www.secureworks.com Open in urlscan Pro
40.71.249.187 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.secureworks.com/research/revil-sodinokibi-ransomware
Submission: On March 03 via api (March 3rd 2022, 1:58:43 pm UTC) from US — Scanned from DE

Summary HTTP 201 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 37 IPs in 4 countries across 33 domains to perform 201 HTTP transactions. The main IP is 40.71.249.187, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.secureworks.com. The Cisco Umbrella rank of the primary domain is 419882.
TLS certificate: Issued by Thawte RSA CA 2018 on August 16th 2021. Valid for: a year.

This is the only time www.secureworks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	40.71.249.187 40.71.249.187	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
54	2a02:26f0:fb:... 2a02:26f0:fb::5f65:591a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:12a:8001::2 2620:12a:8001::2	54113 (FASTLY) (FASTLY)
2	104.89.28.179 104.89.28.179	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
8	104.111.233.140 104.111.233.140	16625 (AKAMAI-AS) (AKAMAI-AS)
8	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6813:9408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:15c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
64	143.204.98.49 143.204.98.49	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e053	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.114.109 151.101.114.109	54113 (FASTLY) (FASTLY)
1	151.101.193.131 151.101.193.131	54113 (FASTLY) (FASTLY)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	185.33.221.15 185.33.221.15	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:215... 2600:9000:2156:8000:12:3734:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	143.204.98.69 143.204.98.69	16509 (AMAZON-02) (AMAZON-02)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
2	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
1	3.126.202.50 3.126.202.50	16509 (AMAZON-02) (AMAZON-02)
2	18.198.223.123 18.198.223.123	16509 (AMAZON-02) (AMAZON-02)
2	143.204.98.64 143.204.98.64	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2	3.224.182.56 3.224.182.56	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
5	3.94.218.138 3.94.218.138	14618 (AMAZON-AES) (AMAZON-AES)
2	50.16.7.188 50.16.7.188	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.98.58 143.204.98.58	16509 (AMAZON-02) (AMAZON-02)
201	37

6 40.71.249.187 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.secureworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 2a02:26f0:fb::5f65:591a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

content.secureworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:12a:8001::2 (United States)

ASN54113 (FASTLY, US)

scwx.annuitas.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.89.28.179 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-28-179.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

725-smc-563.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.111.233.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

64 143.204.98.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-49.fra50.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:f7::5c7b:e053 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

extend.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.131 (United States)

ASN54113 (FASTLY, US)

f47fc87cb1114490b08a513d8c97555c.js.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.15 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:8000:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-69.fra50.r.cloudfront.net

assets.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.202.50 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-202-50.eu-central-1.compute.amazonaws.com

f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.223.123 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-223-123.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-64.fra50.r.cloudfront.net

builder-assets.unbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.224.182.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-182-56.compute-1.amazonaws.com

f47fc87cb1114490b08a513d8c97555c.events.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.94.218.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-218-138.compute-1.amazonaws.com

metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.16.7.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-7-188.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-58.fra50.r.cloudfront.net

embeds.driftcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
64	driftt.com js.driftt.com — Cisco Umbrella Rank: 4849	753 KB
60	secureworks.com www.secureworks.com — Cisco Umbrella Rank: 419882 content.secureworks.com — Cisco Umbrella Rank: 889381	2 MB
8	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
8	6sc.co j.6sc.co — Cisco Umbrella Rank: 7171 c.6sc.co — Cisco Umbrella Rank: 10646 b.6sc.co — Cisco Umbrella Rank: 5631	14 KB
7	drift.com metrics.api.drift.com — Cisco Umbrella Rank: 5350 bootstrap.api.drift.com — Cisco Umbrella Rank: 5605	433 B
5	ubembed.com f47fc87cb1114490b08a513d8c97555c.js.ubembed.com assets.ubembed.com — Cisco Umbrella Rank: 9512 f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com f47fc87cb1114490b08a513d8c97555c.events.ubembed.com	52 KB
4	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 1744	44 KB
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 68 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38	2 KB
3	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 359	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 338	12 KB
3	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 450	24 KB
3	annuitas.io scwx.annuitas.io	16 KB
2	gstatic.com fonts.gstatic.com	36 KB
2	unbounce.com builder-assets.unbounce.com — Cisco Umbrella Rank: 15975	36 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 12526	409 B
2	google.com www.google.com — Cisco Umbrella Rank: 2	655 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 799	3 KB
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 11773 apt.techtarget.com — Cisco Umbrella Rank: 16759	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	146 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 2832	6 KB
1	driftcdn.com embeds.driftcdn.com — Cisco Umbrella Rank: 5664	9 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	992 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1433	157 B
1	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 17262	242 B
1	ml-attr.com 1 redirects s.ml-attr.com — Cisco Umbrella Rank: 14759	284 B
1	vimeocdn.com extend.vimeocdn.com — Cisco Umbrella Rank: 8647	6 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1376	8 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 101	15 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 588	30 KB
1	mktoresp.com 725-smc-563.mktoresp.com	311 B
0	clarity.ms Failed i.clarity.ms Failed c.clarity.ms Failed
0	google.de Failed www.google.de Failed
0	linkedin.com Failed px4.ads.linkedin.com Failed
201	33

	Domain	Requested by
64	js.driftt.com	www.secureworks.com js.driftt.com
54	content.secureworks.com	www.secureworks.com content.secureworks.com
8	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
6	b.6sc.co
6	www.secureworks.com	www.secureworks.com
5	metrics.api.drift.com	js.driftt.com
4	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
3	secure.adnxs.com	2 redirects j.6sc.co
3	bat.bing.com	www.googletagmanager.com bat.bing.com
3	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
3	scwx.annuitas.io	www.secureworks.com content.secureworks.com
2	bootstrap.api.drift.com	js.driftt.com
2	fonts.gstatic.com	fonts.googleapis.com
2	f47fc87cb1114490b08a513d8c97555c.events.ubembed.com	assets.ubembed.com
2	builder-assets.unbounce.com	f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com
2	epsilon.6sense.com	j.6sc.co
2	www.google.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	snap.licdn.com	www.secureworks.com snap.licdn.com
2	www.googletagmanager.com	www.secureworks.com www.googletagmanager.com
2	munchkin.marketo.net	www.secureworks.com munchkin.marketo.net
1	embeds.driftcdn.com	js.driftt.com
1	fonts.googleapis.com	builder-assets.unbounce.com
1	f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com	assets.ubembed.com
1	apt.techtarget.com
1	assets.ubembed.com	f47fc87cb1114490b08a513d8c97555c.js.ubembed.com
1	c.6sc.co	j.6sc.co
1	googleads.g.doubleclick.net	www.googleadservices.com
1	alb.reddit.com
1	attr.ml-api.io
1	s.ml-attr.com	1 redirects
1	f47fc87cb1114490b08a513d8c97555c.js.ubembed.com	www.googletagmanager.com
1	extend.vimeocdn.com	www.googletagmanager.com
1	trk.techtarget.com	www.secureworks.com
1	www.redditstatic.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	j.6sc.co	www.secureworks.com
1	code.jquery.com	cdn.cookielaw.org
1	725-smc-563.mktoresp.com	munchkin.marketo.net
0	c.clarity.ms Failed
0	i.clarity.ms Failed	bat.bing.com
0	www.google.de Failed
0	px4.ads.linkedin.com Failed
201	43

This site contains links to these domains. Also see Links.

Domain
cookiepedia.co.uk
onetrust.com
portal.secureworks.com
secureworks.force.com
investors.secureworks.com
twitter.com
www.linkedin.com
www.facebook.com
blog.talosintelligence.com
portal.msrc.microsoft.com
www.gdatasoftware.com
www.drcommodore.it
www.reddit.com
securelist.com
c9x.me
docs.microsoft.com
en.wikipedia.org
www.zdnet.com
www.us-cert.gov
pages.secureworks.com
github.com
content.secureworks.com
www.delltechnologies.com
www.secureworks.jp

Subject Issuer	Validity	Valid
www.secureworks.com Thawte RSA CA 2018	`2021-08-16` - `2022-09-16`	a year	crt.sh
cert00029-azurecdn.akamaized.net R3	`2022-02-21` - `2022-05-22`	3 months	crt.sh
scwx.annuitas.io R3	`2022-01-26` - `2022-04-26`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-30`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-09` - `2022-05-08`	a year	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2022-08-16`	6 months	crt.sh
drift.com Amazon	`2021-09-08` - `2022-10-07`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-05-18` - `2022-06-19`	a year	crt.sh
*.js.ubembed.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2022-01-04` - `2023-02-05`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2022-08-16`	6 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
assets.ubembed.com Amazon	`2022-02-04` - `2023-03-05`	a year	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-13` - `2022-11-12`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.pages.ubembed.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-28` - `2023-03-31`	a year	crt.sh
*.6sense.com Amazon	`2021-06-30` - `2022-07-29`	a year	crt.sh
*.unbounce.com Amazon	`2022-02-08` - `2023-03-09`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.events.ubembed.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.driftcdn.com Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Frame ID: A52D22838FEDB60BEDEBE72651E411FD
Requests: 121 HTTP requests in this frame

Frame: https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com/321d226c-4516-4250-b435-f3db3947ea78/a.html?closedAt=0
Frame ID: BB45743161824AB4D671CA2AC1DCAF3A
Requests: 7 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
Frame ID: D219435A190F216719E25650E17DB92D
Requests: 35 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
Frame ID: 0F4A4D47B304F78762FF68CFCD7CF0D8
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

REvil/Sodinokibi Ransomware | Secureworks

Detected technologies

Unbounce (Editors) Expand

Overall confidence: 100%
Detected patterns

ubembed\.com

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

201
Requests

96 %
HTTPS

46 %
IPv6

33
Domains

43
Subdomains

37
IPs

4
Countries

2828 kB
Transfer

6425 kB
Size

35
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More Information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://portal.secureworks.com/portal/loginIDP
Title: Login

Search URL Search Domain Scan URL

URL: https://secureworks.force.com/partners/s/partner-registration
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://secureworks.force.com/partners/s/find-a-partner
Title: Find a Partner

Search URL Search Domain Scan URL

URL: https://secureworks.force.com/partners/s/login/ForgotPassword
Title: Password Reset

Search URL Search Domain Scan URL

URL: https://secureworks.force.com/partners/s/login/
Title: Partner Portal Login

Search URL Search Domain Scan URL

URL: https://investors.secureworks.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.secureworks.com/research/revil-sodinokibi-ransomware&text=REvil/Sodinokibi%20Ransomware&via=Secureworks

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.secureworks.com/research/revil-sodinokibi-ransomware&source=Secureworks

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.secureworks.com/research/revil-sodinokibi-ransomware

Search URL Search Domain Scan URL

URL: https://twitter.com/VK_Intel/status/1143544498913456128
Title: REvil

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
Title: identified

Search URL Search Domain Scan URL

URL: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453
Title: CVE-2018-8453

Search URL Search Domain Scan URL

URL: https://www.gdatasoftware.com/blog/2019/06/31724-strange-bits-sodinokibi-spam-cinarat-and-fake-g-data
Title: malicious spam campaigns

Search URL Search Domain Scan URL

URL: https://twitter.com/VirITeXplorer/status/1133302287491842049
Title: RDP attacks

Search URL Search Domain Scan URL

URL: https://www.drcommodore.it/2019/06/20/hackerato-winrar-it-malware-al-posto-del-programma/
Title: reports

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/msp/comments/c2wls0/kaseya_weaponized_to_deliver_sodinokibi_ransomware/
Title: reports

Search URL Search Domain Scan URL

URL: https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Title: detailed

Search URL Search Domain Scan URL

URL: https://c9x.me/x86/html/file_module_x86_id_45.html
Title: CPUID

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-language-pack-default-values
Title: keyboard identifier

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Shadow_Copy
Title: shadow copies

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/desktop/fileio/i-o-completion-ports
Title: I/O completion ports (IOCPs)

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Salsa20
Title: Salsa20 stream cipher

Search URL Search Domain Scan URL

URL: https://twitter.com/noblebarstool/status/1146079158096687105
Title: reportedly

Search URL Search Domain Scan URL

URL: https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
Title: announced

Search URL Search Domain Scan URL

URL: https://www.us-cert.gov/sites/default/files/publications/data_backup_options.pdf
Title: 3-2-1 backup strategy

Search URL Search Domain Scan URL

URL: https://pages.secureworks.com/email-subscription.html?_ga=2.98586582.992821853.1618841296-805368899.1615224462
Title: SEND ME UPDATES

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/secureworks

Search URL Search Domain Scan URL

URL: https://twitter.com/secureworks

Search URL Search Domain Scan URL

URL: https://www.facebook.com/secureworks

Search URL Search Domain Scan URL

URL: https://github.com/secureworks

Search URL Search Domain Scan URL

URL: https://pages.secureworks.com/email-subscription.html
Title: Email Subscription

Search URL Search Domain Scan URL

URL: https://content.secureworks.com/-/media/Files/Corporate/modernslaverystatement_21.ashx?la=en&modified=20210609145557&hash=443B793B57FACAD901AC4810BBE69FEF
Title: Supply Chain Transparency

Search URL Search Domain Scan URL

URL: https://www.delltechnologies.com/
Title: Dell Technologies

Search URL Search Domain Scan URL

URL: https://pages.secureworks.com/UnsubscribePage.html?mkt_unsubscribe=1
Title: Unsubscribe

Search URL Search Domain Scan URL

URL: https://www.secureworks.jp/
Title: 日本語

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 79

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.secureworks.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=www.secureworks.com&pId=3326976933832376224

Request Chain 91

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1646315917661&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2386324%26time%3D1646315917661%26url%3Dhttps%253A%252F%252Fwww.secureworks.com%252Fresearch%252Frevil-sodinokibi-ransomware%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1646315917661&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&liSync=true HTTP 0
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1646315917661&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&liSync=true&e_ipv6=AQJfvlwiUVaiwQAAAX9QE1PCXs007lWxPJfTPhzUWoS5Eu6iACEz4_ApR3K0tvB83-6LapwnmknH648Sqbz4jilkIVsZ2A

201 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request revil-sodinokibi-ransomware Show response
www.secureworks.com/research/ 226 KB
50 KB 818ms
533ms Document
text/html 40.71.249.187
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

40.71.249.187 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

99022a865cce87b2f6becbfc22e119559c09cb81b45046c256e86fc0d411b5b7

Security Headers

Name	Value
Content-Security-Policy	object-src 'none'; script-src 'self' 'nonce-NTRkNGFiMGVjMTY3NDA5YWFiMmRjOWNjNDVlZDBhOTk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://.vimeo.com https://.vimeocdn.com https://j.6sc.co https://b.6sc.co https://.6sc.co https://epsilon.6sense.com https://.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://.on24.com https://.ceros.com https://.js.ubembed.com https://assets.ubembed.com https://.redditstatic.com; img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org fonts.gstatic.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .ubembed.com *.redditstatic.com alb.reddit.com; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Security-Policy: object-src 'none'; script-src 'self' 'nonce-NTRkNGFiMGVjMTY3NDA5YWFiMmRjOWNjNDVlZDBhOTk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://*.vimeo.com https://*.vimeocdn.com https://j.6sc.co https://b.6sc.co https://*.6sc.co https://epsilon.6sense.com https://*.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://*.on24.com https://*.ceros.com https://*.js.ubembed.com https://assets.ubembed.com https://*.redditstatic.com; img-src 'self' https://*.vimeo.com https://*.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org fonts.gstatic.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com *.crazyegg.com *.ubembed.com *.redditstatic.com alb.reddit.com; frame-ancestors 'none';
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Date: Thu, 03 Mar 2022 13:58:36 GMT
Content-Length: 46641

GET
H2 200 html5reset-1.6.1.css
content.secureworks.com/content/app/css/ 1 KB
845 B 383ms
15ms Stylesheet
text/css 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/html5reset-1.6.1.css?v=03-03-2022-4

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Feb 2022 14:37:24 GMT
server: Microsoft-IIS/10.0
etag: "0ea30e2541fd81:0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2588917
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 573
x-content-type-options: nosniff

GET
H2 200 western-typographies.css
content.secureworks.com/content/app/css/ 2 KB
637 B 380ms
12ms Stylesheet
text/css 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/western-typographies.css?v=03-03-2022-4

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Feb 2022 14:37:24 GMT
server: Microsoft-IIS/10.0
etag: "0ea30e2541fd81:0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2588952
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 365
x-content-type-options: nosniff

GET
H2 200 main.css
content.secureworks.com/content/app/css/ 577 KB
82 KB 392ms
24ms Stylesheet
text/css 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e7c12919276df9a9ef997b0d765b29804fb2039a888f209748b967b3bcc8e9cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Mar 2022 13:04:29 GMT
server: Microsoft-IIS/10.0
etag: "2dfaa38ff2ed81:0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2588940
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 83196
x-content-type-options: nosniff

GET
H2 200 jquery-3.6.0.min.js Show response
content.secureworks.com/content/app/js/ 87 KB
31 KB 384ms
17ms Script
application/javascript 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/jquery-3.6.0.min.js?v=03-03-2022-4

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Feb 2022 14:37:24 GMT
server: Microsoft-IIS/10.0
etag: "0ea30e2541fd81:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2589026
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 30954
x-content-type-options: nosniff

GET
H2 200 scripts.js Show response
scwx.annuitas.io/wp-json/pdg/v1/ 40 KB
14 KB 385ms
18ms Script
application/x-javascript 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://scwx.annuitas.io/wp-json/pdg/v1/scripts.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

555dbe6e8914f46e2aee82c379578e8b255b67d322a1028c84c4b166724e6115

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"621d34f2-9f0c"
age: 234423
x-pantheon-styx-hostname: styx-fe2-b-f66bf767-v4rb4
x-cache: HIT, HIT
x-cloud-trace-context: 5459679847c246f5b78b667314d83cba/4182344138624749057;o=0
content-length: 14122
x-served-by: cache-mdw17381-MDW, cache-mxp6933-MXP
last-modified: Mon, 28 Feb 2022 20:47:46 GMT
server: nginx
traceparent: 00-5459679847c246f5b78b667314d83cba-3a0aabd5c72a4e01-00
x-timer: S1646315917.055163,VS0,VE2
date: Thu, 03 Mar 2022 13:58:37 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Wed, 01 Mar 2023 20:51:34 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 36d97c57-98d8-11ec-94d2-66a0a5b816fc
x-cache-hits: 1, 1

GET
H2 200 marketo-from-custom.js Show response
content.secureworks.com/content/app/js/ 14 KB
3 KB 381ms
14ms Script
application/javascript 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/marketo-from-custom.js?v=03-03-2022-4

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

91bfe05478e9aa562a5b0f3fe991e6b7201d4282312c48d0fc71b3f5ae7f03ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Feb 2022 14:37:24 GMT
server: Microsoft-IIS/10.0
etag: "0ea30e2541fd81:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2588951
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 2849
x-content-type-options: nosniff

GET
H/1.1 200
OK VisitorIdentification.js Show response
www.secureworks.com/layouts/system/ 2 KB
1 KB 182ms
107ms Script
application/javascript 40.71.249.187
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/layouts/system/VisitorIdentification.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

40.71.249.187 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7941c043b215ecc58d18e696d42abbd225eb0baa075cb5e31027725cc5312fce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 04 Jun 2018 10:06:48 GMT
Server: Microsoft-IIS/10.0
ETag: "0ecf0bfebfbd31:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Date: Thu, 03 Mar 2022 13:58:36 GMT
Accept-Ranges: bytes
Content-Length: 910
X-Content-Type-Options: nosniff

GET
H2 200 emergency-icon-02.ashx
content.secureworks.com/-/media/Images/Icons/ 882 B
1 KB 47ms
18ms Image
image/png 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Icons/emergency-icon-02.ashx?modified=20200713133031

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d64e3512a14d94fc0807a70eccafd1ad6010aab4d91d552f8e3c4d310bff64ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 13 Jul 2020 13:30:31 GMT
server: Microsoft-IIS/10.0
etag: 3c8ba49ec7994d569f5a624ba34bd1db
content-type: image/png
cache-control: public, max-age=2498665
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="emergency-icon-02.png"
accept-ranges: bytes
content-length: 882
x-content-type-options: nosniff
expires: Fri, 01 Apr 2022 12:03:02 GMT

GET
H2 200 sw_logo_black.ashx
content.secureworks.com/-/media/Images/logos/ 5 KB
5 KB 47ms
18ms Image
image/svg+xml 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/logos/sw_logo_black.ashx?modified=20200805202625&la=en&hash=1D65C59935DD4F7FBE248940505D051A

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b5ecd7807e3023d657d18fbe832848e8e65843843ebd748f7225e314b17d5221

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 05 Aug 2020 20:26:25 GMT
server: Microsoft-IIS/10.0
etag: 33b882a931e84894a7c864998125bcce
content-type: image/svg+xml
cache-control: public, max-age=2498920
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="sw_logo_black.svg"
accept-ranges: bytes
content-length: 4728
x-content-type-options: nosniff
expires: Fri, 01 Apr 2022 12:07:17 GMT

GET
H2 200 btn-arrow.svg
content.secureworks.com/content/rc/images/ 2 KB
2 KB 42ms
13ms Image
image/svg+xml 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/content/rc/images/btn-arrow.svg

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

11d5ce34f206afb82ddf5e90ac14a2572bf9ee7177623d3a22d961d14bbd71ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=657494
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 2096
x-content-type-options: nosniff

GET
H2 200 arrow-back.svg
content.secureworks.com/content/rc/images/ 1 KB
1 KB 48ms
19ms Image
image/svg+xml 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/content/rc/images/arrow-back.svg

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0a8b1ef45e2622985d8d86e6317525253a50b84b7a37e92b14f2af14f430e10e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=515805
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 1025
x-content-type-options: nosniff

GET
H2 200 logo-blue-taegis.ashx
content.secureworks.com/-/media/Images/logos/ 4 KB
4 KB 51ms
23ms Image
image/png 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/logos/logo-blue-taegis.ashx?modified=20211110212248

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

24849b91ee6d5f169a67d0f0f316ec3d3e7b62454b4a87a3138eb5b87465676c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 10 Nov 2021 21:22:48 GMT
server: Microsoft-IIS/10.0
etag: 886eba971f804121baa2dcc7e75813bf
content-type: image/png
cache-control: public, max-age=2225388
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="logo-blue-taegis.png"
accept-ranges: bytes
content-length: 3947
x-content-type-options: nosniff
expires: Tue, 29 Mar 2022 08:08:25 GMT

GET
H2 200 emergency-response-red_360x190.ashx
content.secureworks.com/-/media/Images/Contact/Emergency%20Response/ 41 KB
41 KB 62ms
34ms Image
image/png 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Contact/Emergency%20Response/emergency-response-red_360x190.ashx?modified=20211201205934

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b777ccbe9576f16bf6f9bc222c6c98fbff019365b13a1beee3571da3458657fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Dec 2021 20:59:34 GMT
server: Microsoft-IIS/10.0
etag: 93a5fb29056b48fab5b7be65e1cf3eb7
content-type: image/png
cache-control: public, max-age=1729553
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="emergency-response-red_360x190.png"
accept-ranges: bytes
content-length: 41708
x-content-type-options: nosniff
expires: Wed, 23 Mar 2022 14:24:30 GMT

GET
H2 200 why-secureworks-nav-promo_360x190.ashx
content.secureworks.com/-/media/Images/About/Why%20Secureworks/ 42 KB
43 KB 52ms
23ms Image
image/png 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/About/Why%20Secureworks/why-secureworks-nav-promo_360x190.ashx?modified=20211012194821

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

652693cf351da926038bb19decb41b5b58f439e786b26a1a32e9498b2390b9bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Oct 2021 19:48:21 GMT
server: Microsoft-IIS/10.0
etag: a6811fe9bdce4469b7f75a2dad09f6a8
content-type: image/png
cache-control: public, max-age=2070569
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="why-secureworks-nav-promo_360x190.png"
accept-ranges: bytes
content-length: 43252
x-content-type-options: nosniff
expires: Sun, 27 Mar 2022 13:08:06 GMT

GET
H2 200 gpp_overview_image_partner-nav_360x190.ashx
content.secureworks.com/-/media/Images/About/Partners/2021/ 15 KB
15 KB 62ms
34ms Image
image/jpeg 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/About/Partners/2021/gpp_overview_image_partner-nav_360x190.ashx?modified=20210204141446

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

aa974801b32114fee16b18ee57d0c14b8e23a8a690830f425c4054ca2b629ace

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 04 Feb 2021 14:14:46 GMT
server: Microsoft-IIS/10.0
etag: 3bd4f02a48f64e39bdc89ac66e50b33f
content-type: image/jpeg
cache-control: public, max-age=797680
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="gpp_overview_image_partner-nav_360x190.jpg"
accept-ranges: bytes
content-length: 15086
x-content-type-options: nosniff
expires: Sat, 12 Mar 2022 19:33:17 GMT

GET
H2 200 adversary-software-coverage_360x190.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Tools/Screens/ 24 KB
25 KB 48ms
20ms Image
image/jpeg 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Tools/Screens/adversary-software-coverage_360x190.ashx?modified=20210521135420

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

690ffa4f3709f9f45b28bdab7637e0da04880aee1d2d4e9caf4af0a99782a2ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 21 May 2021 13:54:20 GMT
server: Microsoft-IIS/10.0
etag: 7f320742388f4e31a683ff362b1425f6
content-type: image/jpeg
cache-control: public, max-age=2499565
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="adversary-software-coverage_360x190.jpg"
accept-ranges: bytes
content-length: 24997
x-content-type-options: nosniff
expires: Fri, 01 Apr 2022 12:18:02 GMT

GET
H2 200 SEC03190_Forrester-Wave_Web-Banners_360x190_R1.ashx
content.secureworks.com/-/media/Images/Badges/ 10 KB
10 KB 48ms
20ms Image
image/jpeg 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Badges/SEC03190_Forrester-Wave_Web-Banners_360x190_R1.ashx?modified=20210326185832

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

98eeaeae353fe37b4b82cafa82ebd450fb7aebcd9f8e98f776c75bdb895ac94a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 26 Mar 2021 18:58:32 GMT
server: Microsoft-IIS/10.0
etag: b2a16c99f331437db9655b67d9e9455e
content-type: image/jpeg
cache-control: public, max-age=2500536
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="SEC03190_Forrester-Wave_Web-Banners_360x190_R1.jpg"
accept-ranges: bytes
content-length: 10238
x-content-type-options: nosniff
expires: Fri, 01 Apr 2022 12:34:13 GMT

GET
H2 200 revil_01.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 117 KB
118 KB 55ms
27ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_01.ashx?la=en&modified=20190919210829&hash=337C0B633C09EAE25F9BF6668A116328

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3c37aa4bbe3d560e5e96f36ee9b5d5e43ee6572ed49e018bbef9dd1d0fa95200

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:29 GMT
server: Microsoft-IIS/10.0
etag: 978b8f10781c4afface0ad6c3d68f55b
content-type: image/webp
cache-control: public, max-age=1663430
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_01.webp"
accept-ranges: bytes
content-length: 119796
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:02:27 GMT

GET
H2 200 revil_02.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 51 KB
52 KB 63ms
35ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_02.ashx?la=en&modified=20190919210829&hash=45BAE29EF2DF3BAB5EBE20B86F6AF9AD

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

434b4eacae6f8a95017aa508494f9ba6eca27cf92d489cbf7ea7948dea697f30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:29 GMT
server: Microsoft-IIS/10.0
etag: 03c4896e10c145bfa8c42aec118edb8e
content-type: image/webp
cache-control: public, max-age=1663454
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_02.webp"
accept-ranges: bytes
content-length: 52322
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:02:51 GMT

GET
H2 200 revil_03.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 26 KB
27 KB 62ms
34ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_03.ashx?la=en&modified=20190919210830&hash=6E7B1F459B10E13D739953622B78BEA5

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ed4fc5c094fbb414b3cd56bc1d0773e7806be2f4c74bd887692800abed4e7ad1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:30 GMT
server: Microsoft-IIS/10.0
etag: d5dca46136f34e60aa99b722341bdcf1
content-type: image/webp
cache-control: public, max-age=1663485
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_03.webp"
accept-ranges: bytes
content-length: 26884
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:03:22 GMT

GET
H2 200 revil_04.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 17 KB
17 KB 72ms
45ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_04.ashx?la=en&modified=20190919210830&hash=44628C0D7497E932218E8FCE6CB8F6AE

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5795e2a337cc0723559ecb317b533b2d3045834b0341dc1db4e6e20d2c51e751

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:30 GMT
server: Microsoft-IIS/10.0
etag: 966ab198e9da4c85bbcfd33daf61e25f
content-type: image/webp
cache-control: public, max-age=1663520
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_04.webp"
accept-ranges: bytes
content-length: 17220
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:03:57 GMT

GET
H2 200 revil_05.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 28 KB
28 KB 73ms
46ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_05.ashx?la=en&modified=20190919210830&hash=F37FF3FE9C6C71DDEA4DD81AA3D4BA4C

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7da757ad43c01d901b01ffffb3957a91496aa32a9324223e28881d4876c687b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:30 GMT
server: Microsoft-IIS/10.0
etag: edd88642c50f4879a5ba8e042109a60f
content-type: image/webp
cache-control: public, max-age=1663507
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_05.webp"
accept-ranges: bytes
content-length: 28600
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:03:44 GMT

GET
H2 200 revil_06.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 74 KB
75 KB 66ms
39ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_06.ashx?la=en&modified=20190919210831&hash=3FDE808C99F12B61F24F54C7039E3BC5

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

886a93ca3a6fcf54b94c732fd7dfd6f71cc565becde552456d2b78bfa4b83907

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:31 GMT
server: Microsoft-IIS/10.0
etag: 44ab98331232423da35341dbf39cd986
content-type: image/webp
cache-control: public, max-age=1663441
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_06.webp"
accept-ranges: bytes
content-length: 76274
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:02:38 GMT

GET
H2 200 revil_07.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 97 KB
97 KB 70ms
43ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_07.ashx?la=en&modified=20190919210831&hash=3787A12F20F86EBFB91CBDD5CDD1A960

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b2c7d381de1380af12794a061f0d019a1ce49d8861287cf440c6c32895b021c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:31 GMT
server: Microsoft-IIS/10.0
etag: 1d9ac6bcb24a46349bb5236b0ca9bf9f
content-type: image/webp
cache-control: public, max-age=1663508
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_07.webp"
accept-ranges: bytes
content-length: 98914
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:03:45 GMT

GET
H2 200 revil_08.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 30 KB
31 KB 76ms
49ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_08.ashx?la=en&modified=20190919210832&hash=BB059C428C9BB4745A703766D55D699E

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7d1cb2b23d69cfcd9a563d9c13160927020f1da9b829cbe85a35aa9b51f23ad4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:32 GMT
server: Microsoft-IIS/10.0
etag: 7336f0a0c6bc4e2db5100f2091c5f0d7
content-type: image/webp
cache-control: public, max-age=1663467
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_08.webp"
accept-ranges: bytes
content-length: 31024
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:03:04 GMT

GET
H2 200 revil_09.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 55 KB
56 KB 66ms
39ms Image
image/jpeg 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_09.ashx?la=en&modified=20190919210832&hash=5312960F67E8DBB78D8ABFFA6C51359F

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

f5065f6122d90791f6d4f51690023dbb0bb99c31f2e804dd86e2f818701034fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:32 GMT
server: Microsoft-IIS/10.0
etag: cd18386a23a84296bc1c4105d08a4c6a
content-type: image/jpeg
cache-control: public, max-age=1825395
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_09.jpg"
accept-ranges: bytes
content-length: 56821
x-content-type-options: nosniff
expires: Thu, 24 Mar 2022 17:01:52 GMT

GET
H2 200 revil_10.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 13 KB
14 KB 75ms
49ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_10.ashx?la=en&modified=20190919210833&hash=B712C2DE7CE659DDE11539A744EC75D6

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0b821e9188e4ca0128ecb7e47b784477caacd1cb62e91f3da5ce28db1677ad69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:33 GMT
server: Microsoft-IIS/10.0
etag: a2d7a59152ac4276b69367378cbc3f58
content-type: image/webp
cache-control: public, max-age=1663457
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_10.webp"
accept-ranges: bytes
content-length: 13722
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:02:54 GMT

GET
H2 200 revil_11.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 36 KB
36 KB 73ms
47ms Image
image/jpeg 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_11.ashx?la=en&modified=20190919210833&hash=DCAC4A4131CCF3CC679C481008A81AA0

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

49114a6bc42cdf0244b9ceb6ea948ea1f3f5f54c392b6cbd00dfa52d68b0e3b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:33 GMT
server: Microsoft-IIS/10.0
etag: 79eb7db4e8584778ada762336ee6a4b5
content-type: image/jpeg
cache-control: public, max-age=1825356
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_11.jpg"
accept-ranges: bytes
content-length: 36368
x-content-type-options: nosniff
expires: Thu, 24 Mar 2022 17:01:13 GMT

GET
H2 200 revil_12.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 65 KB
66 KB 80ms
54ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_12.ashx?la=en&modified=20190919210833&hash=A99DB01DE597ECBDE63DB84C9569E0B5

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

bf9d0298b63fbe99111777ab348072f388be98bfdabc5cbde4a77a8ba3cdebc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:33 GMT
server: Microsoft-IIS/10.0
etag: 795e4a178f8a4271902f95273fd97f57
content-type: image/webp
cache-control: public, max-age=1663402
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_12.webp"
accept-ranges: bytes
content-length: 66684
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:01:59 GMT

GET
H2 200 revil_13.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 21 KB
21 KB 92ms
66ms Image
image/jpeg 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_13.ashx?la=en&modified=20190919210834&hash=4E69BC83137F308A90179F0FB16F615D

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b639e2522457e537b9193fb4b466f0b4148dfdb105bb0fd8adbc5e10b0ac5b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:34 GMT
server: Microsoft-IIS/10.0
etag: fb4064c7d55648cbaa675793fc69e67d
content-type: image/jpeg
cache-control: public, max-age=1825352
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_13.jpg"
accept-ranges: bytes
content-length: 21532
x-content-type-options: nosniff
expires: Thu, 24 Mar 2022 17:01:09 GMT

GET
H2 200 revil_14.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 8 KB
9 KB 72ms
46ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_14.ashx?la=en&modified=20190919210834&hash=26AE2F21AFB002F0C8C84CFBFEE1A91F

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e22d8390d4fd01f09018ae12091ad575055077380fee90c7230f27075a2e91a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:34 GMT
server: Microsoft-IIS/10.0
etag: 7b6d0a19ab6d4426b0e756e28fe4c612
content-type: image/webp
cache-control: public, max-age=1663477
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_14.webp"
accept-ranges: bytes
content-length: 8464
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:03:14 GMT

GET
H2 200 revil_15.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 48 KB
48 KB 87ms
61ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_15.ashx?la=en&modified=20190919210835&hash=5F2B118A9E6C33029B0CEF7273FAD952

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

f9a31c7362a9fab467cf8bec201cee19f57955bc32a1864d13d457a307695e75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:35 GMT
server: Microsoft-IIS/10.0
etag: 95ab9fc69e294edbba1e854c90a5b0b0
content-type: image/webp
cache-control: public, max-age=2502922
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_15.webp"
accept-ranges: bytes
content-length: 48738
x-content-type-options: nosniff
expires: Fri, 01 Apr 2022 13:13:59 GMT

GET
H2 200 revil_16.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 21 KB
21 KB 80ms
54ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_16.ashx?la=en&modified=20190919210835&hash=A1F4FD555357DF2C967C47DAB42F5F40

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

29a95f3c5a96517e30a03e43d9ada4754a5876ef8b77b9e7e20b56fed8dbadb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:35 GMT
server: Microsoft-IIS/10.0
etag: a49ed5c7338e486e90af8a970fb51a8a
content-type: image/webp
cache-control: public, max-age=1663443
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_16.webp"
accept-ranges: bytes
content-length: 21094
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:02:40 GMT

GET
H2 200 revil_17.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 57 KB
58 KB 82ms
56ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_17.ashx?la=en&modified=20190919210836&hash=944BB90CA75FF753248B38FD7E9A02CF

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3449046e95044587d2622440340a8ecb968922a943be39f29398953cadcd0fd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:36 GMT
server: Microsoft-IIS/10.0
etag: fae14a413610480796726c25e8d95eda
content-type: image/webp
cache-control: public, max-age=2222026
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_17.webp"
accept-ranges: bytes
content-length: 58446
x-content-type-options: nosniff
expires: Tue, 29 Mar 2022 07:12:23 GMT

GET
H2 200 revil_18.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/ 53 KB
53 KB 91ms
65ms Image
image/webp 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/086%20revil%20ransomware/revil_18.ashx?la=en&modified=20190919210836&hash=69C49655C3B64D77314602995E9AE52D

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ea4f89d331cbce9724c0a09b22f25a0a17df08ef16d32491e5bf5c9a77b0c7e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Sep 2019 21:08:36 GMT
server: Microsoft-IIS/10.0
etag: b137090105bb4ec098f57f3fa75251b1
content-type: image/webp
cache-control: public, max-age=1663522
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="revil_18.webp"
accept-ranges: bytes
content-length: 54220
x-content-type-options: nosniff
expires: Tue, 22 Mar 2022 20:03:59 GMT

GET
H2 200 abstract_0007_datagrid_360x190.ashx
content.secureworks.com/-/media/Images/Insights/Abstracts/0007%20data-grid/ 21 KB
21 KB 96ms
70ms Image
image/jpeg 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Abstracts/0007%20data-grid/abstract_0007_datagrid_360x190.ashx?modified=20151112164500

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c5697e7e3841c92374d2ac914ff958a51c1f4e4e6d6cee0d6885d99f1b08c797

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 12 Nov 2015 16:45:00 GMT
server: Microsoft-IIS/10.0
etag: 62ce3822f4f94ec2b3035dfdaa1761e6
content-type: image/jpeg
cache-control: public, max-age=1448077
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="abstract_0007_datagrid_360x190.jpg"
accept-ranges: bytes
content-length: 21071
x-content-type-options: nosniff
expires: Sun, 20 Mar 2022 08:13:14 GMT

GET
H2 200 taegis_sidebar_v1_374x410.ashx
content.secureworks.com/-/media/Images/Home/Homepage%20Images/2021/ 52 KB
52 KB 93ms
68ms Image
image/png 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Home/Homepage%20Images/2021/taegis_sidebar_v1_374x410.ashx?modified=20210205185649

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c33ab8655e80769351936d13d3677b7adab9df9dfe0181cb892c604275d11965

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 05 Feb 2021 18:56:49 GMT
server: Microsoft-IIS/10.0
etag: ec623b22682e4ecb94fd85fffd6e11cf
content-type: image/png
cache-control: public, max-age=2506278
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="taegis_sidebar_v1_374x410.png"
accept-ranges: bytes
content-length: 53173
x-content-type-options: nosniff
expires: Fri, 01 Apr 2022 14:09:55 GMT

GET
H2 200 idc-marketscape-ir-2021_360x190.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Reports/rp%20idc%20marketscape%20incident%20retainer%202021/ 9 KB
9 KB 86ms
61ms Image
image/jpeg 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Reports/rp%20idc%20marketscape%20incident%20retainer%202021/idc-marketscape-ir-2021_360x190.ashx?modified=20211129224823

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

bcbd06d7dc147cdae6c66f391b58c0dc2f4cc38c76faab631d55424d4f4327f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 29 Nov 2021 22:48:23 GMT
server: Microsoft-IIS/10.0
etag: 0b1850c63b8e42598a2c9d64848cf46d
content-type: image/jpeg
cache-control: public, max-age=1575598
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="idc-marketscape-ir-2021_360x190.jpg"
accept-ranges: bytes
content-length: 9134
x-content-type-options: nosniff
expires: Mon, 21 Mar 2022 19:38:35 GMT

GET
H2 200 linkedin.ashx
content.secureworks.com/-/media/Images/SharedElements/Footer/ 966 B
1 KB 81ms
56ms Image
image/svg+xml 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/SharedElements/Footer/linkedin.ashx?modified=20151001162233

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5a9e4352db3a1f75caf77c79146fd0f059ba043d692bae117b2d291d0c4ac7ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 01 Oct 2015 16:22:33 GMT
server: Microsoft-IIS/10.0
etag: 0381e34e4c5a42c49da29271c74c47a6
content-type: image/svg+xml
cache-control: public, max-age=2497243
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="linkedin.svg"
accept-ranges: bytes
content-length: 966
x-content-type-options: nosniff
expires: Fri, 01 Apr 2022 11:39:20 GMT

GET
H2 200 twitter.ashx
content.secureworks.com/-/media/Images/SharedElements/Footer/ 1 KB
2 KB 85ms
60ms Image
image/svg+xml 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/SharedElements/Footer/twitter.ashx?modified=20151001162249

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e15a809168d9a16a22e0c2428da1fb9541e4288724ad734efd66ef6bafee52d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 01 Oct 2015 16:22:49 GMT
server: Microsoft-IIS/10.0
etag: ec6990570ccd41139b7ce0f297010c73
content-type: image/svg+xml
cache-control: public, max-age=2499028
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="twitter.svg"
accept-ranges: bytes
content-length: 1339
x-content-type-options: nosniff
expires: Fri, 01 Apr 2022 12:09:05 GMT

GET
H2 200 facebook2.ashx
content.secureworks.com/-/media/Images/SharedElements/Footer/ 587 B
901 B 84ms
59ms Image
image/svg+xml 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/SharedElements/Footer/facebook2.ashx?modified=20190116141121

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

42166c909b8db5b9d362bfc1c28a3f7e06f109aa449a70b3bd293a6e6bf62ac2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 16 Jan 2019 14:11:21 GMT
server: Microsoft-IIS/10.0
etag: 83a284c3f8dc4e0695cacbc73ba98d2f
content-type: image/svg+xml
cache-control: public, max-age=2499774
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="facebook2.svg"
accept-ranges: bytes
content-length: 587
x-content-type-options: nosniff
expires: Fri, 01 Apr 2022 12:21:31 GMT

GET
H2 200 github.ashx
content.secureworks.com/-/media/Images/SharedElements/Footer/ 1 KB
1 KB 83ms
58ms Image
image/svg+xml 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/SharedElements/Footer/github.ashx?modified=20190116135435

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

1a914a4b01d30dc7a83ccf4407787ab02647c601e2e9b174f49cbd190de57313

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 16 Jan 2019 13:54:35 GMT
server: Microsoft-IIS/10.0
etag: 1b7369e537844d1a9514570987ea7777
content-type: image/svg+xml
cache-control: public, max-age=2498964
date: Thu, 03 Mar 2022 13:58:37 GMT
content-disposition: inline; filename="github.svg"
accept-ranges: bytes
content-length: 1129
x-content-type-options: nosniff
expires: Fri, 01 Apr 2022 12:08:01 GMT

GET
H2 200 dell-technologies.png
content.secureworks.com/content/app/img/ 2 KB
3 KB 89ms
64ms Image
image/png 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/content/app/img/dell-technologies.png

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

fe8d0e6533b5e64fe2af6c2740160c4776b6942e1a94cad2ef14afab2566447f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=680717
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 2543
x-content-type-options: nosniff

GET
H/1.1 200
OK close.svg
www.secureworks.com/content/rc/images/ 850 B
1 KB 108ms
107ms Image
image/svg+xml 40.71.249.187
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/content/rc/images/close.svg

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

40.71.249.187 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0049c42b57e92164c558905bff7c17441afe55dc569f0062162e77a532964b80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 15 Jun 2020 08:15:26 GMT
Server: Microsoft-IIS/10.0
ETag: "023ab1fed42d61:0"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=2592000
Date: Thu, 03 Mar 2022 13:58:36 GMT
Accept-Ranges: bytes
Content-Length: 850
X-Content-Type-Options: nosniff

GET
H2 200 libs.min.js Show response
content.secureworks.com/content/app/js/ 257 KB
70 KB 10ms
10ms Script
application/javascript 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/libs.min.js?v=03-03-2022-4

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

08681ba3da35c665e877f6f9a6e158ff94b4d96c363610cdb061ebb79a718c35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Feb 2022 14:37:24 GMT
server: Microsoft-IIS/10.0
etag: "0ea30e2541fd81:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2588982
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 70727
x-content-type-options: nosniff

GET
H2 200 main.js Show response
content.secureworks.com/content/app/js/ 72 KB
19 KB 11ms
10ms Script
application/javascript 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/main.js?v=03-03-2022-4

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

28bcc7544d834800d3a9bd303e75760c4870922e74da532d7f977f0e2733bd0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Feb 2022 14:37:24 GMT
server: Microsoft-IIS/10.0
etag: "0ea30e2541fd81:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2588989
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 19205
x-content-type-options: nosniff

GET
H2 200 products.js Show response
content.secureworks.com/content/rc/js/ 44 KB
14 KB 11ms
11ms Script
application/javascript 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/rc/js/products.js?v=03-03-2022-4

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

9eb064a8d93265a1b1bb725f0db9c1d209a4efdae9eca7ddc67a094755c64b4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Feb 2022 14:37:24 GMT
server: Microsoft-IIS/10.0
etag: "0ea30e2541fd81:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2589025
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 13755
x-content-type-options: nosniff

GET
H2 200 default.css
content.secureworks.com/content/app/css/highlighter/ 1 KB
852 B 17ms
13ms Stylesheet
text/css 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/highlighter/default.css?v=03-03-2022-4

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Feb 2022 14:37:24 GMT
server: Microsoft-IIS/10.0
etag: "0ea30e2541fd81:0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2588975
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 580
x-content-type-options: nosniff

GET
H2 200 highlight.pack.js Show response
content.secureworks.com/content/app/js/libs/ 50 KB
20 KB 16ms
12ms Script
application/javascript 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/libs/highlight.pack.js?v=03-03-2022-4

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Feb 2022 14:37:24 GMT
server: Microsoft-IIS/10.0
etag: "0ea30e2541fd81:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2588929
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 20267
x-content-type-options: nosniff

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 149ms
29ms Script
application/x-javascript 104.89.28.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.28.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-28-179.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 29 Oct 2021 01:24:07 GMT
Server: AkamaiNetStorage
ETag: "461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 245 KB
80 KB 53ms
28ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6f42b6c665dcf733e6a6a5bea4d0f72f5f64d125fc43fe98342d901ca22e97dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81558
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 03 Mar 2022 13:58:37 GMT

GET
H2 200 visuelt-light.woff
content.secureworks.com/content/app/fonts/visuelt/ 63 KB
64 KB 17ms
17ms Font
application/font-woff 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-light.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

bb0a60a6f91d085789101283e6cab2782ab60f6182229a962695d408a3cd7ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=406312
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 64920
x-content-type-options: nosniff

GET
H2 200 visuelt-medium.woff
content.secureworks.com/content/app/fonts/visuelt/ 36 KB
36 KB 19ms
19ms Font
application/font-woff 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-medium.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=314271
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 36448
x-content-type-options: nosniff

GET
H2 200 visuelt-regular.woff
content.secureworks.com/content/app/fonts/visuelt/ 34 KB
34 KB 14ms
13ms Font
application/font-woff 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-regular.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=306718
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 34560
x-content-type-options: nosniff

GET
H2 200 icomoon.ttf
content.secureworks.com/content/app/fonts/icomoon-new/ 3 KB
3 KB 17ms
17ms Font
application/font-ttf 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/icomoon-new/icomoon.ttf?8und5p

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: public, max-age=333809
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 2904
x-content-type-options: nosniff

GET
H2 200 visuelt-black.woff
content.secureworks.com/content/app/fonts/visuelt/ 34 KB
35 KB 15ms
14ms Font
application/font-woff 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-black.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=666784
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 35128
x-content-type-options: nosniff

GET
H2 200 icomoon.ttf
content.secureworks.com/content/app/fonts/icomoon/ 3 KB
3 KB 15ms
14ms Font
application/font-ttf 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/icomoon/icomoon.ttf?3dz4z

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

50f6d5d4c63ae14f65d7a8a91f989edd305a348fdd279c1dd69b94403d64ac46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: public, max-age=315270
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 2736
x-content-type-options: nosniff

GET
H2 200 arrow.svg
content.secureworks.com/content/app/img/svg/ 2 KB
3 KB 24ms
23ms Image
image/svg+xml 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/content/app/img/svg/arrow.svg

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c414c4b0d50c45bc35cd0beae9dd6e255bc68bb44b7f2298f55ad4e1ba9efec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=681014
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 2359
x-content-type-options: nosniff

GET
H2 200 visuelt-bold.woff
content.secureworks.com/content/app/fonts/visuelt/ 35 KB
36 KB 13ms
11ms Font
application/font-woff 2a02:26f0:fb::5f65:591a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-bold.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:fb::5f65:591a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

acc248ead4890c65f3e2792cfe555e4d98c961f4b564bc4a77e86270dd3051f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=03-03-2022-4
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Mar 2021 20:09:08 GMT
server: Microsoft-IIS/10.0
etag: "04a1a8f7b17d71:0"
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=322561
date: Thu, 03 Mar 2022 13:58:37 GMT
accept-ranges: bytes
content-length: 36300
x-content-type-options: nosniff

GET
H2 200 track_event Show response
scwx.annuitas.io/wp-json/pdg/v1/ 2 B
665 B 369ms
308ms XHR
application/json 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://scwx.annuitas.io/wp-json/pdg/v1/track_event?url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/js/jquery-3.6.0.min.js?v=03-03-2022-4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-styx-req-id: 060091be-9afa-11ec-a64f-4a3321e9b47b
age: 0
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-cache: MISS, MISS
x-cache-hits: 0, 0
strict-transport-security: max-age=300
content-length: 22
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17353-MDW, cache-mxp6956-MXP
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
server: nginx
traceparent: 00-1ac1e2fa79cd4521a4040394a8c8d4a4-5e66e49028443899-00
x-timer: S1646315917.419976,VS0,VE278
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
x-cloud-trace-context: 1ac1e2fa79cd4521a4040394a8c8d4a4/6802375594991696025;o=0
accept-ranges: bytes
x-robots-tag: noindex
link: <https://scwx.annuitas.io/wp-json/>; rel="https://api.w.org/"
x-pantheon-styx-hostname: styx-fe2-b-f66bf767-q4wvz

GET
H2 200 search Show response
scwx.annuitas.io/wp-json/pdg/v1/ 3 KB
1 KB 1335ms
1276ms XHR
application/json 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://scwx.annuitas.io/wp-json/pdg/v1/search?content_position=manual-test&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/js/jquery-3.6.0.min.js?v=03-03-2022-4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

636309970e00bf50e5b3ce21ab8cffc1510b5fd4b65a0b872ba30a17c4baf8b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-styx-req-id: 06009afe-9afa-11ec-8c00-023b1f7edb1a
age: 0
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-cache: MISS, MISS
x-cache-hits: 0, 0
strict-transport-security: max-age=300
content-length: 782
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-mdw17326-MDW, cache-mxp6956-MXP
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
server: nginx
traceparent: 00-53c4e6d4175341909730295a88cb402e-71dd8ad14eb42928-00
x-timer: S1646315917.420095,VS0,VE1245
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
x-cloud-trace-context: 53c4e6d4175341909730295a88cb402e/8204866727712139560;o=0
accept-ranges: bytes
x-robots-tag: noindex
link: <https://scwx.annuitas.io/wp-json/>; rel="https://api.w.org/"
x-pantheon-styx-hostname: styx-fe2-b-f66bf767-br4dt

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/161/ 11 KB
5 KB 22ms
22ms Script
application/x-javascript 104.89.28.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/161/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.28.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-28-179.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:37 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Sep 2021 00:38:21 GMT
Server: AkamaiNetStorage
ETag: "0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4681
Expires: Sat, 11 Jun 2022 13:58:37 GMT

GET
H2 200 112cf759-b07b-4df7-b9c1-b87dc63309fb.js Show response
cdn.cookielaw.org/langswitch/ 1 KB
1 KB 80ms
40ms Script
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/langswitch/112cf759-b07b-4df7-b9c1-b87dc63309fb.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5ca0ad73064122932dddb8b1a95ce78abd25cb76569bbb0c7381356bee1dd0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: GZIP
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: F0Pi2/A0fvAQwKAiuhBzzA==
age: 1727
vary: Accept-Encoding
content-length: 669
x-ms-lease-status: unlocked
last-modified: Tue, 25 May 2021 19:11:12 GMT
server: cloudflare
etag: 0x8D91FB0DC99F2D0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 66fc18b7-f01e-0121-4374-c4f382000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6e62e353e9e259fb-MXP

POST
H/1.1 200
OK visitWebPage
725-smc-563.mktoresp.com/webevents/ 2 B
311 B 547ms
104ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://725-smc-563.mktoresp.com/webevents/visitWebPage?_mchNc=1646315917394&_mchCn=&_mchId=725-SMC-563&_mchTk=_mch-secureworks.com-1646315917393-95254&_mchHo=www.secureworks.com&_mchPo=&_mchRu=%2Fresearch%2Frevil-sodinokibi-ransomware&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:37 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: bad08082-7c19-46ac-bf3a-e516dc38428f

GET
H2 200 6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js Show response
cdn.cookielaw.org/consent/ 70 KB
17 KB 24ms
24ms Script
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/112cf759-b07b-4df7-b9c1-b87dc63309fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

931763386856012b8fe9f66d734a85f0baa25b4aa987fbad058686853d2dee5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: GZIP
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 29Jm71d8iKa0kRVlk+woHg==
age: 1727
vary: Accept-Encoding
content-length: 17499
x-ms-lease-status: unlocked
last-modified: Tue, 25 May 2021 19:11:22 GMT
server: cloudflare
etag: 0x8D91FB0E2536BA0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 254be186-401e-0051-4df2-e7c613000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6e62e3542ab959fb-MXP
expires: Thu, 03 Mar 2022 17:58:37 GMT

GET
H2 200 optanon.css
cdn.cookielaw.org/skins/6.18.0/default_flat_top_two_button_black/v2/css/ 23 KB
6 KB 27ms
27ms Stylesheet
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/skins/6.18.0/default_flat_top_two_button_black/v2/css/optanon.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ff5e46e97edbe794ecf0c917de78c1ebded3ffd180442254b8dcd670e7a43a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: kW5shvTE3AECENDpRuU76g==
age: 11752
vary: Accept-Encoding
content-length: 5551
x-ms-lease-status: unlocked
last-modified: Mon, 24 May 2021 01:24:45 GMT
server: cloudflare
etag: 0x8D91E52B6EC4390
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 875a14d2-c01e-00ea-0874-c427e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6e62e3545b4259fb-MXP

GET
H2 200 jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 30ms
11ms Script
application/javascript 2001:4de0:ac18::1:a:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Origin: https://www.secureworks.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-1538f"
vary: Accept-Encoding
x-hw: 1646315917.dop007.fr8.t,1646315917.cds225.fr8.hn,1646315917.cds057.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30288

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 182 KB
66 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-15MK64YNN6&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

597db45871e5a6bbcd96befbf4c8a515a136fe8d296d055dc99d907f9d85fc42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67559
x-xss-protection: 0
expires: Thu, 03 Mar 2022 13:58:37 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 27 KB
9 KB 73ms
17ms Script
application/javascript 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8575
Pragma: no-cache
Last-Modified: Thu, 07 Oct 2021 17:17:43 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615f2bb7-6a5f"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Thu, 03 Mar 2022 13:58:37 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1424
date: Thu, 03 Mar 2022 13:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 03 Mar 2022 15:34:53 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 48ms
31ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:36 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 91DCC658ABE8484B812754826CF43032 Ref B: FRAEDGE1412 Ref C: 2022-03-03T13:58:37Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11347

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 49ms
29ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

083ec931e5517a4ab713afbe9561e72b9186cb54e21b8b1eface9caefb54a966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14879
x-xss-protection: 0
server: cafe
etag: 17635014576153706337
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 03 Mar 2022 13:58:37 GMT

GET
H2 200 6279.js Show response
script.crazyegg.com/pages/scripts/0097/ 5 KB
2 KB 88ms
52ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0097/6279.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a290010dab515f65c01859cd6b0671ea03c3ac0b18605f840ac0d35be98edeb5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 857
cf-polished: origSize=4899
cf-ray: 6e62e3551e5759d1-MXP
ce-version: 11.1.385
last-modified: Thu, 03 Mar 2022 13:44:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-bgj: minify

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 56ms
16ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: dc832faf8ca21fb791b9abb9a3ba334ef3e31914317791dd53510b8a24d0621d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Mon, 14 Feb 2022 14:11:16 GMT
server: snooserv
etag: "9dd34b4324742bd3f713adf7f070d3b4"
vary: Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-encoding: gzip
content-length: 7531

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 2 KB
1 KB 118ms
48ms Script
text/javascript 2606:4700::6812:15c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 15 Oct 2021 14:31:37 GMT
server: cloudflare
age: 121
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
expires: Thu, 03 Mar 2022 14:06:36 GMT
cache-control: max-age=1200
cf-ray: 6e62e3554f1459d1-MXP
cf-bgj: minify

GET
H2 200 2mnfp3myy8iz.js Show response
js.driftt.com/include/1646316000000/ 228 KB
65 KB 183ms
126ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1646316000000/2mnfp3myy8iz.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

09c0b7b60db62cc9d8632e7721ab048bb1b0349e4140e050dfe82d7373ca1dc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: azA1_bB992oZ128ne2FkGE58o2Ko8ZYv
content-encoding: gzip
etag: W/"bdd15977a74017902a1d0ccfb9e2e54e"
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 02 Mar 2022 21:32:13 GMT
server: nginx
date: Thu, 03 Mar 2022 13:58:37 GMT
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MZTYdF7sIcXs1qtJB7x14TfGoZh5tc1HM_qgkTQNbdA6gvFQo4t4zw==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1006 B
792 B 55ms
16ms Script
application/x-javascript 2a02:26f0:f7::5c7b:e053
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e053 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 0055b9d0429e9c194b4aa6b5f49cbc2ec31a7220ee7c8c186a9ee951feabd482

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:37 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 18:48:07 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=64119
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 479

GET
H2 200 40514862.js Show response
extend.vimeocdn.com/ga/ 17 KB
6 KB 35ms
6ms Script
text/javascript 151.101.114.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://extend.vimeocdn.com/ga/40514862.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 71160cdda04762147f200673de4fdd9e120fdb69b2d4fe06bce3cea06f042bce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: gzip
age: 1348072
x-cache: HIT
x-cache-hits: 17445
content-length: 5692
x-served-by: cache-hhn4059-HHN
x-vimeo-dc: ge
last-modified: Tue, 15 Feb 2022 22:05:40 GMT
server: Apache
x-timer: S1646315918.628226,VS0,VE0
etag: "43e3-5d815bbc95500-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=86400
x-bapp-server: assets-v8131-xzpk7
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Feb 2032 23:30:44 GMT

GET
H2 200 / Show response
f47fc87cb1114490b08a513d8c97555c.js.ubembed.com/ 3 KB
2 KB 46ms
6ms Script
application/json 151.101.193.131
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://f47fc87cb1114490b08a513d8c97555c.js.ubembed.com/
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.131 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f163adc98c32449a8998e210df2446710a6e002fc53b82575eff904deb5eb3bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: br
x-backend-region: eu_west_1
age: 1750
etag: b7584e0d39835f54df2768a69ed85904-v0.179.1
vary: Accept-Encoding, Referer
x-cache: Miss from cloudfront, HIT
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=0, must-revalidate
x-amz-cf-pop: FRA56-P3
accept-ranges: none
x-amz-apigw-id: OaNcsGq3joEFzVw=

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.secureworks.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=www.secureworks.com&pId=3326976933832376224

0
242 B

470ms
339ms

Image
application/json

2600:9000:2156:8000:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.secureworks.com&pId=3326976933832376224
Protocol: H2
Server: 2600:9000:2156:8000:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:38 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
apigw-requestid: OaRuRjtFoAMESrg=
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json
content-length: 0
x-amz-cf-id: bhOhoj6jh__PfZMDe2EaKAXcb6CicIvSB8szDONUDFf_QdUrKRrKZA==

Redirect headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 13:58:37 GMT
X-Proxy-Origin: 217.64.151.67; 217.64.151.67; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f17d6868-135e-40e9-8b8d-05b6dbfe5ce8
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://attr.ml-api.io/?domain=www.secureworks.com&pId=3326976933832376224
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 28ms
13ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1010078681&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&ul=en-us&de=UTF-8&dt=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1922081179&gjid=1814924100&cid=1501692559.1646315918&tid=UA-1042506-1&_gid=164123307.1646315918&_r=1&gtm=2wg2s0P6Z7M2&z=1528091793

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 13:58:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.secureworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 22ms
13ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1010078681&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&ul=en-us&de=UTF-8&dt=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=648678561&gjid=1402185364&cid=1501692559.1646315918&tid=UA-1281488-1&_gid=164123307.1646315918&_r=1&gtm=2wg2s0P6Z7M2&z=63158536

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 13:58:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.secureworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 13ms
13ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-15MK64YNN6&gtm=2oe2s0&_p=1010078681&_z=ccd.B&cid=1501692559.1646315918&ul=en-us&sr=1600x1200&_s=1&sid=1646315917&sct=1&seg=0&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&dt=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-15MK64YNN6&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 13:58:37 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.secureworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
445 B 58ms
19ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1042506-1&cid=1501692559.1646315918&jid=1922081179&gjid=1814924100&_gid=164123307.1646315918&_u=YEBAAEAAAAAAAC~&z=1232760495

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 03 Mar 2022 13:58:37 GMT
content-type: text/plain
access-control-allow-origin: https://www.secureworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 15ms
14ms Script
application/x-javascript 2a02:26f0:f7::5c7b:e053
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e053 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:37 GMT
Content-Encoding: gzip
Last-Modified: Wed, 16 Feb 2022 23:50:54 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=75083
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 56073499.js Show response
bat.bing.com/p/action/ 685 B
739 B 206ms
206ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/56073499.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 0973d40446558222d3aa53e9a66f2405dbe3b423cf6788fc948980f979b96e14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 13:58:36 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9E95277FA1FA4E1E8154DE1F9E591597 Ref B: FRAEDGE1412 Ref C: 2022-03-03T13:58:37Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store,no-cache
content-length: 588

GET
H2 204 0
bat.bing.com/action/ 0
151 B 31ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=56073499&Ver=2&mid=2d5deda1-7ece-4829-924c-b8b1df750696&sid=061962a09afa11ec902369b1b8255741&vid=061988a09afa11ec802a8fda223e09ad&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&p=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&r=&lt=1712&evt=pageLoad&msclkid=N&sv=1&rn=998348
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 13:58:36 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F4EE69617D874DD1B17A86DF97CC345A Ref B: FRAEDGE1412 Ref C: 2022-03-03T13:58:37Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
157 B 396ms
382ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1646315917651&id=t2_f8xwyeln&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&uuid=6afcde44-925b-4c3d-ae83-ef0f12c03047&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_da535582
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:38 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/648366107/ 2 KB
2 KB 42ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/648366107/?random=1646315917652&cv=9&fst=1646315917652&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg2s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&tiba=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&hn=www.googleadservices.com&gbcov=0&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e15964e99885773ed504cde4f88ca1340f456a2eccbffe16b6fab9a9a57b85f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1041
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
693 B 49ms
16ms XHR
application/json 185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 13:58:37 GMT
X-Proxy-Origin: 217.64.151.67; 217.64.151.67; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a0fe63b1-f24f-4005-85de-4d13e12b37cc
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.secureworks.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
375 B 65ms
17ms XHR
text/plain 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-140.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4f57ca16dad5c8349cfc0fc72f098190018b5cdf67b557ab728757dd8b9b91a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:37 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.secureworks.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1646315917661&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2386324%26time%3D1646315917661%26url%3Dhttps%253A%252F%252Fwww.secureworks.com%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1646315917661&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1646315917661&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&liSync=true&e_ipv6=AQJfvlwiUVaiwQAAAX9Q...

0
0

GET
H2 200 6279.json Show response
script.crazyegg.com/pages/data-scripts/0097/ 16 KB
3 KB 212ms
178ms XHR
application/json 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0097/6279.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6279.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ea409afd6c0ce419f7b3f83e1d244b013a9b1970d6fabbe64f501ea18a087e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: gzip
cf-cache-status: MISS
cf-ray: 6e62e355ac555a1f-MXP
ce-version: 11.1.385
content-length: 3002
last-modified: Thu, 03 Mar 2022 13:58:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bundle.js Show response
assets.ubembed.com/universalscript/releases/v0.179.1/ 173 KB
47 KB 34ms
7ms Script
application/javascript 143.204.98.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ubembed.com/universalscript/releases/v0.179.1/bundle.js
Requested by: Host: f47fc87cb1114490b08a513d8c97555c.js.ubembed.com
URL: https://f47fc87cb1114490b08a513d8c97555c.js.ubembed.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-69.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b1ccb8141195307117c737c7f49f99de131fb55290a5f4c1431cc74ca93119dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 05 Jan 2022 19:44:05 GMT
content-encoding: gzip
last-modified: Fri, 30 Jul 2021 19:19:04 GMT
server: AmazonS3
age: 4904073
etag: W/"4d21402425377bf4a0f3a4f7ab8db2ad"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 32c8da10203574baccb74b8f771a7ffa.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: lMmlgQYOiJvH99Uf1Rpu2czbm9SbHFI549d5SLvCYMRWu3Msyvp_Mw==

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
464 B 404ms
98ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=17588164&version=2.1.1&ref=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&r=1646315917693
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:38 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384029cff"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=20
Content-Length: 43

GET
H2 200 /
www.google.com/pagead/1p-user-list/648366107/ 42 B
548 B 44ms
22ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/648366107/?random=1646315917652&cv=9&fst=1646312400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg2s0&sendb=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&tiba=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&async=1&fmt=3&is_vtc=1&random=4141310935&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 13:58:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/648366107/ 0
0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 46ms
31ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1042506-1&cid=1501692559.1646315918&jid=1922081179&_u=YEBAAEAAAAAAAC~&z=1057127220

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 13:58:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET ga-audiences
www.google.de/ads/ 0
0

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 233ms
189ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=null&session=0b924d5e-c772-46de-8d00-5a9b0e780dbb&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A37%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20REvil%20(also%20known%20as%20Sodinokibi)%20ransomware%20was%20used%20by%20the%20financially%20motivated%20GOLD%20SOUTHFIELD%20threat%20group%2C%20which%20distributes%20ransomware%20via%20exploit%20kits%2C%20scan-and-exploit%20techniques%2C%20RDP%20servers%2C%20and%20backdoored%20software%20installers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&pageViewId=3b063a9c-afa1-4f1e-863f-71fcb4f2f7c6&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:37 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK a.html Show response
f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com/321d226c-4516-4250-b435-f3db3947ea78/ Frame BB45 6 KB
3 KB 65ms
14ms Document
text/html 3.126.202.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com/321d226c-4516-4250-b435-f3db3947ea78/a.html?closedAt=0
Requested by: Host: assets.ubembed.com
URL: https://assets.ubembed.com/universalscript/releases/v0.179.1/bundle.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.126.202.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-202-50.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 48e26fd79bb7b8afa1bdc9102f52da170e62003e6cc892e8688a4ed2795cfa19

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
p3p: CP="This is not a privacy policy."
x-unbounce-pageid: 321d226c-4516-4250-b435-f3db3947ea78
etag: 95baa6c5e520514c7871afcbd9220ba5
last-modified: Tue, 01 Mar 2022 13:55:21 GMT
content-encoding: gzip
x-proxy-backend: page-server
connection: close

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 423 B
409 B 23ms
9ms XHR
application/json 18.198.223.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.223.123 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-223-123.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e99a52151c294c42df9ab0df1048d2403af8d1cf94817c26c706c8d75d002743

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Accept-Language: de-DE,de;q=0.9
Authorization: Token b4a903896ae895a1a6279c68225fd93c979be1d7
EpsilonCookie: 64bb1002b93e00008dc920626d02000056c50500

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.secureworks.com
access-control-allow-credentials: true
content-length: 221

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 29ms
8ms Preflight 18.198.223.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.223.123 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-223-123.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,epsiloncookie
Origin: https://www.secureworks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 03 Mar 2022 13:58:37 GMT
server: nginx
access-control-allow-origin: https://www.secureworks.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: OPTIONS,GET
access-control-allow-headers: authorization,epsiloncookie

GET
H2 200 core Show response
js.driftt.com/ Frame D219 2 KB
1 KB 28ms
28ms Document
text/html 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1646316000000/2mnfp3myy8iz.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

24e73de2a358637128c858049f6fc4eb4a1367d2d4a6ce78eb920d0e6718aeaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Wed, 02 Mar 2022 14:35:55 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: ob4DcapZTVbutcshNqpchTpfoF7fgBui
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Thu, 03 Mar 2022 13:58:37 GMT
cache-control: no-cache
etag: W/"060b94cbb7f991b640a14261cd9540f9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: Iti9UhcJ5xYQQruZqAYumjpFwHEd1C1zYpJ6fXIq1fkGlSpmRg95Qg==

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 0F4A 2 KB
1 KB 25ms
25ms Document
text/html 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1646316000000/2mnfp3myy8iz.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

24e73de2a358637128c858049f6fc4eb4a1367d2d4a6ce78eb920d0e6718aeaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Wed, 02 Mar 2022 14:35:55 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: ob4DcapZTVbutcshNqpchTpfoF7fgBui
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Thu, 03 Mar 2022 13:58:37 GMT
cache-control: no-cache
etag: W/"060b94cbb7f991b640a14261cd9540f9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: c-_6pTnzAqFMbt9S_BZm4ep_YWycPG5j8A39gUw_mKaQn9wVY0ta9A==

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 39ms
19ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=%5Bobject%20Object%5D&cid=1501692559.1646315918&jid=1103543886&gjid=1097011181&_gid=164123307.1646315918&_u=aGDAgEABAAAAAG~&z=157698323

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 03 Mar 2022 13:58:37 GMT
content-type: text/plain
access-control-allow-origin: https://www.secureworks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1010078681&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&ul=en-us&de=UTF-8&dt=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aGDAgEABAAAAAC~&jid=1103543886&gjid=1097011181&cid=1501692559.1646315918&tid=%5Bobject%20Object%5D&_gid=164123307.1646315918&gtm=2wg2s0P6Z7M2&cd1=&cd2=&cd3=&z=780256914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 03:45:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 36790
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main-7b78720.z.css
builder-assets.unbounce.com/published-css/ Frame BB45 15 KB
3 KB 71ms
6ms Stylesheet
text/css 143.204.98.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://builder-assets.unbounce.com/published-css/main-7b78720.z.css
Requested by: Host: f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com
URL: https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com/321d226c-4516-4250-b435-f3db3947ea78/a.html?closedAt=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-64.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7b787207f29ffd5672ab91b95f681b387b4d6433081cc8b47070f1d564827863

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 01:12:18 GMT
content-encoding: gzip
last-modified: Tue, 18 Jan 2022 22:28:54 GMT
server: AmazonS3
age: 2292380
etag: "43729a62fb549c1f6784cd5cc32082e0"
x-cache: Hit from cloudfront
x-amz-version-id: kJDetr_gaa4mXuLbtL4sIGZNSy2Uu.RY
via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: text/css
content-length: 2902
x-amz-cf-id: etiycSCRVh-g62QGxBAhhd2BbL2RWA2XU_UMJOBdKbOoVn8edzpvcw==

GET
H2 200 main.bundle-bdbf0bb.z.js Show response
builder-assets.unbounce.com/published-js/ Frame BB45 103 KB
33 KB 71ms
6ms Script
application/javascript 143.204.98.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://builder-assets.unbounce.com/published-js/main.bundle-bdbf0bb.z.js
Requested by: Host: f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com
URL: https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com/321d226c-4516-4250-b435-f3db3947ea78/a.html?closedAt=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-64.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bdbf0bb9b89e4db6550fc67b627a228a48f5f43d2192fe2cdf1c00bc9758a5ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 22:43:45 GMT
content-encoding: gzip
last-modified: Tue, 18 Jan 2022 22:28:48 GMT
server: AmazonS3
age: 3770093
etag: "505f303188fc706cbb0b3682c86fbbe4"
x-cache: Hit from cloudfront
x-amz-version-id: GiOX2dKjR70mgh3_1QLMson5Dgqx_5D4
via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
content-length: 33486
x-amz-cf-id: ZDARkye8gQV7r2RU_Q6FEM64PClpkEbWRx-zQDpp1K5vsSR1gjmo3Q==

GET
H2 200 runtime~main.2bac926c.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 6 KB
3 KB 7ms
6ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

7c130e776a1e117ef34134e0fb6df9e18c5262e743b6691e0ebbb2fd8e0a14a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:35:54 GMT
content-encoding: gzip
age: 84163
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 02 Mar 2022 14:16:06 GMT
server: nginx
etag: W/"8ff902805a38ce1bd1f29518c698fa1e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: yxDwrzjlesGpnJJ2dHuW1wGNMNeeFPVm
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jyRot-9jn-f3rXWdFic5gf51R9EEv9tLxb9iWLmljfAfbZwiz6Io1w==

GET
H2 200 5.b4ccdd57.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 58 KB
20 KB 8ms
8ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/5.b4ccdd57.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

9d8f8c89a5f7c90adc5196d1c10fe3e8c46d16cb8d24de13ade83de53183027d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 00:15:05 GMT
content-encoding: gzip
age: 3678212
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 18 Jan 2022 19:52:34 GMT
server: nginx
etag: W/"bf2b7dc96b40587d388df8918a276f1d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: P_j_K9jDbxJyM90WDdS2X.rONeS2gHZN
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: akTJpEqwcEV8PMp2KTRMoYTiZf8upWIc4-dPlzKAjspPHrYY52TU_A==

GET
H2 200 main~493df0b3.91d188cd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 6 KB
3 KB 9ms
8ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.91d188cd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

dcfc540946183ee12e6ccb43e706ad1a30b4f0205c25adcfa316829075f94a31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 01:15:58 GMT
content-encoding: gzip
age: 3760959
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 18 Jan 2022 19:52:35 GMT
server: nginx
etag: W/"364091b90499473799e7470f551ae597"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 7uIUVQ4XUoQK29DMeEkAuhAtXXE3airq
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: B-XmdNHryyOD2HwPFFgwDQMyvaellCxEaHfOITpsEgoGrX74_1Vk1A==

GET
H2 200 runtime~main.2bac926c.js Show response
js.driftt.com/core/assets/js/ Frame D219 6 KB
3 KB 9ms
9ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

7c130e776a1e117ef34134e0fb6df9e18c5262e743b6691e0ebbb2fd8e0a14a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:35:54 GMT
content-encoding: gzip
age: 84163
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 02 Mar 2022 14:16:06 GMT
server: nginx
etag: W/"8ff902805a38ce1bd1f29518c698fa1e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: yxDwrzjlesGpnJJ2dHuW1wGNMNeeFPVm
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DnPksHdqEvn2chg0zA6SPL8wL8PiBx4nUj8TzOxk5FmwqJtJHVXIFw==

GET
H2 200 5.b4ccdd57.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 58 KB
20 KB 9ms
9ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/5.b4ccdd57.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

9d8f8c89a5f7c90adc5196d1c10fe3e8c46d16cb8d24de13ade83de53183027d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 00:15:05 GMT
content-encoding: gzip
age: 3678212
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 18 Jan 2022 19:52:34 GMT
server: nginx
etag: W/"bf2b7dc96b40587d388df8918a276f1d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: P_j_K9jDbxJyM90WDdS2X.rONeS2gHZN
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 54eSG3I4Q15HOhW1KOiEljM_tZcBAkZ49Yhj0gDgdNLopEyD8lYL4w==

GET
H2 200 main~493df0b3.91d188cd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 6 KB
3 KB 11ms
10ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.91d188cd.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

dcfc540946183ee12e6ccb43e706ad1a30b4f0205c25adcfa316829075f94a31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
Origin: https://js.driftt.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 01:15:58 GMT
content-encoding: gzip
age: 3760959
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 18 Jan 2022 19:52:35 GMT
server: nginx
etag: W/"364091b90499473799e7470f551ae597"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 7uIUVQ4XUoQK29DMeEkAuhAtXXE3airq
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RhZB7OUWSLLf9k6LsgfiIsGa17vrxW_iOYc47d-w6YjEn3uP9nIQZQ==

GET
H2 200 43.bf52ab96.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 47 KB
14 KB 7ms
6ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/43.bf52ab96.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

bd713db29fb234eb7584927050df71683e11b7b72bda4fcf72a88f8a7ff2f56d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"4ab965f0d26a973cf1be72a39d537999"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: SIJLtOk7PXIgJIf54NBJQngGjZ1AQW3g
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: uSe8gJaoNTWD0iyZGLL3pqe3Wh4EVzN5lpxncmcHUcypg-T3DiewPA==

GET
H2 200 18.8ef42267.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 44 KB
13 KB 8ms
7ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.8ef42267.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

49c6f7925a020059af53cab3baa5d2ea485e6807744ba07f1b2e90ee47266a44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"0c6f51f22b2a4bddd966a92b56c18e29"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Zug6jTznDFRyogFlBOnxjireRPUkSHKT
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6Q1ZEJKrG9YrpyPTP4LrWxQtbwkyxX2p3OgI0MncX5pLQd0k1ujyjQ==

GET
H2 200 37.dc112dfd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 25 KB
8 KB 8ms
7ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.dc112dfd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

709030cab6e33ca60c369554f31becd83dbfe4c17dc37e17aefd3aba8d862d1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 02:02:27 GMT
content-encoding: gzip
age: 474970
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 21:11:14 GMT
server: nginx
etag: W/"5b39d5e49e5ec5cdb576054612a441ef"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Jkm8Dc3zYP9zoYcPnVlVKYEMbcPK0qdn
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iXG86EVUqcl729rpnwuJPZ0z8NN2IWeRyhRERw1PjdzXkMSPHnOTCA==

GET
H2 200 16.10d76686.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 16 KB
5 KB 10ms
8ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.10d76686.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

1cbf80f7d71564dc48af2c5d6bb5d15fc2aec0d541101c5eedf84bad1b908cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:42 GMT
content-encoding: gzip
age: 5004295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"c16e855d0a26bf91ae3cc32cdbfa3ad6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mzB2ul0u_48ftIGEd6phwcoTfextzATL
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: o8ZafGZqS0htrA8w7Q_mB7abU9j4SR2hHauY6Fc39N0NPBorW8TGsg==

GET
H2 200 21.8ac5d777.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 72 KB
22 KB 10ms
9ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.8ac5d777.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

4038a666dfd5af607a0374ad6e934cf1007e78da69329dbc341eaf757bb38beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:43 GMT
content-encoding: gzip
age: 5004294
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"c39414a669b98ba4a25856ccdc1c1c1b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PmO9yEa8J.DEQa9FEB2tMN_1Ccd5vo_f
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ALRadzX-CFrXEDo5R3WRimm6fGTRD1CI4G4yfsWlhTW58lNNPFCKFA==

GET
H2 200 34.801d3c89.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 16 KB
6 KB 10ms
9ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.801d3c89.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

e41e2b5c9df3073d6f7da0080ad2f3eca4994ab372d2f65fa76b14f8868663ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"fa218b0849860dbc5ceda153316c9c38"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: VLd3KMbDPd6s2pCiJkiLNxZPlKywvnnH
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YCDeLfNhRHKNkGl2oFI-IneQCCjUvUTiLrrHW9dxp_21L7KDOlQ18w==

GET
H2 200 23.a53d721f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 59 KB
19 KB 13ms
12ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.a53d721f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f48829864ffd155da0360e19be956282b6875173f8990394e93bc7c30c97a3ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 01:13:03 GMT
content-encoding: gzip
age: 5661934
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 23 Dec 2021 18:12:25 GMT
server: nginx
etag: W/"fe96cb8c4c390342c29d3c8cb0a4ca14"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: a7WvmR.vwHMPBFEqQ8riDzB0H8J4vers
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 45X6KbbzQCcnfWY_1cZmjGZetw9zZG0JKM65iQAJ3Xl__YxSw4j9xQ==

GET
H2 200 11.8d62d6c4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 91 KB
28 KB 14ms
12ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.8d62d6c4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

b82be24736519b8e5beb6d622bed3d7f481da9bacf8374352065d1cf252dc244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 08:08:57 GMT
content-encoding: gzip
age: 280180
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 21:11:13 GMT
server: nginx
etag: W/"14d96efdca3b51f9c3a4133e8b3ca95b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: QYmbWCyCTWOrHsXnXZ6BKA83mluh3jwU
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QSRWq769XgnP8LBsTr8NteiUPPnq00hsqpoAvY8rglc3N31F0S7IJw==

GET
H2 200 10.937b0755.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 24 KB
7 KB 16ms
14ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.937b0755.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

e868d39bbb74d42dffcee0cb1a50ecd105e1a1737d9080246dbdd54a8206d8f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 01:15:27 GMT
content-encoding: gzip
age: 3760989
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 18 Jan 2022 19:52:33 GMT
server: nginx
etag: W/"e9243456e8ca8af97d77d525d5367d6b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: qO3a.NcOI1oBDRBABVLWfFTMfjEE__CA
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _U9vik3UGFBsf5YRsBQ7Wi0FMUwF4PQN_JKjWFRgHWjmhwdP4cmk6g==

GET
H2 200 14.2a01ddd6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 62 KB
20 KB 16ms
14ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.2a01ddd6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

ef593584d9432b51ed1cec6f58f844bfa6f81ef0fe27fd9404e400e1346fa09b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"6f457384188c98017d8d27281f3df6ad"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: KpoEpDmO7G9TLWLfSTzA1dytLAyREIfM
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: R6jBMfI4C72yllc3iXkbeQX1Ar9KESfCcSJHJJu3hOFOYhnLN1mmqg==

GET
H2 200 41.ef07ba02.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 105 KB
34 KB 17ms
14ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.ef07ba02.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

160371118ad2e4d470bc6801bb253ec18332e7b6fb7225bb6d365a99bdb99d22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"da03c1012cb0aaeb2041fa677a272d14"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 6OpxVYvZjRVHdu0KjdhZlusmExqFlB4E
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: N1GXlvM5xdvjjCPAdp_5GOvhAmuDgLV68rgCxK9WwG2C8YD5Mie_Kw==

GET
H2 200 35.0810b4b3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 12 KB
4 KB 19ms
17ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.0810b4b3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

05c1b18ed199fea9af5168c7769dff2cd69f02706fa2568ab2e305be8dfb9c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 01:15:27 GMT
content-encoding: gzip
age: 3760989
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 18 Jan 2022 19:52:34 GMT
server: nginx
etag: W/"4a61646db5420cc31cb60b9287d9f544"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 123ec01tvkGnjrPsnvwWzlXkBB9QJfPb
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XmK1LSHBAjy_bG4v5VaB3ptnGjNVq0-mh_EAn2x3mmEKSfZ7R4Y6QA==

GET
H2 200 26.d9eb886e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 12 KB
5 KB 19ms
17ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.d9eb886e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

b9ddcbc73a2a42b603661b51028d38aba3374f67385f3307e1cfcebdee2f4838

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"44c7301d8127e805fcdfcc1b00ddf2ea"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: EjkJtX0HE9ajSK4icA5a46UNajNAQcku
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VE4kcBEQkUTurkCEZilIoOHZUOCCcyRth6Kd9PL2afzu-Kjn4cBVeA==

GET
H2 200 17.6c3c965c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 17 KB
7 KB 19ms
18ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.6c3c965c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

a5ad436c025c2a03ccc5672aed9469ac98d22b73df5b1d20ed2adb46c0c4daf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"b0b166b8ed88c90ea3dc07661d0dcff4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: HHiN6wsTfDikx0BfRvhzq1f1VEBLDIa4
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PXN33ccKyXUvG8bCnfkXL11F1C7CpVb5TBjPMMbZTMM6ZeIsinfmlA==

GET
H2 200 8.5b0bb1c3.chunk.css
js.driftt.com/core/assets/css/ Frame 0F4A 11 KB
3 KB 20ms
19ms Stylesheet
text/css 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.5b0bb1c3.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

d36d8a76a8b7d7fe8655db34eb54e4a4b6d422cdd1a67810d3dd5c014edb14e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:15 GMT
server: nginx
etag: W/"a123c5b36f16fe6d3a3129e24df81443"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _wlNEHOawmowSdlpT1GApwIIwlk.3B3i
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JPppbFYliMmueOwnf2YmtXA1SDSl1JgQud6qHzC_JLAIdtcqmZG09w==

GET
H2 200 8.14761f6a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 69 KB
22 KB 21ms
20ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.14761f6a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

67339ddd57bfadccc7db0301c04748abfd5fe9f6ea21b0b9afa5e03aeb080fe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 17:24:58 GMT
content-encoding: gzip
age: 506019
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 17:16:18 GMT
server: nginx
etag: W/"d7e7ac040cc38a4014be2dac5911f809"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 1S_vUKzB1dNvDRU9IvHgH4WqU0q.qWdi
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: guXM6p5HzEEUZjtuOK4yEAwX8nwcNjC5r_ngQEIZrqcgmubukgH4Fw==

GET
H2 200 15.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 0F4A 24 B
666 B 21ms
20ms Stylesheet
text/css 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/15.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 24
last-modified: Tue, 04 Jan 2022 15:08:15 GMT
server: nginx
etag: "0c5dad92482d9a7c7c253510f5082465"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: bzo2zbrJexGHlTPaLulG8N5yfdXT7FR0
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _i0K2tOJ4iyG0T4YUjmUNEXuq1-v4-jm0iqym4OuKRru_LfG4axuEw==

GET
H2 200 15.7662c098.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 75 KB
19 KB 21ms
21ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.7662c098.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

1787cb259c57ce6cd27152c77d90363b2917ff8b5f34dd377f691042d787e408

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 17:24:58 GMT
content-encoding: gzip
age: 506019
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 17:16:16 GMT
server: nginx
etag: W/"4cdfcf8a0153b5f113c1c52b9d1561e4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: B_P689676Qm.H7C_2wNidWTRmsrF5U63
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6NBuk6dGRCmeNYyFwFlkUXd-4yEJtelHz4aZz7VlxV9EIodaQDRe9Q==

GET
H2 200 22.668b8a5d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 47 KB
13 KB 24ms
23ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.668b8a5d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

6754bd59e77debd17bde0e93a50f3e0c70322c34fd3496dc3f19167db71d77d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 17:24:58 GMT
content-encoding: gzip
age: 506019
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 17:16:16 GMT
server: nginx
etag: W/"4aa1ed4965ed229dc887a387dbb0e750"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: kk7pdJKMde0rW3fGmZfi6D0Xi5DBuQ1x
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1YY2RE8wANWQsvtHaZtGM1UKMH8jCCio7th72fOsdnmFAmEmvVOYiQ==

GET
H2 200 13.e094e85b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 41 KB
13 KB 24ms
24ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.e094e85b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

4fc909037816a7b5425869f6390aa79a7c1c5fc718e2b89af25bccc684e330bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:35:54 GMT
content-encoding: gzip
age: 84163
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 02 Mar 2022 14:16:03 GMT
server: nginx
etag: W/"50c1c0666a10d20e4b757c3cd52902f0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .zkyqfhPGsXuNqijOJ4hzspYYQnCVxew
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: u90Xsj7jyl1yX5-gNyzVon9QNCFkOSaOAKH688KY3lFRwAiW-_NPSw==

GET clarity.js
i.clarity.ms/s/0.6.32/ 0
0

GET c.gif
c.clarity.ms/ 0
0

GET
H2 200 43.bf52ab96.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 47 KB
14 KB 22ms
12ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/43.bf52ab96.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

bd713db29fb234eb7584927050df71683e11b7b72bda4fcf72a88f8a7ff2f56d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"4ab965f0d26a973cf1be72a39d537999"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: SIJLtOk7PXIgJIf54NBJQngGjZ1AQW3g
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: o-_3xZ5ZLhBKNuBRcWghT5h4dh109ahHnAPG_UK_2YKjjf9WohPFeg==

GET
H2 200 18.8ef42267.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 44 KB
13 KB 24ms
12ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.8ef42267.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

49c6f7925a020059af53cab3baa5d2ea485e6807744ba07f1b2e90ee47266a44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"0c6f51f22b2a4bddd966a92b56c18e29"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Zug6jTznDFRyogFlBOnxjireRPUkSHKT
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: L0CHG_qoybxp6xPXz8lq-4wO4gvotEXIC7Rk0-sovzSkFA91CoJAkA==

GET
H2 200 37.dc112dfd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 25 KB
8 KB 21ms
9ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.dc112dfd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

709030cab6e33ca60c369554f31becd83dbfe4c17dc37e17aefd3aba8d862d1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 02:02:27 GMT
content-encoding: gzip
age: 474970
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 21:11:14 GMT
server: nginx
etag: W/"5b39d5e49e5ec5cdb576054612a441ef"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Jkm8Dc3zYP9zoYcPnVlVKYEMbcPK0qdn
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8HGmi_xNElaxQzK7gHZ8ZdudY2zor9e3a-Wy4uT-oEcSFA4TPUpHww==

GET
H2 200 16.10d76686.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 16 KB
5 KB 20ms
6ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.10d76686.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

1cbf80f7d71564dc48af2c5d6bb5d15fc2aec0d541101c5eedf84bad1b908cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:42 GMT
content-encoding: gzip
age: 5004295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"c16e855d0a26bf91ae3cc32cdbfa3ad6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mzB2ul0u_48ftIGEd6phwcoTfextzATL
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wDIgAnlDz-AVvfopEcL_V0lJsYMuA7o4WZI7U7MPCBAwZ5KkklO6lQ==

GET
H2 200 21.8ac5d777.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 72 KB
22 KB 20ms
7ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.8ac5d777.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

4038a666dfd5af607a0374ad6e934cf1007e78da69329dbc341eaf757bb38beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:43 GMT
content-encoding: gzip
age: 5004294
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"c39414a669b98ba4a25856ccdc1c1c1b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PmO9yEa8J.DEQa9FEB2tMN_1Ccd5vo_f
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mpqa0wW6ro9T33vobbVjMdMtC8lvUhn4LcXTx65MFoviaKeaAzOSBA==

GET
H2 200 34.801d3c89.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 16 KB
6 KB 22ms
8ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.801d3c89.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

e41e2b5c9df3073d6f7da0080ad2f3eca4994ab372d2f65fa76b14f8868663ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"fa218b0849860dbc5ceda153316c9c38"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: VLd3KMbDPd6s2pCiJkiLNxZPlKywvnnH
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SQx-yRUcSd0_YyFKoZ3WguocJoaYAxeY1sC4KtIORHNw8-NSPsoOBA==

GET
H2 200 23.a53d721f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 59 KB
19 KB 22ms
9ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.a53d721f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f48829864ffd155da0360e19be956282b6875173f8990394e93bc7c30c97a3ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 01:13:03 GMT
content-encoding: gzip
age: 5661934
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 23 Dec 2021 18:12:25 GMT
server: nginx
etag: W/"fe96cb8c4c390342c29d3c8cb0a4ca14"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: a7WvmR.vwHMPBFEqQ8riDzB0H8J4vers
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: n-bqlhOwoELP6iQyIKI_aFdGfqTwSULybAM22W8YIfTUWghcBF2XWA==

GET
H2 200 11.8d62d6c4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 91 KB
28 KB 23ms
10ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.8d62d6c4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

b82be24736519b8e5beb6d622bed3d7f481da9bacf8374352065d1cf252dc244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 08:08:57 GMT
content-encoding: gzip
age: 280180
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 21:11:13 GMT
server: nginx
etag: W/"14d96efdca3b51f9c3a4133e8b3ca95b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: QYmbWCyCTWOrHsXnXZ6BKA83mluh3jwU
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rPwRbO4AkjSCdpLUY3SfaTOsexUGdnW68BZC9rgd0mYOnjJDwE6MSw==

GET
H2 200 10.937b0755.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 24 KB
7 KB 25ms
12ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.937b0755.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

e868d39bbb74d42dffcee0cb1a50ecd105e1a1737d9080246dbdd54a8206d8f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 01:15:27 GMT
content-encoding: gzip
age: 3760989
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 18 Jan 2022 19:52:33 GMT
server: nginx
etag: W/"e9243456e8ca8af97d77d525d5367d6b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: qO3a.NcOI1oBDRBABVLWfFTMfjEE__CA
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9sCOADKCna0FaHr1aO1zyN2wOGNs6kR2arIikjF9-FYnm5ruk1Vc8A==

GET
H2 200 14.2a01ddd6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 62 KB
20 KB 25ms
12ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.2a01ddd6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

ef593584d9432b51ed1cec6f58f844bfa6f81ef0fe27fd9404e400e1346fa09b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"6f457384188c98017d8d27281f3df6ad"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: KpoEpDmO7G9TLWLfSTzA1dytLAyREIfM
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kM-XMup8Yo6nCovxY7Fq1UWC4x9Ex3Blr_IX-sf6erR18Ns_4JjlcQ==

GET
H2 200 41.ef07ba02.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 105 KB
34 KB 26ms
14ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.ef07ba02.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

160371118ad2e4d470bc6801bb253ec18332e7b6fb7225bb6d365a99bdb99d22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"da03c1012cb0aaeb2041fa677a272d14"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 6OpxVYvZjRVHdu0KjdhZlusmExqFlB4E
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1zEPHki_IpLJsf3t66ezvs_xRBi5qKYPSs6X52QMZwqjNVxOzY7Veg==

GET
H2 200 35.0810b4b3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 12 KB
4 KB 28ms
15ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.0810b4b3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

05c1b18ed199fea9af5168c7769dff2cd69f02706fa2568ab2e305be8dfb9c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 01:15:27 GMT
content-encoding: gzip
age: 3760989
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 18 Jan 2022 19:52:34 GMT
server: nginx
etag: W/"4a61646db5420cc31cb60b9287d9f544"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 123ec01tvkGnjrPsnvwWzlXkBB9QJfPb
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 25jOfjisQW8Pr0baL42NoBc5Nz-qA6Y96oUU37UH-uzpbamuXOUN-w==

GET
H2 200 26.d9eb886e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 12 KB
5 KB 28ms
15ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.d9eb886e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

b9ddcbc73a2a42b603661b51028d38aba3374f67385f3307e1cfcebdee2f4838

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"44c7301d8127e805fcdfcc1b00ddf2ea"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: EjkJtX0HE9ajSK4icA5a46UNajNAQcku
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VhALvkqRbuPRFJdqLRaffJvMPWTuunNBM6MCMD_0GdB-5u7QZrbmrQ==

GET
H2 200 17.6c3c965c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 17 KB
7 KB 28ms
16ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.6c3c965c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

a5ad436c025c2a03ccc5672aed9469ac98d22b73df5b1d20ed2adb46c0c4daf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"b0b166b8ed88c90ea3dc07661d0dcff4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: HHiN6wsTfDikx0BfRvhzq1f1VEBLDIa4
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: F--r09WlAwV2pfZdcgzS5I0BrddlzYV-6sSBjtOuZRh-GuRjvYIOTA==

GET
H2 200 8.5b0bb1c3.chunk.css
js.driftt.com/core/assets/css/ Frame D219 11 KB
3 KB 18ms
6ms Stylesheet
text/css 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.5b0bb1c3.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

d36d8a76a8b7d7fe8655db34eb54e4a4b6d422cdd1a67810d3dd5c014edb14e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:15 GMT
server: nginx
etag: W/"a123c5b36f16fe6d3a3129e24df81443"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _wlNEHOawmowSdlpT1GApwIIwlk.3B3i
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3UiPCtqa2WKuQqHJ5i8YAXyPITAvcBUlRylzu3ul0F6F3fturpnTeA==

GET
H2 200 8.14761f6a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 69 KB
22 KB 29ms
16ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.14761f6a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

67339ddd57bfadccc7db0301c04748abfd5fe9f6ea21b0b9afa5e03aeb080fe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 17:24:58 GMT
content-encoding: gzip
age: 506019
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 17:16:18 GMT
server: nginx
etag: W/"d7e7ac040cc38a4014be2dac5911f809"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 1S_vUKzB1dNvDRU9IvHgH4WqU0q.qWdi
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2us5edj4CZiN3ZSfwtlm4Z7qNaGcmJgIobSKSD5OmxbeZUEWhMFYJg==

GET
H2 200 15.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame D219 24 B
666 B 18ms
6ms Stylesheet
text/css 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/15.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:41 GMT
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 24
last-modified: Tue, 04 Jan 2022 15:08:15 GMT
server: nginx
etag: "0c5dad92482d9a7c7c253510f5082465"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: bzo2zbrJexGHlTPaLulG8N5yfdXT7FR0
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WvrQOOSNN03fG1h5sFsnyiIQi3LhVo9sJjOI3ASAPHUX96JItF2l1w==

GET
H2 200 15.7662c098.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 75 KB
19 KB 30ms
17ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.7662c098.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

1787cb259c57ce6cd27152c77d90363b2917ff8b5f34dd377f691042d787e408

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 17:24:58 GMT
content-encoding: gzip
age: 506019
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 17:16:16 GMT
server: nginx
etag: W/"4cdfcf8a0153b5f113c1c52b9d1561e4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: B_P689676Qm.H7C_2wNidWTRmsrF5U63
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jwMXeFOlRCvgOxfYjI-_yrmpy8CtJARXV_T6tj-dmlCyeg3ChIBOzw==

GET
H2 200 22.668b8a5d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 47 KB
13 KB 30ms
18ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.668b8a5d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

6754bd59e77debd17bde0e93a50f3e0c70322c34fd3496dc3f19167db71d77d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 17:24:58 GMT
content-encoding: gzip
age: 506019
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 17:16:16 GMT
server: nginx
etag: W/"4aa1ed4965ed229dc887a387dbb0e750"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: kk7pdJKMde0rW3fGmZfi6D0Xi5DBuQ1x
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Is4y4ILImdbBiYhwgpnPYDYwWtSyO-SsafoISJTrucutwzmxb52DEQ==

GET
H2 200 13.e094e85b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 41 KB
13 KB 31ms
19ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.e094e85b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

4fc909037816a7b5425869f6390aa79a7c1c5fc718e2b89af25bccc684e330bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:35:54 GMT
content-encoding: gzip
age: 84163
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 02 Mar 2022 14:16:03 GMT
server: nginx
etag: W/"50c1c0666a10d20e4b757c3cd52902f0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .zkyqfhPGsXuNqijOJ4hzspYYQnCVxew
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3kjKg44BbGtcLzNXb8Aqk2vzOJ7GVBIkVynbLwms_Gnsja3oli_ILA==

GET
H2 200 11.1.385.js Show response
script.crazyegg.com/pages/versioned/commontransformations-scripts/ 116 KB
38 KB 44ms
31ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/11.1.385.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6279.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6af56e74074849b0ce5c63c9a08d8f756fa79c9ee18a5fa186af3842453a4431

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 13:58:37 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 09 Feb 2022 00:10:30 GMT
server: cloudflare
age: 63971
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
cf-ray: 6e62e356ebe759d1-MXP
content-length: 38731

GET
H2 200 32.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 0F4A 3 KB
1 KB 7ms
6ms Stylesheet
text/css 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/32.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:42 GMT
content-encoding: gzip
age: 5004295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:15 GMT
server: nginx
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: u5jls1rsjTMRW03RSXYJxMQTbD86EmFF
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PBZ3E8IARojBFv1jbuGU48N2AQjmW3qYQT3o0Mf7QrQaI3Cw3yqzpQ==

GET
H2 200 32.28be7b35.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 3 KB
2 KB 8ms
7ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.28be7b35.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

566639f88e650ada50f7f5a70d52efdd262905b7114ddffd26893b7727493a7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 20:05:36 GMT
content-encoding: gzip
age: 3606781
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 20 Jan 2022 18:53:54 GMT
server: nginx
etag: W/"853d736e05b299b857e10b6ab17f3c36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 9pIhc0wyy2uFZp3UiIdf1ZYNnPQh9D45
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: w_jjZSB6EVqA5I15Qe-Nx_LEMUE3fCeIF7qfh942QiIEq-BE4kwmOA==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 9 KB
3 KB 7ms
6ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:42 GMT
content-encoding: gzip
age: 5004295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:16 GMT
server: nginx
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: DgvAfZ7BPwPZGfOrE621PjhvvHFr1DU0
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: w0Nkj-WL3Ko6KmgnjOUEJPtUat86x51yTyvVsEc8huFV_n4-2SBHlQ==

GET
H2 200 24.81d46fe7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 33 KB
10 KB 8ms
7ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.81d46fe7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

e7e2024764e94bff400b354a7cb714ab75f1b9fd4b3fb09de18dca2d6c2e56a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:42 GMT
content-encoding: gzip
age: 5004295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"4f751bc7b45f18c1d343a3081fe2509f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: LcjepTSdTIP3TYamt9S6TQ4IzFvRquuU
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cNUia_WCmiyNTRkqNqRUPd-yYOWwe0E5IzpzOM9_3uSnJPOjKz4GaQ==

GET
H2 200 25.49c6961c.chunk.css
js.driftt.com/core/assets/css/ Frame D219 8 KB
2 KB 8ms
7ms Stylesheet
text/css 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/25.49c6961c.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

578cda2391db4e4d761ae5c4f05c03614d0ea8fec0b260edc036cc0bbdfcdd93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:42 GMT
content-encoding: gzip
age: 5004295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:15 GMT
server: nginx
etag: W/"f80cd64e339375567091159cb077b941"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: bxrqjBCKX9ERzz7WjftbPaYdOBk8_KxN
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NrveREQsScOftfks-2HfH2KJSlIOsLwUeVhd_y6XT0amMINykNQQpg==

GET
H2 200 25.2e3c0d77.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 12 KB
5 KB 8ms
8ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.2e3c0d77.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

1a938735cf14d8329a7b1c12b0a4ed99c3d9f43aba11d1fc326cc5a3159250f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 17:24:58 GMT
content-encoding: gzip
age: 506018
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 17:16:16 GMT
server: nginx
etag: W/"ae2dc5d2abfa8c0d45e495347a15f6de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: bi1OJyoFIiF9itfH_IKgFqEuho_2zhIU
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: q7eLIhXI1UmMxBuzL4pvQ9XueJEdP84ahfQmoKXvPKeJ4G8P8QXucQ==

GET
H2 200 19.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame D219 365 B
1008 B 9ms
9ms Stylesheet
text/css 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/19.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:42 GMT
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
age: 5004295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 365
last-modified: Tue, 04 Jan 2022 15:08:15 GMT
server: nginx
etag: "06b2963b029c0824382815165bfea73e"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: eDSgTpssczGDn2812OLuvvF.eUpzKWka
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OhViDC-K--cMnsrj_DyhzrCvfQKwiTI-TEg7Xfwq7DuFoqVUJnIktw==

GET
H2 200 19.dbf97669.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D219 85 KB
24 KB 10ms
10ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.dbf97669.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

7fac9a43ab09cf21eafe26af20439d52313fa761cf6100c10ef950a6af22f7d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=2mnfp3myy8iz&region=US&forceShow=false&skipCampaigns=false&sessionId=5be6f6ca-5048-4b90-89d9-48ecff68a92e&sessionStarted=1646315917.783&campaignRefreshToken=ef5bcd3c-7174-473f-81aa-f048f0bafba5&hideController=false&pageLoadStartTime=1646315916757&mode=CHAT&driftEnableLog=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 17:24:58 GMT
content-encoding: gzip
age: 506019
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 17:16:16 GMT
server: nginx
etag: W/"e5d01e169fc99a46f4cbb5ef34e481c4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 1C7KEcTG69elg1eC9vdIkv1xid1OAtru
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ItBnIf27ggrNNshF8X-TDCMJzQgDzPxhxQJWu8NLYQBRXa8S8pCuEw==

GET
BLOB 200
OK 907ba56e-f78e-4eec-acec-b35d85fe3950
https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com/ Frame BB45 5 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com/907ba56e-f78e-4eec-acec-b35d85fe3950
Requested by: Host: builder-assets.unbounce.com
URL: https://builder-assets.unbounce.com/published-js/main.bundle-bdbf0bb.z.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c29517d31f5827419cfb4f4ff8cd13b478ec5345cfbb24e4f02072c723a87e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Length: 5603
Content-Type: text/css

GET
H2 200 css
fonts.googleapis.com/ Frame BB45 2 KB
992 B 39ms
18ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Darker+Grotesque:500,regular

Requested by

Host: builder-assets.unbounce.com
URL: https://builder-assets.unbounce.com/published-js/main.bundle-bdbf0bb.z.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f2e03f1c7ddfce35dd62b9250144db20f06c5962f0a0eb99228bcec82c98a7f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 13:58:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 03 Mar 2022 13:58:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Mar 2022 13:58:38 GMT

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 9 KB
3 KB 7ms
6ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:42 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:16 GMT
server: nginx
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: DgvAfZ7BPwPZGfOrE621PjhvvHFr1DU0
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: I1sJQzLzMVSiFOd6pESVpNipBcN8K0Iw9rlEcAo-3gJkmUdi2EIAfQ==

GET
H2 200 2.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 0F4A 7 KB
2 KB 8ms
7ms Stylesheet
text/css 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/2.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:42 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:15 GMT
server: nginx
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Y5MQMpfNZ9bYDeQmDMLbw0xNzGrQukfM
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AbBFWrxJFrzbONv6tF1cpR8VmEApG0thSD-4DNDqydfcboETRaSDeQ==

GET
H2 200 2.90bfb041.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 54 KB
16 KB 8ms
8ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/2.90bfb041.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

088e1ef91a320f014eecd7495cedfa7fee5e167cadaf55545ce137f4ff749ba8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 15:53:42 GMT
content-encoding: gzip
age: 5004296
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 04 Jan 2022 15:08:17 GMT
server: nginx
etag: W/"dc43e7dd478d83a9091a7335b8beb11d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: dNyr.b_J6AuxSb56NRWJ3LKsWJ9BzeOS
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mp2SFZ3jsyaEVEz-XKdtV7_8UBYnSluOHmTEI6paFoFG7-Jb-0dV6Q==

GET
H2 200 1.e250bb71.chunk.css
js.driftt.com/core/assets/css/ Frame 0F4A 44 KB
7 KB 9ms
8ms Stylesheet
text/css 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.e250bb71.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

f9163f3372bf09f2bcb3c8fa8b218443c557dbb32c78a36ee9221ca5abf8b193

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Feb 2022 16:15:00 GMT
content-encoding: gzip
age: 2324618
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 04 Feb 2022 14:40:27 GMT
server: nginx
etag: W/"2b7f0e5ff08649a2d71db9fdde0609ab"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: U0zOe09_ThzYcAoSvmLbLojXTsJVu6PB
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZGkff98oMnOJyBKo3l6y1ZwRBxBnI5p7-aVT95W7UppJad4-CV4aVQ==

GET
H2 200 1.19a2e22a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 71 KB
24 KB 9ms
9ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.19a2e22a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

8d06b89fce1308b54fc204a2ea41e96ad6a034c075dbf396eea0611b71ffa7a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 17:24:58 GMT
content-encoding: gzip
age: 506020
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 25 Feb 2022 17:16:15 GMT
server: nginx
etag: W/"e1ca1e814dcbca2657c8795cba51dab9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: H3WkY2wyImzg96kEeVoZBSZ5Xs5uT9xg
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rfjY-eAev8EqS9iaVydm5RNZpdqKv4JKa0h7nsYLAhBlb0mSoaR-lw==

GET
H2 200 30.52060f2d.chunk.css
js.driftt.com/core/assets/css/ Frame 0F4A 12 KB
3 KB 10ms
9ms Stylesheet
text/css 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/30.52060f2d.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

643284a0eca0e88605a52952545149695d41d4a6f057d897bedf92a24e32c573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Feb 2022 16:15:00 GMT
content-encoding: gzip
age: 2324618
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 04 Feb 2022 14:40:27 GMT
server: nginx
etag: W/"b63021470083bdc161ef4dda2e4912c3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: e.sL0vOF62s4pyHwBuhbHf.Miph1ZlJo
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _2UYJI146IpU8ELyklbv9t2Y-5ngJ9KNvSJtk-bQ3kNMqga4laykJg==

GET
H2 200 30.f7ac887f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 0F4A 12 KB
5 KB 10ms
10ms Script
application/javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.f7ac887f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.2bac926c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-49.fra50.r.cloudfront.net

Software

nginx /

Resource Hash

b4fd7745608bc8211290cef91c3b48851932aebabf34e9385161c60c1ac740c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1646315916757
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:35:55 GMT
content-encoding: gzip
age: 84163
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 02 Mar 2022 14:16:04 GMT
server: nginx
etag: W/"e661eed70ac3020c76fd66219d7b4495"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _l44XSpjoNHbcBjkibjuZQPI6xwS0oJQ
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: LcVeqwDFMA4RFupmeUSq9VPT3H3ZqzqZc-rZQfCRLgy7_YZG1lQFOw==

GET
H2 200 6279.json Show response
script.crazyegg.com/pages/sampling-data-scripts/0097/ 164 B
262 B 158ms
158ms XHR
application/json 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/sampling-data-scripts/0097/6279.json?t=457309
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/11.1.385.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05cabe7487623179e44de0352284c619f4731e53df0b11153b6daa5252fe3c2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:38 GMT
content-encoding: gzip
cf-cache-status: MISS
cf-ray: 6e62e357d9f55a1f-MXP
ce-version: 11.1.385
content-length: 152
last-modified: Thu, 03 Mar 2022 13:58:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *

GET
H2 204 embeddableActivated Show response
f47fc87cb1114490b08a513d8c97555c.events.ubembed.com/ 0
105 B 312ms
98ms XHR
text/plain 3.224.182.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://f47fc87cb1114490b08a513d8c97555c.events.ubembed.com/embeddableActivated?activationRuleId=9b024fe6d208435ebb20112914781ba9&browserTrackingId=3d560c4a34814d0792eb9f5fcd815058&clientId=712b0e8a-52d5-488f-b06d-a39b5b646f50&hostPageCorrelationId=a1d87bdc1c0744d291a177783eb30809&hostPageReferrerUrl=&hostPageUrl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&isFirstTime=true&requestId=59241e19211544db9c294e8195a1db60&source=universalscript-v0.179.1
Requested by: Host: assets.ubembed.com
URL: https://assets.ubembed.com/universalscript/releases/v0.179.1/bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.182.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-182-56.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.secureworks.com
date: Thu, 03 Mar 2022 13:58:38 GMT
access-control-allow-credentials: true

GET
H2 204 embeddableViewed Show response
f47fc87cb1114490b08a513d8c97555c.events.ubembed.com/ 0
104 B 312ms
98ms XHR
text/plain 3.224.182.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://f47fc87cb1114490b08a513d8c97555c.events.ubembed.com/embeddableViewed?activationRuleId=9b024fe6d208435ebb20112914781ba9&browserTrackingId=3d560c4a34814d0792eb9f5fcd815058&clientId=712b0e8a-52d5-488f-b06d-a39b5b646f50&hostPageCorrelationId=a1d87bdc1c0744d291a177783eb30809&hostPageReferrerUrl=&hostPageUrl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&isFirstTime=true&requestId=daeff0e84cce472b84ac120f1eaf4293&source=universalscript-v0.179.1
Requested by: Host: assets.ubembed.com
URL: https://assets.ubembed.com/universalscript/releases/v0.179.1/bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.182.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-182-56.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.secureworks.com
date: Thu, 03 Mar 2022 13:58:38 GMT
access-control-allow-credentials: true

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1010078681&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&ul=en-us&de=UTF-8&dt=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Unbounce%20Convertable&ea=view&el=022422%20-%20Sticky%20Bar%3A%20Homepage%20-%20Webinar%3A%20Russia%20Crisis%20-%20variant%20a&_u=aHDAAEABAAAAAG~&jid=&gjid=&cid=1501692559.1646315918&tid=UA-1042506-1&_gid=164123307.1646315918&gtm=2wg2s0P6Z7M2&z=1612022184

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 03:45:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 36791
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1010078681&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&ul=en-us&de=UTF-8&dt=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Unbounce%20Convertable&ea=view&el=022422%20-%20Sticky%20Bar%3A%20Homepage%20-%20Webinar%3A%20Russia%20Crisis%20-%20variant%20a&_u=aHDAAEABAAAAAG~&jid=&gjid=&cid=1501692559.1646315918&tid=UA-1281488-1&_gid=164123307.1646315918&gtm=2wg2s0P6Z7M2&z=398947426

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 03:45:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 36791
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1010078681&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&ul=en-us&de=UTF-8&dt=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Unbounce%20Convertable&ea=view&el=022422%20-%20Sticky%20Bar%3A%20Homepage%20-%20Webinar%3A%20Russia%20Crisis%20-%20variant%20a&_u=aHDAgEABAAAAAG~&jid=&gjid=&cid=1501692559.1646315918&tid=%5Bobject%20Object%5D&_gid=164123307.1646315918&gtm=2wg2s0P6Z7M2&cd1=&cd2=&cd3=&z=614263576

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 03:45:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 36791
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 U9MA6cuh-mLQlC4BKCtayOfARkSVo0L3MWgrTQ.woff2
fonts.gstatic.com/s/darkergrotesque/v5/ Frame BB45 18 KB
18 KB 80ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/darkergrotesque/v5/U9MA6cuh-mLQlC4BKCtayOfARkSVo0L3MWgrTQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Darker+Grotesque:500,regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

495c28386dc142ebbf32802bfeae197ff3ce62a099352005ddcdc7eb5e0437fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 18:47:12 GMT
x-content-type-options: nosniff
age: 155486
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18236
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 19:46:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Mar 2023 18:47:12 GMT

GET
H2 200 U9MH6cuh-mLQlC4BKCtayOfARkSVq7HUJA.woff2
fonts.gstatic.com/s/darkergrotesque/v5/ Frame BB45 18 KB
18 KB 83ms
11ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/darkergrotesque/v5/U9MH6cuh-mLQlC4BKCtayOfARkSVq7HUJA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Darker+Grotesque:500,regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e7bdf7c5e7d66b6d31e8170e4866f29594a10be1f9cebf68d3e2d1ee56645a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 18:28:42 GMT
x-content-type-options: nosniff
age: 156596
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18128
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 19:46:39 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Mar 2023 18:28:42 GMT

POST
H2 200 v2 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame D219 25 B
122 B 114ms
114ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/43.bf52ab96.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 03 Mar 2022 13:58:38 GMT
server: istio-envoy
requestid: aaeeab36015d49cc
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 16
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

POST
H2 200 ping Show response
bootstrap.api.drift.com/widget_bootstrap/ Frame D219 126 B
223 B 101ms
100ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/43.bf52ab96.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

4b275cc1f0b00b80ea4cfaea94ad959cd55496b2805d17aa98a3c6662aa3ecb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 03 Mar 2022 13:58:38 GMT
server: istio-envoy
requestid: a77269be3cd40d0a
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 126
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 0
0 318ms
101ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 03 Mar 2022 13:58:38 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift63cbd384bc28a268fb9c6202267
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

OPTIONS
H2 200 ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 0
0 319ms
100ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 03 Mar 2022 13:58:38 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftc4db8fc4ca9b6a6b53d6e8fdf41
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy

GET
H2 200 2mnfp3myy8iz.json Show response
embeds.driftcdn.com/embeds/ Frame D219 45 KB
9 KB 36ms
11ms XHR
application/json 143.204.98.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embeds.driftcdn.com/embeds/2mnfp3myy8iz.json
Requested by: Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/43.bf52ab96.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-58.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5637cf734c930f3478b16ca991f4538149a9a851e6a5008419c366e78f9dfdfa

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 13:58:38 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 02 Mar 2022 23:02:22 GMT
server: AmazonS3
etag: W/"5cea9e1f0952e7e23ce4778d038219a9"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json; charset=UTF-8
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
cache-control: public, max-age=30
x-amz-cf-id: sDX0o7ShM2ywUie2ov3TbEX38DGJq0I8Har-x9j1zoy3WSKeRV5oYg==

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 191ms
190ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=64bb1002b93e00008dc920626d02000056c50500&session=0b924d5e-c772-46de-8d00-5a9b0e780dbb&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A37%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20REvil%20(also%20known%20as%20Sodinokibi)%20ransomware%20was%20used%20by%20the%20financially%20motivated%20GOLD%20SOUTHFIELD%20threat%20group%2C%20which%20distributes%20ransomware%20via%20exploit%20kits%2C%20scan-and-exploit%20techniques%2C%20RDP%20servers%2C%20and%20backdoored%20software%20installers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&pageViewId=3b063a9c-afa1-4f1e-863f-71fcb4f2f7c6&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:38 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK abstract_0002_pink-accelerate_360x190.ashx
www.secureworks.com/-/media/Images/Insights/2018/Abstract/abstract_pink_accelerate/ 5 KB
5 KB 185ms
185ms Image
image/webp 40.71.249.187
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/-/media/Images/Insights/2018/Abstract/abstract_pink_accelerate/abstract_0002_pink-accelerate_360x190.ashx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

40.71.249.187 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

6ea7a93c8ebfad551e99cdaaa0a938bbcc596a915c1adced1e849091e02a7b83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 08 Jun 2018 17:55:27 GMT
Server: Microsoft-IIS/10.0
ETag: 321fcf8a2452425ab546cc7fbd79efd5
Content-Type: image/webp
Cache-Control: public, max-age=2592000
Date: Thu, 03 Mar 2022 13:58:38 GMT
Content-Disposition: inline; filename="abstract_0002_pink-accelerate_360x190.webp"
Accept-Ranges: bytes
Content-Length: 5064
X-Content-Type-Options: nosniff
Expires: Sat, 02 Apr 2022 13:58:38 GMT

GET
H/1.1 200
OK 0001_human_woman-computer_360x190.ashx
www.secureworks.com/-/media/Images/Insights/2020/lifestyle-0001_women-computer/ 6 KB
6 KB 205ms
204ms Image
image/webp 40.71.249.187
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/-/media/Images/Insights/2020/lifestyle-0001_women-computer/0001_human_woman-computer_360x190.ashx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

40.71.249.187 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

9445839ba8dab4b0346792445f963656ccc927d00d169f13337e4b4aee424490

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Dec 2019 18:37:37 GMT
Server: Microsoft-IIS/10.0
ETag: 6135f3a07bcc4bf3845702d5bb5ff0e5
Content-Type: image/webp
Cache-Control: public, max-age=2592000
Date: Thu, 03 Mar 2022 13:58:38 GMT
Content-Disposition: inline; filename="0001_human_woman-computer_360x190.webp"
Accept-Ranges: bytes
Content-Length: 5858
X-Content-Type-Options: nosniff
Expires: Sat, 02 Apr 2022 13:58:38 GMT

GET
H/1.1 200
OK places_0039_red-accent-modern-office_360x190.ashx
www.secureworks.com/-/media/Images/Insights/Places/039%20red-accent-modern-office/ 8 KB
8 KB 358ms
172ms Image
image/webp 40.71.249.187
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/-/media/Images/Insights/Places/039%20red-accent-modern-office/places_0039_red-accent-modern-office_360x190.ashx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

40.71.249.187 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

04e1c3fc051d24e92ccc9b0b355c6823be266bdea796ddd99765b925d74b3155

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 12 Nov 2015 14:48:41 GMT
Server: Microsoft-IIS/10.0
ETag: 45f243f155f142dcb30c9cdfcfcf60c7
Content-Type: image/webp
Cache-Control: public, max-age=2592000
Date: Thu, 03 Mar 2022 13:58:38 GMT
Content-Disposition: inline; filename="places_0039_red-accent-modern-office_360x190.webp"
Accept-Ranges: bytes
Content-Length: 8086
X-Content-Type-Options: nosniff
Expires: Sat, 02 Apr 2022 13:58:38 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 190ms
190ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=64bb1002b93e00008dc920626d02000056c50500&session=0b924d5e-c772-46de-8d00-5a9b0e780dbb&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A38%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20REvil%20(also%20known%20as%20Sodinokibi)%20ransomware%20was%20used%20by%20the%20financially%20motivated%20GOLD%20SOUTHFIELD%20threat%20group%2C%20which%20distributes%20ransomware%20via%20exploit%20kits%2C%20scan-and-exploit%20techniques%2C%20RDP%20servers%2C%20and%20backdoored%20software%20installers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&pageViewId=3b063a9c-afa1-4f1e-863f-71fcb4f2f7c6&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:39 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event2/ Frame D219 25 B
88 B 113ms
113ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/43.bf52ab96.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 03 Mar 2022 13:58:40 GMT
server: istio-envoy
requestid: a8ab38dbe1f3c874
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 14
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 0
0 99ms
99ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 03 Mar 2022 13:58:40 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftd3e9138448e97c76d6a5bfd5b9e
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 201ms
201ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=64bb1002b93e00008dc920626d02000056c50500&session=0b924d5e-c772-46de-8d00-5a9b0e780dbb&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A40%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A39%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20REvil%20(also%20known%20as%20Sodinokibi)%20ransomware%20was%20used%20by%20the%20financially%20motivated%20GOLD%20SOUTHFIELD%20threat%20group%2C%20which%20distributes%20ransomware%20via%20exploit%20kits%2C%20scan-and-exploit%20techniques%2C%20RDP%20servers%2C%20and%20backdoored%20software%20installers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&pageViewId=3b063a9c-afa1-4f1e-863f-71fcb4f2f7c6&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:40 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 190ms
190ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=64bb1002b93e00008dc920626d02000056c50500&session=0b924d5e-c772-46de-8d00-5a9b0e780dbb&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A40%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20REvil%20(also%20known%20as%20Sodinokibi)%20ransomware%20was%20used%20by%20the%20financially%20motivated%20GOLD%20SOUTHFIELD%20threat%20group%2C%20which%20distributes%20ransomware%20via%20exploit%20kits%2C%20scan-and-exploit%20techniques%2C%20RDP%20servers%2C%20and%20backdoored%20software%20installers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&pageViewId=3b063a9c-afa1-4f1e-863f-71fcb4f2f7c6&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 189ms
188ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=64bb1002b93e00008dc920626d02000056c50500&session=0b924d5e-c772-46de-8d00-5a9b0e780dbb&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A42%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2003%20Mar%202022%2013%3A58%3A41%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225006%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20REvil%20(also%20known%20as%20Sodinokibi)%20ransomware%20was%20used%20by%20the%20financially%20motivated%20GOLD%20SOUTHFIELD%20threat%20group%2C%20which%20distributes%20ransomware%20via%20exploit%20kits%2C%20scan-and-exploit%20techniques%2C%20RDP%20servers%2C%20and%20backdoored%20software%20installers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&pageViewId=3b063a9c-afa1-4f1e-863f-71fcb4f2f7c6&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/revil-sodinokibi-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 13:58:42 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST bulk
metrics.api.drift.com/monitoring/metrics/add/ Frame D219 0
0

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/add/ Frame 0
0 100ms
99ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/add/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 03 Mar 2022 13:58:43 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift0e1926b4b39b8cb01e1e5898532
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: px4.ads.linkedin.com
URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1646315917661&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&liSync=true&e_ipv6=AQJfvlwiUVaiwQAAAX9QE1PCXs007lWxPJfTPhzUWoS5Eu6iACEz4_ApR3K0tvB83-6LapwnmknH648Sqbz4jilkIVsZ2A

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/648366107/?random=1646315917652&cv=9&fst=1646312400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg2s0&sendb=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&tiba=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&async=1&fmt=3&is_vtc=1&random=4141310935&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1042506-1&cid=1501692559.1646315918&jid=1922081179&_u=YEBAAEAAAAAAAC~&z=1057127220

Domain: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.32/clarity.js

Domain: c.clarity.ms
URL: https://c.clarity.ms/c.gif

Domain: metrics.api.drift.com
URL: https://metrics.api.drift.com/monitoring/metrics/add/bulk

Verdicts & Comments Add Verdict or Comment

154 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.secureworks.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: ltk0mams0w3uysovy34ivhal
www.secureworks.com/	1970-01-23 16:54:35	Name: SC_ANALYTICS_GLOBAL_COOKIE Value: 1b77a4a6ca6a45a3bf23343e76a804e4\|False
.www.secureworks.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinity Value: 8f1063a2553f6d7463c035539ccd47851acb1486e1af68c23c004060312a9a93
.www.secureworks.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinityCORS Value: 8f1063a2553f6d7463c035539ccd47851acb1486e1af68c23c004060312a9a93
.secureworks.com/	1970-01-20 18:49:47	Name: _mkto_trk Value: id:725-SMC-563&token:_mch-secureworks.com-1646315917393-95254
.secureworks.com/	1970-01-20 10:04:11	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Thu+Mar+03+2022+13%3A58%3A37+GMT%2B0000+(GMT)&version=6.18.0&landingPath=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&groups=0_288081%3A1%2C0_288078%3A1%2C0_270850%3A1%2C0_288138%3A1%2C1%3A1%2C0_227367%3A1%2C0_227365%3A1%2C0_288077%3A1%2C0_288083%3A1%2C2%3A1%2C0_227370%3A1%2C3%3A1%2C0_270866%3A1%2C0_288080%3A1%2C4%3A1%2C0_288082%3A1%2C0_227355%3A1%2C0_297683%3A1%2C0_301142%3A1%2C0_301144%3A1
.secureworks.com/	1970-01-20 03:28:11	Name: _gcl_au Value: 1.1.1230623042.1646315918
.secureworks.com/	1970-01-20 01:20:02	Name: _gid Value: GA1.2.164123307.1646315918
.secureworks.com/	1970-01-20 01:18:35	Name: _gat_UA-1042506-1 Value: 1
.secureworks.com/	1970-01-20 01:18:35	Name: _gat_UA-1281488-1 Value: 1
.bing.com/	1970-01-20 10:40:11	Name: MUID Value: 28D5812FB08A6CD20FA39073B1E16D4E
.secureworks.com/	1970-01-20 18:49:47	Name: _ga_15MK64YNN6 Value: GS1.1.1646315917.1.0.1646315917.0
.6sc.co/	1970-01-20 18:49:47	Name: 6suuid Value: 64bb1002b93e00008dc920626d02000056c50500
.secureworks.com/	1970-01-20 01:20:02	Name: _uetsid Value: 061962a09afa11ec902369b1b8255741
.secureworks.com/	1970-01-20 10:40:11	Name: _uetvid Value: 061988a09afa11ec802a8fda223e09ad
.secureworks.com/	1970-01-20 03:28:11	Name: _rdt_uuid Value: 1646315917651.6afcde44-925b-4c3d-ae83-ef0f12c03047
.techtarget.com/	1970-01-20 01:18:37	Name: __cf_bm Value: E78wmknJ3te6sisTmdNo0wDn7iQe2.dsocosvq9tw8s-1646315917-0-AQdnavywKOssaP9StajKh4a6O3rIUr5T45qYuc8XL1g8zNr+Hx+NU6IIrnc6C2Fgf23PfF/7x7KTgVFiQu6tQgs=
.doubleclick.net/	1970-01-20 01:18:36	Name: test_cookie Value: CheckForPermission
www.secureworks.com/	1970-01-20 01:28:40	Name: _an_uid Value: 0
www.secureworks.com/	1970-01-20 18:49:47	Name: _gd_visitor Value: 5e60484a-76c4-4c4f-828d-069e83a002f5
www.secureworks.com/	1970-01-20 01:18:50	Name: _gd_session Value: 0b924d5e-c772-46de-8d00-5a9b0e780dbb
www.secureworks.com/	1970-01-20 18:49:47	Name: _gd_svisitor Value: 64bb1002b93e00008dc920626d02000056c50500
www.secureworks.com/	1970-01-20 01:18:37	Name: drift_campaign_refresh Value: ef5bcd3c-7174-473f-81aa-f048f0bafba5
.secureworks.com/	1970-01-20 18:49:47	Name: _ga Value: GA1.2.1501692559.1646315918
.secureworks.com/	1970-01-20 01:18:35	Name: _dc_gtm_objectObject Value: 1
.linkedin.com/	1970-01-20 02:01:47	Name: UserMatchHistory Value: AQIwQLbVSRbEVQAAAX9QE1HzAJbo3P_fP9FzMaYKfC4DNNL-ifffynnDUqTPwDodsm791VbsdXDe3Q
.linkedin.com/	1970-01-20 02:01:47	Name: AnalyticsSyncHistory Value: AQKNkihEjcX-KQAAAX9QE1HzIqvzCvd8_5HQXtHZn1OU0WLlTHxLAODg0m0E4zpOsUQC6rQ5o_3-wRsRBNB93A
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 18:50:29	Name: bcookie Value: "v=2&2e19dbd4-1a82-4b57-88d1-04fdbd688879"
.linkedin.com/	1970-01-20 01:20:02	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2201:u=1:x=1:i=1646315917:t=1646402317:v=2:sig=AQGQpZzOZtfJ6UV0yvzYH609GQKTCjnr"
.adnxs.com/	1970-01-20 03:28:11	Name: uuid2 Value: 3326976933832376224
apt.techtarget.com/	1969-12-31 23:59:59	Name: TS01fac3f6 Value: 012c664659b1edfbc898f273ca5e380d38f457e548efe6e50567b49540f6ea1507159ce26388dfe8d4d0e04abd69b754b67ef00e91
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 18:50:29	Name: bscookie Value: "v=1&20220303135838a19a4e19-679a-46ee-89da-a2954a6587e7AQE-6IKH6iFBpatiTCW9ccjvxD2EcQ_3"
.linkedin.com/	1970-01-20 18:37:15	Name: li_gc Value: MTswOzE2NDYzMTU5MTg7MjswMjEdKRxSuj+6XxN+VLBiSPANygfjk/EhS7SdiuY2F2EQOQ==

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware(Line 6) Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-NTRkNGFiMGVjMTY3NDA5YWFiMmRjOWNjNDVlZDBhOTk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://.vimeo.com https://.vimeocdn.com https://j.6sc.co https://b.6sc.co https://.6sc.co https://epsilon.6sense.com https://.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://.on24.com https://.ceros.com https://.js.ubembed.com https://assets.ubembed.com https://.redditstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-jh1qUxfhQ+GhYQsTgZIFrAho8L1Or/G5Lk89fH4gm8k='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware(Line 6) Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-NTRkNGFiMGVjMTY3NDA5YWFiMmRjOWNjNDVlZDBhOTk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://.vimeo.com https://.vimeocdn.com https://j.6sc.co https://b.6sc.co https://.6sc.co https://epsilon.6sense.com https://.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://.on24.com https://.ceros.com https://.js.ubembed.com https://assets.ubembed.com https://.redditstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-NjbjtGyH66ySyuUmueEAExPZ9TqyPJTQ1fA9vfqIljY='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware Message: Refused to load the image 'https://www.google.de/pagead/1p-user-list/648366107/?random=1646315917652&cv=9&fst=1646312400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg2s0&sendb=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&tiba=REvil%2FSodinokibi%20Ransomware%20%7C%20Secureworks&async=1&fmt=3&is_vtc=1&random=4141310935&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org fonts.gstatic.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .ubembed.com *.redditstatic.com alb.reddit.com".
security	error	URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware Message: Refused to load the image 'https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1042506-1&cid=1501692559.1646315918&jid=1922081179&_u=YEBAAEAAAAAAAC~&z=1057127220' because it violates the following Content Security Policy directive: "img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org fonts.gstatic.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .ubembed.com *.redditstatic.com alb.reddit.com".
security	error	URL: https://bat.bing.com/p/action/56073499.js Message: Refused to load the script 'https://i.clarity.ms/s/0.6.32/clarity.js' because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-NTRkNGFiMGVjMTY3NDA5YWFiMmRjOWNjNDVlZDBhOTk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://.vimeo.com https://.vimeocdn.com https://j.6sc.co https://b.6sc.co https://.6sc.co https://epsilon.6sense.com https://.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://.on24.com https://.ceros.com https://.js.ubembed.com https://assets.ubembed.com https://.redditstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware Message: Refused to load the image 'https://c.clarity.ms/c.gif' because it violates the following Content Security Policy directive: "img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org fonts.gstatic.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .ubembed.com *.redditstatic.com alb.reddit.com".
security	error	URL: https://www.secureworks.com/research/revil-sodinokibi-ransomware Message: Refused to load the image 'https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2386324&time=1646315917661&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Frevil-sodinokibi-ransomware&liSync=true&e_ipv6=AQJfvlwiUVaiwQAAAX9QE1PCXs007lWxPJfTPhzUWoS5Eu6iACEz4_ApR3K0tvB83-6LapwnmknH648Sqbz4jilkIVsZ2A' because it violates the following Content Security Policy directive: "img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org fonts.gstatic.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .ubembed.com *.redditstatic.com alb.reddit.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	object-src 'none'; script-src 'self' 'nonce-NTRkNGFiMGVjMTY3NDA5YWFiMmRjOWNjNDVlZDBhOTk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://.vimeo.com https://.vimeocdn.com https://j.6sc.co https://b.6sc.co https://.6sc.co https://epsilon.6sense.com https://.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://.on24.com https://.ceros.com https://.js.ubembed.com https://assets.ubembed.com https://.redditstatic.com; img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org fonts.gstatic.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .ubembed.com *.redditstatic.com alb.reddit.com; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

725-smc-563.mktoresp.com
alb.reddit.com
apt.techtarget.com
assets.ubembed.com
attr.ml-api.io
b.6sc.co
bat.bing.com
bootstrap.api.drift.com
builder-assets.unbounce.com
c.6sc.co
c.clarity.ms
cdn.cookielaw.org
code.jquery.com
content.secureworks.com
embeds.driftcdn.com
epsilon.6sense.com
extend.vimeocdn.com
f47fc87cb1114490b08a513d8c97555c.events.ubembed.com
f47fc87cb1114490b08a513d8c97555c.js.ubembed.com
f47fc87cb1114490b08a513d8c97555c.pages.ubembed.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.clarity.ms
j.6sc.co
js.driftt.com
metrics.api.drift.com
munchkin.marketo.net
px4.ads.linkedin.com
s.ml-attr.com
script.crazyegg.com
scwx.annuitas.io
secure.adnxs.com
snap.licdn.com
stats.g.doubleclick.net
trk.techtarget.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.redditstatic.com
www.secureworks.com
c.clarity.ms
i.clarity.ms
metrics.api.drift.com
px4.ads.linkedin.com
www.google.de
104.111.233.140
104.89.28.179
142.250.186.98
143.204.98.49
143.204.98.58
143.204.98.64
143.204.98.69
151.101.114.109
151.101.129.140
151.101.193.131
18.198.223.123
185.33.221.15
192.28.144.124
2001:4de0:ac18::1:a:1b
206.19.49.24
2600:9000:2156:8000:12:3734:2a40:93a1
2606:4700::6810:9440
2606:4700::6812:15c
2606:4700::6813:9408
2620:12a:8001::2
2620:1ec:c11::200
2a00:1450:4001:801::2004
2a00:1450:4001:803::2003
2a00:1450:4001:808::2008
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200e
2a00:1450:4001:82a::200a
2a00:1450:400c:c06::9b
2a02:26f0:f7::5c7b:e053
2a02:26f0:fb::5f65:591a
2a04:4e42::396
3.126.202.50
3.224.182.56
3.94.218.138
40.71.249.187
50.16.7.188
68.67.153.60
0049c42b57e92164c558905bff7c17441afe55dc569f0062162e77a532964b80
0055b9d0429e9c194b4aa6b5f49cbc2ec31a7220ee7c8c186a9ee951feabd482
01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03
04e1c3fc051d24e92ccc9b0b355c6823be266bdea796ddd99765b925d74b3155
05c1b18ed199fea9af5168c7769dff2cd69f02706fa2568ab2e305be8dfb9c52
05cabe7487623179e44de0352284c619f4731e53df0b11153b6daa5252fe3c2e
083ec931e5517a4ab713afbe9561e72b9186cb54e21b8b1eface9caefb54a966
08681ba3da35c665e877f6f9a6e158ff94b4d96c363610cdb061ebb79a718c35
088e1ef91a320f014eecd7495cedfa7fee5e167cadaf55545ce137f4ff749ba8
0973d40446558222d3aa53e9a66f2405dbe3b423cf6788fc948980f979b96e14
09c0b7b60db62cc9d8632e7721ab048bb1b0349e4140e050dfe82d7373ca1dc7
0a8b1ef45e2622985d8d86e6317525253a50b84b7a37e92b14f2af14f430e10e
0b821e9188e4ca0128ecb7e47b784477caacd1cb62e91f3da5ce28db1677ad69
11d5ce34f206afb82ddf5e90ac14a2572bf9ee7177623d3a22d961d14bbd71ae
154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733
160371118ad2e4d470bc6801bb253ec18332e7b6fb7225bb6d365a99bdb99d22
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1787cb259c57ce6cd27152c77d90363b2917ff8b5f34dd377f691042d787e408
1a914a4b01d30dc7a83ccf4407787ab02647c601e2e9b174f49cbd190de57313
1a938735cf14d8329a7b1c12b0a4ed99c3d9f43aba11d1fc326cc5a3159250f0
1cbf80f7d71564dc48af2c5d6bb5d15fc2aec0d541101c5eedf84bad1b908cab
22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538
24849b91ee6d5f169a67d0f0f316ec3d3e7b62454b4a87a3138eb5b87465676c
24e73de2a358637128c858049f6fc4eb4a1367d2d4a6ce78eb920d0e6718aeaf
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
28bcc7544d834800d3a9bd303e75760c4870922e74da532d7f977f0e2733bd0e
29a95f3c5a96517e30a03e43d9ada4754a5876ef8b77b9e7e20b56fed8dbadb1
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3449046e95044587d2622440340a8ecb968922a943be39f29398953cadcd0fd9
3c37aa4bbe3d560e5e96f36ee9b5d5e43ee6572ed49e018bbef9dd1d0fa95200
3ff5e46e97edbe794ecf0c917de78c1ebded3ffd180442254b8dcd670e7a43a5
4038a666dfd5af607a0374ad6e934cf1007e78da69329dbc341eaf757bb38beb
42166c909b8db5b9d362bfc1c28a3f7e06f109aa449a70b3bd293a6e6bf62ac2
434b4eacae6f8a95017aa508494f9ba6eca27cf92d489cbf7ea7948dea697f30
48e26fd79bb7b8afa1bdc9102f52da170e62003e6cc892e8688a4ed2795cfa19
49114a6bc42cdf0244b9ceb6ea948ea1f3f5f54c392b6cbd00dfa52d68b0e3b4
495c28386dc142ebbf32802bfeae197ff3ce62a099352005ddcdc7eb5e0437fd
49c6f7925a020059af53cab3baa5d2ea485e6807744ba07f1b2e90ee47266a44
4b275cc1f0b00b80ea4cfaea94ad959cd55496b2805d17aa98a3c6662aa3ecb9
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f57ca16dad5c8349cfc0fc72f098190018b5cdf67b557ab728757dd8b9b91a6
4fc909037816a7b5425869f6390aa79a7c1c5fc718e2b89af25bccc684e330bc
50f6d5d4c63ae14f65d7a8a91f989edd305a348fdd279c1dd69b94403d64ac46
555dbe6e8914f46e2aee82c379578e8b255b67d322a1028c84c4b166724e6115
5637cf734c930f3478b16ca991f4538149a9a851e6a5008419c366e78f9dfdfa
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
566639f88e650ada50f7f5a70d52efdd262905b7114ddffd26893b7727493a7f
578cda2391db4e4d761ae5c4f05c03614d0ea8fec0b260edc036cc0bbdfcdd93
5795e2a337cc0723559ecb317b533b2d3045834b0341dc1db4e6e20d2c51e751
597db45871e5a6bbcd96befbf4c8a515a136fe8d296d055dc99d907f9d85fc42
5a9e4352db3a1f75caf77c79146fd0f059ba043d692bae117b2d291d0c4ac7ad
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
636309970e00bf50e5b3ce21ab8cffc1510b5fd4b65a0b872ba30a17c4baf8b4
643284a0eca0e88605a52952545149695d41d4a6f057d897bedf92a24e32c573
652693cf351da926038bb19decb41b5b58f439e786b26a1a32e9498b2390b9bc
67339ddd57bfadccc7db0301c04748abfd5fe9f6ea21b0b9afa5e03aeb080fe6
6754bd59e77debd17bde0e93a50f3e0c70322c34fd3496dc3f19167db71d77d8
690ffa4f3709f9f45b28bdab7637e0da04880aee1d2d4e9caf4af0a99782a2ac
6af56e74074849b0ce5c63c9a08d8f756fa79c9ee18a5fa186af3842453a4431
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ea7a93c8ebfad551e99cdaaa0a938bbcc596a915c1adced1e849091e02a7b83
6f42b6c665dcf733e6a6a5bea4d0f72f5f64d125fc43fe98342d901ca22e97dc
709030cab6e33ca60c369554f31becd83dbfe4c17dc37e17aefd3aba8d862d1c
71160cdda04762147f200673de4fdd9e120fdb69b2d4fe06bce3cea06f042bce
7941c043b215ecc58d18e696d42abbd225eb0baa075cb5e31027725cc5312fce
7b787207f29ffd5672ab91b95f681b387b4d6433081cc8b47070f1d564827863
7c130e776a1e117ef34134e0fb6df9e18c5262e743b6691e0ebbb2fd8e0a14a4
7d1cb2b23d69cfcd9a563d9c13160927020f1da9b829cbe85a35aa9b51f23ad4
7da757ad43c01d901b01ffffb3957a91496aa32a9324223e28881d4876c687b4
7fac9a43ab09cf21eafe26af20439d52313fa761cf6100c10ef950a6af22f7d4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
886a93ca3a6fcf54b94c732fd7dfd6f71cc565becde552456d2b78bfa4b83907
8d06b89fce1308b54fc204a2ea41e96ad6a034c075dbf396eea0611b71ffa7a6
8e7bdf7c5e7d66b6d31e8170e4866f29594a10be1f9cebf68d3e2d1ee56645a1
91bfe05478e9aa562a5b0f3fe991e6b7201d4282312c48d0fc71b3f5ae7f03ca
931763386856012b8fe9f66d734a85f0baa25b4aa987fbad058686853d2dee5e
9445839ba8dab4b0346792445f963656ccc927d00d169f13337e4b4aee424490
98eeaeae353fe37b4b82cafa82ebd450fb7aebcd9f8e98f776c75bdb895ac94a
99022a865cce87b2f6becbfc22e119559c09cb81b45046c256e86fc0d411b5b7
9c29517d31f5827419cfb4f4ff8cd13b478ec5345cfbb24e4f02072c723a87e7
9d8f8c89a5f7c90adc5196d1c10fe3e8c46d16cb8d24de13ade83de53183027d
9ea409afd6c0ce419f7b3f83e1d244b013a9b1970d6fabbe64f501ea18a087e9
9eb064a8d93265a1b1bb725f0db9c1d209a4efdae9eca7ddc67a094755c64b4f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a290010dab515f65c01859cd6b0671ea03c3ac0b18605f840ac0d35be98edeb5
a5ad436c025c2a03ccc5672aed9469ac98d22b73df5b1d20ed2adb46c0c4daf9
aa974801b32114fee16b18ee57d0c14b8e23a8a690830f425c4054ca2b629ace
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
acc248ead4890c65f3e2792cfe555e4d98c961f4b564bc4a77e86270dd3051f7
b1ccb8141195307117c737c7f49f99de131fb55290a5f4c1431cc74ca93119dc
b2c7d381de1380af12794a061f0d019a1ce49d8861287cf440c6c32895b021c8
b4fd7745608bc8211290cef91c3b48851932aebabf34e9385161c60c1ac740c4
b5ecd7807e3023d657d18fbe832848e8e65843843ebd748f7225e314b17d5221
b639e2522457e537b9193fb4b466f0b4148dfdb105bb0fd8adbc5e10b0ac5b2f
b777ccbe9576f16bf6f9bc222c6c98fbff019365b13a1beee3571da3458657fb
b82be24736519b8e5beb6d622bed3d7f481da9bacf8374352065d1cf252dc244
b9ddcbc73a2a42b603661b51028d38aba3374f67385f3307e1cfcebdee2f4838
baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f
bb0a60a6f91d085789101283e6cab2782ab60f6182229a962695d408a3cd7ca3
bcbd06d7dc147cdae6c66f391b58c0dc2f4cc38c76faab631d55424d4f4327f1
bd713db29fb234eb7584927050df71683e11b7b72bda4fcf72a88f8a7ff2f56d
bdbf0bb9b89e4db6550fc67b627a228a48f5f43d2192fe2cdf1c00bc9758a5ee
bf9d0298b63fbe99111777ab348072f388be98bfdabc5cbde4a77a8ba3cdebc1
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c33ab8655e80769351936d13d3677b7adab9df9dfe0181cb892c604275d11965
c414c4b0d50c45bc35cd0beae9dd6e255bc68bb44b7f2298f55ad4e1ba9efec0
c5697e7e3841c92374d2ac914ff958a51c1f4e4e6d6cee0d6885d99f1b08c797
c5ca0ad73064122932dddb8b1a95ce78abd25cb76569bbb0c7381356bee1dd0e
c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
d36d8a76a8b7d7fe8655db34eb54e4a4b6d422cdd1a67810d3dd5c014edb14e4
d64e3512a14d94fc0807a70eccafd1ad6010aab4d91d552f8e3c4d310bff64ce
db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0
dc832faf8ca21fb791b9abb9a3ba334ef3e31914317791dd53510b8a24d0621d
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dcfc540946183ee12e6ccb43e706ad1a30b4f0205c25adcfa316829075f94a31
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e15964e99885773ed504cde4f88ca1340f456a2eccbffe16b6fab9a9a57b85f3
e15a809168d9a16a22e0c2428da1fb9541e4288724ad734efd66ef6bafee52d9
e22d8390d4fd01f09018ae12091ad575055077380fee90c7230f27075a2e91a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e41e2b5c9df3073d6f7da0080ad2f3eca4994ab372d2f65fa76b14f8868663ec
e7c12919276df9a9ef997b0d765b29804fb2039a888f209748b967b3bcc8e9cf
e7e2024764e94bff400b354a7cb714ab75f1b9fd4b3fb09de18dca2d6c2e56a5
e868d39bbb74d42dffcee0cb1a50ecd105e1a1737d9080246dbdd54a8206d8f0
e99a52151c294c42df9ab0df1048d2403af8d1cf94817c26c706c8d75d002743
ea4f89d331cbce9724c0a09b22f25a0a17df08ef16d32491e5bf5c9a77b0c7e3
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ed4fc5c094fbb414b3cd56bc1d0773e7806be2f4c74bd887692800abed4e7ad1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef593584d9432b51ed1cec6f58f844bfa6f81ef0fe27fd9404e400e1346fa09b
f163adc98c32449a8998e210df2446710a6e002fc53b82575eff904deb5eb3bc
f2e03f1c7ddfce35dd62b9250144db20f06c5962f0a0eb99228bcec82c98a7f6
f48829864ffd155da0360e19be956282b6875173f8990394e93bc7c30c97a3ed
f5065f6122d90791f6d4f51690023dbb0bb99c31f2e804dd86e2f818701034fc
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f9163f3372bf09f2bcb3c8fa8b218443c557dbb32c78a36ee9221ca5abf8b193
f9a31c7362a9fab467cf8bec201cee19f57955bc32a1864d13d457a307695e75
fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f
fe8d0e6533b5e64fe2af6c2740160c4776b6942e1a94cad2ef14afab2566447f
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.secureworks.com Open in urlscan Pro 40.71.249.187 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

201 Requests

96 %HTTPS

46 %IPv6

33 Domains

43 Subdomains

37 IPs

4 Countries

2828 kBTransfer

6425 kBSize

35 Cookies

37 Outgoing links

Redirected requests

201 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.secureworks.com Open in urlscan Pro
40.71.249.187 Public Scan

Screenshot
Live screenshot

Full Image

201
Requests

96 %
HTTPS

46 %
IPv6

33
Domains

43
Subdomains

37
IPs

4
Countries

2828 kB
Transfer

6425 kB
Size

35
Cookies

201 HTTP transactions
0 data transactions