thedfirreport.com Open in urlscan Pro
172.67.189.47 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Submission: On February 02 via manual (February 2nd 2024, 6:04:36 pm UTC) from GT — Scanned from DE

Summary HTTP 107 Redirects Links 35 Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 13 domains to perform 107 HTTP transactions. The main IP is 172.67.189.47, located in United States and belongs to CLOUDFLARENET, US. The main domain is thedfirreport.com. The Cisco Umbrella rank of the primary domain is 947076.
TLS certificate: Issued by E1 on January 18th 2024. Valid for: 3 months.

This is the only time thedfirreport.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	172.67.189.47 172.67.189.47	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:480... 2a02:26f0:480:10::213:7ea0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
26	2606:4700:303... 2606:4700:3036::ac43:bd2f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
3	2a02:26f0:480... 2a02:26f0:480:3::210:ee87	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
22	2a04:4e42:8e:... 2a04:4e42:8e::762	54113 (FASTLY) (FASTLY)
2	2600:1901:1:c... 2600:1901:1:c36::	15169 (GOOGLE) (GOOGLE)
8	2600:1901:1:81:: 2600:1901:1:81::	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c07::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
107	22

7 172.67.189.47 (United States)

ASN13335 (CLOUDFLARENET, US)

thedfirreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:10::213:7ea0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

open.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700:3036::ac43:bd2f (United States)

ASN13335 (CLOUDFLARENET, US)

thedfirreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:480:3::210:ee87 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

i.scdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
encore.scdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a04:4e42:8e::762 (United States)

ASN54113 (FASTLY, US)

embed-cdn.spotifycdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
web-sdk-assets.spotifycdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)

apresolve.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1901:1:81:: (United States)

ASN15169 (GOOGLE, US)

gew4-spclient.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	thedfirreport.com thedfirreport.com — Cisco Umbrella Rank: 947076	838 KB
22	spotifycdn.com embed-cdn.spotifycdn.com — Cisco Umbrella Rank: 12983 web-sdk-assets.spotifycdn.com — Cisco Umbrella Rank: 7001	1 MB
18	wp.com c0.wp.com — Cisco Umbrella Rank: 8666 stats.wp.com — Cisco Umbrella Rank: 2723 pixel.wp.com — Cisco Umbrella Rank: 2679	149 KB
12	spotify.com open.spotify.com — Cisco Umbrella Rank: 2961 apresolve.spotify.com — Cisco Umbrella Rank: 905 gew4-spclient.spotify.com — Cisco Umbrella Rank: 5843	6 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	11 KB
3	scdn.co i.scdn.co — Cisco Umbrella Rank: 1514 encore.scdn.co — Cisco Umbrella Rank: 6515	215 KB
3	google.com translate.google.com — Cisco Umbrella Rank: 1164 region1.analytics.google.com — Cisco Umbrella Rank: 2616 www.google.com — Cisco Umbrella Rank: 2	32 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6518	515 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 79	406 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	149 KB
1	googleapis.com translate.googleapis.com — Cisco Umbrella Rank: 800	72 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 811	7 KB
107	13

	Domain	Requested by
33	thedfirreport.com	thedfirreport.com c0.wp.com static.cloudflareinsights.com
20	embed-cdn.spotifycdn.com	open.spotify.com embed-cdn.spotifycdn.com
16	c0.wp.com	thedfirreport.com
8	gew4-spclient.spotify.com	embed-cdn.spotifycdn.com
3	www.gstatic.com	www.gstatic.com
2	www.google.de
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	web-sdk-assets.spotifycdn.com	embed-cdn.spotifycdn.com
2	apresolve.spotify.com	embed-cdn.spotifycdn.com
2	encore.scdn.co	embed-cdn.spotifycdn.com
2	www.googletagmanager.com	thedfirreport.com www.googletagmanager.com
2	open.spotify.com	thedfirreport.com embed-cdn.spotifycdn.com
1	fonts.gstatic.com
1	www.google.com
1	region1.analytics.google.com	www.googletagmanager.com
1	pixel.wp.com
1	translate.googleapis.com
1	i.scdn.co	open.spotify.com
1	stats.wp.com	thedfirreport.com
1	translate.google.com	thedfirreport.com
1	static.cloudflareinsights.com	thedfirreport.com
107	22

This site contains links to these domains. Also see Links.

Domain
www.trendmicro.com
unit42.paloaltonetworks.com
www.sentinelone.com
open.spotify.com
youtu.be
podcasts.apple.com
www.audible.com
www.pandora.com
music.amazon.com
www.softperfect.com
mega.io
forms.office.com
twitter.com
system32.eventsentry.com
learn.microsoft.com
www.softperfect.com.cach3.com
content.vectra.ai
www.donkz.nl
rclone.org
godoc.org
www.zscaler.com
detection.fyi
sigmasearchengine.com
github.com
translate.google.com
wordpress.org

Subject Issuer	Validity	Valid
thedfirreport.com E1	`2024-01-18` - `2024-04-17`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
open.spotify.com R3	`2024-01-19` - `2024-04-18`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.scdn.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-31` - `2024-08-19`	a year	crt.sh
*.spotifycdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-07` - `2024-08-07`	a year	crt.sh
*.spotify.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-07` - `2024-03-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Frame ID: 74EE745D273EA5A97484A7EAD7E8365C
Requests: 70 HTTP requests in this frame

Frame: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Frame ID: 9CAD3C6E9AEFB7C56A9F4E0E3B5EB203
Requests: 34 HTTP requests in this frame

Frame: data://truncated
Frame ID: 6D0AFF5D858C1A88B48D86F2F5EBFADC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - The DFIR Report

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

107
Requests

98 %
HTTPS

85 %
IPv6

13
Domains

22
Subdomains

22
IPs

3
Countries

2787 kB
Transfer

5654 kB
Size

6
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: https://www.trendmicro.com/en_za/research/23/f/an-overview-of-the-trigona-ransomware.html
Title: TrendMicro

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/trigona-ransomware-update/
Title: Unit42

Search URL Search Domain Scan URL

URL: https://www.sentinelone.com/anthology/trigona/
Title: SentinelOne

Search URL Search Domain Scan URL

URL: https://open.spotify.com/episode/7rFlGwrYILFr82h8w14kYq?si=hSQtvYY3T6SkacxfV4_3dQ
Title: Spotify

Search URL Search Domain Scan URL

URL: https://youtu.be/1oIaHnFpslM
Title: YouTube

Search URL Search Domain Scan URL

URL: https://podcasts.apple.com/us/podcast/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/id1728699064?i=1000643828282
Title: Apple,

Search URL Search Domain Scan URL

URL: https://www.audible.com/pd/Buzzing-on-Christmas-Eve-Trigona-Ransomware-in-3-Hours-Podcast/B0CTHXNV8F?ref_pageloadid=PAnukxHHhZJTfAYb&ref=a_pd_Report_c3_lAsin_0_0&pf_rd_p=625c212d-b95a-47db-8d56-d35a359de6e9&pf_rd_r=0K1HSHGSX4JDYS0XB23K&pageLoadId=oasAeMmWlqbKIjUv&creativeId=6c5159d7-bb10-4fb4-929b-ae2b2f5000c7
Title: Audible

Search URL Search Domain Scan URL

URL: https://www.pandora.com/podcast/reports/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/PE:1311023964
Title: Pandora

Search URL Search Domain Scan URL

URL: https://music.amazon.com/podcasts/c4fe897d-a4b4-4ceb-908d-d1a78af8cb6d/episodes/4d7cd97e-91df-405f-a33c-77eac5c0b641/reports-buzzing-on-christmas-eve-trigona-ransomware-in-3-hours
Title: Amazon Music

Search URL Search Domain Scan URL

URL: https://www.softperfect.com/products/networkscanner/
Title: SoftPerfect Netscan

Search URL Search Domain Scan URL

URL: https://mega.io/
Title: Mega.io

Search URL Search Domain Scan URL

URL: https://forms.office.com/r/pPajTA4Vwy
Title: here

Search URL Search Domain Scan URL

URL: https://twitter.com/metallichack
Title: @MetallicHack

Search URL Search Domain Scan URL

URL: https://twitter.com/pcsc0ut
Title: @pcsc0ut

Search URL Search Domain Scan URL

URL: https://system32.eventsentry.com/error/code/S-1-5-21domain-512
Title: S-1-5-21-domain-512

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
Title: here

Search URL Search Domain Scan URL

URL: https://www.softperfect.com.cach3.com/board/read.php%3F12,10134,12202.html
Title: support forum

Search URL Search Domain Scan URL

URL: https://content.vectra.ai/hubfs/downloadable-assets/RansomOps-Post-Incident-Report.pdf
Title: ransomware report

Search URL Search Domain Scan URL

URL: https://www.donkz.nl/
Title: Remote Desktop Plus

Search URL Search Domain Scan URL

URL: https://rclone.org/docs/#configuration-encryption
Title: Rclone documentation

Search URL Search Domain Scan URL

URL: https://godoc.org/golang.org/x/crypto/nacl/secretbox
Title: nacl secretbox

Search URL Search Domain Scan URL

URL: https://www.zscaler.com/blogs/security-research/technical-analysis-trigona-ransomware
Title: According to Zscaler

Search URL Search Domain Scan URL

URL: https://detection.fyi/
Title: detection.fyi

Search URL Search Domain Scan URL

URL: https://sigmasearchengine.com/
Title: sigmasearchengine.com

Search URL Search Domain Scan URL

URL: https://github.com/The-DFIR-Report/Sigma-Rules
Title: DFIR Report Public

Search URL Search Domain Scan URL

URL: https://github.com/SigmaHQ/sigma
Title: Sigma Repo

Search URL Search Domain Scan URL

URL: https://github.com/The-DFIR-Report/Yara-Rules/blob/main/19172/19172.yar
Title: https://github.com/The-DFIR-Report/Yara-Rules/blob/main/19172/19172.yar

Search URL Search Domain Scan URL

URL: https://github.com/Yara-Rules/rules/blob/master/crypto/crypto_signatures.yar#L261-L282
Title: https://github.com/Yara-Rules/rules/blob/master/crypto/crypto_signatures.yar#L261-L282

Search URL Search Domain Scan URL

URL: https://github.com/Yara-Rules/rules/blob/master/crypto/crypto_signatures.yar#L542-L551
Title: https://github.com/Yara-Rules/rules/blob/master/crypto/crypto_signatures.yar#L542-L551

Search URL Search Domain Scan URL

URL: https://github.com/Yara-Rules/rules/blob/master/crypto/crypto_signatures.yar#L1049-L1057
Title: https://github.com/Yara-Rules/rules/blob/master/crypto/crypto_signatures.yar#L1049-L1057

Search URL Search Domain Scan URL

URL: https://github.com/Yara-Rules/rules/blob/master/crypto/crypto_signatures.yar#L1228-L1238
Title: https://github.com/Yara-Rules/rules/blob/master/crypto/crypto_signatures.yar#L1228-L1238

Search URL Search Domain Scan URL

URL: https://github.com/Yara-Rules/rules/blob/master/antidebug_antivm/antidebug_antivm.yar#L678-L692
Title: https://github.com/Yara-Rules/rules/blob/master/antidebug_antivm/antidebug_antivm.yar#L678-L692

Search URL Search Domain Scan URL

URL: https://github.com/Yara-Rules/rules/blob/master/packers/packer.yar#L73-L81
Title: https://github.com/Yara-Rules/rules/blob/master/packers/packer.yar#L73-L81

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Google Übersetzer

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: Proudly powered by WordPress

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator HTTP 307
https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator

107 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/ 114 KB
27 KB 1773ms
419ms Document
text/html 172.67.189.47
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.47 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 249e0194080be0ab241c6403a957eaffcd0fb39cbe66e2f7b6b2514322b7ac3e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84f45b559df19bb6-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 02 Feb 2024 18:04:28 GMT
link: <https://thedfirreport.com/wp-json/>; rel="https://api.w.org/" <https://thedfirreport.com/wp-json/wp/v2/posts/26140>; rel="alternate"; type="application/json" <https://thedfirreport.com/?p=26140>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3LWfYn3gDo7b8K0w3hUsEvxXtOUN4YXf26YSddXX7b59ZMZkTb9izquWMy5Rw5zNDwESCgcoTlEKuqR2b%2BNXgESXVQV1E3agIW79q6M8jcgs7SCRSwmdExVRl%2FYw%2BK4crvVxxg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 style.min.css
c0.wp.com/c/6.4.3/wp-includes/css/dist/block-library/ 108 KB
15 KB 53ms
14ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Wed, 24 Jan 2024 19:02:28 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/6.4.3/wp-includes/js/mediaelement/ 11 KB
3 KB 52ms
14ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/6.4.3/wp-includes/js/mediaelement/ 4 KB
1 KB 52ms
13ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 style.css
thedfirreport.com/wp-content/themes/freenews/ 80 KB
17 KB 359ms
357ms Stylesheet
text/css 172.67.189.47
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/style.css?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.47 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50a30b21c268036112fc3c4128108eee5ddc391b70bdf53b6e1fb059d8419b3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"140a3-608dd8af44084-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T6ain%2FqLaiDRFE4BHBqtRmrcXe2x1FyQ03NGiBjIdjB5d6LgIlCbQOpxPb9oMT%2BzO1GDeI6T77WgmpeUnz0rgR8BnBEAOOIe0lyECPjNLEluf5EeJ5dGrF2Cl96tPYXWsSjwQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 84f45b593aca9bb6-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 all.min.css
thedfirreport.com/wp-content/themes/freenews/assets/library/fontawesome/css/ 100 KB
23 KB 360ms
358ms Stylesheet
text/css 172.67.189.47
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/fontawesome/css/all.min.css?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.47 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"18f49-608dd8af3f264-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oC%2Fdag%2FFoCHH5w9KuM6%2FoCfK%2Bz0ca1rJvS%2FdOVf7LHLsCe6FYJOb6dKj8VwdXFT%2B1yqqA9wVmSyJZT%2FNg6ODJ%2BtaFTLHQZON4BXaVlJz3JOD8ywRtWnG8XVr6XOu7jUVJ4lW%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 84f45b593ace9bb6-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 d92fef3d9e5de6f7993b11046e265436.css
thedfirreport.com/wp-content/fonts/ 4 KB
995 B 267ms
266ms Stylesheet
text/css 172.67.189.47
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/fonts/d92fef3d9e5de6f7993b11046e265436.css
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.47 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1cc66c0f8e6445e3b0db8c542a23bf0a1917e085ed9c6cc042f6124eaa15a76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 04 Dec 2022 16:17:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1124-5ef02e9effbc6-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iZ8ugO1%2BVZYUcyA5HC6nH3MWsZA64EqQXfXXol1Gb9NTS8LTYCuQIF4bKAMMmBzY3m1%2FPIaqo2C4kA9QX28B4dFZZQ86LCv153Ff7FIYCNoo3YNslR%2BTOrIga%2BBVOrCRYuiWvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 84f45b593ad19bb6-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 social-logos.min.css
c0.wp.com/p/jetpack/13.0/_inc/social-logos/ 13 KB
8 KB 51ms
14ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/13.0/_inc/social-logos/social-logos.min.css

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

8e974b6ae4f0e09293655569f14af299bd59572ce397d0f9546df10eb89b671d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 26 Dec 2023 12:52:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/13.0/css/ 99 KB
19 KB 43ms
6ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/13.0/css/jetpack.css

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

274928f2bf62780b9b7e9d27705d30ed9647c4243ae6a0abf1fa53fc1b6c1989

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Mon, 08 Jan 2024 20:42:15 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 19172-001.png
thedfirreport.com/wp-content/uploads/2024/01/ 336 KB
336 KB 275ms
274ms Image
image/png 172.67.189.47
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thedfirreport.com/wp-content/uploads/2024/01/19172-001.png
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.47 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 847c456fd8af058d7c00b33b565029b49f416d85da64af8d3cacc5ac9db8cfbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sat, 27 Jan 2024 16:20:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "53f3a-60fefcad2f557"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=coRVHYFBkDi3DI3dJRibd%2Fj0MEaUhN3CQ52dSvLsQS97BbGccT3MGANBVoqv0Bl1m%2BQGuM%2BIJ622uH%2Bt9ikPLn%2Bb0sQR0Fnm8LyIlzr%2ByxsHJZ5vf1b8cRLGyfkN0W7vB23WJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b593ad29bb6-FRA
alt-svc: h3=":443"; ma=86400
content-length: 343866

GET
H2 200 19172-002.png
thedfirreport.com/wp-content/uploads/2024/01/ 9 KB
9 KB 271ms
270ms Image
image/png 172.67.189.47
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thedfirreport.com/wp-content/uploads/2024/01/19172-002.png
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.47 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd89b91c5eeb3acf1d6981e950c61faea8320eac70e683421afe367e83cf6467

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sat, 27 Jan 2024 16:20:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "23e0-60fefcb8a7d87"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7gbfOOqaEEBiCThhkBtVp4%2FiM7Nq3XeKucgXY0JeTC182NBZK4EA3eCjU15SN0kTv0c8eNbtbStDIgfrWVk%2B2fSRdSoZkUkyCEeY7hNU306d%2BtE3RNxoaPujtmz%2BjBASi0msPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b593ad39bb6-FRA
alt-svc: h3=":443"; ma=86400
content-length: 9184

GET
H2 200 rocket-loader.min.js Show response
thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 11ms
10ms Script
application/javascript 172.67.189.47
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.189.47 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 30 Jan 2024 18:47:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b94449-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azNlbf0nGTdDT%2BGlWxuemnqStRy2vxLTyAXnuAk4h51OvdKS5AbSCvfp3uw3qAegfZxkaOIBv1mARtqvRyM%2FFnFEbVSgqDyN60j61%2Brg9TZwWGcb0SShmWaj6i5OFT45SJrQNg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 84f45b593ad69bb6-FRA
expires: Sun, 04 Feb 2024 18:04:28 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 95ms
59ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://thedfirreport.com/
Origin: https://thedfirreport.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 84f45b596d386957-FRA

GET
H2

200

7rFlGwrYILFr82h8w14kYq Show response
open.spotify.com/embed/episode/ Frame 9CAD
Redirect Chain

https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator

12 KB
5 KB

102ms
101ms

Document
text/html

2a02:26f0:480:10::213:7ea0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:10::213:7ea0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b07108d7171be07459a2e1c917a56499f724fa86916d143ec2ac6668cb61cd4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Content-Type-Options	nosniff

Request headers

Referer: https://thedfirreport.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=93600
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 4391
content-type: text/html; charset=utf-8
critical-origin-trial: Tpcd
date: Fri, 02 Feb 2024 18:04:29 GMT
etag: "5sa3ihnfsq9fd"
origin-trial: AjTBCzHiqtNU3PxD6GL8VpVl68/SfxkZJuLQbbyvSNj6/o9VuhZ5EPb/2dTYqi+Mot0AD6XOHBeIatAwEt4lAQcAAABOeyJvcmlnaW4iOiJodHRwczovL29wZW4uc3BvdGlmeS5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTl9
strict-transport-security: max-age=86400
vary: Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 66

Redirect headers

Location: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator

GET
H2 200 sharing.min.js Show response
c0.wp.com/p/jetpack/13.0/_inc/build/sharedaddy/ 9 KB
3 KB 14ms
5ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/13.0/_inc/build/sharedaddy/sharing.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 07 Mar 2023 19:14:38 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H3 200 view.js Show response
thedfirreport.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/ 4 KB
2 KB 315ms
309ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/view.js?minify=false&ver=13.0
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f11243b14b5926ad4d6d3c0e946d4ac89bfb32ce6102bf7e22036520dfa73dc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 12 Jan 2024 18:26:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"f7a-60ec3cd7d7e1d-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCzy%2BPfEYMo8g9g%2BouR%2F95PfYr6cIPGc7gocaIyV7F7P1aEykGu2kVrkmoZ5UJqC%2FnKO6LzXiQBUENFYfnU%2FqSoTlK1RIKVt%2FET2TvomcM1asr%2Flg4mgf3k%2BekP0wN5XoCxpc0FLaDjeiWwSzsBRDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b88f31cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H2 200 dom-ready.min.js Show response
c0.wp.com/c/6.4.3/wp-includes/js/dist/ 498 B
839 B 13ms
5ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/js/dist/dom-ready.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

166c7c3bb5f76f977a9f2a5490589b3466374eb2b3f064802e56f08bad71fbf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
strict-transport-security: max-age=15552000
last-modified: Thu, 21 Sep 2023 13:26:32 GMT
server: nginx
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
content-length: 498
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 wp-polyfill.min.js Show response
c0.wp.com/c/6.4.3/wp-includes/js/dist/vendor/ 112 KB
36 KB 13ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/js/dist/vendor/wp-polyfill.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

da9ed5720b674f0d297fe621ac2d8d518c4e622bef1e9b0d4ae489dee9aa43f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 26 Sep 2023 14:23:26 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 regenerator-runtime.min.js Show response
c0.wp.com/c/6.4.3/wp-includes/js/dist/vendor/ 6 KB
3 KB 13ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/js/dist/vendor/regenerator-runtime.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 19 Sep 2023 19:30:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 wp-polyfill-inert.min.js Show response
c0.wp.com/c/6.4.3/wp-includes/js/dist/vendor/ 8 KB
3 KB 13ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 88 KB
31 KB 61ms
24ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&ver=13.0

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f6fec715e1ed1f42d5b1485606b0523a6161efde42cc65436f81e00f7f728da9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google-translate.min.js Show response
c0.wp.com/p/jetpack/13.0/_inc/build/widgets/google-translate/ 796 B
776 B 16ms
9ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/13.0/_inc/build/widgets/google-translate/google-translate.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

23a3fe27a84c2a2efe9b4099b5f05546b6b83418ddb0560548004323ac02e4ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 14 Nov 2023 17:55:07 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 view.min.js Show response
c0.wp.com/c/6.4.3/wp-includes/blocks/image/ 6 KB
2 KB 16ms
9ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/blocks/image/view.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

ce3471ccd08187d7fe1e76cd7c67d991cb7d15a0a27b8b50b4ea7389520edba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Sun, 05 Nov 2023 19:40:32 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 interactivity.min.js Show response
c0.wp.com/c/6.4.3/wp-includes/js/dist/ 32 KB
12 KB 16ms
9ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/js/dist/interactivity.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

34019d3364166a309440c0b3e94391105694660f5ed76dc836eed8e4aedc1fb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Wed, 24 Jan 2024 19:02:28 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 e-202405.js Show response
stats.wp.com/ 7 KB
3 KB 50ms
7ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202405.js
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/14377-1704402358485.9985
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Mon, 27 Jan 2025 14:01:09 GMT

GET
H3 200 marquee-settings.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/library/marquee/ 455 B
784 B 266ms
262ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/marquee/marquee-settings.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d079e6757ff169b8252a45af5d1773b053f1b35ae7c0f3ae6a7f6a891acc28c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1c7-608dd8af411a4-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w2HiQBRj7pcFSu7Mf2kjbLalDr9daN39DzYAJnbWFrWMXHFYagMlYPwRyIf10LWmPwqmHa3HSI5vpIwZPWApHN8WkKj%2Budx18gBRNUJeVeB7rCkQp2eoZUa1xYCTGjPqJxT05F3D4jfl8lgpZuBVgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b88f61cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H3 200 jquery.marquee.min.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/library/marquee/ 9 KB
3 KB 313ms
309ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/marquee/jquery.marquee.min.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1d759e86165ec9e5f9f5c9775acfe83f2c00833aa1c3522fbede166c38a2205

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"235d-608dd8af411a4-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sxErJlSdl%2B7jbVGBslK5do9EPqC%2FGDnHPAHYeF2OXHzqVnkjKRaQDdZR3JwbCiJNwr7Y%2FN5Y9L2tQg67YQGjTi8msL7K2toCRzdvPlofyg0fW0rKqaI9ZQbxmms0ncrqIAKlsu5FpSATCOlalqgTZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b88f71cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H3 200 sticky-setting.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/library/sticky/ 612 B
726 B 269ms
265ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/sticky/sticky-setting.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dc2e74a6570cbeba61f6b688d6300ce9a1a9cd66bc9d77f49c0f704928091df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"264-608dd8af411a4-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J1nDlyj13%2BOia1QdfQo1BcS7Maz4NuGmQGhFFWpMMt0VIOlqURbGRH%2BmZu0t09MYKIcTsk2ujiasNCinBnsfuQ4Ma0EAVdCnUtfBRf%2BWZR4QLJNlnR5rOXtGA%2FJvGgxFhsj92fVWBNrD1ogNqa4R%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b88f91cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H3 200 jquery.sticky.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/library/sticky/ 9 KB
3 KB 268ms
264ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/sticky/jquery.sticky.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa6c46550cf58d88334c44050cb9db5a0f693e4f8212a977cd9fdefface9905d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"2577-608dd8af411a4-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lwPEhmHI%2BR0u%2BRyiuRygzlAn42VQs6Dz5sTlrsOx8sf5hJ%2FqHHGooKVUB%2F3a75Ka7jWEbcmV%2BMXl31JqcRUHwqDlq54KgHrY5O99uA2eV0nHbNTAL%2BR2esAeV403U1asG5GoDrnTIxsTeFlsON%2Bs2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b88fc1cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H3 200 slick-settings.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/library/slick/ 2 KB
1 KB 278ms
274ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/slick/slick-settings.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cba34e474754a973830d7e0c186f151ed6ae190abdcf99efe0561db3b554feb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"7f3-608dd8af411a4-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uccGiYWP5RsAear18pnAz4zFDwO9%2FX%2FkK0qkmnSZMwxaNMbo45Vc6jqYEAsvVSM54%2BvJV3%2BRZCwU5vbtkFzTOIT%2Bz1LzENCZJUaBBt805RPImXijMc4doxRJKwI1Fownq05BEk%2Fu8oNip9NUnAXb7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b88fe1cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H3 200 slick.min.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/library/slick/ 43 KB
12 KB 279ms
275ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/slick/slick.min.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 357452f2a55c999ddd3afdcbce2c339d41cf7a01613d9d45ff88a753bb82f21d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"ab69-608dd8af411a4-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ez%2BZGaurhjwXCZxYod9zsRZ3pEUEtW2Q6CcrqhgpJRwxQ2%2B0BTG3Zac4ZWPfv3vwOWdgpY0yQFxco2mJkXUQ50TWEZzBz4FmbJmICbDjUl71YRwA9dQeNkHN0VSdN%2BjLtYrQFxqoz%2BbiajHBDIwehQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b89011cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H3 200 theia-sticky-sidebar.min.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/library/sticky-sidebar/ 5 KB
2 KB 279ms
275ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/sticky-sidebar/theia-sticky-sidebar.min.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d88b2f05bcd6de59fcdc958ab1c6f63d0225f275d24ce003381c09deb3a4bf1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1535-608dd8af411a4-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pzIAcXF%2BFYJ6NdgYusjVsg%2F8MGQ7XudjjdNsO2Ui34e8ukXNjpBbt7fi75j3bIm8YybvWwudWGVWSroVc7LO155n0CczBpNvxQn1M6X40dzHouE562448%2FOhDn7M1NDgiiyUD0SC2fSSUHHAbbkg0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b89031cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H3 200 ResizeSensor.min.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/library/sticky-sidebar/ 2 KB
1 KB 285ms
281ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/sticky-sidebar/ResizeSensor.min.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f8078d5fa79042c80aff9ac50f962fca0a2461febc620b567e38fff39ddc182

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"8ec-608dd8af411a4-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mTDy%2BljLpSjVESQSPILNzWqeqluwkNfigunWKMVwJwzjTJJMo4QFpn0btUWmlQw2IX2UYls6Rwfgu0Zn8m%2B89ZRWaUJbx6howHC2jbulUrtcSknYCMv6CUg%2BF7WEJuuOrMeqSDGZvH3GJ6CIoigSSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b89041cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H3 200 skip-link-focus-fix.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/js/ 684 B
878 B 278ms
274ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/js/skip-link-focus-fix.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25f8d252a34db20e41b9f3fcf51c022ad2f0876bd47be65caba671bb8bad7ccc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"2ac-608dd8af3f264-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xu1OwVmRFhWsO6x0fwh6OHKUVcn%2B7Y7MTbne0NdC%2BDkpeWJfr%2B%2FIRex1cyCDz8AYL%2FBHBsvDhysiW39ze2yhLQEMZxd%2FnSG0BrGEAhXz40W5TBS6VTIfY0qqTiaXyymK%2BiSWb9zXtJYFEit5LWPb5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b89061cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H3 200 navigation.min.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/js/ 2 KB
1 KB 278ms
275ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/js/navigation.min.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a24f65c00a46166e180a3501c19b60562e56362308ea9363130620772de741a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"714-608dd8af3f264-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=01qAPM7riG4gPsD7oCLt%2FCA01RsXvBHQ%2B2Gomdrh9qpHLajhZgQLE17dAbEZgeYYL6eifr0XvC2ky1Z2XgfEqSWq9TOVRWHXHX0mnOPj4KX4E%2FwWFozhlZ3NW%2BuPIyCeRyrllOzjZCjCw1wAoudO%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b89071cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 54ms
23ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-162747485-1

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c0b6342eae0fda7332beccd8ed75b53b3e7484eaaa61a6e8e28d97b74deaa021

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 69803
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 02 Feb 2024 18:04:29 GMT

GET
H3 200 global.js Show response
thedfirreport.com/wp-content/themes/freenews/assets/js/ 2 KB
1 KB 311ms
308ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/js/global.js?ver=1
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5104dc06faffc326c8f8a5da2f0cf85c5cf35064eae62871acc3cabf8f35c78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"950-608dd8af3f264-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=birakpMyiUS7YCYUPdLseST5euqH8f1RWvcYC%2F%2Bs1x3ZY1xdk9LyCyg9cqAPMoRs%2BeBbqjVN4%2FZkNZWGB31MXjXDbZT0mTXxpDSRC%2FnM3Y9qxVFEeMB6rmtMgI0f9Ll2CnB9j2jykwi8urEOj0fjpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b5b890b1cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i=?0

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/6.4.3/wp-includes/js/jquery/ 13 KB
5 KB 13ms
10ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/6.4.3/wp-includes/js/jquery/ 86 KB
31 KB 13ms
10ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.3/wp-includes/js/jquery/jquery.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 related-posts.min.js Show response
c0.wp.com/p/jetpack/13.0/_inc/build/related-posts/ 6 KB
2 KB 18ms
15ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/13.0/_inc/build/related-posts/related-posts.min.js

Requested by

Host: thedfirreport.com
URL: https://thedfirreport.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Mon, 19 Jun 2023 19:16:27 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H3 200 P5sfzZCDf9_T_3cV7NCUECyoxNk37cxcABrB.woff2
thedfirreport.com/wp-content/fonts/arimo/ 10 KB
10 KB 282ms
280ms Font
font/woff2 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/fonts/arimo/P5sfzZCDf9_T_3cV7NCUECyoxNk37cxcABrB.woff2
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/wp-content/fonts/d92fef3d9e5de6f7993b11046e265436.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2cd3e005de210fcbb5372b4267c5d3d067e0564f017dd5ccba202d040f820d7

Request headers

Referer: https://thedfirreport.com/wp-content/fonts/d92fef3d9e5de6f7993b11046e265436.css
Origin: https://thedfirreport.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 04 Dec 2022 16:17:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "2720-5ef02e9ec7187"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EBRkGhaLeDuIsar0P29hD9rjo6%2BRGKG2T3DlkG%2BaO97g56tFLqzeJgmTkv1xTadvu0DSMXNYex7hgOySlJKRh0B1noeIVlks8O%2FbVC4kxn1OmjtKatxT567wR0%2BdOgTzFpB3q4fUcNERpbVuCVA8Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5ba92c1cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 10016
priority: u=0,i=?0

GET
H3 200 NGS6v5_NC0k9P9H2TbE.woff2
thedfirreport.com/wp-content/fonts/heebo/ 26 KB
27 KB 269ms
267ms Font
font/woff2 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/fonts/heebo/NGS6v5_NC0k9P9H2TbE.woff2
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/wp-content/fonts/d92fef3d9e5de6f7993b11046e265436.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b38977ea35fde92fe200fa14ac7cc55e2edce54b998ce9a08734ba1dd9053fed

Request headers

Referer: https://thedfirreport.com/wp-content/fonts/d92fef3d9e5de6f7993b11046e265436.css
Origin: https://thedfirreport.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 04 Dec 2022 16:17:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "69ec-5ef02e9efec26"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNb9r%2BqqHD0%2Fj5%2Frny%2Fa5jWdryPymdXvQGqQ9gWSw183L3YaUA2jMYCgJYLwnqz2JtUPIDpdRCzX44aXmpa4FqYO%2BNvDs7nGRf6pSTo2u8V4viLtpK9dHeciOrxDfLzhAXVxNQ3v1jbpqAG2XxTLkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5ba92e1cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 27116
priority: u=0,i=?0

GET
H3 200 fa-solid-900.woff2
thedfirreport.com/wp-content/themes/freenews/assets/library/fontawesome/webfonts/ 147 KB
147 KB 275ms
273ms Font
font/woff2 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/fontawesome/webfonts/fa-solid-900.woff2
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/wp-content/themes/freenews/assets/library/fontawesome/css/all.min.css?ver=6.4.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9

Request headers

Referer: https://thedfirreport.com/wp-content/themes/freenews/assets/library/fontawesome/css/all.min.css?ver=6.4.3
Origin: https://thedfirreport.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Oct 2023 16:37:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "24a04-608dd8af411a4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9EvoKhg9N%2Bw%2B7ET3UV7iP9%2FyiJVMp4AdTXKAUFBxaVK%2B%2BWhgpb9%2BHCqswEJ8AW%2F7hAsToZKHYeloVYvotP60bp%2FYZ1LSS2arBf1PDv3tlHg%2B%2FTyJCrnGLccYJlOtM8MLKeXrhakVzu1tOvJ%2BXa6oig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5ba9311cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 150020
priority: u=0,i=?0

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 70c44a9df364a5e5779a64d3b6bace4a0939ad6649859f59e30d4df5bbfbf7d6

Request headers

Referer
Origin: https://thedfirreport.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H3 200 P5sfzZCDf9_T_3cV7NCUECyoxNk37cxcBBrBZQI.woff2
thedfirreport.com/wp-content/fonts/arimo/ 7 KB
7 KB 268ms
268ms Font
font/woff2 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-content/fonts/arimo/P5sfzZCDf9_T_3cV7NCUECyoxNk37cxcBBrBZQI.woff2
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/wp-content/fonts/d92fef3d9e5de6f7993b11046e265436.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54a47e1142394da6539e250c7387f01bad317ff2a02fe5db390de6ba6403d0c3

Request headers

Referer: https://thedfirreport.com/wp-content/fonts/d92fef3d9e5de6f7993b11046e265436.css
Origin: https://thedfirreport.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 04 Dec 2022 16:17:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "1b54-5ef02e9e2402a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2FFrXbfYNgLe5tYwb8dDk4ACL9lp9xcSTRPSrd%2FxG6y1RQthLAMQw3KQwfJGwRbnKAtESdkj98g8b7%2B6Z8FlKzNiEKX6MgwpHwAXCmJc70YH40vLAioWSreIwn7QeesbSeYGJQzD6kFieKBQeHEA0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5bd96f1cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 6996
priority: u=0,i=?0

GET
H3 200 19172-003.png
thedfirreport.com/wp-content/uploads/2024/01/ 35 KB
35 KB 272ms
271ms Image
image/png 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thedfirreport.com/wp-content/uploads/2024/01/19172-003.png
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df91272a81213831511710ea1d22ca8c0015c1289eb484cd0f8be55160cd4291

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sat, 27 Jan 2024 16:20:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "8a44-60fefcc2e2f9c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oduY5YTCVkQAH7%2BPqqxGLW9CTBnFd6pPjlGlBen8%2FtO9uvD0sAnZav5bpCcA%2FWaVpCDMoopNM1DgECJqRgvp53I%2BQ0lMpRtQEat7N4YVpo0Iwma6xGUtJygsSHToP0BFc2OOWJb8qpCJyz47fhDX9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5bf98f1cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 35396
priority: u=3,i

GET
H3 200 19172-004-1.png
thedfirreport.com/wp-content/uploads/2024/01/ 94 KB
95 KB 266ms
265ms Image
image/png 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thedfirreport.com/wp-content/uploads/2024/01/19172-004-1.png
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e36c1efc20a86b5d2e13fc69f399924fe54e40a442a47656cb8b59438ffb5d4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sat, 27 Jan 2024 21:21:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "1780a-60ff3fd8f9d5e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RkxjrM9WFqNJhuAY5bTSMme1Fk4u6XczW59p%2FlvDaPAQxkPQ2R0P%2BA7%2FqFLpClxRDgTL4VFM29bD3jIuRsyexJtNJS2tC2GBXtUt1gVZCOg8lbscKFZybHTOVeNISuMQu2r3mHFUCU1fLJeoJIFY%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5bf9981cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 96266
priority: u=3,i

GET
H3 200 monitor5-s.png
thedfirreport.com/wp-content/uploads/2023/09/ 12 KB
13 KB 283ms
282ms Image
image/png 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thedfirreport.com/wp-content/uploads/2023/09/monitor5-s.png
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae29216f58cbe66f5cb9665e54a082b21c63666ea719e80d4c9873fb64aa91d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 17 Sep 2023 14:11:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3072-6058e99bc3d81"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aHwObB%2FQBlc2CkOmR%2FZ3FdZ9u6BOxQzAjA3ma30J5%2F1nv6LROOnyR%2BoIhaiwR%2BhBbTU41Tw%2BOeq8F8AbqkkhdDBuazNwnicEegLzrgXd0JaGwjN6%2FGJK%2BHc6%2Bi5lo3kgGFstOIReCCuSYuUii5%2BU8g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5bf99b1cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 12402
priority: u=3,i

GET
H3 200 cloud4-s.png
thedfirreport.com/wp-content/uploads/2023/09/ 16 KB
16 KB 277ms
276ms Image
image/png 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thedfirreport.com/wp-content/uploads/2023/09/cloud4-s.png
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd9deeeda732605e55b86620fb2826df09c308ada3108333ec104a75afa52650

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 17 Sep 2023 14:14:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3f5a-6058ea57e5c4f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F2o944M2xP%2FGqWiNj%2F3a3yFniF8wccqQtrDidMavTKCseZa15gjLU7neNOqYy8UxezrWa%2FIzhd8Fe7CjhKJiPHDJxi5l0rvxWWZh6An%2Bo0PKwGGbOGZ0CbYxh74OEK%2FoK8hv7SoJa4mYkBqsRT5VLA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5bf99e1cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 16218
priority: u=3,i

GET
H3 200 warning4-s.png
thedfirreport.com/wp-content/uploads/2023/09/ 11 KB
11 KB 267ms
266ms Image
image/png 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thedfirreport.com/wp-content/uploads/2023/09/warning4-s.png
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d39834086b6021b46bd051ac46cc41227eb396e21546edc7639ea582a0927bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 17 Sep 2023 14:15:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "2c09-6058ea908baa7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P29vFpAvmEAPtem6Gs6mcGeRx3gI6X31duC7Srp%2FTXvbBdQ9UaV9N%2F7mAyHNoG5Zm5gJ%2FSIjDyyE62EBOsJHxxm2KkwxaRvJ2c855AeKz5vZGvjd1%2F2fOdIRf8RHAT17FC9tCrdTje3YydCuftofQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5bf9a01cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 11273
priority: u=3,i

GET
H3 200 artifact4-s.png
thedfirreport.com/wp-content/uploads/2023/09/ 8 KB
9 KB 277ms
276ms Image
image/png 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thedfirreport.com/wp-content/uploads/2023/09/artifact4-s.png
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c426b919582109bc92f11696dc77bf1253039f3a877cf3226520d70e85a34c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 17 Sep 2023 15:00:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "20a3-6058f4aaaead4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ijW8%2BVIpTAG1dtGYN4ItbokIYR326OzgupNE4WqDaQGQ0%2FVcWLtSe7MNtm9A3ZDvJYxKFXgDwVROg22%2FH6qdewRtjl26Vt%2BylxaT9s4J1JKe88cSdJd8yqYt7elVcFsDqTa9CLeT%2Bk2ROizZMZTq6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5bf9a31cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 8355
priority: u=3,i

GET
H3 200 help4-s.png
thedfirreport.com/wp-content/uploads/2023/09/ 14 KB
14 KB 264ms
263ms Image
image/png 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thedfirreport.com/wp-content/uploads/2023/09/help4-s.png
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ce4fcff403a4a73c39694880c0f7a1773d2d5abc2f99fbcb91444094b311a0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 17 Sep 2023 14:14:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3736-6058ea38bc42e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sG9IInRu%2Fq2NRYOj8jdt7mzK9%2FteTZIC1AfNgS8QtC2ex0LGflZ7MLDzkAv%2BPHCmLiXxk5qCmmipCEVySbVhJsRezOeAT8af43tuLhh3GsYwGqFcuFtKWEUNiHBmKZFopxvOpLtoKm7z0PV6q7An%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f45b5bf9a51cbf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 14134
priority: u=3,i

GET
H2 200 ab67656300005f1f3f0979a6b20cd43224317482
i.scdn.co/image/ Frame 9CAD 45 KB
45 KB 128ms
9ms Image
image/jpeg 2a02:26f0:480:3::210:ee87
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.scdn.co/image/ab67656300005f1f3f0979a6b20cd43224317482
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:3::210:ee87 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9935656a0866985d2d06b877375385d73d6e29d9f84652ec727dfbfd0f6b243e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
last-modified: Mon, 29 Jan 2024 00:54:29 GMT
etag: "eabaf5a92dd426fda72cce8646574550"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: private, max-age=15780000
x-amz-checksum-crc32c: LWvaZg==
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: range
content-length: 45785
expires: Sat, 03 Aug 2024 09:24:29 GMT

GET
H2 200 461cd0504da4fff1.css
embed-cdn.spotifycdn.com/_next/static/css/ Frame 9CAD 26 KB
4 KB 70ms
16ms Stylesheet
text/css 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/css/461cd0504da4fff1.css
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6774d0e6dbba4c5415a213fef260efef3d5717c2f86040ce29c1ac65825eea0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 8598148
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 4043
x-served-by: cache-chi-klot8100136-CHI, cache-fra-etou8220080-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "3844664dded56c7b73a495ad23f0d6aa"
x-goog-generation: 1698298758576245
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 26326
x-amz-checksum-crc32c: mp080w==
accept-ranges: bytes
x-cache-hits: 94923, 75886

GET
H2 200 192261c9a6efeac6.css
embed-cdn.spotifycdn.com/_next/static/css/ Frame 9CAD 37 KB
6 KB 60ms
7ms Stylesheet
text/css 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/css/192261c9a6efeac6.css
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 68602e5e29157b09e0625ea60954ce126444fa9b2282bd03e27f35ccfb132d8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 2629617
x-amz-meta-goog-reserved-file-mtime: 1703677119
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 5743
x-served-by: cache-chi-klot8100152-CHI, cache-fra-etou8220080-FRA
last-modified: Wed, 27 Dec 2023 11:56:12 GMT
etag: "c490165f6ce11f0701c0cdf55acfbb36"
x-goog-generation: 1703678172067840
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 37789
x-amz-checksum-crc32c: KsOhsA==
accept-ranges: bytes
x-cache-hits: 26, 10550

GET
H2 200 364d0cc114e2dc9d.css
embed-cdn.spotifycdn.com/_next/static/css/ Frame 9CAD 23 KB
2 KB 70ms
16ms Stylesheet
text/css 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/css/364d0cc114e2dc9d.css
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e321b83b304c13214f0e13c4720ad50c748d00e47c00db7d155dae051b751855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 5023767
x-amz-meta-goog-reserved-file-mtime: 1701872293
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 2359
x-served-by: cache-chi-kigq8000020-CHI, cache-fra-etou8220080-FRA
last-modified: Wed, 06 Dec 2023 14:32:43 GMT
etag: "d3c6bafdc6c361fb95574137768a9425"
x-goog-generation: 1701873163859469
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 23069
x-amz-checksum-crc32c: vIvWmA==
accept-ranges: bytes
x-cache-hits: 89, 41785

GET
H2 200 webpack-ea34bc3366caf997.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 5 KB
2 KB 19ms
8ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-ea34bc3366caf997.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c33b28459819247b6281535be62dcf290e0a3de8b4c04579cb1d46cca86ab093

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 949182
x-amz-meta-goog-reserved-file-mtime: 1705945792
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 2261
x-served-by: cache-chi-klot8100078-CHI, cache-fra-etou8220080-FRA
last-modified: Mon, 22 Jan 2024 18:07:24 GMT
etag: "a93769bfd8c6030d45f7b4903626de8f"
x-goog-generation: 1705946844145690
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 5426
x-amz-checksum-crc32c: uRlpxg==
accept-ranges: bytes
x-cache-hits: 32, 10696

GET
H2 200 framework-9061fa2704610d1a.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 138 KB
45 KB 19ms
8ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/framework-9061fa2704610d1a.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1bba521ed06e4ccfdefd0d2f2f9d829f17802e95dcd262bf9efe47254b82cc6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 8598147
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 45437
x-served-by: cache-chi-kigq8000100-CHI, cache-fra-etou8220080-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "3a8a615aa4a9e0b823b9b7ed90258d45"
x-goog-generation: 1698298758626142
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 141024
x-amz-checksum-crc32c: 9VJjdA==
accept-ranges: bytes
x-cache-hits: 62, 85317

GET
H2 200 main-45d0e026ad3339d5.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 162 KB
44 KB 19ms
8ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/main-45d0e026ad3339d5.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f95269e2ecd6c23625565acbe850594e0925509b9a0f1f46b7e4b874ca337780

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 8598149
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 45184
x-served-by: cache-chi-klot8100109-CHI, cache-fra-etou8220080-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "6b579bb28f22fefff1c28c3379cec4df"
x-goog-generation: 1698298758805944
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 165456
x-amz-checksum-crc32c: MBEhFQ==
accept-ranges: bytes
x-cache-hits: 60, 85390

GET
H2 200 _app-9851929b834c1219.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/pages/ Frame 9CAD 536 KB
143 KB 14ms
11ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-9851929b834c1219.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6c1fc47fbfb2886ce702ff7c913bbbbd0734d70aa5a98e4de320695dc9560e46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 104760
x-amz-meta-goog-reserved-file-mtime: 1706791488
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 146603
x-served-by: cache-chi-klot8100163-CHI, cache-fra-etou8220080-FRA
last-modified: Thu, 01 Feb 2024 12:57:21 GMT
etag: "cc6656957ad9683b73a4cf4287bdeb23"
x-goog-generation: 1706792241790717
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 548522
x-amz-checksum-crc32c: +9xFTw==
accept-ranges: bytes
x-cache-hits: 15, 100

GET
H2 200 fec483df-e793d3f4aac0c1fc.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 329 KB
101 KB 12ms
9ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/fec483df-e793d3f4aac0c1fc.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9f70c6bc78c1e830ee3244dd756082d2e3dfbe9a809006428dcde4afbea7f187

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 8598149
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 103057
x-served-by: cache-chi-klot8100069-CHI, cache-fra-etou8220080-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "1f12dbb57191baf719fc28be6cc46cc3"
x-goog-generation: 1698298758694817
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 337275
x-amz-checksum-crc32c: VOr8ew==
accept-ranges: bytes
x-cache-hits: 78897, 88888

GET
H2 200 594-284e2b73b8c68654.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 26 KB
6 KB 11ms
8ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/594-284e2b73b8c68654.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ee50c5f5238272eb60e1f8fe3f03b89f610155e444be734e56804fa5f4340cbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 8598149
x-amz-meta-goog-reserved-file-mtime: 1698297717
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 6213
x-served-by: cache-chi-kigq8000038-CHI, cache-fra-etou8220080-FRA
last-modified: Thu, 26 Oct 2023 05:39:18 GMT
etag: "d2b6ab501c35bb2dfd688aae45398da2"
x-goog-generation: 1698298758153783
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 27053
x-amz-checksum-crc32c: XOVw0Q==
accept-ranges: bytes
x-cache-hits: 50235, 76344

GET
H2 200 396-5ce3af1ccb0ab43d.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 307 KB
79 KB 10ms
8ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/396-5ce3af1ccb0ab43d.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0cc74082c6e5a1260ff844baca61ef6e60f6ab1be3853ea4c458baa6da895c44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 1481191
x-amz-meta-goog-reserved-file-mtime: 1705414867
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 80819
x-served-by: cache-chi-kigq8000071-CHI, cache-fra-etou8220080-FRA
last-modified: Tue, 16 Jan 2024 14:36:49 GMT
etag: "2885180f0b2c63c2793dbd320205271b"
x-goog-generation: 1705415809286557
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 314754
x-amz-checksum-crc32c: 3bWr0Q==
accept-ranges: bytes
x-cache-hits: 6301, 92183

GET
H2 200 745-4ea52882680752d3.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 170 KB
39 KB 11ms
9ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/745-4ea52882680752d3.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5beb4228d35eca42265b7048b3c27685055e3a83166c84a8886b2b235b4eaa84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 281191
x-amz-meta-goog-reserved-file-mtime: 1706614641
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 39762
x-served-by: cache-chi-klot8100031-CHI, cache-fra-etou8220080-FRA
last-modified: Tue, 30 Jan 2024 11:55:46 GMT
etag: "8169f80859a909dbdc73b4af74f7ceb4"
x-goog-generation: 1706615746744606
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 174042
x-amz-checksum-crc32c: h4vKag==
accept-ranges: bytes
x-cache-hits: 86, 33772

GET
H2 200 463-cd3bdc4b44e07b72.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 17 KB
5 KB 11ms
9ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/463-cd3bdc4b44e07b72.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 11e9b9b84acfd54c164b5d628410ef138a7d1b00c84f1c8bec927532f6ab22d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 1220246
x-amz-meta-goog-reserved-file-mtime: 1705675681
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 4428
x-served-by: cache-chi-klot8100038-CHI, cache-fra-etou8220080-FRA
last-modified: Fri, 19 Jan 2024 15:04:54 GMT
etag: "6813cf25f072cb354001b00072c2f2e9"
x-goog-generation: 1705676694623714
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 17020
x-amz-checksum-crc32c: pclrzQ==
accept-ranges: bytes
x-cache-hits: 462, 46729

GET
H2 200 %5Bid%5D-7ae0b1245e900524.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/pages/episode/ Frame 9CAD 2 KB
1017 B 11ms
9ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/episode/%5Bid%5D-7ae0b1245e900524.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: acfdb446258fc822bcf8e195f3655b6ce8db2751b786561e8d9a005798369782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 949182
x-amz-meta-goog-reserved-file-mtime: 1705945792
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 833
x-served-by: cache-chi-klot8100160-CHI, cache-fra-etou8220080-FRA
last-modified: Mon, 22 Jan 2024 18:07:23 GMT
etag: "d9ea721a347d9008bdeb0ac200ae7f83"
x-goog-generation: 1705946843551192
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 1664
x-amz-checksum-crc32c: E3rpYg==
accept-ranges: bytes
x-cache-hits: 13, 23234

GET
H2 200 _buildManifest.js Show response
embed-cdn.spotifycdn.com/_next/static/524a508d-cd25-4785-9fcf-f12889e87c12/ Frame 9CAD 2 KB
1 KB 11ms
9ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/524a508d-cd25-4785-9fcf-f12889e87c12/_buildManifest.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b30bf22b7187d0119ac98caf870d3bcebd006fa0d214423269fe111568b48ba3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 104761
x-amz-meta-goog-reserved-file-mtime: 1706791488
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 929
x-served-by: cache-chi-klot8100058-CHI, cache-fra-etou8220080-FRA
last-modified: Thu, 01 Feb 2024 12:57:21 GMT
etag: "acfb22fa6417ce1da29f6f6b83d68ec1"
x-goog-generation: 1706792241098557
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 2483
x-amz-checksum-crc32c: OmyRJA==
accept-ranges: bytes
x-cache-hits: 15, 13528

GET
H2 200 _ssgManifest.js Show response
embed-cdn.spotifycdn.com/_next/static/524a508d-cd25-4785-9fcf-f12889e87c12/ Frame 9CAD 77 B
243 B 10ms
9ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/524a508d-cd25-4785-9fcf-f12889e87c12/_ssgManifest.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
age: 104761
x-amz-meta-goog-reserved-file-mtime: 1706791488
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 61
x-served-by: cache-chi-klot8100047-CHI, cache-fra-etou8220080-FRA
last-modified: Thu, 01 Feb 2024 12:57:21 GMT
etag: "b6652df95db52feb4daf4eca35380933"
x-goog-generation: 1706792241120593
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 77
x-amz-checksum-crc32c: Ypo4GQ==
accept-ranges: bytes
x-cache-hits: 14, 13504

GET
H2 200 CircularSp-Bold-fe1cfc14b7498b187c78fa72fb72d148.woff2
encore.scdn.co/fonts/ Frame 9CAD 87 KB
88 KB 317ms
17ms Font
font/woff2 2a02:26f0:480:3::210:ee87
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://encore.scdn.co/fonts/CircularSp-Bold-fe1cfc14b7498b187c78fa72fb72d148.woff2

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/css/461cd0504da4fff1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:3::210:ee87 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

039130d456855a745451bff40707bee5512bc4466373224b2258f67cc6c6d879

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://embed-cdn.spotifycdn.com/
Origin: https://open.spotify.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
content-length: 89529
last-modified: Fri, 13 May 2022 11:38:50 GMT
etag: "216b12b5a9657850b1b324e158454f8e"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: font/woff2
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=31536000
x-amz-checksum-crc32c: 3OfNxA==
accept-ranges: bytes
access-control-allow-headers: range
expires: Sat, 01 Feb 2025 18:04:29 GMT

GET
H2 200 CircularSp-Book-4eaffdf96f4c6f984686e93d5d9cb325.woff2
encore.scdn.co/fonts/ Frame 9CAD 82 KB
82 KB 307ms
8ms Font
font/woff2 2a02:26f0:480:3::210:ee87
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://encore.scdn.co/fonts/CircularSp-Book-4eaffdf96f4c6f984686e93d5d9cb325.woff2

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/css/461cd0504da4fff1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:3::210:ee87 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9b7413f945c8b8bb3f75eb10513c7ad79d386e98494d541e5f1fa9301ffbddd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://embed-cdn.spotifycdn.com/
Origin: https://open.spotify.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
content-length: 84027
last-modified: Fri, 13 May 2022 11:38:51 GMT
etag: "f7b12903dd7a2d536ceb2b7cd1dba2c1"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: font/woff2
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=31536000
x-amz-checksum-crc32c: rmKVPg==
accept-ranges: bytes
access-control-allow-headers: range
expires: Sat, 01 Feb 2025 18:04:29 GMT

POST
H3 200 monitoring Show response
open.spotify.com/embed/ Frame 9CAD 2 B
24 B 60ms
60ms Fetch
application/json 2a02:26f0:480:10::213:7ea0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://open.spotify.com/embed/monitoring?o=22381&p=4505164808585216

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-9851929b834c1219.js

Protocol

Security

QUIC, , AES_256_GCM

Server

2a02:26f0:480:10::213:7ea0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 02 Feb 2024 18:04:29 GMT
strict-transport-security: max-age=86400
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 25
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=93600
content-length: 2
quic-version: 0x00000001

GET
H2 200 / Show response
apresolve.spotify.com/ Frame 9CAD 273 B
313 B 91ms
25ms XHR
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apresolve.spotify.com/?type=dealer&type=spclient

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-9851929b834c1219.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

9a36cf8d16f52b60759f0645804471acdf98a53c53f78f112db5a2ad6046cdb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Feb 2024 18:04:29 GMT
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111

GET
BLOB 200
OK 2804343f-6f81-4b2d-beed-459b442041c6
https://open.spotify.com/ Frame 9CAD 10 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://open.spotify.com/2804343f-6f81-4b2d-beed-459b442041c6
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed/episode/7rFlGwrYILFr82h8w14kYq?utm_source=generator
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ca3d44191e822500b330ae74a7b981fddc94188da2e683a1e1508fd188d2b1b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Length: 10285
Content-Type

GET
H2 200 369.2469e2f29ca912f2.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 58 KB
12 KB 8ms
7ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-ea34bc3366caf997.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 010ab7cb63d72c2824b153f2e71379388da03f2aa729139cae15346063d87e86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
content-encoding: gzip
age: 6340973
x-amz-meta-goog-reserved-file-mtime: 1700555106
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 12359
x-served-by: cache-chi-klot8100021-CHI, cache-fra-etou8220080-FRA
last-modified: Tue, 21 Nov 2023 08:38:55 GMT
etag: "f7bb496d923d568b05488095a0181b09"
x-goog-generation: 1700555935033806
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 59487
x-amz-checksum-crc32c: B8kVmw==
accept-ranges: bytes
x-cache-hits: 51, 77454

GET
H2 200 882.407d120c9582a45a.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 5 KB
2 KB 7ms
7ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/882.407d120c9582a45a.js
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-ea34bc3366caf997.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3b6ae71f1ff60d1eb41fdce7d56f368a2b1e349fb4b3b62286974217806e715c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
content-encoding: gzip
age: 6340972
x-amz-meta-goog-reserved-file-mtime: 1700555106
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 1793
x-served-by: cache-chi-klot8100144-CHI, cache-fra-etou8220080-FRA
last-modified: Tue, 21 Nov 2023 08:38:55 GMT
etag: "4f3de36322c973edbc9daf341dc08c74"
x-goog-generation: 1700555935120483
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 5321
x-amz-checksum-crc32c: Sy/BDw==
accept-ranges: bytes
x-cache-hits: 53, 72318

GET
H2 200 520.b26d42f2254c3459.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 112 KB
32 KB 8ms
7ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/520.b26d42f2254c3459.js
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-ea34bc3366caf997.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 129c1df4d3a0cf1509120f5b7893ce5618e96b5e34faff6b7467744cb64cf852

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
content-encoding: gzip
age: 1349668
x-amz-meta-goog-reserved-file-mtime: 1705497994
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 32891
x-served-by: cache-chi-klot8100158-CHI, cache-fra-etou8220080-FRA
last-modified: Wed, 17 Jan 2024 13:42:09 GMT
etag: "c2a4bd2133fa125d14b68d7f2c93ce0f"
x-goog-generation: 1705498929517685
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 114182
x-amz-checksum-crc32c: vupNOg==
accept-ranges: bytes
x-cache-hits: 1252, 86318

GET
H2 200 536.905e6d5c206e107e.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 273 KB
60 KB 10ms
10ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-ea34bc3366caf997.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 845900c9b133f4be8a2e9ccf9978d6d3f951801d52def808b6cba9cc16052112

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
content-encoding: gzip
age: 1481191
x-amz-meta-goog-reserved-file-mtime: 1705414867
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 60859
x-served-by: cache-chi-klot8100094-CHI, cache-fra-etou8220080-FRA
last-modified: Tue, 16 Jan 2024 14:36:49 GMT
etag: "3c4ff411d3740ee76520c3466464d451"
x-goog-generation: 1705415809355492
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 279954
x-amz-checksum-crc32c: yKAj+A==
accept-ranges: bytes
x-cache-hits: 5, 88311

GET
H2 200 spotify_player_o.2e9b5ce8bf41889e.js Show response
embed-cdn.spotifycdn.com/_next/static/chunks/ Frame 9CAD 27 KB
8 KB 9ms
9ms Script
application/javascript 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/spotify_player_o.2e9b5ce8bf41889e.js
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/webpack-ea34bc3366caf997.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 06061575fd771454e70749285931ddc8635a274fef3c21dc7fe12f683640a1e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
content-encoding: gzip
age: 1481190
x-amz-meta-goog-reserved-file-mtime: 1705414867
x-cache: HIT, HIT
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 7762
x-served-by: cache-chi-klot8100139-CHI, cache-fra-etou8220080-FRA
last-modified: Tue, 16 Jan 2024 14:36:49 GMT
etag: "ffa6e96d87f63d82d3eb20a019eb5a26"
x-goog-generation: 1705415809304699
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 27200
x-amz-checksum-crc32c: syjpAQ==
accept-ranges: bytes
x-cache-hits: 3, 80441

GET
H2 200 / Show response
apresolve.spotify.com/ Frame 9CAD 273 B
165 B 29ms
29ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apresolve.spotify.com/?type=dealer&type=spclient

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-9851929b834c1219.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

9a36cf8d16f52b60759f0645804471acdf98a53c53f78f112db5a2ad6046cdb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Feb 2024 18:04:29 GMT
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111

GET
BLOB 200
OK 4033b77d-8572-4a25-83ae-b3a024d15399
https://thedfirreport.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://thedfirreport.com/4033b77d-8572-4a25-83ae-b3a024d15399
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 206 bandwidth_sampling_data Show response
web-sdk-assets.spotifycdn.com/ Frame 9CAD 1 B
379 B 45ms
7ms Fetch
application/octet-stream 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://web-sdk-assets.spotifycdn.com/bandwidth_sampling_data?no-cache=0.4792546419126624
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-9851929b834c1219.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6b23c0d5f35d1b11f9b683f0b0a617355deb11277d91ae091d399c655b87940d

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
range: bytes=0-0

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
age: 8075868
x-cache: HIT, HIT
Content-Range: bytes 0-0/700000
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Content-Length: 1
x-served-by: cache-chi-kigq8000021-CHI, cache-fra-etou8220058-FRA
last-modified: Mon, 14 Aug 2023 14:29:23 GMT
etag: "b64d923b3573fe2df893d6d5f549d079"
x-goog-generation: 1692023363737811
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: private, max-age=0
x-goog-stored-content-length: 700000
x-amz-checksum-crc32c: 2BUPRA==
accept-ranges: bytes
x-cache-hits: 504587427, 73579

OPTIONS
H2 200 events
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 0
0 397ms
62ms Preflight 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://open.spotify.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context
access-control-allow-methods: DELETE,GET,PATCH,POST,PUT,OPTIONS
access-control-allow-origin: https://open.spotify.com
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 02 Feb 2024 18:04:30 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

OPTIONS
H2 200 events
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 0
0 355ms
20ms Preflight 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://open.spotify.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context
access-control-allow-methods: DELETE,GET,PATCH,POST,PUT,OPTIONS
access-control-allow-origin: https://open.spotify.com
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 02 Feb 2024 18:04:30 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

POST
H3 200 events Show response
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 9CAD 13 B
58 B 46ms
45ms Fetch
application/json 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-9851929b834c1219.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Feb 2024 18:04:30 GMT
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
content-type: application/json
access-control-allow-origin: https://open.spotify.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39

POST
H2 200 events Show response
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 9CAD 13 B
156 B 54ms
52ms Fetch
application/json 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-9851929b834c1219.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Feb 2024 18:04:30 GMT
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
content-type: application/json
access-control-allow-origin: https://open.spotify.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 227 KB
80 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N6F85L400D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-162747485-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a02212e359b43676ad1639202d28358bb3f1809a4b5b5968f814b1f09727eaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82183
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 02 Feb 2024 18:04:30 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 60ms
9ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-162747485-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Feb 2024 17:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 981
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 02 Feb 2024 19:48:09 GMT

GET
H2 206 bandwidth_sampling_data Show response
web-sdk-assets.spotifycdn.com/ Frame 9CAD 684 KB
684 KB 9ms
8ms Fetch
application/octet-stream 2a04:4e42:8e::762
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://web-sdk-assets.spotifycdn.com/bandwidth_sampling_data?no-cache=0.4792546419126624
Requested by: Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-9851929b834c1219.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::762 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 45ad510ff2452d581cbf10d9e5e622c8470d5a614b692ddd425d9b9bf55af75d

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
range: bytes=0-

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
age: 8075868
x-cache: HIT, HIT
Content-Range: bytes 0-699999/700000
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Content-Length: 700000
x-served-by: cache-chi-kigq8000021-CHI, cache-fra-etou8220058-FRA
last-modified: Mon, 14 Aug 2023 14:29:23 GMT
etag: "b64d923b3573fe2df893d6d5f549d079"
x-goog-generation: 1692023363737811
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: private, max-age=0
x-goog-stored-content-length: 700000
x-amz-checksum-crc32c: 2BUPRA==
accept-ranges: bytes
x-cache-hits: 504587427, 73580

GET
H2 200 m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/ 22 KB
5 KB 312ms
7ms Stylesheet
text/css 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/m=el_main_css

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.de.3lwYqcY9Fxg.O/am=wA/d=1/rs=AN8SPfpz6AFLZhtPTjmgrmhsH1KMmKLv8w/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 11:38:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109544
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4144
x-xss-protection: 0
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 31 Jan 2025 11:38:46 GMT

GET
H2 200 m=el_main Show response
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.3lwYqcY9Fxg.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpmENoDSSyXOskIpqMtVc0ktr1ZCg/ 207 KB
72 KB 316ms
7ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.3lwYqcY9Fxg.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpmENoDSSyXOskIpqMtVc0ktr1ZCg/m=el_main

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.de.3lwYqcY9Fxg.O/am=wA/d=1/rs=AN8SPfpz6AFLZhtPTjmgrmhsH1KMmKLv8w/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

846db6fe57acb029e6f6774d89b4ccd41b723127afcb2d66b50434d111949ade

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 12:48:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18932
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73112
x-xss-protection: 0
last-modified: Mon, 29 Jan 2024 22:12:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Feb 2025 12:48:58 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 15ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=175340963&post=26140&tz=0&srv=thedfirreport.com&j=1%3A13.0&host=thedfirreport.com&ref=&fcp=2392&rand=0.32716043654318105
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 02 Feb 2024 18:04:30 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
208 B 16ms
15ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2105189959&t=pageview&_s=1&dl=https%3A%2F%2Fthedfirreport.com%2F2024%2F01%2F29%2Fbuzzing-on-christmas-eve-trigona-ransomware-in-3-hours%2F&ul=en-us&de=UTF-8&dt=Buzzing%20on%20Christmas%20Eve%3A%20Trigona%20Ransomware%20in%203%20Hours%20-%20The%20DFIR%20Report&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=816448988&gjid=166462344&cid=2135712363.1706897070&tid=UA-162747485-1&_gid=569517439.1706897070&_r=1&gtm=457e41v0za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&jsscut=1&z=682395002

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://thedfirreport.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 02 Feb 2024 18:04:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://thedfirreport.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
255 B 194ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-N6F85L400D&gtm=45je41v0v9118383779za200&_p=1706897070204&_gaz=1&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=2135712363.1706897070&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1706897070&sct=1&seg=0&dl=https%3A%2F%2Fthedfirreport.com%2F2024%2F01%2F29%2Fbuzzing-on-christmas-eve-trigona-ransomware-in-3-hours%2F&dt=Buzzing%20on%20Christmas%20Eve%3A%20Trigona%20Ransomware%20in%203%20Hours%20-%20The%20DFIR%20Report&en=page_view&_fv=1&_ss=1&tfd=3371
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N6F85L400D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Feb 2024 18:04:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://thedfirreport.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 197ms
19ms Ping
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-N6F85L400D&cid=2135712363.1706897070&gtm=45je41v0v9118383779za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N6F85L400D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Feb 2024 18:04:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://thedfirreport.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 221ms
46ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-N6F85L400D&cid=2135712363.1706897070&gtm=45je41v0v9118383779za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&npa=0&z=2006205938

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Feb 2024 18:04:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/ 4 KB
2 KB 165ms
164ms XHR
application/json 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/?relatedposts=1

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/p/jetpack/13.0/_inc/build/related-posts/related-posts.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ca5344f316024810c45122f068965522e6f2628054bbe9115260c555c3d989c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
x-requested-with: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XwGHt4AJUHZwE7gljTLkVv4xxH2wx7gPxdECtXlgRXjEj5CZqzI9b0Z1kNm1oLk5qxqNQ5TUpqP%2FuXKgp9hYrQne7Vh6bFxnD8YG8c7xk6Hak6F14wZTS02DWvRzZ2DZgnGFcoAuN87s%2FGrEmOyrTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cf-ray: 84f45b6239e01cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=1,i

GET
H3 200 wp-emoji-release.min.js Show response
thedfirreport.com/wp-includes/js/ 18 KB
5 KB 280ms
280ms Script
text/javascript 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thedfirreport.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.3
Requested by: Host: thedfirreport.com
URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Thu, 13 Apr 2023 13:23:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4904-5f937a028b821-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iRb7TjlSnlQsa00SQXOsreC4DJOtT49qHLmQAGNlsYIMBKG13v4OTMbw37F7FvFFMbstemmOV3FLKNHiBjsRfOzpppswtDvhbLRc5zyoNp7bJrpkH995yK%2BFyXbl8W21d7Pt9lY%2F0Ms88AA681bQWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 84f45b6249ea1cbf-FRA
alt-svc: h3=":443"; ma=86400
priority: u=3,i=?0

POST
H3 204 rum Show response
thedfirreport.com/cdn-cgi/ 0
142 B 10ms
10ms XHR
text/plain 2606:4700:3036::ac43:bd2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thedfirreport.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: application/json

Response headers

date: Fri, 02 Feb 2024 18:04:30 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://thedfirreport.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 84f45b629a4e1cbf-FRA

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
350 B 20ms
18ms XHR
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-162747485-1&cid=2135712363.1706897070&jid=816448988&gjid=166462344&_gid=569517439.1706897070&_u=YEBAAUAAAAAAACAAI~&z=2034800255

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://thedfirreport.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 02 Feb 2024 18:04:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://thedfirreport.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 69ms
43ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-162747485-1&cid=2135712363.1706897070&jid=816448988&_u=YEBAAUAAAAAAACAAI~&z=2009203726

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Feb 2024 18:04:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 45ms
45ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-162747485-1&cid=2135712363.1706897070&jid=816448988&_u=YEBAAUAAAAAAACAAI~&z=2009203726

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Feb 2024 18:04:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated Show response
/ Frame 6D0A 1 KB
1 KB Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 31f4e4abd5d8e145d6bd5505ae3ee469f66e6aba53fcc6cf04741d0a802ebc3d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Type: text/html;charset=UTF-8

GET
H2 200 24px.svg
fonts.gstatic.com/s/i/productlogos/translate/v14/ 6 KB
4 KB 30ms
7ms Image
image/svg+xml 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 17:55:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 259715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3340
x-xss-protection: 0
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jan 2025 17:55:55 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
1 KB 7ms
7ms Image
image/png 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thedfirreport.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 11:31:02 GMT
x-content-type-options: nosniff
age: 110008
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 910
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 31 Jan 2025 11:31:02 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/m=el_main_css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/m=el_main_css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 16:36:56 GMT
x-content-type-options: nosniff
age: 5254
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1842
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 01 Feb 2025 16:36:56 GMT

POST
H3 200 events Show response
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 9CAD 13 B
58 B 41ms
40ms XHR
application/json 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-9851929b834c1219.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Feb 2024 18:04:33 GMT
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
content-type: application/json
access-control-allow-origin: https://open.spotify.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39

POST
H3 200 events Show response
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 9CAD 13 B
58 B 72ms
71ms XHR
application/json 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events

Requested by

Host: embed-cdn.spotifycdn.com
URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/pages/_app-9851929b834c1219.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 02 Feb 2024 18:04:33 GMT
via: HTTP/2 edgeproxy, 1.1 google
server: envoy
content-type: application/json
access-control-allow-origin: https://open.spotify.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39

OPTIONS
H3 200 events
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 0
0 21ms
20ms Preflight 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://open.spotify.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context
access-control-allow-methods: DELETE,GET,PATCH,POST,PUT,OPTIONS
access-control-allow-origin: https://open.spotify.com
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 02 Feb 2024 18:04:33 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

OPTIONS
H3 200 events
gew4-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 0
0 19ms
19ms Preflight 2600:1901:1:81::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gew4-spclient.spotify.com/gabo-receiver-service/public/v3/events
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:1:81:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://open.spotify.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Origin,Content-Type,Spotify-App-Version,App-Platform,X-Spotify-Connection-Id,X-Client-Id,X-Spotify-Quicksilver-Uri,client-token,content-access-token,x-cloud-trace-context
access-control-allow-methods: DELETE,GET,PATCH,POST,PUT,OPTIONS
access-control-allow-origin: https://open.spotify.com
access-control-max-age: 604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 02 Feb 2024 18:04:33 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.spotify.com/	1970-01-21 02:53:53	Name: sp_t Value: 8091f50000440fa7a2354374f13707b7
.spotify.com/	1970-01-20 18:09:43	Name: sp_landing Value: https%3A%2F%2Fthedfirreport.com%2F%3Fsp_cid%3D8091f50000440fa7a2354374f13707b7%26device%3Ddesktop
.thedfirreport.com/	1970-01-20 18:09:43	Name: _gid Value: GA1.2.569517439.1706897070
.thedfirreport.com/	1970-01-20 18:08:17	Name: _gat_gtag_UA_162747485_1 Value: 1
.thedfirreport.com/	1970-01-21 03:44:17	Name: _ga_N6F85L400D Value: GS1.1.1706897070.1.0.1706897070.60.0.0
.thedfirreport.com/	1970-01-21 03:44:17	Name: _ga Value: GA1.1.2135712363.1706897070

25 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
violation	error	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js Message: Permissions policy violation: encrypted-media is not allowed in this document.
javascript	warning	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js Message: Encrypted Media access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details.
violation	error	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js Message: Permissions policy violation: encrypted-media is not allowed in this document.
javascript	warning	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js Message: Encrypted Media access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details.
violation	error	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js Message: Permissions policy violation: encrypted-media is not allowed in this document.
javascript	warning	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js Message: Encrypted Media access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details.
violation	error	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js Message: Permissions policy violation: encrypted-media is not allowed in this document.
javascript	warning	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js Message: Encrypted Media access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details.
violation	error	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js Message: Permissions policy violation: encrypted-media is not allowed in this document.
javascript	warning	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/369.2469e2f29ca912f2.js Message: Encrypted Media access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details.
violation	error	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js Message: Permissions policy violation: encrypted-media is not allowed in this document.
javascript	warning	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js Message: Encrypted Media access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details.
violation	error	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js Message: Permissions policy violation: encrypted-media is not allowed in this document.
javascript	warning	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js Message: Encrypted Media access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details.
violation	error	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js Message: Permissions policy violation: encrypted-media is not allowed in this document.
javascript	warning	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js Message: Encrypted Media access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details.
violation	error	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js Message: Permissions policy violation: encrypted-media is not allowed in this document.
javascript	warning	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js Message: Encrypted Media access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details.
violation	error	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js Message: Permissions policy violation: encrypted-media is not allowed in this document.
javascript	warning	URL: https://embed-cdn.spotifycdn.com/_next/static/chunks/536.905e6d5c206e107e.js Message: Encrypted Media access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details.
other	warning	URL: https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apresolve.spotify.com
c0.wp.com
embed-cdn.spotifycdn.com
encore.scdn.co
fonts.gstatic.com
gew4-spclient.spotify.com
i.scdn.co
open.spotify.com
pixel.wp.com
region1.analytics.google.com
static.cloudflareinsights.com
stats.g.doubleclick.net
stats.wp.com
thedfirreport.com
translate.google.com
translate.googleapis.com
web-sdk-assets.spotifycdn.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
172.67.189.47
192.0.76.3
192.0.77.37
2001:4860:4802:34::36
2600:1901:1:81::
2600:1901:1:c36::
2606:4700:3036::ac43:bd2f
2606:4700::6810:3965
2a00:1450:4001:808::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2008
2a00:1450:4001:813::200e
2a00:1450:4001:827::2003
2a00:1450:4001:82a::2004
2a00:1450:4001:82f::2003
2a00:1450:4001:830::200e
2a00:1450:400c:c07::9a
2a02:26f0:480:10::213:7ea0
2a02:26f0:480:3::210:ee87
2a04:4e42:8e::762
0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180
010ab7cb63d72c2824b153f2e71379388da03f2aa729139cae15346063d87e86
039130d456855a745451bff40707bee5512bc4466373224b2258f67cc6c6d879
06061575fd771454e70749285931ddc8635a274fef3c21dc7fe12f683640a1e0
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
0cc74082c6e5a1260ff844baca61ef6e60f6ab1be3853ea4c458baa6da895c44
11e9b9b84acfd54c164b5d628410ef138a7d1b00c84f1c8bec927532f6ab22d8
129c1df4d3a0cf1509120f5b7893ce5618e96b5e34faff6b7467744cb64cf852
166c7c3bb5f76f977a9f2a5490589b3466374eb2b3f064802e56f08bad71fbf0
1a24f65c00a46166e180a3501c19b60562e56362308ea9363130620772de741a
1bba521ed06e4ccfdefd0d2f2f9d829f17802e95dcd262bf9efe47254b82cc6b
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c
23a3fe27a84c2a2efe9b4099b5f05546b6b83418ddb0560548004323ac02e4ba
249e0194080be0ab241c6403a957eaffcd0fb39cbe66e2f7b6b2514322b7ac3e
25f8d252a34db20e41b9f3fcf51c022ad2f0876bd47be65caba671bb8bad7ccc
274928f2bf62780b9b7e9d27705d30ed9647c4243ae6a0abf1fa53fc1b6c1989
2ca3d44191e822500b330ae74a7b981fddc94188da2e683a1e1508fd188d2b1b
2ce4fcff403a4a73c39694880c0f7a1773d2d5abc2f99fbcb91444094b311a0d
2d39834086b6021b46bd051ac46cc41227eb396e21546edc7639ea582a0927bb
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
31f4e4abd5d8e145d6bd5505ae3ee469f66e6aba53fcc6cf04741d0a802ebc3d
34019d3364166a309440c0b3e94391105694660f5ed76dc836eed8e4aedc1fb5
357452f2a55c999ddd3afdcbce2c339d41cf7a01613d9d45ff88a753bb82f21d
3b6ae71f1ff60d1eb41fdce7d56f368a2b1e349fb4b3b62286974217806e715c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
45ad510ff2452d581cbf10d9e5e622c8470d5a614b692ddd425d9b9bf55af75d
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4dc2e74a6570cbeba61f6b688d6300ce9a1a9cd66bc9d77f49c0f704928091df
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641
50a30b21c268036112fc3c4128108eee5ddc391b70bdf53b6e1fb059d8419b3d
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
54a47e1142394da6539e250c7387f01bad317ff2a02fe5db390de6ba6403d0c3
5beb4228d35eca42265b7048b3c27685055e3a83166c84a8886b2b235b4eaa84
5c426b919582109bc92f11696dc77bf1253039f3a877cf3226520d70e85a34c7
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
6774d0e6dbba4c5415a213fef260efef3d5717c2f86040ce29c1ac65825eea0e
68602e5e29157b09e0625ea60954ce126444fa9b2282bd03e27f35ccfb132d8b
6b23c0d5f35d1b11f9b683f0b0a617355deb11277d91ae091d399c655b87940d
6c1fc47fbfb2886ce702ff7c913bbbbd0734d70aa5a98e4de320695dc9560e46
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
70c44a9df364a5e5779a64d3b6bace4a0939ad6649859f59e30d4df5bbfbf7d6
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
845900c9b133f4be8a2e9ccf9978d6d3f951801d52def808b6cba9cc16052112
846db6fe57acb029e6f6774d89b4ccd41b723127afcb2d66b50434d111949ade
847c456fd8af058d7c00b33b565029b49f416d85da64af8d3cacc5ac9db8cfbd
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9
8e974b6ae4f0e09293655569f14af299bd59572ce397d0f9546df10eb89b671d
8f8078d5fa79042c80aff9ac50f962fca0a2461febc620b567e38fff39ddc182
9935656a0866985d2d06b877375385d73d6e29d9f84652ec727dfbfd0f6b243e
9a02212e359b43676ad1639202d28358bb3f1809a4b5b5968f814b1f09727eaf
9a36cf8d16f52b60759f0645804471acdf98a53c53f78f112db5a2ad6046cdb0
9b7413f945c8b8bb3f75eb10513c7ad79d386e98494d541e5f1fa9301ffbddd6
9ca5344f316024810c45122f068965522e6f2628054bbe9115260c555c3d989c
9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc
9f70c6bc78c1e830ee3244dd756082d2e3dfbe9a809006428dcde4afbea7f187
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
acfdb446258fc822bcf8e195f3655b6ce8db2751b786561e8d9a005798369782
ae29216f58cbe66f5cb9665e54a082b21c63666ea719e80d4c9873fb64aa91d8
b07108d7171be07459a2e1c917a56499f724fa86916d143ec2ac6668cb61cd4e
b30bf22b7187d0119ac98caf870d3bcebd006fa0d214423269fe111568b48ba3
b38977ea35fde92fe200fa14ac7cc55e2edce54b998ce9a08734ba1dd9053fed
b5104dc06faffc326c8f8a5da2f0cf85c5cf35064eae62871acc3cabf8f35c78
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
c0b6342eae0fda7332beccd8ed75b53b3e7484eaaa61a6e8e28d97b74deaa021
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c2cd3e005de210fcbb5372b4267c5d3d067e0564f017dd5ccba202d040f820d7
c33b28459819247b6281535be62dcf290e0a3de8b4c04579cb1d46cca86ab093
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cba34e474754a973830d7e0c186f151ed6ae190abdcf99efe0561db3b554feb3
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ce3471ccd08187d7fe1e76cd7c67d991cb7d15a0a27b8b50b4ea7389520edba7
d079e6757ff169b8252a45af5d1773b053f1b35ae7c0f3ae6a7f6a891acc28c1
d88b2f05bcd6de59fcdc958ab1c6f63d0225f275d24ce003381c09deb3a4bf1e
da9ed5720b674f0d297fe621ac2d8d518c4e622bef1e9b0d4ae489dee9aa43f8
dd89b91c5eeb3acf1d6981e950c61faea8320eac70e683421afe367e83cf6467
dd9deeeda732605e55b86620fb2826df09c308ada3108333ec104a75afa52650
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8
df91272a81213831511710ea1d22ca8c0015c1289eb484cd0f8be55160cd4291
e321b83b304c13214f0e13c4720ad50c748d00e47c00db7d155dae051b751855
e36c1efc20a86b5d2e13fc69f399924fe54e40a442a47656cb8b59438ffb5d4c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee50c5f5238272eb60e1f8fe3f03b89f610155e444be734e56804fa5f4340cbe
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f11243b14b5926ad4d6d3c0e946d4ac89bfb32ce6102bf7e22036520dfa73dc4
f1cc66c0f8e6445e3b0db8c542a23bf0a1917e085ed9c6cc042f6124eaa15a76
f1d759e86165ec9e5f9f5c9775acfe83f2c00833aa1c3522fbede166c38a2205
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6fec715e1ed1f42d5b1485606b0523a6161efde42cc65436f81e00f7f728da9
f95269e2ecd6c23625565acbe850594e0925509b9a0f1f46b7e4b874ca337780
fa6c46550cf58d88334c44050cb9db5a0f693e4f8212a977cd9fdefface9905d

thedfirreport.com Open in urlscan Pro 172.67.189.47 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

107 Requests

98 %HTTPS

85 %IPv6

13 Domains

22 Subdomains

22 IPs

3 Countries

2787 kBTransfer

5654 kBSize

6 Cookies

35 Outgoing links

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

thedfirreport.com Open in urlscan Pro
172.67.189.47 Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

98 %
HTTPS

85 %
IPv6

13
Domains

22
Subdomains

22
IPs

3
Countries

2787 kB
Transfer

5654 kB
Size

6
Cookies

107 HTTP transactions
2 data transactions