go.druva.com Open in urlscan Pro
104.17.73.206  Public Scan

8 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53

• https://www.google-analytics.com/r/collect?v=1&_v=j73&a=2105012944&t=pageview&_s=1&dl=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&ul=en-us&de=UTF-8&dt=Druva%20%7C%20Register%20for%20Breaking%20Down%20the%20Relentless%20Risk%20of%20Ransomware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=KGBAAEADQ~&jid=97486560&gjid=899768842&cid=392709635.1554802364&tid=UA-6394227-1&_gid=42185525.1554802364&_r=1&z=367955743 HTTP 302
• https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6394227-1&cid=392709635.1554802364&jid=97486560&_gid=42185525.1554802364&gjid=899768842&_v=j73&z=367955743 HTTP 302
• https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6394227-1&cid=392709635.1554802364&jid=97486560&_v=j73&z=367955743 HTTP 302
• https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6394227-1&cid=392709635.1554802364&jid=97486560&_v=j73&z=367955743&slf_rd=1&random=2055289563

Request Chain 74

• https://d.adroll.com/pixel/XGPGHTBBXVEL5IW3AFPLFA/BFO6MDGG3ZGZJGXY24JK5X?adroll_fpc=8e30b554124e7170ef1c25de25828840-1554802364866&pv=9935163701.914408&cookie=&adroll_s_ref=&keyw=&arrfrr=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html HTTP 302
• https://s.adroll.com/pixel/XGPGHTBBXVEL5IW3AFPLFA/BFO6MDGG3ZGZJGXY24JK5X/6AN5QCCS4JHA5ETA7MFY4R.js

Request Chain 79

• https://d.adroll.com/cm/aol/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://pixel.advertising.com/ups/55980/sync?uid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
• https://pixel.advertising.com/ups/55980/sync?uid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

Request Chain 80

• https://d.adroll.com/cm/index/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&expiration=1586338365 HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&expiration=1586338365&C=1

Request Chain 81

• https://d.adroll.com/cm/n/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&expires=365

Request Chain 82

• https://d.adroll.com/cm/outbrain/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://sync.outbrain.com/adroll/pixel?user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg

Request Chain 83

• https://d.adroll.com/cm/pubmatic/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 84

• https://d.adroll.com/cm/taboola/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg

Request Chain 85

• https://d.adroll.com/cm/triplelift/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://eb2.3lift.com/xuid?mid=4714&xuid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&dongle=c85e HTTP 302
• https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&dongle=c85e&gdpr=1&cmp_cs=

Request Chain 86

• https://d.adroll.com/cm/r/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 87

• https://d.adroll.com/cm/b/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://x.bidswitch.net/sync?dsp_id=44&user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg HTTP 302
• https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg

Request Chain 88

• https://d.adroll.com/cm/x/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://ib.adnxs.com/setuid?entity=172&code=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg

Request Chain 89

• https://d.adroll.com/cm/l/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://idsync.rlcdn.com/377928.gif?partner_uid=9924df0449d23977b4c9f07f885dc008

Request Chain 90

• https://d.adroll.com/cm/o/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA HTTP 302
• https://us-u.openx.net/w/1.0/sd?id=537103138&val=9924df0449d23977b4c9f07f885dc008 HTTP 302
• https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=9924df0449d23977b4c9f07f885dc008

Request Chain 91

• https://d.adroll.com/cm/g/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA&google_nid=adroll5 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=mSTfBEnSOXe0yfB_iF3ACA&google_ula=1535926 HTTP 302
• https://d.adroll.com/cm/g/in?google_ula=1535926,0

Request Chain 95

• https://px.ads.linkedin.com/collect/?time=1554802366009&pid=473852&url=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&fmt=js&s=1 HTTP 302
• https://px.ads.linkedin.com/collect/?time=1554802366009&pid=473852&url=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&fmt=js&s=1&cookiesTest=true

103 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Show response go.druva.com/	87 KB 15 KB	185ms 113ms	Document text/html	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 2e385cb42d1f0678b1da4b24673262cb67e2103879dc5aef16040f8047612c03 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers :method GET :authority go.druva.com :scheme https :path /EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 date Tue, 09 Apr 2019 09:32:43 GMT content-type text/html; charset=utf-8 set-cookie __cfduid=dbeb467a1fd4e5c0a765b9194a04977751554802363; expires=Wed, 08-Apr-20 09:32:43 GMT; path=/; domain=.go.druva.com; HttpOnly BIGipServerab07web-nginx-app_https=!JFNUfc7rqRTVT4Nybf/nLIVwOTHiDhYy3m0w2tfUEJUb8rJqo9Xxh3tUHVO/f5q1Mb4fRvKMG86+rYU=;Path=/;Version=1;Secure;Httponly x-frame-options SAMEORIGIN p3p CP="CAO CURa ADMa DEVa TAIa OUR IND UNI COM NAV INT" vary *,Accept-Encoding x-content-type-options nosniff x-cache-status HIT x-mkto-nginx-cache true expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 4c4b79b4aaae6b61-LHR content-encoding gzip
GET H2	200	iris_druva_lp_magnific_popup.css go.druva.com/rs/307-ANG-704/images/	7 KB 2 KB	112ms 110ms	Stylesheet text/css	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_magnific_popup.css Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash adeee452069bc3badbf0ceb38ae20cce460758198d3d8dd8df8f94a1dbabd24a Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/iris_druva_lp_magnific_popup.css pragma no-cache cookie __cfduid=dbeb467a1fd4e5c0a765b9194a04977751554802363; BIGipServerab07web-nginx-app_https=!JFNUfc7rqRTVT4Nybf/nLIVwOTHiDhYy3m0w2tfUEJUb8rJqo9Xxh3tUHVO/f5q1Mb4fRvKMG86+rYU= accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:43 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED status 200 content-length 1896 last-modified Sat, 16 Mar 2019 02:09:51 GMT server cloudflare etag "326513-1c70-5842ca69494be" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b57b776b61-LHR expires Tue, 09 Apr 2019 09:33:43 GMT
GET H2	200	iris_druva_lp_style_0604.css go.druva.com/rs/307-ANG-704/images/	24 KB 5 KB	122ms 120ms	Stylesheet text/css	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 8f6d2f3a3f5ecc43310a77e0d44039050b7bf27f41c1fc6d225e666e3a1ad10e Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/iris_druva_lp_style_0604.css pragma no-cache cookie __cfduid=dbeb467a1fd4e5c0a765b9194a04977751554802363; BIGipServerab07web-nginx-app_https=!JFNUfc7rqRTVT4Nybf/nLIVwOTHiDhYy3m0w2tfUEJUb8rJqo9Xxh3tUHVO/f5q1Mb4fRvKMG86+rYU= accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:43 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED status 200 content-length 4766 last-modified Sat, 16 Mar 2019 02:09:51 GMT server cloudflare etag "326516-6093-5842ca6962716" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b57b796b61-LHR expires Tue, 09 Apr 2019 09:33:43 GMT
GET H2	200	iris_druva_lp_responsive_0117.css go.druva.com/rs/307-ANG-704/images/	14 KB 2 KB	120ms 118ms	Stylesheet text/css	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_responsive_0117.css Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash f50af29e83346e6368f5cca40221cd42e37273fd1051a8a0a836db42e68131ad Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/iris_druva_lp_responsive_0117.css pragma no-cache cookie __cfduid=dbeb467a1fd4e5c0a765b9194a04977751554802363; BIGipServerab07web-nginx-app_https=!JFNUfc7rqRTVT4Nybf/nLIVwOTHiDhYy3m0w2tfUEJUb8rJqo9Xxh3tUHVO/f5q1Mb4fRvKMG86+rYU= accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:43 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED status 200 content-length 2442 last-modified Sat, 16 Mar 2019 02:09:51 GMT server cloudflare etag "326515-3721-5842ca695fc1e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b57b7b6b61-LHR expires Tue, 09 Apr 2019 09:33:43 GMT
GET H/1.1	200 OK	SmartForms.js Show response d12ulf131zb0yj.cloudfront.net/	3 KB 2 KB	52ms 7ms	Script text/javascript	143.204.101.111 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://d12ulf131zb0yj.cloudfront.net/SmartForms.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.111 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-111.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 6f2e931d312ab97641354964c61a9686edb316b0869162beb90a7411912ff9db Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 02 Apr 2019 16:35:08 GMT Content-Encoding gzip Last-Modified Tue, 02 Apr 2019 16:34:38 GMT Server AmazonS3 Age 60909 Vary Accept-Encoding X-Cache Hit from cloudfront x-amz-version-id 9wCjSkfCpdY2SgkOLrUsbMxKzj3qLJt2 Via 1.1 80c1ad5f9352d00b95a9da73eb6b6be5.cloudfront.net (CloudFront) Transfer-Encoding chunked Connection keep-alive Content-Type text/javascript X-Amz-Cf-Id yRTwudzvdVOf4J2O7L83BzPqtw7jq9eP-vstFvcdJqYrVdYNboj_bQ==
GET H2	200	1510860427089_logo.png go.druva.com/rs/307-ANG-704/images/	4 KB 4 KB	118ms 117ms	Image image/png	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_logo.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 33ca4e532aa4feb963643e26b8cc95bd4d876f7ee8252457957477e2a85e1578 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_logo.png pragma no-cache cookie __cfduid=dbeb467a1fd4e5c0a765b9194a04977751554802363; BIGipServerab07web-nginx-app_https=!JFNUfc7rqRTVT4Nybf/nLIVwOTHiDhYy3m0w2tfUEJUb8rJqo9Xxh3tUHVO/f5q1Mb4fRvKMG86+rYU= accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:43 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:09:51 GMT server cloudflare etag "326514-112e-5842ca695f44e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b57b7d6b61-LHR content-length 4398 expires Tue, 09 Apr 2019 09:33:43 GMT
GET H2	200	1510860427089_logo_main.png go.druva.com/rs/307-ANG-704/images/	5 KB 5 KB	114ms 113ms	Image image/png	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_logo_main.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 4eb431a489b22f4aac9de3b34d0133aad1bdb26bd04abcd91c14700a55559b8c Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_logo_main.png pragma no-cache cookie __cfduid=dbeb467a1fd4e5c0a765b9194a04977751554802363; BIGipServerab07web-nginx-app_https=!JFNUfc7rqRTVT4Nybf/nLIVwOTHiDhYy3m0w2tfUEJUb8rJqo9Xxh3tUHVO/f5q1Mb4fRvKMG86+rYU= accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:43 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:09:52 GMT server cloudflare etag "32651e-1276-5842ca6a5cee5" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b57b7f6b61-LHR content-length 4726 expires Tue, 09 Apr 2019 09:33:43 GMT
GET H2	200	email-line.png go.druva.com/rs/307-ANG-704/images/	142 B 271 B	116ms 112ms	Image image/png	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/email-line.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash d3be4a1b5f260f4e182d7b006a452959bab3900fa0096fe30f3b5afd1ed6c02d Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/email-line.png pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status REVALIDATED last-modified Sat, 16 Mar 2019 02:08:39 GMT server cloudflare etag "44157b-8e-5842ca2488954" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b73d266b61-LHR content-length 142 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	salesforce-logo.png go.druva.com/rs/307-ANG-704/images/	10 KB 10 KB	115ms 112ms	Image image/png	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/salesforce-logo.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash ad8636dd68c6bfe2861f5e8851c7ae74efd1e2b94bb3c877a02492b0987115a2 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/salesforce-logo.png pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:49:21 GMT server cloudflare etag "3265d7-261e-5842d33ccf49b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b73d286b61-LHR content-length 9758 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	1300x350-landing-page-banner-aberdeen-webinar-v1.png go.druva.com/rs/307-ANG-704/images/	302 KB 303 KB	142ms 123ms	Image image/png	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/1300x350-landing-page-banner-aberdeen-webinar-v1.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 54028ab26c1665d8f93d859f900c31cdf65407798194e61b0f7e2b0b6a740ba7 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1300x350-landing-page-banner-aberdeen-webinar-v1.png pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 14:45:21 GMT server cloudflare etag "326809-4b8b6-58437346bd92b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b82de46b61-LHR content-length 309430 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	derek_brink.png go.druva.com/rs/307-ANG-704/images/	29 KB 29 KB	29ms 28ms	Image image/png	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/derek_brink.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 5b474407b5e9a0f7a915c93f80c065f12b433d7503d586b2c4d70a04a809c647 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/derek_brink.png pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status HIT last-modified Mon, 18 Mar 2019 15:18:43 GMT server cloudflare etag "44158b-74db-5845fe777429f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b75d426b61-LHR content-length 29915 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	curtis-260x260.png go.druva.com/rs/307-ANG-704/images/	111 KB 111 KB	33ms 33ms	Image image/png	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/curtis-260x260.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 28f52b6464111f01028a7b881836e018da7d99fb423eba9e2797e9a9947a832c Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/curtis-260x260.png pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status HIT last-modified Tue, 02 Apr 2019 16:09:04 GMT server cloudflare etag "44157d-1bac9-5858e5b200375" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b75d436b61-LHR content-length 113353 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	forms2.min.js Show response go.druva.com/js/forms2/js/	169 KB 57 KB	38ms 38ms	Script application/x-javascript	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/js/forms2/js/forms2.min.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash e05ee3b08e61c7bd7c2335983724c78cf408623c53f3132b4771b9caa77ff0a9 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /js/forms2/js/forms2.min.js pragma no-cache accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept */* cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:43 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Mon, 11 Mar 2019 21:07:48 GMT server cloudflare etag "341ece-2a232-583d7f6f4d100" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/x-javascript status 200 cache-control public, max-age=14400 set-cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363; expires=Wed, 08-Apr-20 09:32:43 GMT; path=/; domain=.go.druva.com; HttpOnly cf-ray 4c4b79b62c4a6b61-LHR expires Tue, 09 Apr 2019 13:32:43 GMT
GET H2	200	lp_hero-small_261x332.jpg go.druva.com/rs/307-ANG-704/images/	18 KB 18 KB	350ms 331ms	Image image/jpeg	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/lp_hero-small_261x332.jpg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash f389fd5f127b3745ee98808562a16a0f1aa7e0dbf1f48ae80236714c1c12600a Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/lp_hero-small_261x332.jpg pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status REVALIDATED last-modified Sat, 16 Mar 2019 01:59:13 GMT server cloudflare etag "441559-4895-5842c8088a9aa" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b82de56b61-LHR content-length 18581 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	lp_image-large_555x310.jpg go.druva.com/rs/307-ANG-704/images/	24 KB 24 KB	158ms 140ms	Image image/jpeg	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/lp_image-large_555x310.jpg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 791cf9163ac24f98710ce299900a2981639b3759e03821743508ba995587b8f7 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/lp_image-large_555x310.jpg pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:09:53 GMT server cloudflare etag "32651f-5f28-5842ca6aa205d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b82de66b61-LHR content-length 24360 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	sarah-beaudoin1-250x250.jpg go.druva.com/rs/307-ANG-704/images/	23 KB 23 KB	124ms 119ms	Image image/jpeg	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/sarah-beaudoin1-250x250.jpg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 34f1cd13f0cefc27d6c705263bf52598514a66cd8c98f04ae71b679863aa4e01 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/sarah-beaudoin1-250x250.jpg pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:49:21 GMT server cloudflare etag "3265da-5d26-5842d33db6bba" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b82dea6b61-LHR content-length 23846 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	lp_image-medium_260x260.jpg go.druva.com/rs/307-ANG-704/images/	7 KB 7 KB	119ms 118ms	Image image/jpeg	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/lp_image-medium_260x260.jpg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash b11d3bf07564316aa3c93061cf98ede3209c5df6bdbf68d6c98a3096f3246634 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/lp_image-medium_260x260.jpg pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363; _ga=GA1.2.392709635.1554802364; _gid=GA1.2.42185525.1554802364 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:10:52 GMT server cloudflare etag "326524-1c07-5842caa3398df" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b8ee906b61-LHR content-length 7175 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	lp_speaker_260x260.jpg go.druva.com/rs/307-ANG-704/images/	18 KB 18 KB	166ms 165ms	Image image/jpeg	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/lp_speaker_260x260.jpg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 20e65d2e175239553df32bbc38bd281d71f14021bbc83b67dcecc77938c0ad70 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/lp_speaker_260x260.jpg pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363; _ga=GA1.2.392709635.1554802364; _gid=GA1.2.42185525.1554802364 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:10:52 GMT server cloudflare etag "326525-471b-5842caa35003f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b91ec66b61-LHR content-length 18203 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	lp_sponsor-logo-large_360x220.jpg go.druva.com/rs/307-ANG-704/images/	31 KB 31 KB	127ms 124ms	Image image/jpeg	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/lp_sponsor-logo-large_360x220.jpg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 7a15238dc4d877ee6ae86b2b8aeae737d18fee52293bb07db2d96739771b9f52 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/lp_sponsor-logo-large_360x220.jpg pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363; _ga=GA1.2.392709635.1554802364; _gid=GA1.2.42185525.1554802364 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status REVALIDATED last-modified Sat, 16 Mar 2019 01:59:14 GMT server cloudflare etag "44155d-7b02-5842c80929c88" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b91ecd6b61-LHR content-length 31490 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	lp_sponsor-logo-small_260x160.jpg go.druva.com/rs/307-ANG-704/images/	29 KB 29 KB	118ms 115ms	Image image/jpeg	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/lp_sponsor-logo-small_260x160.jpg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 7902d9ac687b748c1fe761fc2f917ab715952d89482db4b31ff1b51ff35af85f Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/lp_sponsor-logo-small_260x160.jpg pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363; _ga=GA1.2.392709635.1554802364; _gid=GA1.2.42185525.1554802364 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:10:52 GMT server cloudflare etag "326527-7324-5842caa3ae7f6" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b92ee06b61-LHR content-length 29476 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	lp_asset_250x180.jpg go.druva.com/rs/307-ANG-704/images/	16 KB 16 KB	113ms 112ms	Image image/jpeg	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/lp_asset_250x180.jpg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash b868553e6104cae70dc2c0f77bfb339d7e8b4bb105abcd6d0b3ca5763afd51a9 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/lp_asset_250x180.jpg pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363; _ga=GA1.2.392709635.1554802364; _gid=GA1.2.42185525.1554802364 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:10:53 GMT server cloudflare etag "326528-3f8b-5842caa3bce6e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b9af7c6b61-LHR content-length 16267 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	druva-linkedin-badge.png www.druva.com/images/	735 B 954 B	381ms 105ms	Image image/png	104.196.126.195 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.druva.com/images/druva-linkedin-badge.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.196.126.195 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS 195.126.196.104.bc.googleusercontent.com Software nginx / Resource Hash 28228dec6e2f8ec90f7ea8fcb4d0683806e9f091cc4d42f97272774c34759eb7 Request headers :path /images/druva-linkedin-badge.png pragma no-cache accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority www.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-type static/generic date Tue, 09 Apr 2019 09:32:44 GMT last-modified Sat, 12 May 2018 14:09:59 GMT server nginx status 200 etag "5af6f5b7-2df" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=2592000 accept-ranges bytes content-length 735
GET H2	200	druva-twitter-badge.png www.druva.com/images/	698 B 917 B	484ms 209ms	Image image/png	104.196.126.195 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.druva.com/images/druva-twitter-badge.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.196.126.195 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS 195.126.196.104.bc.googleusercontent.com Software nginx / Resource Hash d292739c2832f55ebae89085448850da99bb9aafdefcd88b9828f2abcd7e00b1 Request headers :path /images/druva-twitter-badge.png pragma no-cache accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority www.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-type static/generic date Tue, 09 Apr 2019 09:32:44 GMT last-modified Sat, 12 May 2018 14:04:54 GMT server nginx status 200 etag "5af6f486-2ba" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=2592000 accept-ranges bytes content-length 698
GET H2	200	druva-instagram-badge.png www.druva.com/images/	2 KB 2 KB	382ms 106ms	Image image/png	104.196.126.195 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.druva.com/images/druva-instagram-badge.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.196.126.195 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS 195.126.196.104.bc.googleusercontent.com Software nginx / Resource Hash 61a4b00ba93273fbbffadb8efa4cdd334de2afc448f9d25dce007403524e285d Request headers :path /images/druva-instagram-badge.png pragma no-cache accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority www.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-type static/generic date Tue, 09 Apr 2019 09:32:44 GMT last-modified Thu, 13 Dec 2018 22:05:04 GMT server nginx status 200 etag "5c12d790-6a8" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=2592000 accept-ranges bytes content-length 1704
GET H2	200	druva-facebook-badge.png www.druva.com/images/	680 B 898 B	371ms 107ms	Image image/png	104.196.126.195 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.druva.com/images/druva-facebook-badge.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.196.126.195 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS 195.126.196.104.bc.googleusercontent.com Software nginx / Resource Hash b365de2dd1814720ef4d6311f7677a17b4a5d9a6fecc7b26fc9da22ed7dff0fa Request headers :path /images/druva-facebook-badge.png pragma no-cache accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority www.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-type static/generic date Tue, 09 Apr 2019 09:32:44 GMT last-modified Sat, 12 May 2018 14:06:30 GMT server nginx status 200 etag "5af6f4e6-2a8" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=2592000 accept-ranges bytes content-length 680
GET H2	200	druva-blog-badge.png www.druva.com/images/	810 B 1 KB	452ms 208ms	Image image/png	104.196.126.195 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.druva.com/images/druva-blog-badge.png Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.196.126.195 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS 195.126.196.104.bc.googleusercontent.com Software nginx / Resource Hash 4c174a01e16b660b1d880acfff531c6244ea7bbf5de5b1c020713f8a58e4f838 Request headers :path /images/druva-blog-badge.png pragma no-cache accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority www.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-type static/generic date Tue, 09 Apr 2019 09:32:44 GMT last-modified Sat, 12 May 2018 22:49:43 GMT server nginx status 200 etag "5af76f87-32a" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=2592000 accept-ranges bytes content-length 810
GET H2	200	1510860427089_jquery_min.js Show response go.druva.com/rs/307-ANG-704/images/	91 KB 32 KB	125ms 124ms	Script application/x-javascript	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_jquery_min.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 20719d5458ca61b80d85d70c25b831c77ad999499190d1f45844c2a0dca909dd Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_jquery_min.js pragma no-cache accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept */* cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:43 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED status 200 content-length 32945 last-modified Sat, 16 Mar 2019 02:09:52 GMT server cloudflare etag "326517-16b8f-5842ca699400e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=60 set-cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363; expires=Wed, 08-Apr-20 09:32:43 GMT; path=/; domain=.go.druva.com; HttpOnly accept-ranges bytes cf-ray 4c4b79b63c526b61-LHR expires Tue, 09 Apr 2019 09:33:43 GMT
GET H2	200	1510860427089_jquery.magnific_popup.js Show response go.druva.com/rs/307-ANG-704/images/	45 KB 14 KB	131ms 131ms	Script application/x-javascript	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_jquery.magnific_popup.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash debb4142a4402a9b2089022fc47313200c7b48ae9e9c64c14859c1a94132e5e2 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_jquery.magnific_popup.js pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept */* cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED status 200 content-length 13777 last-modified Sat, 16 Mar 2019 02:09:52 GMT server cloudflare etag "326518-b2a4-5842ca699bd0e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b67c846b61-LHR expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	1510860427089_pace.js Show response go.druva.com/rs/307-ANG-704/images/	27 KB 6 KB	339ms 338ms	Script application/x-javascript	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_pace.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 7aeedbb362066cb37df75e57caea759f03d3a0ee2f979890b5a7eeab8f02270f Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_pace.js pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept */* cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status REVALIDATED status 200 content-length 6227 last-modified Sat, 16 Mar 2019 01:59:12 GMT server cloudflare etag "441553-6b6d-5842c80741428" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b70cf96b61-LHR expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	1510860427089_general.js Show response go.druva.com/rs/307-ANG-704/images/	3 KB 1 KB	123ms 119ms	Script application/x-javascript	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_general.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash d1a8e3f999f99d3cd4c3db47079a34ef038982c599f8787be475decaedfd3459 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_general.js pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept */* cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED status 200 content-length 915 last-modified Sat, 16 Mar 2019 02:09:52 GMT server cloudflare etag "32651a-a41-5842ca69a323e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b73d246b61-LHR expires Tue, 09 Apr 2019 09:33:44 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net//	1 KB 1 KB	66ms 8ms	Script application/x-javascript	184.31.84.223 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net//munchkin.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a184-31-84-223.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:44 GMT Content-Encoding gzip Last-Modified Fri, 05 Apr 2019 02:53:44 GMT Server Apache ETag "54520320df20b526337717d6d28181fc:1554432824" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Connection keep-alive Accept-Ranges bytes Content-Type application/x-javascript Content-Length 752
GET H2	200	stripmkttok.js Show response go.druva.com/js/	861 B 556 B	34ms 30ms	Script application/x-javascript	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/js/stripmkttok.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 1a1e1bdf1bfcc117c774f075f42d43917adc2c46e766b2d1a91c2399dc00ed01 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /js/stripmkttok.js pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept */* cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT status 200 content-length 448 last-modified Mon, 11 Mar 2019 21:07:48 GMT server cloudflare etag "3426ce-35d-583d7f6f4d100" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=14400 accept-ranges bytes cf-ray 4c4b79b73d256b61-LHR expires Tue, 09 Apr 2019 13:32:44 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	159 KB 32 KB	14ms 14ms	Script application/javascript	2a00:1450:4001:809::2008 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-KR7N5J Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:809::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Google Tag Manager (scaffolding) / Resource Hash 919aaa8d091f79ac57acaf3ab0880a7f83cd09b022f04256f588ff29a684a323 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding br last-modified Tue, 09 Apr 2019 01:31:58 GMT server Google Tag Manager (scaffolding) access-control-allow-origin http://www.googletagmanager.com vary Accept-Encoding content-type application/javascript; charset=UTF-8 status 200 alt-svc quic=":443"; ma=2592000; v="46,44,43,39" cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control content-length 32665 x-xss-protection 0 expires Tue, 09 Apr 2019 09:32:44 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	43 KB 17 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:820::200e Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:820::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Golfe2 / Resource Hash 3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 16 Jan 2019 20:01:45 GMT server Golfe2 age 17 date Tue, 09 Apr 2019 09:32:27 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 17543 expires Tue, 09 Apr 2019 11:32:27 GMT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/1.12.4/	95 KB 33 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:806::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js Requested by Host: d12ulf131zb0yj.cloudfront.net URL: https://d12ulf131zb0yj.cloudfront.net/SmartForms.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:806::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Sat, 09 Mar 2019 02:43:15 GMT content-encoding gzip x-content-type-options nosniff age 2702969 status 200 alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 33951 x-xss-protection 1; mode=block last-modified Tue, 20 Dec 2016 18:17:03 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sun, 08 Mar 2020 02:43:15 GMT
GET H2	200	1510860427089_GothamHTF-Light.woff2 go.druva.com/rs/307-ANG-704/images/	11 KB 12 KB	128ms 126ms	Font text/plain	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_GothamHTF-Light.woff2 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash ab8ff256b55c6ae1897dd44c23b616711fa3012a80eff4178e37262b92b40b35 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_GothamHTF-Light.woff2 pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 origin https://go.druva.com accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept */* cache-control no-cache :authority go.druva.com referer https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css Origin https://go.druva.com Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status REVALIDATED last-modified Sat, 16 Mar 2019 01:59:34 GMT server cloudflare status 200 etag W/"441562-2d90-5842c81cb4eff" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/plain access-control-allow-origin * cache-control public, max-age=60 cf-ray 4c4b79b74d2d6b61-LHR expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	1510860427089_GothamHTF-Medium.woff2 go.druva.com/rs/307-ANG-704/images/	15 KB 15 KB	117ms 116ms	Font text/plain	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_GothamHTF-Medium.woff2 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash aa26daa4db6deba8b66b5e296987371106a922b5ad58b64deca9b4430e376325 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_GothamHTF-Medium.woff2 pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 origin https://go.druva.com accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept */* cache-control no-cache :authority go.druva.com referer https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css Origin https://go.druva.com Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:09:52 GMT server cloudflare status 200 etag W/"32651d-3ba4-5842ca6a13b05" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/plain access-control-allow-origin * cache-control public, max-age=60 cf-ray 4c4b79b74d2e6b61-LHR expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	1510860427089_GothamHTF-Book.woff2 go.druva.com/rs/307-ANG-704/images/	13 KB 13 KB	145ms 145ms	Font text/plain	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_GothamHTF-Book.woff2 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 5f67d1db9ca900fb10f2e358a9c04420794f84bf24a80ce9e9d52efb3e8c441a Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_GothamHTF-Book.woff2 pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 origin https://go.druva.com accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept */* cache-control no-cache :authority go.druva.com referer https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css Origin https://go.druva.com Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:09:52 GMT server cloudflare status 200 etag W/"32651b-350c-5842ca6a0ba1d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/plain access-control-allow-origin * cache-control public, max-age=60 cf-ray 4c4b79b74d2f6b61-LHR expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	1510860427089_GothamHTF-Bold.woff2 go.druva.com/rs/307-ANG-704/images/	11 KB 11 KB	117ms 115ms	Font text/plain	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_GothamHTF-Bold.woff2 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash fdbeae8a16a907c65cff43bafb7bfb31d77447d4fe2d95bd4763f721dd0a0da3 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_GothamHTF-Bold.woff2 pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 origin https://go.druva.com accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept */* cache-control no-cache :authority go.druva.com referer https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css Origin https://go.druva.com Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status REVALIDATED last-modified Sat, 16 Mar 2019 02:08:39 GMT server cloudflare status 200 etag W/"44157e-2c64-5842ca24d1d33" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/plain access-control-allow-origin * cache-control public, max-age=60 cf-ray 4c4b79b74d306b61-LHR expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	forms2.css go.druva.com/js/forms2/css/	13 KB 3 KB	30ms 29ms	Stylesheet text/css	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/js/forms2/css/forms2.css Requested by Host: go.druva.com URL: https://go.druva.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b Security Headers Name Value Strict-Transport-Security max-age=63113904 X-Content-Type-Options nosniff Request headers :path /js/forms2/css/forms2.css pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT status 200 vary Accept-Encoding content-length 2610 last-modified Mon, 11 Mar 2019 21:07:48 GMT server cloudflare etag "362121-33f8-583d7f6f4d100" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=63113904 content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 4c4b79b7bd8c6b61-LHR expires Tue, 09 Apr 2019 13:32:44 GMT
GET H2	200	forms2-theme-inset.css go.druva.com/js/forms2/css/	3 KB 1 KB	26ms 25ms	Stylesheet text/css	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.druva.com/js/forms2/css/forms2-theme-inset.css Requested by Host: go.druva.com URL: https://go.druva.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 53386b51cdacd99baec553808a51cb6964b2a6e4b9db4c73d977c3d7311c76b6 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /js/forms2/css/forms2-theme-inset.css pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,*/*;q=0.1 cache-control no-cache :authority go.druva.com referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html :scheme https :method GET Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT status 200 content-length 953 last-modified Mon, 11 Mar 2019 21:07:48 GMT server cloudflare etag "362125-d86-583d7f6f4d100" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 4c4b79b7bd8e6b61-LHR expires Tue, 09 Apr 2019 13:32:44 GMT
GET H2	200	fpPvhU9ZEvc www.youtube.com/embed/ Frame 1F59	0 0	154ms 153ms	Document text/html	2a00:1450:4001:809::200e Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/embed/fpPvhU9ZEvc Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:809::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software YouTube Frontend Proxy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority www.youtube.com :scheme https :path /embed/fpPvhU9ZEvc pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Response headers status 200 p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info." cache-control no-cache strict-transport-security max-age=31536000 content-encoding br content-type text/html; charset=utf-8 expires Tue, 27 Apr 1971 19:44:06 EST x-content-type-options nosniff date Tue, 09 Apr 2019 09:32:44 GMT server YouTube Frontend Proxy x-xss-protection 0 set-cookie VISITOR_INFO1_LIVE=r9eGSweSOCc; path=/; domain=.youtube.com; expires=Sun, 06-Oct-2019 09:32:44 GMT; httponly GPS=1; path=/; domain=.youtube.com; expires=Tue, 09-Apr-2019 10:02:44 GMT PREF=f1=50000000; path=/; domain=.youtube.com; expires=Sun, 08-Dec-2019 21:25:44 GMT VISITOR_INFO1_LIVE=r9eGSweSOCc; path=/; domain=.youtube.com; expires=Sun, 06-Oct-2019 09:32:44 GMT; httponly YSC=9ulTs-RjFBc; path=/; domain=.youtube.com; httponly alt-svc quic=":443"; ma=2592000; v="46,44,43,39"
GET H2	200	js Show response www.google-analytics.com/gtm/	52 KB 20 KB	19ms 18ms	Script application/javascript	2a00:1450:4001:820::200e Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/gtm/js?id=GTM-NCHTW2C&cid=392709635.1554802364 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:820::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Google Tag Manager (scaffolding) / Resource Hash 602778a733b5347947fe941c6b6b284da08d2cd71a1bdf81a4cf8319723b909a Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding br alt-svc quic=":443"; ma=2592000; v="46,44,43,39" server Google Tag Manager (scaffolding) access-control-allow-origin http://www.googletagmanager.com vary Accept-Encoding content-type application/javascript; charset=UTF-8 status 200 cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control content-length 19921 x-xss-protection 0 expires Tue, 09 Apr 2019 09:32:44 GMT
GET H2	200	arrow-down-bk.png go.druva.com/js/forms2/images/	1 KB 1 KB	116ms 115ms	Image image/png	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/js/forms2/images/arrow-down-bk.png Requested by Host: go.druva.com URL: https://go.druva.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 56533e637a5c980ba4c1653ed7eea219cdbd2e86f1448c1aa38c538cb1f89285 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /js/forms2/images/arrow-down-bk.png pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363; _ga=GA1.2.392709635.1554802364; _gid=GA1.2.42185525.1554802364 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/js/forms2/css/forms2-theme-inset.css :scheme https :method GET Referer https://go.druva.com/js/forms2/css/forms2-theme-inset.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status REVALIDATED last-modified Mon, 11 Mar 2019 21:07:48 GMT server cloudflare etag "221a1a-415-583d7f6f4d100" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b9af7d6b61-LHR content-length 1045 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H2	200	1510860427089_select_arrow.png go.druva.com/rs/307-ANG-704/images/	1 KB 1 KB	108ms 107ms	Image image/png	104.17.73.206 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://go.druva.com/rs/307-ANG-704/images/1510860427089_select_arrow.png Requested by Host: go.druva.com URL: https://go.druva.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.73.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 70c4108c39600c2ca8b3e4a071b45dc46099ddce4c76f9a7aa54112007a73445 Security Headers Name Value X-Content-Type-Options nosniff Request headers :path /rs/307-ANG-704/images/1510860427089_select_arrow.png pragma no-cache cookie __cfduid=ddb12ed9b15e1b114515062d352d470fb1554802363; _ga=GA1.2.392709635.1554802364; _gid=GA1.2.42185525.1554802364 accept-encoding gzip, deflate, br user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/*,*/*;q=0.8 cache-control no-cache :authority go.druva.com referer https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css :scheme https :method GET Referer https://go.druva.com/rs/307-ANG-704/images/iris_druva_lp_style_0604.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff cf-cache-status EXPIRED last-modified Sat, 16 Mar 2019 02:10:53 GMT server cloudflare etag "326529-4d8-5842caa4290e6" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=60 accept-ranges bytes cf-ray 4c4b79b90eae6b61-LHR content-length 1240 expires Tue, 09 Apr 2019 09:33:44 GMT
GET H/1.1	200 OK	83061.js Show response cdn.reachforce.com/	48 KB 48 KB	63ms 8ms	Script application/octet-stream	143.204.101.84 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn.reachforce.com/83061.js Requested by Host: d12ulf131zb0yj.cloudfront.net URL: https://d12ulf131zb0yj.cloudfront.net/SmartForms.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.84 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-84.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash 7fa341a8d0333173d1a2ef037112ea7b6d137a616ad609ba5192373617e7a397 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sun, 07 Apr 2019 19:19:19 GMT Via 1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront) Last-Modified Wed, 23 Jan 2019 21:17:48 GMT Server AmazonS3 Age 48862 ETag "555d26ba28c0bfae31ff9d344d52dcf2" X-Cache Hit from cloudfront x-amz-version-id En_YCnT_sEJ2Mu82kE1sr25T22t2U5Z9 Connection keep-alive Accept-Ranges bytes Content-Type application/octet-stream Content-Length 48721 X-Amz-Cf-Id tympEjsy_JHlWV9Hc7uGHLaAuvgrmZPAd6mIYBgP8V98ezg7TvW_5w==
GET H2	200	conversion_async.js Show response www.googleadservices.com/pagead/	23 KB 9 KB	32ms 17ms	Script text/javascript	172.217.22.34 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR7N5J Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.22.34 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s16-in-f2.1e100.net Software cafe / Resource Hash 6f023a6ff39f91547bad71637e127374fdcbdeab0ab4a1c102e6251f90e4369b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 content-disposition attachment; filename="f.txt" alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39" content-length 8844 x-xss-protection 0 server cafe etag 16103572366717130859 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Tue, 09 Apr 2019 09:32:44 GMT
GET H/1.1	200 OK	roundtrip.js Show response s.adroll.com/j/	32 KB 11 KB	125ms 33ms	Script text/javascript	2.18.233.40 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/roundtrip.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR7N5J Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a2-18-233-40.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 6d73aa32774fb131ebbc1faf3f931aaf66e998f808757cbafbcc737f8d769580 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-amz-version-id ea1u3hYQrubY64bATByV7XbdUEwnubrR Content-Encoding gzip x-amz-request-id C7A4752260620705 x-amz-server-side-encryption AES256 Access-Control-Max-Age 600 Date Tue, 09 Apr 2019 09:32:44 GMT Connection keep-alive Content-Length 10245 x-amz-id-2 K18RlJUfOcLGqPBweOGxlnRwDlXGf3sJ9xmH9VYEl/y0PkuDogldNb5vLb+8XwpkMDwvGhsO3bE= Last-Modified Wed, 20 Feb 2019 19:22:50 GMT Server AmazonS3 ETag "a75c16aa500b21e32e06699919372ec4" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type text/javascript Access-Control-Allow-Origin * Cache-Control max-age=3600, must-revalidate Access-Control-Allow-Credentials false Accept-Ranges bytes Access-Control-Allow-Headers *
GET H2	200	hotjar-825354.js Show response static.hotjar.com/c/	5 KB 2 KB	72ms 17ms	Script application/javascript	147.75.81.98 Packet Host
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-825354.js?sv=6 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 147.75.81.98 , Switzerland, ASN54825 (PACKET - Packet Host, Inc., US), Reverse DNS pkt-ams-k1-30 Software openresty / Resource Hash 45c72a6996a12c0037ff409043ee2c6fbb3fb659b37a1a6ef9e76cca36f2211f Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:45 GMT content-encoding gzip x-content-type-options nosniff content-type application/javascript section-io-tag hotjar age 64 status 200 access-control-max-age 600 section-io-cache Hit content-length 1830 x-cache-hit 1 server openresty x-frame-options SAMEORIGIN etag W/0e582f5bc32797bf49bba19796c5fdbe vary Accept-Encoding section-io-origin-status 304 access-control-allow-origin * cache-control max-age=60 section-io-origin-time-seconds 0.070 accept-ranges bytes section-io-id b58211fa671c642e6201389ec617c2c6
GET H2	200	1242.js Show response script.crazyegg.com/pages/scripts/0021/	90 KB 28 KB	48ms 13ms	Script application/x-javascript	2606:4700::6813:9308 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://script.crazyegg.com/pages/scripts/0021/1242.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR7N5J Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 2e6ed8daeb5c8cc02223abbfff7ea9153ab142b06d0b1a1849fce44b2e3b0fa3 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT via 1.1 b90884acab23625db851d03bcf681a27.cloudfront.net (CloudFront) cf-cache-status HIT cf-polished origSize=92318 x-cache Miss from cloudfront status 200 content-encoding gzip last-modified Tue, 09 Apr 2019 05:35:25 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/x-javascript cache-control private, max-age=300 cf-ray 4c4b79ba3bc796d6-FRA x-amz-cf-id O0IFwuwNimGU8n5Mgc3YgermaKFMmFdggXh5876CzTVU-GjxxSPmzg== cf-bgj minify
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/	15 KB 5 KB	53ms 9ms	Script application/x-javascript	2a02:26f0:6c00:296::25ea AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:296::25ea , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software / Resource Hash bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:44 GMT Content-Encoding gzip Last-Modified Mon, 03 Dec 2018 23:03:30 GMT X-CDN AKAM Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=44845 Connection keep-alive Accept-Ranges bytes Content-Length 4571
GET H2	200	8reuxc2zuebt.js Show response js.driftt.com/include/1554802500000/	130 KB 43 KB	117ms 26ms	Script application/javascript	143.204.181.91 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/include/1554802500000/8reuxc2zuebt.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.181.91 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-181-91.lhr50.r.cloudfront.net Software nginx / Resource Hash 5087efdf3a2bfd04ce8d3b1ff474687d6755b1c39eb78aac6d6ff6fe1777fb99 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:30:05 GMT content-encoding gzip x-amz-server-side-encryption AES256 x-cache Hit from cloudfront status 200 strict-transport-security max-age=31536000; includeSubDomains via 1.1 95f9a67d50afe93c46692931ea94e1ca.cloudfront.net (CloudFront) last-modified Mon, 08 Apr 2019 23:30:42 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=10 access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id U4o74BSWK_FvbHHNatfvnJ7J0wwfpzUnfFoKu16JDnErVhJWEURo9g==
GET H/1.1	200 OK	rtp.js Show response sjrtp7-cdn.marketo.com/rtp-api/v1/	148 KB 41 KB	84ms 11ms	Script application/x-javascript	104.109.87.76 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://sjrtp7-cdn.marketo.com/rtp-api/v1/rtp.js?aid=druva1 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.109.87.76 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a104-109-87-76.deploy.static.akamaitechnologies.com Software Jetty(7.3.1.v20110307) / Resource Hash 0820c0212188c1041cfb861b10609461423230c7bf1f73f48de3a25cbc151abb Security Headers Name Value Strict-Transport-Security max-age=63113904 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Strict-Transport-Security max-age=63113904 Content-Encoding gzip Last-Modified Mon, 01 Apr 2019 20:11:12 GMT Server Jetty(7.3.1.v20110307) Date Tue, 09 Apr 2019 09:32:44 GMT Vary Accept-Encoding Content-Type application/x-javascript; charset=UTF-8 Cache-Control public, max-age=57 Connection keep-alive Content-Length 41464
GET H2	200	heap-1610951771.js Show response cdn.heapanalytics.com/js/	62 KB 27 KB	71ms 7ms	Script application/javascript	143.204.100.16 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn.heapanalytics.com/js/heap-1610951771.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.100.16 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-100-16.fra50.r.cloudfront.net Software nginx / Resource Hash c94ba870cc6479bb02e043cffcad567cae105a54da839756555db24b05b63a6a Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:31:35 GMT content-encoding gzip server nginx age 69 etag W/"f6d4-7vYC1XOviCOhux0evGDYJQ" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 status 200 cache-control public, max-age=120 content-length 26819 via 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront) x-amz-cf-id fiTZlcQRz6gqakyb_lbiZvzen5VgwhZ1ZGlOdiixlusKOo7GoYAYiw==
GET H2	200	ga-audiences www.google.de/ads/ Redirect Chain https://www.google-analytics.com/r/collect?v=1&_v=j73&a=2105012944&t=pageview&_s=1&dl=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPReg... https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6394227-1&cid=392709635.1554802364&jid=97486560&_gid=42185525.1554802364&gjid=899768842&_v=j73&z=367955743 https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6394227-1&cid=392709635.1554802364&jid=97486560&_v=j73&z=367955743 https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6394227-1&cid=392709635.1554802364&jid=97486560&_v=j73&z=367955743&slf_rd=1&random=2055289563	42 B 109 B	38ms 18ms	Image image/gif	2a00:1450:4001:81e::2003 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6394227-1&cid=392709635.1554802364&jid=97486560&_v=j73&z=367955743&slf_rd=1&random=2055289563 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:81e::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers pragma no-cache date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff content-type image/gif server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff server cafe timing-allow-origin * location https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6394227-1&cid=392709635.1554802364&jid=97486560&_v=j73&z=367955743&slf_rd=1&random=2055289563 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 302 cache-control no-cache, no-store, must-revalidate content-type text/html; charset=UTF-8 alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/155/	9 KB 4 KB	11ms 10ms	Script application/x-javascript	184.31.84.223 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/155/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net//munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 184.31.84.223 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a184-31-84-223.deploy.static.akamaitechnologies.com Software Apache / Resource Hash efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:44 GMT Content-Encoding gzip Last-Modified Fri, 30 Nov 2018 03:18:20 GMT Server Apache ETag "c67dad42946949112916578f78706df8:1543547900" Vary Accept-Encoding P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Type application/x-javascript Content-Length 3923 Expires Thu, 18 Jul 2019 09:32:44 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/863310112/	2 KB 1 KB	32ms 20ms	Script text/javascript	2a00:1450:4001:816::2002 Google LLC
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863310112/?random=1554802364500&cv=9&fst=1554802364500&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg3r3&sendb=1&frm=0&url=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&tiba=Druva%20%7C%20Register%20for%20Breaking%20Down%20the%20Relentless%20Risk%20of%20Ransomware&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:816::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash 1323d7c43361fe8caf977e4d4aa5ad41f5f4c4212e96c8d8ec2c8a1d59a71b10 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers pragma no-cache date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff content-type text/javascript; charset=UTF-8 server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" status 200 cache-control no-cache, must-revalidate content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39" content-length 1025 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	sf4-load.js Show response cdn.reachforce.com/	61 KB 18 KB	11ms 8ms	Script text/javascript	143.204.101.84 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn.reachforce.com/sf4-load.js Requested by Host: d12ulf131zb0yj.cloudfront.net URL: https://d12ulf131zb0yj.cloudfront.net/SmartForms.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.84 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-84.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash be1b93f7a0205d7a116c909cd0b854204d707d678865843ebb8d0fa2c498123a Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 08 Apr 2019 23:40:06 GMT Content-Encoding gzip Last-Modified Tue, 02 Apr 2019 16:34:39 GMT Server AmazonS3 Age 35559 Vary Accept-Encoding X-Cache Hit from cloudfront x-amz-version-id H5tYNFQIdya_sKLKw02j43HhwQHzsMWX Via 1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront) Transfer-Encoding chunked Connection keep-alive Content-Type text/javascript X-Amz-Cf-Id 92_T2vX8qGQtaZ_SKf3yc6TJ486lCndF12hwVaAUExpflamNtyrkWw==
GET H2	200	modules.f7b720c70f570a13ba09.js Show response script.hotjar.com/	414 KB 86 KB	98ms 18ms	Script application/javascript	147.75.83.19 Packet Host
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.f7b720c70f570a13ba09.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-825354.js?sv=6 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 147.75.83.19 , Switzerland, ASN54825 (PACKET - Packet Host, Inc., US), Reverse DNS pkt-ams-k1-24 Software / Resource Hash f7be4b109dce124d454477fc84519056bd377fa1458481a284f6079768a2818a Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:44 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 08 Apr 2019 12:58:17 GMT access-control-allow-origin * etag W/"8fe798333ee948a27f70930bf9db8b94" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=31536000 section-io-origin-time-seconds 0.025 section-io-origin-status 200 accept-ranges bytes section-io-id 1bc4ee34129dc28f109db3b00a9f55ef content-length 87482
GET H/1.1	200 OK	visitWebPage Show response 307-ang-704.mktoresp.com/webevents/	2 B 272 B	545ms 96ms	XHR text/plain	192.28.144.124 MARKETO
General Check archive.org Show headers Download Go to Full URL https://307-ang-704.mktoresp.com/webevents/visitWebPage?_mchNc=1554802364551&_mchCn=EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration&_mchId=307-ANG-704&_mchTk=_mch-druva.com-1554802364551-88339&_mchWs=j1RR&_mchHo=go.druva.com&_mchPo=&_mchRu=%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/155/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.28.144.124 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US), Reverse DNS Software spray-can/1.3.3 / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Origin https://go.druva.com Response headers Access-Control-Allow-Origin * Date Tue, 09 Apr 2019 09:32:45 GMT Content-Encoding gzip Server spray-can/1.3.3 Content-Length 22 X-Request-Id bd535644-d4b2-43cb-8d43-d05529cad1c2 Content-Type text/plain; charset=UTF-8
GET H/1.1	200 OK	all Show response sample-api-v2.crazyegg.com/n/211242/	24 B 551 B	464ms 110ms	XHR text/html	54.243.83.228 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://sample-api-v2.crazyegg.com/n/211242/all Requested by Host: script.crazyegg.com URL: https://script.crazyegg.com/pages/scripts/0021/1242.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.243.83.228 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-54-243-83-228.compute-1.amazonaws.com Software nginx/1.12.1 / Resource Hash 11afefd64499df16a24aab9a9131c191fdb639312314afee02c83a74969f6dd4 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Origin https://go.druva.com Response headers Date Tue, 09 Apr 2019 09:32:44 GMT X-Content-Type-Options nosniff Server nginx/1.12.1 X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET Content-Type text/html;charset=utf-8 Access-Control-Allow-Origin * Cache-control no-cache="set-cookie" Connection keep-alive Content-Length 24 X-XSS-Protection 1; mode=block
GET H2	200	css fonts.googleapis.com/	783 B 440 B	49ms 13ms	Stylesheet text/css	2a00:1450:4001:81e::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Raleway Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:81e::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash a89416b782a74347608f370d41bed91733636e1c3fe8b43f6fff4ab8ab4104d5 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 09 Apr 2019 09:32:44 GMT server ESF access-control-allow-origin * date Tue, 09 Apr 2019 09:32:44 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 status 200 alt-svc quic=":443"; ma=2592000; v="46,44,43,39" cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin x-xss-protection 1; mode=block expires Tue, 09 Apr 2019 09:32:44 GMT
OPTIONS H2	200	event Show response x7ussrk21g.execute-api.us-east-1.amazonaws.com/prod/	0 396 B	158ms 100ms	XHR application/json	143.204.101.38 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://x7ussrk21g.execute-api.us-east-1.amazonaws.com/prod/event Requested by Host: cdn.reachforce.com URL: https://cdn.reachforce.com/sf4-load.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.38 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-38.fra50.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Access-Control-Request-Method POST Origin https://go.druva.com Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Access-Control-Request-Headers content-type Response headers date Tue, 09 Apr 2019 09:32:44 GMT via 1.1 479d15a99f4dd073131fba1516541469.cloudfront.net (CloudFront) access-control-allow-origin * x-amz-apigw-id X3T9eFe1oAMFUYA= x-amzn-requestid 6df16eb7-5aaa-11e9-85a9-33b510f2ffd4 access-control-allow-methods POST,OPTIONS content-type application/json status 200 x-cache Miss from cloudfront access-control-allow-headers Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token content-length 0 x-amz-cf-id pg2Wq7pfBXPvs45GWIMEK9FjZ865xqn4HQ6FLN52_9_dVRp1FIeeMQ==
OPTIONS H2	200	match Show response smartformsapi.reachforce.com/smartformsapi/ip/	2 B 306 B	316ms 94ms	XHR text/plain	52.7.163.155 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://smartformsapi.reachforce.com/smartformsapi/ip/match Requested by Host: cdn.reachforce.com URL: https://cdn.reachforce.com/sf4-load.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.7.163.155 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-7-163-155.compute-1.amazonaws.com Software web / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Access-Control-Request-Method POST Origin https://go.druva.com Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Access-Control-Request-Headers authorization,content-type Response headers date Tue, 09 Apr 2019 09:32:44 GMT server web access-control-allow-origin * strict-transport-security max-age=31536000 access-control-allow-methods GET, POST, PUT status 200 access-control-max-age 600 access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization x-application-context application:production
GET H2	200	/ www.google.com/pagead/1p-user-list/863310112/	42 B 109 B	44ms 20ms	Image image/gif	2a00:1450:4001:81b::2004 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/863310112/?random=1554802364500&cv=9&fst=1554800400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg3r3&sendb=1&frm=0&url=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&tiba=Druva%20%7C%20Register%20for%20Breaking%20Down%20the%20Relentless%20Risk%20of%20Ransomware&async=1&fmt=3&cdct=2&is_vtc=1&random=3002721106&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:81b::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers pragma no-cache date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff content-type image/gif server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/863310112/	42 B 109 B	55ms 31ms	Image image/gif	2a00:1450:4001:81e::2003 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/863310112/?random=1554802364500&cv=9&fst=1554800400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg3r3&sendb=1&frm=0&url=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&tiba=Druva%20%7C%20Register%20for%20Breaking%20Down%20the%20Relentless%20Risk%20of%20Ransomware&async=1&fmt=3&cdct=2&is_vtc=1&random=3002721106&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:81e::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers pragma no-cache date Tue, 09 Apr 2019 09:32:44 GMT x-content-type-options nosniff content-type image/gif server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	box-d743cafc9d1fb7eed204caa92025802f.html vars.hotjar.com/ Frame 0C67	0 0	83ms 23ms	Document text/html	147.75.81.98 Packet Host
General Check archive.org Show headers Download Go to Full URL https://vars.hotjar.com/box-d743cafc9d1fb7eed204caa92025802f.html Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-825354.js?sv=6 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 147.75.81.98 , Switzerland, ASN54825 (PACKET - Packet Host, Inc., US), Reverse DNS pkt-ams-k1-30 Software / Resource Hash Request headers :method GET :authority vars.hotjar.com :scheme https :path /box-d743cafc9d1fb7eed204caa92025802f.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Response headers status 200 date Tue, 09 Apr 2019 09:32:45 GMT content-type text/html content-length 964 cache-control max-age=31536000 last-modified Fri, 29 Mar 2019 12:28:03 GMT section-io-origin-status 200 section-io-origin-time-seconds 0.022 etag W/"d743cafc9d1fb7eed204caa92025802f" content-encoding gzip vary Accept-Encoding accept-ranges bytes section-io-id 9f6495da2706c6f81e288fa406c19720
GET H/1.1	200 OK	XGPGHTBBXVEL5IW3AFPLFA Show response d.adroll.com/consent/check/	40 B 476 B	135ms 31ms	Script application/javascript	54.247.164.60 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://d.adroll.com/consent/check/XGPGHTBBXVEL5IW3AFPLFA?_s=af71fe8a6041027f93e8621bda84e0d9 Requested by Host: s.adroll.com URL: https://s.adroll.com/j/roundtrip.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.247.164.60 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-54-247-164-60.eu-west-1.compute.amazonaws.com Software nginx/1.14.1 / Resource Hash 867bd168728faba904fe15de941932d1d7537130b0edb918970901435cf39929 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:44 GMT Server nginx/1.14.1 P3P CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Type application/javascript Content-Length 40
GET H/1.1	200 OK	h heapanalytics.com/	37 B 305 B	416ms 99ms	Image image/gif	35.168.68.83 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://heapanalytics.com/h?a=1610951771&u=3904069974783631&v=7165383053321389&s=3576764983684372&b=web&tv=4.0&z=0&h=%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&d=go.druva.com&t=Druva%20%7C%20Register%20for%20Breaking%20Down%20the%20Relentless%20Risk%20of%20Ransomware&ts=1554802364674&st=1554802364676 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.168.68.83 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-35-168-68-83.compute-1.amazonaws.com Software nginx / Resource Hash bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx ETag W/"25-PqzQEyMQ6kTK11azeKO8Bw" Content-Type image/gif Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Connection keep-alive Content-Length 37
GET H/1.1	200 OK	jquery.min.js Show response rtp-static.marketo.com/rtp/libs/jquery/1.8.3/	91 KB 33 KB	85ms 20ms	Script application/x-javascript	104.109.87.76 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rtp-static.marketo.com/rtp/libs/jquery/1.8.3/jquery.min.js Requested by Host: sjrtp7-cdn.marketo.com URL: https://sjrtp7-cdn.marketo.com/rtp-api/v1/rtp.js?aid=druva1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.109.87.76 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a104-109-87-76.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:44 GMT Content-Encoding gzip Last-Modified Mon, 07 Sep 2015 11:20:15 GMT Server Apache ETag "3576a6e73c9dccdbbc4a2cf8ff544ad7:1441624815" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Max-Age 86400 Access-Control-Allow-Credentials false Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Headers * Content-Length 33467
GET H/1.1	200 OK	jquery-ui-insightera-custom-1.9.6.css rtp-static.marketo.com/rtp/libs/	22 KB 4 KB	76ms 10ms	Stylesheet text/css	104.109.87.76 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css Requested by Host: sjrtp7-cdn.marketo.com URL: https://sjrtp7-cdn.marketo.com/rtp-api/v1/rtp.js?aid=druva1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.109.87.76 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a104-109-87-76.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:44 GMT Content-Encoding gzip Last-Modified Tue, 07 Nov 2017 08:57:42 GMT Server Apache ETag "7f5b0bee9b1f7af8413b351cbceca223:1510045062" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type text/css Access-Control-Allow-Origin * Access-Control-Max-Age 86400 Access-Control-Allow-Credentials false Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Headers * Content-Length 3752
GET H/1.1	200 OK	trw Show response sjrtp7.marketo.com/gw1/	0 435 B	647ms 157ms	Script application/x-javascript	192.28.146.117 MARKETO
General Check archive.org Show headers Download Go to Full URL https://sjrtp7.marketo.com/gw1/trw?aid=druva1&trwv.uid=druva1-1554802364767-49a9c855&trwv.vc=1&trwsa.sid=druva1-1554802364768-7b4d8979&trwsb.cpv=1&ctzo=-00:00&uri=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&ma=id%3A307-ANG-704%26token%3A_mch-druva.com-1554802364551-88339&pm=&viewedTypes=&rts=1554802364773 Requested by Host: sjrtp7-cdn.marketo.com URL: https://sjrtp7-cdn.marketo.com/rtp-api/v1/rtp.js?aid=druva1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.28.146.117 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US), Reverse DNS Software Jetty(7.3.1.v20110307) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63113904 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:45 GMT Cache-Control no-cache Server Jetty(7.3.1.v20110307) Connection close Content-Length 0 Strict-Transport-Security max-age=63113904 Content-Type application/x-javascript; charset=UTF-8
GET H/1.1	200 OK	ga-integration-2.0.2.js Show response rtp-static.marketo.com/rtp/libs/	15 KB 5 KB	66ms 11ms	Script application/x-javascript	104.109.87.76 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.2.js Requested by Host: sjrtp7-cdn.marketo.com URL: https://sjrtp7-cdn.marketo.com/rtp-api/v1/rtp.js?aid=druva1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.109.87.76 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a104-109-87-76.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 7fb58f6c6c2c3b61909e3b4bb9e199d95d5e2a4e39b58f25d1a9894971ed16b9 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:44 GMT Content-Encoding gzip Last-Modified Tue, 03 Jul 2018 13:42:27 GMT Server Apache ETag "52b7a5deba12e7e1147fcebaa9fd9691:1530625347" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Max-Age 86400 Access-Control-Allow-Credentials false Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Headers * Content-Length 4977
POST H2	200	event Show response x7ussrk21g.execute-api.us-east-1.amazonaws.com/prod/	12 B 359 B	129ms 128ms	XHR application/json	143.204.101.38 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://x7ussrk21g.execute-api.us-east-1.amazonaws.com/prod/event Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.101.38 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-101-38.fra50.r.cloudfront.net Software / Resource Hash c75634933b73a24cce94eb4688a88891ef9d5be0016ba4495789b71ac0610b2d Request headers Accept application/json, text/plain, */* Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Origin https://go.druva.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Content-Type application/json;charset=UTF-8 Response headers date Tue, 09 Apr 2019 09:32:44 GMT via 1.1 479d15a99f4dd073131fba1516541469.cloudfront.net (CloudFront) x-amzn-requestid 6e078f36-5aaa-11e9-a777-e3aa25542326 status 200 x-cache Miss from cloudfront content-type application/json access-control-allow-origin * x-amzn-trace-id Root=1-5cac66bc-ca306b9ad5228fe0523e0648;Sampled=0 x-amz-apigw-id X3T9gGUtIAMFgHA= content-length 12 x-amz-cf-id YlfCG8g_8Pnw0gVSWidaWWunXZFXZun5W1R7BItLSM3izNmN2g6Qog==
GET H/1.1	200 OK	msg Show response sjrtp7.marketo.com/gw1/	10 KB 2 KB	781ms 155ms	Script text/javascript	192.28.146.117 MARKETO
General Check archive.org Show headers Download Go to Full URL https://sjrtp7.marketo.com/gw1/msg?a=2&sid=druva1-1554802364768-7b4d8979&aid=druva1&ma=id%3A307-ANG-704%26token%3A_mch-druva.com-1554802364551-88339&viewedTypes=&0.7907545309328077&rts=1554802364862 Requested by Host: sjrtp7-cdn.marketo.com URL: https://sjrtp7-cdn.marketo.com/rtp-api/v1/rtp.js?aid=druva1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.28.146.117 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US), Reverse DNS Software Jetty(7.3.1.v20110307) / Resource Hash 1f53db8166f8b9e3473a04523dd65e5373f8d0824ffa9cf2a363133a855dc200 Security Headers Name Value Strict-Transport-Security max-age=63113904 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:45 GMT Content-Encoding gzip Server Jetty(7.3.1.v20110307) Transfer-Encoding chunked Strict-Transport-Security max-age=63113904 Content-Type text/javascript; charset=UTF-8 Cache-Control no-cache Connection close
GET H/1.1	200 OK	6AN5QCCS4JHA5ETA7MFY4R.js Show response s.adroll.com/pixel/XGPGHTBBXVEL5IW3AFPLFA/BFO6MDGG3ZGZJGXY24JK5X/ Redirect Chain https://d.adroll.com/pixel/XGPGHTBBXVEL5IW3AFPLFA/BFO6MDGG3ZGZJGXY24JK5X?adroll_fpc=8e30b554124e7170ef1c25de25828840-1554802364866&pv=9935163701.914408&cookie=&adroll_s_ref=&keyw=&arrfrr=https%3A%2... https://s.adroll.com/pixel/XGPGHTBBXVEL5IW3AFPLFA/BFO6MDGG3ZGZJGXY24JK5X/6AN5QCCS4JHA5ETA7MFY4R.js	6 KB 2 KB	33ms 32ms	Script text/javascript	2.18.233.40 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/pixel/XGPGHTBBXVEL5IW3AFPLFA/BFO6MDGG3ZGZJGXY24JK5X/6AN5QCCS4JHA5ETA7MFY4R.js Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a2-18-233-40.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 316482616f8bff61fbcf5b99bd192942363ad37bccc4ea6dbdaf0ab44e5bacd6 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-amz-version-id qFbfTp_sZfxLTfFzfaJcbSIhvuiSUivs Content-Encoding gzip x-amz-request-id 10EE58750C350069 x-amz-server-side-encryption AES256 Access-Control-Max-Age 600 Date Tue, 09 Apr 2019 09:32:44 GMT Connection keep-alive Content-Length 1759 x-amz-id-2 xOqLbub8WlBNFUQ+np+MIVYnb7UB1NbfTPLinf2pvhOqu/ibuI+Xj/c6GnX9y8Ypuq4bZicMLFY= Last-Modified Tue, 09 Apr 2019 07:11:54 GMT Server AmazonS3 ETag "03eaf33f55fd373fc8d7ec013485bd74" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type text/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=3600, must-revalidate Access-Control-Allow-Credentials false Accept-Ranges bytes Access-Control-Allow-Headers * Redirect headers Date Tue, 09 Apr 2019 09:32:44 GMT X-Segment-Display-Name P3P CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" Connection keep-alive Content-Length 0 Pragma no-cache X-Conversion-Value 0.0 Server nginx/1.14.1 X-Rule * X-Segment-Eid 6AN5QCCS4JHA5ETA7MFY4R Location https://s.adroll.com/pixel/XGPGHTBBXVEL5IW3AFPLFA/BFO6MDGG3ZGZJGXY24JK5X/6AN5QCCS4JHA5ETA7MFY4R.js Cache-Control no-store, no-cache, must-revalidate X-Pixel-Eid BFO6MDGG3ZGZJGXY24JK5X X-Segment-Name * X-Advertisable-Eid XGPGHTBBXVEL5IW3AFPLFA X-Conversion-Currency
GET H/1.1	200 OK	jquery-custom-ui.min.js Show response rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/	126 KB 35 KB	18ms 16ms	Script application/x-javascript	104.109.87.76 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/jquery-custom-ui.min.js Requested by Host: sjrtp7-cdn.marketo.com URL: https://sjrtp7-cdn.marketo.com/rtp-api/v1/rtp.js?aid=druva1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.109.87.76 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a104-109-87-76.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 35f273e01e70db780ae423347dffecfc27cc348ba4abbd6099331559a7c5cd31 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:44 GMT Content-Encoding gzip Last-Modified Tue, 09 Jan 2018 12:54:21 GMT Server Apache ETag "5a9f8dd85d85afd20544bd437a505338:1515502461" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Max-Age 86400 Access-Control-Allow-Credentials false Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Headers * Content-Length 35484
POST H2	200	match Show response smartformsapi.reachforce.com/smartformsapi/ip/	273 B 638 B	450ms 450ms	XHR application/json	52.7.163.155 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://smartformsapi.reachforce.com/smartformsapi/ip/match Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.7.163.155 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-7-163-155.compute-1.amazonaws.com Software web / Resource Hash 6bad08d27de7b099842ab273a19957b52600b72473dea475fdb0d8298b2133a5 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Accept application/json Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Origin https://go.druva.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Authorization 83061 Content-Type application/json Response headers date Tue, 09 Apr 2019 09:32:45 GMT server web status 200 x-frame-options SAMEORIGIN access-control-allow-methods GET, POST, PUT content-type application/json;charset=UTF-8 access-control-allow-origin https://go.druva.com access-control-max-age 600 access-control-allow-credentials true strict-transport-security max-age=31536000 access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization x-application-context application:production
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	53 KB 16 KB	9ms 8ms	Script application/x-javascript	2a03:2880:f02d:12:face:b00c:0:3 Facebook
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: s.adroll.com URL: https://s.adroll.com/pixel/XGPGHTBBXVEL5IW3AFPLFA/BFO6MDGG3ZGZJGXY24JK5X/6AN5QCCS4JHA5ETA7MFY4R.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US), Reverse DNS Software / Resource Hash 063ed9d8b2df0c0b2002dd6add5d2ef6243c85e53cc4854ca89df54bbc6c1867 Security Headers Name Value Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff status 200 vary Origin, Accept-Encoding content-length 16144 x-xss-protection 0 pragma public x-fb-debug J6u2iAHnXEI06yGnHdtNKWF6OtPnksuF3lBCZoVuBVwo9sNbgviBagWQduLC/jVAtR8r5eoQm6tefTQ0YEzWHQ== date Tue, 09 Apr 2019 09:32:44 GMT x-frame-options DENY access-control-allow-methods OPTIONS content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://connect.facebook.net access-control-expose-headers X-FB-Debug, X-Loader-Length cache-control public, max-age=1200 access-control-allow-credentials true content-security-policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self'; expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	sendrolling.js Show response s.adroll.com/j/	9 KB 3 KB	33ms 32ms	Script text/javascript	2.18.233.40 Akamai Technologies
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/sendrolling.js Requested by Host: s.adroll.com URL: https://s.adroll.com/pixel/XGPGHTBBXVEL5IW3AFPLFA/BFO6MDGG3ZGZJGXY24JK5X/6AN5QCCS4JHA5ETA7MFY4R.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a2-18-233-40.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash faffa6f277671cf3ae104f52a678c8125de68dcc823e50a7bc4bb692c2e2f7ff Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers x-amz-version-id hmR2G8bM_k8_HIgfw8Ek_ZGQzTO7aSh6 Content-Encoding gzip x-amz-request-id 109B740F5FA7A974 x-amz-server-side-encryption AES256 Access-Control-Max-Age 600 Date Tue, 09 Apr 2019 09:32:44 GMT Connection keep-alive Content-Length 2043 x-amz-id-2 Nl1F6frTLpf3gkync0xWmN4+/YtL8o7QbImiamSNAPgytbKQu/n118VE4IKAPKT/F+G3Q+Mom0U= Last-Modified Tue, 02 Apr 2019 16:36:52 GMT Server AmazonS3 ETag "aceecfb45f91df846464e26d33eff22f" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type text/javascript Access-Control-Allow-Origin * Cache-Control max-age=3600 Access-Control-Allow-Credentials false Accept-Ranges bytes Access-Control-Allow-Headers *
GET H2	204	sync pixel.advertising.com/ups/55980/ Redirect Chain https://d.adroll.com/cm/aol/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://pixel.advertising.com/ups/55980/sync?uid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA https://pixel.advertising.com/ups/55980/sync?uid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true	0 299 B	17ms 9ms	Image text/plain	18.195.252.38 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.advertising.com/ups/55980/sync?uid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.195.252.38 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-18-195-252-38.eu-central-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 204 date Tue, 09 Apr 2019 09:32:45 GMT p3p CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV Redirect headers status 302 date Tue, 09 Apr 2019 09:32:45 GMT content-length 0 location https://pixel.advertising.com/ups/55980/sync?uid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true p3p CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Redirect Chain https://d.adroll.com/cm/index/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&expiration=1586338365 https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&expiration=1586338365&C=1	43 B 985 B	39ms 38ms	Image image/gif	2.18.234.21 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&expiration=1586338365&C=1 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server Apache P3P policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 09 Apr 2019 09:32:45 GMT Redirect headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server Apache P3P policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&expiration=1586338365&C=1 Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type text/html; charset=iso-8859-1 Content-Length 333 Expires Tue, 09 Apr 2019 09:32:45 GMT
GET H/1.1	200 OK	tap.php pixel.rubiconproject.com/ Redirect Chain https://d.adroll.com/cm/n/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&expires=365	42 B 371 B	116ms 28ms	Image image/gif	213.19.162.90 The Rubicon Project
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&expires=365 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_128_GCM Server 213.19.162.90 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US), Reverse DNS Software Rubicon Project / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server Rubicon Project P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Content-Type image/gif Content-Length 42 X-RPHost 8A5IVoU6fejOQtfJgzkgpg Expires 0 Redirect headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx/1.14.1 P3P CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" Location https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&expires=365 Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 124
GET H2	200	pixel sync.outbrain.com/adroll/ Redirect Chain https://d.adroll.com/cm/outbrain/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://sync.outbrain.com/adroll/pixel?user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg	0 398 B	90ms 90ms	Image text/plain	151.101.2.2 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://sync.outbrain.com/adroll/pixel?user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains; Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers strict-transport-security max-age=0; includeSubDomains; via 1.1 varnish, 1.1 varnish traffic-path NYDC1FGT, JFK, HHN, Europe1 x-timer S1554802365.093841,VS0,VE83 date Tue, 09 Apr 2019 09:32:45 GMT x-cache MISS, MISS status 200 accept-ranges bytes, bytes backend-ip 104.156.90.31 x-cache-hits 0, 0 x-traceid c0181145dabbac552e15d3843b7581fe content-length 0 x-served-by cache-jfk8131-JFK, cache-hhn1539-HHN Redirect headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx/1.14.1 P3P CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" Location https://sync.outbrain.com/adroll/pixel?user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 96
GET H/1.1	200 OK	Pug simage2.pubmatic.com/AdServer/ Redirect Chain https://d.adroll.com/cm/pubmatic/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...	1 B 817 B	75ms 15ms	Image text/html	185.64.189.110 PubMatic
General Check archive.org Show headers Download Go to Show image Full URL https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US), Reverse DNS Software Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT X-lat Pug22059:0:435 Server Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 Cache-Control no-store, no-cache, private P3P CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" X-Cnection close Content-Type text/html; charset=utf-8 Content-Length 1 Redirect headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx/1.14.1 P3P CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" Location https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 220
GET H2	204	/ trc.taboola.com/sg/adroll-network/1/rtb-h/ Redirect Chain https://d.adroll.com/cm/taboola/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg	0 163 B	20ms 19ms	Image text/plain	151.101.2.2 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:45 GMT via 1.1 varnish server nginx x-timer S1554802365.129049,VS0,VE13 x-cache MISS status 204 expires Thu, 01 Jan 1970 00:00:00 GMT x-cache-hits 0 accept-ranges bytes x-served-by cache-hhn1539-HHN Redirect headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx/1.14.1 P3P CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" Location https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 111
GET H2	200	xuid eb2.3lift.com/ Redirect Chain https://d.adroll.com/cm/triplelift/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://eb2.3lift.com/xuid?mid=4714&xuid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&dongle=c85e https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&dongle=c85e&gdpr=1&cmp_cs=	37 B 335 B	10ms 9ms	Image image/gif	52.29.30.87 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&dongle=c85e&gdpr=1&cmp_cs= Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.29.30.87 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-52-29-30-87.eu-central-1.compute.amazonaws.com Software / Resource Hash bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 date Tue, 09 Apr 2019 09:32:45 GMT cache-control no-cache, no-store, must-revalidate p3p policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC" content-length 37 content-type image/gif Redirect headers status 302 date Tue, 09 Apr 2019 09:32:45 GMT cache-control no-cache, no-store, must-revalidate content-length 0 location /xuid?ld=1&mid=4714&xuid=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg&dongle=c85e&gdpr=1&cmp_cs= p3p policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
GET H/1.1	200 OK	pixel ads.yahoo.com/ Redirect Chain https://d.adroll.com/cm/r/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_con...	0 341 B	127ms 39ms	Image text/plain	2a00:1288:110:422::3000 YAHOO-IRD
General Check archive.org Show headers Download Go to Show image Full URL https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:110:422::3000 , United Kingdom, ASN34010 (YAHOO-IRD, GB), Reverse DNS Software ATS / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:45 GMT X-Content-Type-Options nosniff Server ATS Age 0 Expect-CT max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" Strict-Transport-Security max-age=31536000 Connection keep-alive Content-Length 0 X-XSS-Protection 1; mode=block Redirect headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx/1.14.1 P3P CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" Location https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 248
GET H/1.1	200 OK	sync x.bidswitch.net/ul_cb/ Redirect Chain https://d.adroll.com/cm/b/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://x.bidswitch.net/sync?dsp_id=44&user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg	43 B 575 B	32ms 32ms	Image image/gif	18.153.11.19 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.153.11.19 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-18-153-11-19.eu-central-1.compute.amazonaws.com Software nginx/1.12.0 / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx/1.12.0 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Content-Type image/gif Keep-Alive timeout=10 Content-Length 43 Redirect headers Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx/1.12.0 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Location https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Keep-Alive timeout=10 Content-Length 0
GET H/1.1	200 OK	setuid ib.adnxs.com/ Redirect Chain https://d.adroll.com/cm/x/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://ib.adnxs.com/setuid?entity=172&code=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg	43 B 851 B	38ms 10ms	Image image/gif	37.252.172.27 AppNexus
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/setuid?entity=172&code=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 37.252.172.27 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US), Reverse DNS 153.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.13.4 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:47 GMT AN-X-Request-Uuid 38c8ec6b-5c47-45e3-83c2-2c3ec9fa818f Content-Type image/gif Server nginx/1.13.4 P3P policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Cache-Control no-store, no-cache, private Connection keep-alive X-Proxy-Origin 83.97.23.20; 83.97.23.20; 153.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.207:80 Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx/1.14.1 P3P CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" Location https://ib.adnxs.com/setuid?entity=172&code=OTkyNGRmMDQ0OWQyMzk3N2I0YzlmMDdmODg1ZGMwMDg Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 93
GET H2	204	377928.gif idsync.rlcdn.com/ Redirect Chain https://d.adroll.com/cm/l/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://idsync.rlcdn.com/377928.gif?partner_uid=9924df0449d23977b4c9f07f885dc008	0 34 B	329ms 107ms	Image text/plain	52.71.117.196 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://idsync.rlcdn.com/377928.gif?partner_uid=9924df0449d23977b4c9f07f885dc008 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.71.117.196 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-71-117-196.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 204 date Tue, 09 Apr 2019 09:32:45 GMT Redirect headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx/1.14.1 P3P CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" Location https://idsync.rlcdn.com/377928.gif?partner_uid=9924df0449d23977b4c9f07f885dc008 Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Length 86
GET H2	200	sd us-u.openx.net/w/1.0/ Redirect Chain https://d.adroll.com/cm/o/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA https://us-u.openx.net/w/1.0/sd?id=537103138&val=9924df0449d23977b4c9f07f885dc008 https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=9924df0449d23977b4c9f07f885dc008	43 B 256 B	20ms 19ms	Image image/gif	173.241.240.143 OPENX TECHNOLOGIES
General Check archive.org Show headers Download Go to Show image Full URL https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=9924df0449d23977b4c9f07f885dc008 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 173.241.240.143 New York, United States, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US), Reverse DNS ox-173-241-240-143.xa.dc.openx.org Software OXGW/16.130.5 / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers pragma no-cache date Tue, 09 Apr 2019 09:32:45 GMT server OXGW/16.130.5 vary Accept p3p CP="CUR ADM OUR NOR STA NID" status 200 cache-control private, max-age=0, no-cache content-type image/gif content-length 43 expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers status 302 date Tue, 09 Apr 2019 09:32:45 GMT server OXGW/16.130.5 content-length 0 location https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=9924df0449d23977b4c9f07f885dc008 p3p CP="CUR ADM OUR NOR STA NID"
GET H/1.1	200 OK	in d.adroll.com/cm/g/ Redirect Chain https://d.adroll.com/cm/g/out?advertisable=XGPGHTBBXVEL5IW3AFPLFA&google_nid=adroll5 https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=mSTfBEnSOXe0yfB_iF3ACA&google_ula=1535926 https://d.adroll.com/cm/g/in?google_ula=1535926,0	42 B 510 B	35ms 34ms	Image image/gif	54.246.91.175 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://d.adroll.com/cm/g/in?google_ula=1535926,0 Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.246.91.175 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-54-246-91-175.eu-west-1.compute.amazonaws.com Software nginx/1.14.1 / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Tue, 09 Apr 2019 09:32:45 GMT Server nginx/1.14.1 P3P CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Type image/gif Content-Length 42 X-Result g.-1.-1.1535926.0.-1 Redirect headers pragma no-cache date Tue, 09 Apr 2019 09:32:45 GMT server HTTP server (unknown) location https://d.adroll.com/cm/g/in?google_ula=1535926,0 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" status 302 cache-control no-cache, must-revalidate content-type text/html; charset=UTF-8 alt-svc quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39" content-length 246 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	896340840388576 Show response connect.facebook.net/signals/config/	174 KB 41 KB	9ms 9ms	Script application/x-javascript	2a03:2880:f02d:12:face:b00c:0:3 Facebook
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/896340840388576?v=2.8.46&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US), Reverse DNS Software / Resource Hash 706fb69b0dfa3b76c92f91a685a0d699ad146329ad406e55d397d4c399717379 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff status 200 vary Origin, Accept-Encoding content-length 41532 x-xss-protection 0 pragma private x-fb-debug SOJiKpegm0EngtZr2ESQM/aGPddBJ29Od9VV5Rv/k0ZHQntOskJuNDZJ4z/EQIjTIMzvRYE9u189Ur4vUsruog== date Tue, 09 Apr 2019 09:32:44 GMT x-frame-options DENY access-control-allow-methods OPTIONS content-type application/x-javascript; charset=utf-8 access-control-allow-origin https://connect.facebook.net access-control-expose-headers X-FB-Debug, X-Loader-Length cache-control private access-control-allow-credentials true expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 246 B	9ms 9ms	Image image/gif	2a03:2880:f12d:83:face:b00c:0:25de Facebook
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=896340840388576&ev=PageView&dl=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&rl=&if=false&ts=1554802365028&cd[segment_eid]=KHFSRD6VLJB33GCDHGJCQK%2C6AN5QCCS4JHA5ETA7MFY4R&sw=1600&sh=1200&v=2.8.46&r=stable&ec=0&o=29&fbp=fb.1.1554802365026.1496003801&it=1554802364982&coo=false&rqm=GET Requested by Host: go.druva.com URL: https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:45 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif status 200 cache-control no-cache, must-revalidate, max-age=0 content-length 44 expires Tue, 09 Apr 2019 09:32:45 GMT
GET H/1.1	200 OK	msg Show response sjrtp7.marketo.com/gw1/	0 494 B	569ms 158ms	Script text/javascript	192.28.146.117 MARKETO
General Check archive.org Show headers Download Go to Full URL https://sjrtp7.marketo.com/gw1/msg?a=2&sid=druva1-1554802364768-7b4d8979&aid=druva1&ma=id%3A307-ANG-704%26token%3A_mch-druva.com-1554802364551-88339&viewedTypes=&0.5455808032349867&rts=1554802365426 Requested by Host: sjrtp7-cdn.marketo.com URL: https://sjrtp7-cdn.marketo.com/rtp-api/v1/rtp.js?aid=druva1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.28.146.117 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US), Reverse DNS Software Jetty(7.3.1.v20110307) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63113904 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:45 GMT Content-Encoding gzip Server Jetty(7.3.1.v20110307) Transfer-Encoding chunked Strict-Transport-Security max-age=63113904 Content-Type text/javascript; charset=UTF-8 Cache-Control no-cache Connection close
GET H2	200	/ Show response px.ads.linkedin.com/collect/ Redirect Chain https://px.ads.linkedin.com/collect/?time=1554802366009&pid=473852&url=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&... https://px.ads.linkedin.com/collect/?time=1554802366009&pid=473852&url=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&...	0 99 B	115ms 110ms	Script application/javascript	2a05:f500:10:101::b93f:9105 LinkedIn Corporation
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/collect/?time=1554802366009&pid=473852&url=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&fmt=js&s=1&cookiesTest=true Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US), Reverse DNS Software Play / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:46 GMT content-encoding gzip server Play vary Accept-Encoding x-li-fabric prod-lva1 status 200 x-li-proto http/2 x-li-pop prod-efr5 content-type application/javascript content-length 20 x-li-uuid 7/9XRHbEkxXg+9jj9SoAAA== Redirect headers date Tue, 09 Apr 2019 09:32:46 GMT content-encoding gzip server Play location /collect/?time=1554802366009&pid=473852&url=https%3A%2F%2Fgo.druva.com%2FEWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html&fmt=js&s=1&cookiesTest=true vary Accept-Encoding x-li-fabric prod-lva1 status 302 x-li-proto http/2 x-li-pop prod-efr5 content-length 20 x-li-uuid eGMRO3bEkxWg+gs19ioAAA==
GET H2	200	font-awesome.min.css netdna.bootstrapcdn.com/font-awesome/4.1.0/css/	20 KB 5 KB	65ms 19ms	Stylesheet text/css	209.197.3.15 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL https://netdna.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css Requested by Host: sjrtp7-cdn.marketo.com URL: https://sjrtp7-cdn.marketo.com/rtp-api/v1/rtp.js?aid=druva1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip0x00f.map2.ssl.hwcdn.net Software / Resource Hash b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0 Request headers Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Tue, 09 Apr 2019 09:32:46 GMT content-encoding gzip last-modified Wed, 12 Dec 2018 18:35:19 GMT access-control-allow-origin * etag "1544639719" vary Accept-Encoding x-cache HIT content-type text/css; charset=utf-8 status 200 cache-control public, max-age=31536000 x-hello-human Say hello back! @getBootstrapCDN on Twitter accept-ranges bytes timing-allow-origin * content-length 4696
GET H/1.1	200 OK	ui-bg_flat_75_ffffff_40x100.png rtp-static.marketo.com/rtp/libs/jqueryui/1.8.1/themes/base/images/	178 B 613 B	9ms 8ms	Image image/png	104.109.87.76 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://rtp-static.marketo.com/rtp/libs/jqueryui/1.8.1/themes/base/images/ui-bg_flat_75_ffffff_40x100.png Requested by Host: rtp-static.marketo.com URL: https://rtp-static.marketo.com/rtp/libs/jquery/1.8.3/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.109.87.76 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a104-109-87-76.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 39ab7ccd9f4e82579da78a9241265df288d8eb65dbbd7cf48aed2d0129887df5 Request headers Referer https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:46 GMT Last-Modified Tue, 08 Sep 2015 06:43:20 GMT Server Apache ETag "8692e6efddf882acbff144c38ea7dfdf:1441694600" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET Content-Type image/png Access-Control-Allow-Origin * Access-Control-Allow-Credentials false Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Headers * Content-Length 178
GET H/1.1	200 OK	close-btn5.svg Show response rtp-static.marketo.com/rtp/libs/	306 B 701 B	52ms 8ms	XHR image/svg+xml	104.109.87.76 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://rtp-static.marketo.com/rtp/libs/close-btn5.svg Requested by Host: sjrtp7-cdn.marketo.com URL: https://sjrtp7-cdn.marketo.com/rtp-api/v1/rtp.js?aid=druva1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.109.87.76 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a104-109-87-76.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 4083955fcb5c9ae48450aca957a4c276b4c1db3ae90e15d05740449586c61044 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Origin https://go.druva.com Response headers Date Tue, 09 Apr 2019 09:32:46 GMT Content-Encoding gzip Last-Modified Tue, 16 May 2017 10:32:30 GMT Server Apache ETag "ac9d8301193819f415ff0ba6916eec42:1494930750" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type image/svg+xml Access-Control-Allow-Origin * Access-Control-Max-Age 86400 Access-Control-Allow-Credentials false Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Headers * Content-Length 215
GET H/1.1	200 OK	ui-icons_222222_256x240.png rtp-static.marketo.com/rtp/libs/jqueryui/1.8.1/themes/base/images/	4 KB 5 KB	10ms 8ms	Image image/png	104.109.87.76 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://rtp-static.marketo.com/rtp/libs/jqueryui/1.8.1/themes/base/images/ui-icons_222222_256x240.png Requested by Host: rtp-static.marketo.com URL: https://rtp-static.marketo.com/rtp/libs/jquery/1.8.3/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.109.87.76 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a104-109-87-76.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 57adb0d65f4e91dacfee975d9574422bee7486c8a182d60133728c672f2cdbbc Request headers Referer https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 09 Apr 2019 09:32:46 GMT Last-Modified Tue, 08 Sep 2015 06:43:19 GMT Server Apache ETag "9129e086dc488d8bcaf808510bc646ba:1441694599" Access-Control-Max-Age 86400 Access-Control-Allow-Methods GET Content-Type image/png Access-Control-Allow-Origin * Access-Control-Allow-Credentials false Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Headers * Content-Length 4369
GET H2	200	index.html js.driftt.com/deploy/assets/ Frame F172	0 0	22ms 21ms	Document text/html	143.204.181.91 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/deploy/assets/index.html Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1554802500000/8reuxc2zuebt.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 143.204.181.91 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-143-204-181-91.lhr50.r.cloudfront.net Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers :method GET :authority js.driftt.com :scheme https :path /deploy/assets/index.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://go.druva.com/EWB20190418DruvaHostedAberdeenGroupBreakingDowntheRelentlessRiskofRansomware_LPRegistration.html Response headers status 200 content-type text/html; charset=utf-8 content-length 884 date Tue, 09 Apr 2019 09:26:38 GMT server nginx last-modified Mon, 08 Apr 2019 23:30:42 GMT etag "f232843af3bfdaf62098aec0be0b9413" x-amz-server-side-encryption AES256 accept-ranges bytes cache-control max-age=10 access-control-allow-origin * access-control-allow-credentials true access-control-allow-methods GET, POST, OPTIONS access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type strict-transport-security max-age=31536000; includeSubDomains age 7 x-cache Hit from cloudfront via 1.1 95f9a67d50afe93c46692931ea94e1ca.cloudfront.net (CloudFront) x-amz-cf-id nvbfZNBveQU3OMk9ERaCJLYg-QceoA956yHoCO-1Q26n5k1QZTPySA==
GET H2	200	fontawesome-webfont.woff netdna.bootstrapcdn.com/font-awesome/4.1.0/fonts/	82 KB 82 KB	75ms 19ms	Font font/woff	209.197.3.15 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL https://netdna.bootstrapcdn.com/font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip0x00f.map2.ssl.hwcdn.net Software / Resource Hash 66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://netdna.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css Origin https://go.druva.com Response headers date Tue, 09 Apr 2019 09:32:46 GMT content-encoding gzip last-modified Wed, 12 Dec 2018 18:35:43 GMT access-control-allow-origin * etag "1544639743" vary Accept-Encoding x-cache HIT content-type font/woff status 200 cache-control public, max-age=31536000 x-hello-human Say hello back! @getBootstrapCDN on Twitter accept-ranges bytes timing-allow-origin * content-length 83764