%3A2%3A240%3A3247%3A%3A8&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:17 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 08:57:17 GMT

GET
H/1.1

200
OK

/
tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/
Redirect Chain

https://fonts.popt.in/?family=Poppins&display=swap
https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Poppins&display=swap

1015 B
1 KB

199ms
199ms

Stylesheet
text/css

2600:1f14:50b:9a02:4049:4df4:24f2:ab7d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Poppins&display=swap
Protocol: HTTP/1.1
Server: 2600:1f14:50b:9a02:4049:4df4:24f2:ab7d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8503bb1f3969798a88dce37ee7f38979711dfd7495f5b8dafd66a19ff24e2d15

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Tue, 10 Sep 2024 08:57:18 GMT
x-amzn-Remapped-host: fonts.popt.in
Connection: keep-alive
x-amzn-RequestId: ae570638-c35f-4d62-a4dc-4d0bd7cc889e
Content-Length: 1015
X-Amzn-Trace-Id: root=1-66e009ee-0930081732b85e510a8d4c77;parent=636e0a0d597779ea;sampled=0;lineage=1:013914a9:0
Content-Type: text/css; charset=utf-8

Redirect headers

date: Tue, 10 Sep 2024 08:57:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYvflEpLVjodoAjjxRpF3gqpe1EIow5AfxKPiWJda%2ByFM1ry0Fo44oHWiHv4Q5zCn94cWHM2qG0h6seleWcfB0A3%2BUrVaEOR0mCGVGcBNQ4o%2BXeLSnAa0RMJKI4XUUMR"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws?family=Poppins&display=swap
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8c0e35b03d9d973a-FRA
content-length: 143
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1

200
OK

/
tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/
Redirect Chain

https://fonts.popt.in/?family=Yeseva+One&display=swap
https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Yeseva+One&display=swap

2 KB
2 KB

393ms
193ms

Stylesheet
text/css

2600:1f14:50b:9a02:4049:4df4:24f2:ab7d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Yeseva+One&display=swap
Protocol: HTTP/1.1
Server: 2600:1f14:50b:9a02:4049:4df4:24f2:ab7d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: dce3ba700ff47fbef568d7d322c669176b4150abc990ef6a9941bb4fdfa17299

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Tue, 10 Sep 2024 08:57:18 GMT
x-amzn-Remapped-host: fonts.popt.in
Connection: keep-alive
x-amzn-RequestId: 8b4d2d52-e06d-450f-aca5-8c8c2a863746
Content-Length: 1615
X-Amzn-Trace-Id: root=1-66e009ee-698049381dd46562382ee1b9;parent=0d18847358687f7a;sampled=0;lineage=1:013914a9:0
Content-Type: text/css; charset=utf-8

Redirect headers

date: Tue, 10 Sep 2024 08:57:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gypWH11iWbfIgasaJFVWUSkSxs0hkKXjKp3rObRCI6eII2lh2QER%2BYlPM612pvBYqrmhP%2B4aF3oxSHXKZQAq64ZgLyWrGFIzWnoHQfPgTK2rJJzLPeSWboHNY348yvDk"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws?family=Yeseva+One&display=swap
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8c0e35b05dd3973a-FRA
content-length: 143
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 92655d6888467 Show response
display.popt.in/api/display/viewed/ 105 B
707 B 223ms
222ms XHR
application/json 172.67.166.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://display.popt.in/api/display/viewed/92655d6888467?viewer_id=de1e00b605d96&trigger=false&client_id=64d678615e3d0&type=desktop&url=https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.202 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

127598c57ffc5e7b0d736b77292d197584ed5f6e5987c079ee2d7defce2c8ffc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://bc.popt.in https://.mybigcommerce.com https://.jumpseller.com https://.myshopline.com https://.myshopify.com https://*.grisynava.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:57:18 GMT
content-security-policy: frame-ancestors https://bc.popt.in https://*.mybigcommerce.com https://*.jumpseller.com https://*.myshopline.com https://*.myshopify.com https://*.grisynava.com
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MIPJwWlWeb6mUvc%2ByKi1421AK5zGQnClCS5EIeK67zJN9NYhTkZKquxyXJ9z0S7FdDiBHtRS4ET3sZA%2FO1JRDYDc3xjp8Bzcjzo9ORTOUW%2F1odgFijrSGJ0GUYHyLivqu94%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 8c0e35b27ced9b34-FRA
access-control-allow-headers: Origin, Content-Type

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 128ms
128ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=5336f6e3-c403-429e-8792-72366f9caf13&session=4de75f46-08c4-416d-811b-95648db335c7&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A18%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A17%20GMT%22%2C%22timeSpent%22%3A%221015%22%2C%22totalTimeSpent%22%3A%225165%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20Picus%20explains%20how%20BlackByte%20bypasses%20EDRs%20via%20RTCore64.sys%20exploit%20in%20their%20new%20ransomware.%5Cn%5Cn%5Cn%5Cn%5Cn%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageViewId=14b32da3-004f-4c68-8936-8ccc05a45149&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2001%3A1b60%3A2%3A240%3A3247%3A%3A8&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:18 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 08:57:18 GMT

GET
H2 200 OpNJno4ck8vc-xYpwWWxli1VWw.woff2
d362h7pxdteoyk.cloudfront.net/fonts/yesevaone/ 16 KB
17 KB 23ms
23ms Font
binary/octet-stream 2600:9000:2644:9000:10:fb15:b700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d362h7pxdteoyk.cloudfront.net/fonts/yesevaone/OpNJno4ck8vc-xYpwWWxli1VWw.woff2
Requested by: Host: tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws
URL: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Yeseva+One&display=swap
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:9000:10:fb15:b700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4df2558618d59bf36dcdafac03f2a3d4b6fed61a7381558bff35a1b81675114a

Request headers

Referer: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/
Origin: https://www.picussecurity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 09 Sep 2024 10:30:03 GMT
via: 1.1 6e4ed2b1996ce238462d61d3bfff667a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 80840
x-cache: Hit from cloudfront
content-length: 16664
last-modified: Wed, 14 Dec 2022 11:53:07 GMT
server: AmazonS3
etag: "247f3761e787cb917d84b6beb4826113"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: rTjjKrqTZINydJhWXbP2TSYy3fLrcyZSaQQKo4K_aZVaTop90YukHA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 135ms
135ms Image
image/gif 23.53.42.251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=5336f6e3-c403-429e-8792-72366f9caf13&session=4de75f46-08c4-416d-811b-95648db335c7&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A19%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2010%20Sep%202024%2008%3A57%3A18%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226166%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%2C%20Picus%20explains%20how%20BlackByte%20bypasses%20EDRs%20via%20RTCore64.sys%20exploit%20in%20their%20new%20ransomware.%5Cn%5Cn%5Cn%5Cn%5Cn%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22BlackByte%20Ransomware%20Bypasses%20EDR%20Products%20via%20RTCore64.sys%20Abuse%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fblackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse&pageViewId=14b32da3-004f-4c68-8936-8ccc05a45149&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2001%3A1b60%3A2%3A240%3A3247%3A%3A8&v=1.1.24

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-53-42-251.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 Sep 2024 08:57:19 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 10 Sep 2024 08:57:19 GMT

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

41 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.picussecurity.com/	1970-01-20 23:26:00	Name: __cf_bm Value: 4pSrntqN7jwwCZrOUgop19RJrqxGuJ3suqWVb0_N5ys-1725958632-1.0.1.1-Fh._3UIKwAkxadmpbtbpWmfzNtquGOdtUzwGXpmhBrN8YRp6Bnnr_OlUcz2joDmbQHm4FFoWELDYqwIRBsZlOg
.www.picussecurity.com/	1969-12-31 23:59:59	Name: __cfruid Value: 3620203d31bfa35f8ab5503813686474c60a0a5b-1725958632
.hubspot.com/	1970-01-20 23:26:00	Name: __cf_bm Value: KLFRuaeCQKePiiO2klLVQ7dbkuBFUckNQ2.2pStjP84-1725958633-1.0.1.1-gBlWRxGu76LTJVU6wbuevZaigF0eac5bmHe8Q2fcy.YMYpqoXFhYbB3El3esMQVFJn4tIgXEcpNXPDiMu0WAZQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: dBzGfXwpVAlhKbwNQ067HwhnHX42Wjf8Y4vJN780_Tg-1725958633313-0.0.1.1-604800000
.picussecurity.com/	1969-12-31 23:59:59	Name: traffic_start_page Value: https://www.picussecurity.com/resource/blog/blackbyte-ransomware-bypasses-edr-products-via-rtcore64.sys-abuse
.picussecurity.com/	1970-01-21 01:35:34	Name: _gcl_au Value: 1.1.1313408226.1725958634
.picussecurity.com/	1970-01-20 23:26:02	Name: MF69CXJ-OZ2jFJm35 Value: :::2
.picussecurity.com/	1970-01-20 23:26:02	Name: MF6JIbbIciiT7 Value: :::2
.picussecurity.com/	1970-01-20 23:26:02	Name: MF6JIbbJSfd Value: :::2
.picussecurity.com/	1970-01-20 23:26:02	Name: MF6JIbbCSRZlD Value: :::2
.picussecurity.com/	1970-01-21 09:01:58	Name: MFVaCk Value: 1:::2
.picussecurity.com/	1970-01-21 09:01:58	Name: MFVaKX5 Value: 7bc69fbc-15cc-4350-9e37-dde3052c85a3:::2
.picussecurity.com/	1970-01-20 23:26:02	Name: MFVaKkbIhOik Value: 1725958634:::2
.picussecurity.com/	1970-01-20 23:26:02	Name: MFVaKk-5 Value: 1695078b-35e0-4be8-bda1-52ceb7e12bf0:::2
.picussecurity.com/	1970-01-20 23:26:02	Name: MFVaEkb4ciek Value: 1:::2
.picussecurity.com/	1970-01-20 23:26:02	Name: MFVaEk-5 Value: 816dafb2-bbd1-47ea-8dcf-a0020710ec6b:::2
.picussecurity.com/	1970-01-20 23:26:02	Name: MFVaEkbIhOik Value: 1725958634:::2
.hsforms.com/	1970-01-20 23:26:00	Name: __cf_bm Value: 3yeEYN1UzTi5zR0_4IqJKAbLqz_SXPRmd4_XMWuM3B8-1725958634-1.0.1.1-uV_UFbYCzwaPqpSAuVl_wBZhEsDzZ6fOhaxg_w0hxjVeP0HSsTA9gZGEogk8ynT1KHIjogB0LNmoIptWrEAEMA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: PEdikNums2vaYJer.Uus2K_NrdnpixHGWbS57cNHwdQ-1725958634269-0.0.1.1-604800000
.linkedin.com/	1970-01-21 08:11:34	Name: bcookie Value: "v=2&821421ff-7722-40e2-8777-5248f13fb5c2"
.linkedin.com/	1970-01-21 03:45:10	Name: li_gc Value: MTswOzE3MjU5NTg2MzQ7MjswMjGrLW+YGzlDU5msHWTf7OFtqq39ZIOGZ1adIiRSRMkdiQ==
.linkedin.com/	1970-01-20 23:27:25	Name: lidc Value: "b=OGST00:s=O:r=O:a=O:p=O:g=3428:u=1:x=1:i=1725958634:t=1726045034:v=2:sig=AQFSOkOdvGfqdsqp23VqSuVrROBc6_Xe"
www.picussecurity.com/	1970-01-20 23:28:51	Name: poptin_old_user Value: true
www.picussecurity.com/	1970-01-21 08:11:34	Name: poptin_user_id Value: 0.aa8tvv7hzeo
www.picussecurity.com/	1970-01-20 23:25:58	Name: poptin_previous_url Value:
.picussecurity.com/	1970-01-21 03:45:10	Name: __hstc Value: 51282614.6613c1105e9cd5aa448c8b7903f05863.1725958634778.1725958634778.1725958634778.1
.picussecurity.com/	1970-01-21 03:45:10	Name: hubspotutk Value: 6613c1105e9cd5aa448c8b7903f05863
.picussecurity.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.picussecurity.com/	1970-01-20 23:26:00	Name: __hssc Value: 51282614.1.1725958634778
.adnxs.com/	1970-01-21 09:01:58	Name: receive-cookie-deprecation Value: 1
www.picussecurity.com/	1970-01-20 23:36:03	Name: _an_uid Value: 0
www.picussecurity.com/	1970-01-21 09:01:58	Name: _gd_visitor Value: 5336f6e3-c403-429e-8792-72366f9caf13
www.picussecurity.com/	1970-01-20 23:26:13	Name: _gd_session Value: 4de75f46-08c4-416d-811b-95648db335c7
www.picussecurity.com/	1970-01-21 08:11:34	Name: poptin_user_ip Value: 217.114.218.23
www.picussecurity.com/	1970-01-21 08:11:34	Name: poptin_user_country_code Value: false
www.picussecurity.com/	1970-01-21 00:09:10	Name: poptin_session_account_613f053dd8506 Value: true
www.picussecurity.com/	1970-01-20 23:26:00	Name: poptin_o_v_92655d6888467 Value: de1e00b605d96
www.picussecurity.com/	1970-01-20 23:26:00	Name: poptin_session Value: true
www.picussecurity.com/	1970-01-21 00:09:10	Name: poptin_c_visitor Value: true
www.picussecurity.com/	1970-01-20 23:27:25	Name: poptin_o_a_d_92655d6888467 Value: de1e00b605d96
www.picussecurity.com/	1970-01-20 23:26:00	Name: poptin_o_a_v_92655d6888467 Value: de1e00b605d96

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

39666904.fs1.hubspotusercontent-na1.net
7048931.fs1.hubspotusercontent-na1.net
api.hubapi.com
app.hubspot.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.mouseflow.com
cdn.popt.in
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
d10lpsik1i8c69.cloudfront.net
d362h7pxdteoyk.cloudfront.net
d3lopmpcew67el.cloudfront.net
display.popt.in
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
fonts.popt.in
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
lh6.googleusercontent.com
no-cache.hubspot.com
p.visitorqueue.com
perf-na1.hsforms.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
secure.adnxs.com
settings.luckyorange.net
snap.licdn.com
static.hsappstatic.net
static.hubspot.com
t.visitorqueue.com
tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws
track.hubspot.com
www.googletagmanager.com
www.picussecurity.com
104.17.24.14
104.18.26.50
104.19.175.188
13.107.42.14
143.204.205.137
157.240.252.13
172.67.166.202
172.67.75.100
185.89.210.153
199.60.103.29
2001:4860:4802:34::36
23.53.42.251
2600:1f14:50b:9a02:4049:4df4:24f2:ab7d
2600:9000:2490:4000:c:77c4:d500:93a1
2600:9000:2644:9000:10:fb15:b700:21
2600:9000:2646:9c00:b:8c20:bf40:21
2606:2800:234:59:254c:406:2366:268c
2606:4700:4400::6812:28f0
2606:4700:4400::ac40:9284
2606:4700::6810:4f8e
2606:4700::6810:6dfe
2606:4700::6810:7674
2606:4700::6811:80ac
2606:4700::6811:ac5b
2606:4700::6811:afc9
2606:4700::6812:8d11
2606:4700::6812:f36c
2620:1ec:21::14
2620:1ec:33:3::10
2a00:1450:4001:809::2008
2a00:1450:4001:810::2001
2a00:1450:4001:810::2003
2a00:1450:4001:831::200a
2a02:26f0:3500:10::210:a99
2a02:26f0:3500:10::210:a9a
2a02:26f0:e300::5f64:9219
3.98.25.165
76.223.9.105
00d518a68679bda2812a08120ea0f48bd85eb6300e58d0b81aa0e6b72ae77992
03acc5c7069d79f53c0902c716cc6c6f1463d8ebb87724d39e5cb03f3f9d7890
041685b0e5a31c63c4c06ffc86484bdd0c56100f1f0b36c91571e6a00bcec715
047e26bb00e76e6e10f34ea70ee0f11b9174126bb6c2399babeb03c704d5a332
059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21
094ef67e90a16cdd61744c2b39d58c85685517720c80e22ff7cf3b7f460554a6
0af58bcdda4bce4a998c3c1d32d5a6bbebd8ef7c7007e8888531cb493cc9f64b
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0d24d7930883c81a956a8d25026d6befdf264a901da8570a7fa27b6db580c2bf
0d65e0bb2b93943ac7a72d8f70bda4f8931d6d07c9731bf28dc1d895c1dc4edf
0e0e91c655429e89e6f922885ea309f734d5f61c770b759a89713bda73b19ae8
106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8
109a14abac939df0ab29af6bbf5c0ca592b1cdf7adb33a0052f166c8b303bc37
115c7f3cf61e4ec19070b9e59e20e78756d39d193eb9b544065059b9935d2491
119a6cbc9b730bfc19ee81acbd9d7351f36e01d402aaa5aec0eaebf03bdc8808
127598c57ffc5e7b0d736b77292d197584ed5f6e5987c079ee2d7defce2c8ffc
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1cc9c80e6ff92ab3aff68e2e23671ccabb9ef8ef36dce9cb0980fbf10e86a83a
21036da1013e88ad1be39946746a916786b081557a7a72b6a194c153c175aa59
228f08d7d79b9a75e9df18997ee260c139fe2d538924d5f05037e047d3f41d38
27e00fa0d68fdea374a2a329d8c037fcda2c60846e2395db9b7e3b7a37b90fa1
2c288cefff7a967f2e05f9f4d70ae37c239fe8c970fc275f467e9ddd188f6c55
2d042ae177f7d076320fa923d0bfc2d3f831e3dacec0ff6fffc1328d4e36f2f9
2dfc056c1cd1756705fa1b3b34bba1b4712b6360c7c146f2156dcd46aed56de9
2e095c77cbc278604a08136ba272382190c0c7a12a26777a33ca20fafbb59186
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
34350dee947083733dcd88d858cf65df7a4f282846c465b8f9627090aa5da3c0
387fafc4558eb44d4303fb1710ec85e39755ffa9378b8cdf982c7e66db79c463
4071465b2c0223da0e296a2d9ed8fbec379caa2d8eccacf96113afa481d7714a
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
436d419ece00caac66b9cefc42feea170edcf58652dc07be5a7d23ac05aca8fc
43ffc04fc9feaf3e018ef29811c774bd365508ef79d33f9e63c5156a6fc90bf8
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
445f46602799290b686e3923ec7ca10f1f7152fc8e77fcdc1a8280acda8442b7
4729bfd946aafe126a4693d3dda5dd1927682a5cb213c13ea3b236966908f9b9
4a948cad1525b333f4615fb0203e3dcf4a5fdef9409adb657fceeab1dcb37f7d
4bf7bbe2ff34569ca8208b5df957ae1bd37d2403d378146fb4e993155cb9820d
4c92a856ef5f00e2ac59b76a4960d24a2dc57e80fe559acaabf141494ef00081
4d853f486dc84fdc7d1b073cbe0567f4ad79b211fc28ed46186bbb0c8cd1ad26
4df2558618d59bf36dcdafac03f2a3d4b6fed61a7381558bff35a1b81675114a
50e2fd64f48d997b8e70d8c5374a5c2c5e0e015576234c4ac3b4f4d0e9fb4604
5242ab5df4690e1c975cefd6c70bc7f19037060288e9254c16b3ea0b07f3b222
5458bb001fbaee0822a06901d6989a7568457bc97c78ce726d8884c34f665910
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
568d7b83659993469a2d729ad98daba3a7de2568f74d670d18ae618f118fe353
5838502472e71a515543a162e7b064dec69300aa7976cddfb19c13c478360548
5ad1bae6d460c542914e6daf142d4bdcbd71aabebe3c551ac3cb82408e71a77c
5b192b4a7f8e139934a7574e3a3460152a3a43f5cbd9fdeecad1c69e000baaa7
5b4134fc9963276fb840bb8178d62e95d0efa733909f6eeef3f364d4d60f0777
5b7290b38b86182592c3a60c491c3a977318c034959142a61d92a75025b3c334
5cfa83504aa9c8a4654937559cbe6419ad26c4582eb55be91d5ddf975b5cb807
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
616a7f16e89518adbc89002f178ebfac5756fc3e96ca30a807ce65ee0e7e4530
62553d159189834af73c9a6264704be5b2bee9a08da66a14768d8e5c6ffd2cdb
62f8c146d3acc3fae1dd468cb6704f0c68ebda65db397b1bb9d073d9e313b3fc
633600072534f800c00ce54b60270678545462434c28e1865dde26273d8b00d3
664f728f41b178d1022d70bae50ce587b3793c9286a0b739f082189bd6c87f6c
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3
6fa5f40c6218b575eacc8e145c84c31789d4576951ad15dc3866c6dab1e026df
713a69559a57fccd496311f3a27a4ba24635bf35ca0fe5bacfcca71b0f23b7d2
72619c6102fad975af11f4d5021f69db5e91ed5a85b1d370bbc98b7434cf844a
794559db00f5a68a8a82dc14f100cd1f9a970cbea66701ca8a43dee9919ffe03
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7fdcb805a20649db94783ffc68e227bd61a806f29af381db6c84b52138d2dccd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8503bb1f3969798a88dce37ee7f38979711dfd7495f5b8dafd66a19ff24e2d15
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8acd930d7a72da64980a950dea0c1507411900cb1459aa8c743e003df27444dd
8b85cdd8c923aa460b2f8a13bad4906ec6d34fc26fa5bee6198fd201f3b93745
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8ea176ad3c5bdc02628d7ac76ce4dee69a30afdca17cecff76c2d48518305c7e
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
9b19c2b74f5c21d839e1322e361ca06229a799085fdfa6505df8daaf872bbeea
a00ac1e97469410d27c7807937a01a9fb37272970d20a0178bad424be0bdf6ae
a3ca2178c03aa90413665605224901388a8a7694be710ccf31d1c9546f6bb558
a791796f72eea3c5febcbe84acc17e5e8e434e71036ea481b168dc4f41f12a9c
ab83cec83199a27a8c5422882df27f3fb2d2325199cdd12a4f69abe207a1bc17
abb4f8005856e20f330bf9504ca11b26640495da6d4fbf2b1d46be1761f49f5d
ad35b390ce3898cfef7bb94973d42ab290ec56f7315e0b459f4ba017eac96f07
aea136527ca962a15eea8eb338c7667b5a44d98bff65dc09a36f5493ddbacb99
afe5ac9f6307d6940b53c34e8e1f7cead57c68910c248c6df8f427074027fc44
b0403829bc66fd1f26c7ad7f42a2560787fe44f34417d357ed83d107ab32d983
b4aedc93d1c0050ee019a0f8a838d5de2b64ca89662eb31c45e04da5d3f09b4f
b71a29ecd59a83648619466fa24609d9030aa3eb31b3cedc7f9b424d2da1a270
b847da4bbfb3b6cda1e6fb54380bf87bdd21ce49750093fb481f957fc3fbaded
b8c3f82457a884c434bd712f0e89c6766d8a89b51a6a5d74fbe83c5a2babd990
bb9ad934a9764fae7d120816af46ced418c42678eb4f8ca666d9bed82b7e554b
c33a226e9787ec90b6c8ecf1f539b51592df0ed7cac9a0e4d2674a4377ed463d
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c78fab07d4ee469def66170220968c4e790992e5adc971a34edc7eabc695e79f
c85cff899f9c3f0706cc4451589fac833a980c512d11939c80e4c317ebd63171
cf04c7e30bf8517269ee08640205023b47acc47b05d88c2db3fa3b9d797b0a86
cf773224fb7b3fd5978d7b527d003387334f71f37ed57e9ea50fe7b9bf4d6a76
d0b8513bbf50c1af615575215ef85bf4c3af5166c013c808bfe96fd21b2067b3
d1af850eed9d8f478503ae0d24ebdd78691a15ed523db6f16df44b9da327c0d5
d7459dd5ce48ddd21da15f490514af4be07ff85f0b0b6b9e118542d68ff5ec91
d875f9a2038e25a599452c9e774403240c3bc83df261ed41188bd7ecdf71fee0
dab4ed514d39f2a7cf4ccf6215d9cd4c851d24c9ccf85839cc73e4097d38df61
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dce3ba700ff47fbef568d7d322c669176b4150abc990ef6a9941bb4fdfa17299
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd15802a3b6fd9115c783df6a1d15c52bb656fabc921a017e47e75c2c393d481
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
dede645d4b711cfed232fc9fd755664b3484476c60032a827209102e0c09429c
e26ec70efb18de158d5d9d027b4ab3a2af136473bfc11a88a73690089b0c8f12
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4efcc099f128e3655108f269adb8e838c24ee54d98c3903a22dec225e3e1221
ea40563dac288d2a4e806100888a28be233519095512b5b0f44f02d4a4b23aea
eeecc1c14b175e0226295f130c6121ddf605878b3489fd61181911c17c9b2a74
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
f16de7b1b4aaefe1a073fd179d639c5264e6451ea208b8b9cf72ef0d846b308f
f1fac56156eb4c844c9bb902eee624cc862c4a6d47f91edc431882e436ceefed
f7dee2a88356549b15d6145e3170e69825aa94d38e4809fc690142eb69481484
f80603874c68fef25ac9ffe412a6c6056ab267d7e4d044f090c8282ab80c4da5
fb4c22e9b33cac2cfafdbf356dc775808d93a17313980b40fb343e1120dc6af7
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
fffcc1196c1beb2cd92264e3b6efe6fdebc9129610b8308987eff5d97ebab507

www.picussecurity.com Open in urlscan Pro 199.60.103.29 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

159 Requests

97 %HTTPS

66 %IPv6

32 Domains

53 Subdomains

39 IPs

5 Countries

3187 kBTransfer

7662 kBSize

41 Cookies

17 Outgoing links

Redirected requests

159 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.picussecurity.com Open in urlscan Pro
199.60.103.29 Public Scan

Screenshot
Live screenshot

Full Image

159
Requests

97 %
HTTPS

66 %
IPv6

32
Domains

53
Subdomains

39
IPs

5
Countries

3187 kB
Transfer

7662 kB
Size

41
Cookies

159 HTTP transactions
7 data transactions