www.vmray.com Open in urlscan Pro
99.86.4.115 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Submission: On May 02 via manual (May 2nd 2024, 8:48:51 am UTC) from TN — Scanned from DE

Summary HTTP 49 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 49 HTTP transactions. The main IP is 99.86.4.115, located in United States and belongs to AMAZON-02, US. The main domain is www.vmray.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on October 30th 2023. Valid for: a year.

This is the only time www.vmray.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
40	99.86.4.115 99.86.4.115	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	142.250.186.36 142.250.186.36	15169 (GOOGLE) (GOOGLE)
2	216.58.206.67 216.58.206.67	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
49	7

40 99.86.4.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-115.fra6.r.cloudfront.net

www.vmray.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.36 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.206.67 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	vmray.com www.vmray.com	179 KB
2	google.de www.google.de — Cisco Umbrella Rank: 7810	126 B
2	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 3095	317 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 89	397 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	21 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	105 KB
49	6

	Domain	Requested by
40	www.vmray.com	www.vmray.com
2	www.google.de
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	www.google-analytics.com	www.vmray.com www.google-analytics.com
1	region1.analytics.google.com	www.googletagmanager.com
1	www.google.com
1	www.googletagmanager.com	www.google-analytics.com
49	7

This site contains no links.

Subject Issuer	Validity	Valid
www.vmray.com Amazon RSA 2048 M02	`2023-10-30` - `2024-11-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Frame ID: 46ED9BA2868FA07413E1EDD7FE6FF4B8
Requests: 49 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bad Rabbit Ransomware | VMRay Analyzer Report

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

49
Requests

100 %
HTTPS

57 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

306 kB
Transfer

795 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

49 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request overview.html Show response
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/ 47 KB
7 KB 155ms
46ms Document
text/html 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

d333ce94eb3faa402180ba8d71ff3fe26a9e678188e94d4fdb2fd12cfd7f654f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 3058
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 02 May 2024 07:57:47 GMT
etag: W/"6992e906ad1fc1dfef8ce6dabb41f592"
last-modified: Sat, 01 Feb 2020 00:50:19 GMT
referrer-policy: same-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-id: 608qLf41Dy7IcKfOmJeRbU71XW5At5aXKQw6VY_AjA3DTwCYGBU3rQ==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 jquery.min.js Show response
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 94 KB
33 KB 60ms
54ms Script
text/js 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/jquery.min.js

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 01 May 2024 18:16:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 52353
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: W/"8101d596b2b8fa35fe3a634ea342d7c3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/js
cache-control: max-age=31536000
x-amz-cf-id: 4hTbjkGK9CWWDpKdn-hkg2JkQ_G2RvfZXWrd_dN27SByR9kWHNmuYg==

GET
H2 200 prettify.js Show response
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/prettify/ 62 KB
19 KB 104ms
99ms Script
text/js 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/prettify/prettify.js

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

0c0545d8ea5f3fce43ce2123a68fbe05feccf3448402f71437f431c1814abbbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
x-permitted-cross-domain-policies: none
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 404
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: W/"1c1348e31460f3f1bf7721b1e2e87be6"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/js
cache-control: max-age=31536000
x-amz-cf-id: 0TQ3k4cuJKWNspZuVzKTTFXdGbaVZNqYrv61NGAlwYB7KSvUOfMFSQ==

GET
H2 200 lang-vb.js Show response
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/prettify/ 4 KB
2 KB 53ms
47ms Script
text/js 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/prettify/lang-vb.js

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

c7d4ed310b67114b3dc29a2f8761ba080ad68bbe4f5ab301f1ab45bb031545d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
x-permitted-cross-domain-policies: none
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 404
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: W/"9a234db3f694ecdf2e78b2edd1ebcacc"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/js
cache-control: max-age=31536000
x-amz-cf-id: gT5W3jS5-Y6TgZ7BsK_HImx-89NmGujWWXB8PP9JkculchL_60Lhxg==

GET
H2 200 prettify.css
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/prettify/ 2 KB
1 KB 99ms
93ms Stylesheet
text/css 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/prettify/prettify.css

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

2cad3a97b501ade85d71ce0303f134ee2da78684f1ceb1d26e225c8fec665b29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 404
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: W/"fab47c35b8f43fc261eae7ac4cb77417"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 8poi64nYUD4kxetNwOYsSAnXBhATNJs45u5adQNlkzwY6tym36aYoA==

GET
H2 200 hlog.css
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 54 KB
10 KB 111ms
106ms Stylesheet
text/css 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/hlog.css

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

549ea8009e3fc3c7a516f54f0fbd4f8588488890fa56c0355ab34fbafa7a5898

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 404
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: W/"1a374bb31f608d23c3b7fd05a38de81d"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: p_8JxFp7P9FhbixtVTC3DBXw18faOdmQQzhntXeU4D1JAGVTTFFq1Q==

GET
H2 200 hlog.js Show response
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 37 KB
12 KB 94ms
91ms Script
text/js 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/hlog.js

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

379510578e7cb1d4732a0c74b2c813a14ffd9f6fa8f50ef204bd139577114918

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
x-permitted-cross-domain-policies: none
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 404
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: W/"1d53d9f95be709f587832430a700e00b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/js
cache-control: max-age=31536000
x-amz-cf-id: NhBzzYq8D_L2mppyFwslW_Hah002BN6G56vnRYuMlgU3hZtZj0Bm2w==

GET
H2 200 VMRay.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 2 KB
2 KB 66ms
62ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/VMRay.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

5d6eab958c8e152924fe8b08c71f8175c4c916d667959691ed12d8ed5c1f3757

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 404
x-cache: Hit from cloudfront
content-length: 1900
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "be44e506210b435cd5143a4d13aa4f42"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: aDSqYE-qQyodApmrvn2R6wPCAzzX4MrUu_F28xdqvWf4vK_U92W83w==

GET
H2 200 icon_overview_active.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 546 B
1 KB 56ms
51ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_overview_active.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

0eb14b52b479a9d65e31fa435c8229724503cc5f2fcd1e997df299905177fd72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 403
x-cache: Hit from cloudfront
content-length: 546
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:19 GMT
server: nginx
etag: "8b0d16c6d026cb0d5c3f5df125715df2"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: DtFLD3uW-Sc185g9zCxz2XleGfyPa23dm80Ytg7oj6sa6w3vopHjSw==

GET
H2 200 icon_risk.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 676 B
1 KB 64ms
60ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_risk.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

26ab28f2811d64b7d38bb27968983f1445dc27b97b34e32578dd8506c962b80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 403
x-cache: Hit from cloudfront
content-length: 676
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:19 GMT
server: nginx
etag: "41a5d8e27b53efb29c6c2b2c9723c38d"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 6V4ElNOg3oes6HxTWUyq37_dmh6TaAz6o_Kz1gV13nW3odFQqydO7Q==

GET
H2 200 icon_network.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 1 KB
2 KB 54ms
50ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_network.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

33a03a7b3fe38f4be480c02247b15edd8a3eab191273b1fea19882d3bc95c5b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 403
x-cache: Hit from cloudfront
content-length: 1262
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "bdcf4baf9484279df6a0921c0823a793"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ZyTEcX8MDCFm9eT3plVe7dH5QQ7d-khmsfXXKAnqt62pkuo0GRXMkw==

GET
H2 200 icon_user.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 1 KB
2 KB 68ms
63ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_user.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

a271c12da75fb0bb8cb5663e30a61cc94086f411ece0da6337535cc7f0a564da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 403
x-cache: Hit from cloudfront
content-length: 1178
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "7726b3b24b68ba94234e64cc5191565e"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: BIVfx8abwxc0E0x9GRgmVbv1ia3FpUFS2LmOYgBcwuJdCyqrmX6gLg==

GET
H2 200 icon_kernel.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 1 KB
2 KB 56ms
52ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_kernel.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

5b79b5519507418d59f47470acb85798955fc36cb4506cfae54e522e3097a56c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 403
x-cache: Hit from cloudfront
content-length: 1204
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "ff280124b32d02dfb9d367fd0dab43a4"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: KcqX6n7LeeTQNk-BCQLkNGdmP3oEvCFe3I70DIk47mNcHSFwZKePqQ==

GET
H2 200 icon_info.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 565 B
1 KB 63ms
59ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_info.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

b305c96bea3c07ca0cebe4b8d84c1e007b3f5b3084387f5dfa9f8c75b875ae5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 403
x-cache: Hit from cloudfront
content-length: 565
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:19 GMT
server: nginx
etag: "ba2609bdedcb05498cf892b573208d8d"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: alq1bnrLSy54XtVPfSObAB-9adNRGgD1m4noSEWlW8CMUfnozRH_FA==

GET
H2 200 icon_yara.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 1 KB
2 KB 96ms
92ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_yara.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

ed661a9c7d4c523aa4a53e87d211d0182a8c3001b72ff1f229032f9d621616a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 404
x-cache: Hit from cloudfront
content-length: 1082
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "c6b551371be9e9d2cc81d437a977f179"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: xmFioI2EvjsOSduDe4KokPZI38MhCOH9H7KqFpMYrYFUMkR5F-PstA==

GET
H2 200 icon_expand.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 443 B
964 B 64ms
63ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_expand.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

a38ccf9643f2fbcd481d9d0b03ff2ac33f37bc8c0b6207c7e56e0a25e422e581

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 404
x-cache: Hit from cloudfront
content-length: 443
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "5586907044820dbc559676a2c7687e12"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: lznETm2hxVMJFY0lKQSPGvsk7JnW9VUazH8QkJhkq-ijf2eKLTk5Dg==

GET
H2 200 icon_collapse.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 315 B
835 B 44ms
43ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_collapse.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

b94c51991f082d6083d02b820714e32617d90205d4f084d853240786eedb861c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 404
x-cache: Hit from cloudfront
content-length: 315
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "81add3851eac10529e8b57d0cd6e2ba5"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 10poMxJqHM2KWTAFPASFnZA42X7BArYgkRxJycY1EipF3iRdVvKCZg==

GET
H2 200 okgrey.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 280 B
799 B 55ms
51ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/okgrey.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

c8bd1370d358031c02d1bf357a3d06bdc0477555e39d76bda04f2764f9c09df5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 404
x-cache: Hit from cloudfront
content-length: 280
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "4676c4d3c62eb2bdd8bc7e70ca602eca"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ETw8fJLsKvfsB4nW-Ub8NleZbb3HH2fbtviYGTZyuDwP2DAzmZ_2bA==

GET
H2 200 nogrey.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 281 B
801 B 57ms
53ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/nogrey.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

61d1da0b1369acab9a71f00e29a87c0bcb221ca67a58169cc729c35fc14b997b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 403
x-cache: Hit from cloudfront
content-length: 281
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "d5d14ce81a15ad09041a72af78da8302"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: uIrRGM5ytEAPbuyGJ9WI87gbaZWQg-cODJvQqdxo1zYlNRqL7bD0vA==

GET
H2 200 attention.svg
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 589 B
910 B 57ms
53ms Image
image/svg+xml 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/attention.svg

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

9618b162364fc3ef7e2040551a6d2eb945253ba7e15fc1b9896d7a95e5442992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 403
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: W/"b4bc232411133c9608419e86c871b995"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: rmlHPyO1SUVqQBPiQGsmgHmleA62mGXNhMSLX8Y_Go9cI22jFWjbLw==

GET
H2 200 info.svg
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 564 B
897 B 64ms
60ms Image
image/svg+xml 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/info.svg

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

3dda3b2f890742b48da89f5186fb6e4802b9c5e572fed32d4147246f638c20d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 402
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: W/"70a757557d583f429a663c5f3ad25eca"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: -l1ENhJurY8Vsv7H0S4dFTB6ishXv1y8afrZqsQSINUBvBKEMaJaaw==

GET
H2 200 thumbnail_0.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 2 KB
3 KB 58ms
54ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_0.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

2e1fb47936e48a03a3e4472e60f0059c695c75b4425371ff5f78c236d59d4c18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 402
x-cache: Hit from cloudfront
content-length: 2163
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "5cf1ae5e6d668e8e939b328f9f48d115"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: SohAD1PTtLJWbKPqiO9V4Q5Rz4eLlhq6cAT_MdEAleVpvj3Y54lkJA==

GET
H2 200 thumbnail_9994.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 3 KB
4 KB 61ms
58ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_9994.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

257842f6a8a4aa6b2ca8f677e13866b27d8e47d400e06f4e414f596530f4651a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 403
x-cache: Hit from cloudfront
content-length: 3230
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:21 GMT
server: nginx
etag: "590612f3f29a80d2717c04514bb1303c"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: Ffm8z7zuzvm5KrPvG7Rn4evb8N3BW4gCjFBjsXdxFtq6-FVVPRfABQ==

GET
H2 200 thumbnail_11019.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 2 KB
2 KB 58ms
55ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_11019.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

14a16564db087351cab0c6b1ff5e4082e0768afbd36e8732988d499f4d44a827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 402
x-cache: Hit from cloudfront
content-length: 1953
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:21 GMT
server: nginx
etag: "dd7442d2894308763edf7ebfe9b12065"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: rSwvxwq9KCtyugmcXel0fZYPnZcK4wdAM9YWIRfABRtACO2CQhPYUg==

GET
H2 200 thumbnail_14371.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 2 KB
3 KB 59ms
56ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_14371.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

c79c78fb8ad4ce09aacf81ae8b8461468cdb53ef7d61f97e37cd42d25b16b7e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 402
x-cache: Hit from cloudfront
content-length: 2483
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:19 GMT
server: nginx
etag: "0e04cbf46bc55f5aaf0e08c8627d4a97"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: QPjAQBS9jlWMD7V3EosS5X09iY22oIMrUnBENiK7ptw95SOdWU_OUQ==

GET
H2 200 thumbnail_15386.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 2 KB
2 KB 60ms
57ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_15386.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

14a16564db087351cab0c6b1ff5e4082e0768afbd36e8732988d499f4d44a827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 1953
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:21 GMT
server: nginx
etag: "dd7442d2894308763edf7ebfe9b12065"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: PjnUpqDkC1Ox1krFiaUVbxMjKipsXBNAH3w81gJr4msvRsAFSFigQg==

GET
H2 200 thumbnail_39666.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 152 B
672 B 65ms
62ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_39666.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

e16ced21eba76d048705c9eb9b2d0943a03f0af8658d79fc96d646785e5a6c54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 402
x-cache: Hit from cloudfront
content-length: 152
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "31bf4c569f65f5527d9176a04f7b50dc"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: w5VHKfAOy3k-b_BZEXq-4Xi462wJ66tpJ9EzhGVtzfj_Gw3PRvNE-Q==

GET
H2 200 thumbnail_40676.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 11 KB
12 KB 65ms
61ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_40676.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

c7262c1b93b8cf8838d63c5fabed448e4801256be80579c7168e158c7ecd78db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 402
x-cache: Hit from cloudfront
content-length: 11579
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "6657320577416703ac90e15f7673cbb8"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 0p1aGGs3Ka3-aRJyQf0mjRiwv0AbBUdf9J1WQHcQzWwj3JgZtFCU5Q==

GET
H2 200 thumbnail_55809.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 110 B
630 B 77ms
74ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_55809.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

c657586ecd1caeb6f6c1e2ca6e51a40c14e04d7e074c881e0c3427cf74f98d5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 110
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:19 GMT
server: nginx
etag: "1eb43c0712803eca187c6a2f7570828c"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: lGZvzGbSlEOw-jF5kXBlRF5uvWzgBqvCFwdOILs65iLdMy7zf9Z0Gg==

GET
H2 200 thumbnail_56857.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 11 KB
12 KB 72ms
69ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_56857.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

39ac7516d16a5f98f909ae14aae0c4e44b42b81d402ac3963647d68af75bc8e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 11574
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "c3e602c5dd829778c45ea084ae08f41e"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 9VfEGsNSvWGOkQpYcAezHpxLG7_BpeTUjUha9vrB3CeefiMu32AW2w==

GET
H2 200 thumbnail_73438.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 12 KB
12 KB 70ms
67ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_73438.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

7e1166c2fecb206f05258a2249a5c4353af0c9c447dc20380cbc65382f75cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 11810
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:19 GMT
server: nginx
etag: "2b8837e192969a788e69599355bca180"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: YY_GjJyTw5NfQGI7TbyyU5b_F0gw2ov0HQfDeIyOyvuxlPLQUF86xA==

GET
H2 200 thumbnail_74467.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/ 5 KB
5 KB 76ms
73ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/screenshots/thumbnail_74467.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

f00dc6f648012875ae18e591965f7bc47e13b1c9b1a89e147d8af986537b973d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 4610
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:19 GMT
server: nginx
etag: "15eb11862c20f527bda213a0ecaacd26"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: d0Cns8K9VwOxQUrHIU_n0z2X01LFbdl93RFsKLm-X5Iyd_dok3iJHw==

GET
H2 200 process_graph.svg
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/ 71 KB
12 KB 79ms
76ms Image
image/svg+xml 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/process_graph.svg

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

ba04666869db60cb73d99939d290efbb6a1cbd47a4130e90594453aff305b0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 400
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: W/"44d2277c7523e013cdb5391ba9972b3b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: mTe60skRLW6fCo4FfXcQKr0xucEjPhYPkxHGm7u8ridZUCIiLizelg==

GET
H2 200 overlay_logo.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 1 KB
2 KB 82ms
80ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/overlay_logo.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

273954bab36d4fb4090b5d46eed081aa162934f925e6b1bc3fe0c710c4a8ff7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 1421
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "3c38f3a82d93ffd635f161ac105bee53"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 9Wrv7PaWpzLefl-_FmEV-H5PbbaWn5KoCUELYOabOVDrPhJPNRKw5w==

GET
H2 200 icon_download.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 493 B
1011 B 81ms
79ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_download.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

0abe3a27edcdfb39bdeb1842cb691abec8c1c53636baa99b98a283254f1c5b97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 493
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "cecf746e0cdd4228c98f210b501f5628"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: uRRIWvI3N-spvzh0sWFbqsPgvU00LUG1dJSAXTRWn4n4Zmwx-BE20g==

GET
H2 200 icon_exit.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 913 B
1 KB 74ms
72ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_exit.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

9880db8a4580a949bed86b111b4a322ce69e36718f4b03e678fcea79047adbcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 913
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "eacb5a8be847748aadefa29ecbdbf9fc"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: etlgceNlJjKcTc_h7hUXN-YUea8-WGc_ciPqeqihXvnEGNzzzbAS9g==

GET
H2 200 icon_expand_img_viewer.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 520 B
1 KB 83ms
81ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_expand_img_viewer.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

c506af2ad4857b2f51e006235a3d4dfa21cedf45e5e95418fce3aed90ce272ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 520
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "48b13665e2378259b3b9dc3fe8e7ea65"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: dWFlYZf5cMQh-WOkUxiVDU2_k6hnqhRYYw6Cn2mrmeATxtrnGnnBZQ==

GET
H2 200 icon_left.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 844 B
1 KB 73ms
70ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_left.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

b87ef0d3efd5789f76452acedd2279c9951c1edd7c4ab1d917b0438020a4ec4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 844
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "1fcf1e681553c0a08220186b0944cb30"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: InfJfiWp7oeHnjVFoIycavISKcIB-1HP4He86ccg1Ty4iKLmLK3D6Q==

GET
H2 200 icon_right.png
www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/ 841 B
1 KB 79ms
77ms Image
image/png 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/icon_right.png

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-115.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

18efb3fb079659659045945975c454332b2a4dd415fdc56bcb9c45bafab906c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:42:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
age: 401
x-cache: Hit from cloudfront
content-length: 841
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 01 Feb 2020 00:50:20 GMT
server: nginx
etag: "3805a83161e1441b8e28d4321948c915"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: nepz7BAsfi_-aNK3giZzpdimD_XX3uDrohQecGZaboiZqjnOWMMXKg==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 136ms
39ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.vmray.com
URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 02 May 2024 07:41:03 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 4062
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 02 May 2024 09:41:03 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
222 B 47ms
46ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1463003554&t=pageview&_s=1&dl=https%3A%2F%2Fwww.vmray.com%2Fanalyses%2Fbad-rabbit-ransomware-flash-analysis%2Freport%2Foverview.html&ul=de-de&de=UTF-8&dt=Bad%20Rabbit%20Ransomware%20%7C%20VMRay%20Analyzer%20Report&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=22517844&gjid=762159350&cid=2004995707.1714639726&tid=UA-51345830-1&_gid=1898084352.1714639726&_r=1&_slc=1&z=438157484

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dedc35aea6dd16e758bbb0294f3cdd4c7695667212b88c85c21f14404e2e2788

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 02 May 2024 08:48:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.vmray.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 favicon.ico
www.vmray.com/ 0
351 B 189ms
189ms Other
image/x-icon 99.86.4.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.vmray.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-115.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:48:46 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
last-modified: Mon, 08 Apr 2024 18:13:58 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "661433e6-0"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 0
x-amz-cf-id: 79P11XWV4Qh6JeHLFzhFl1IhOpOtsKSG09E5QvI3iKj5pco8c1eV0Q==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
349 B 147ms
50ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-51345830-1&cid=2004995707.1714639726&jid=22517844&gjid=762159350&_gid=1898084352.1714639726&_u=IEBAAEAAAAAAACAAI~&z=290056571

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 02 May 2024 08:48:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.vmray.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 307 KB
105 KB 159ms
73ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5J15FVLRV9&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

de49ade9fe0ce9f092b86ce3c4df039f3169b8dc54af66ee4756007a94cbec85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 08:48:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 02 May 2024 08:48:46 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 587ms
66ms Image
image/gif 142.250.186.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-51345830-1&cid=2004995707.1714639726&jid=22517844&_u=IEBAAEAAAAAAACAAI~&z=1233949163

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 02 May 2024 08:48:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 124ms
73ms Image
image/gif 216.58.206.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-51345830-1&cid=2004995707.1714639726&jid=22517844&_u=IEBAAEAAAAAAACAAI~&z=1233949163

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 02 May 2024 08:48:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
254 B 426ms
51ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-5J15FVLRV9&gtm=45je44t0v9116084844za200&_p=1714639725978&_gaz=1&gcd=13l3lPl2l2&npa=0&dma_cps=sypham&dma=1&ul=de-de&sr=1600x1200&cid=2004995707.1714639726&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fwww.vmray.com%2Fanalyses%2Fbad-rabbit-ransomware-flash-analysis%2Freport%2Foverview.html&dt=Bad%20Rabbit%20Ransomware%20%7C%20VMRay%20Analyzer%20Report&sid=1714639726&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=781
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5J15FVLRV9&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 02 May 2024 08:48:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.vmray.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
48 B 49ms
49ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-5J15FVLRV9&cid=2004995707.1714639726&gtm=45je44t0v9116084844za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l2&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5J15FVLRV9&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 02 May 2024 08:48:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.vmray.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 67ms
67ms Image
image/gif 216.58.206.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-5J15FVLRV9&cid=2004995707.1714639726&gtm=45je44t0v9116084844za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l2&npa=0&z=1837031816

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 02 May 2024 08:48:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.vmray.com/	1970-01-21 05:53:19	Name: _ga Value: GA1.2.2004995707.1714639726
.vmray.com/	1970-01-20 20:18:46	Name: _gid Value: GA1.2.1898084352.1714639726
.vmray.com/	1970-01-20 20:17:19	Name: _gat Value: 1
.vmray.com/	1970-01-21 05:53:19	Name: _ga_5J15FVLRV9 Value: GS1.2.1714639726.1.0.1714639726.60.0.0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html Message: Refused to execute script from 'https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/jquery.min.js' because its MIME type ('text/js') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html Message: Refused to execute script from 'https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/prettify/prettify.js' because its MIME type ('text/js') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html Message: Refused to execute script from 'https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/prettify/lang-vb.js' because its MIME type ('text/js') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/report/overview.html Message: Refused to execute script from 'https://www.vmray.com/analyses/bad-rabbit-ransomware-flash-analysis/static/hlog.js' because its MIME type ('text/js') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

region1.analytics.google.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.vmray.com
142.250.186.36
2001:4860:4802:32::36
216.58.206.67
2a00:1450:4001:806::200e
2a00:1450:4001:80f::2008
2a00:1450:400c:c00::9a
99.86.4.115
0abe3a27edcdfb39bdeb1842cb691abec8c1c53636baa99b98a283254f1c5b97
0c0545d8ea5f3fce43ce2123a68fbe05feccf3448402f71437f431c1814abbbe
0eb14b52b479a9d65e31fa435c8229724503cc5f2fcd1e997df299905177fd72
14a16564db087351cab0c6b1ff5e4082e0768afbd36e8732988d499f4d44a827
18efb3fb079659659045945975c454332b2a4dd415fdc56bcb9c45bafab906c0
257842f6a8a4aa6b2ca8f677e13866b27d8e47d400e06f4e414f596530f4651a
26ab28f2811d64b7d38bb27968983f1445dc27b97b34e32578dd8506c962b80b
273954bab36d4fb4090b5d46eed081aa162934f925e6b1bc3fe0c710c4a8ff7c
2cad3a97b501ade85d71ce0303f134ee2da78684f1ceb1d26e225c8fec665b29
2e1fb47936e48a03a3e4472e60f0059c695c75b4425371ff5f78c236d59d4c18
33a03a7b3fe38f4be480c02247b15edd8a3eab191273b1fea19882d3bc95c5b9
379510578e7cb1d4732a0c74b2c813a14ffd9f6fa8f50ef204bd139577114918
39ac7516d16a5f98f909ae14aae0c4e44b42b81d402ac3963647d68af75bc8e9
3dda3b2f890742b48da89f5186fb6e4802b9c5e572fed32d4147246f638c20d1
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
549ea8009e3fc3c7a516f54f0fbd4f8588488890fa56c0355ab34fbafa7a5898
5b79b5519507418d59f47470acb85798955fc36cb4506cfae54e522e3097a56c
5d6eab958c8e152924fe8b08c71f8175c4c916d667959691ed12d8ed5c1f3757
61d1da0b1369acab9a71f00e29a87c0bcb221ca67a58169cc729c35fc14b997b
7e1166c2fecb206f05258a2249a5c4353af0c9c447dc20380cbc65382f75cc0a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
9618b162364fc3ef7e2040551a6d2eb945253ba7e15fc1b9896d7a95e5442992
9880db8a4580a949bed86b111b4a322ce69e36718f4b03e678fcea79047adbcf
a271c12da75fb0bb8cb5663e30a61cc94086f411ece0da6337535cc7f0a564da
a38ccf9643f2fbcd481d9d0b03ff2ac33f37bc8c0b6207c7e56e0a25e422e581
b305c96bea3c07ca0cebe4b8d84c1e007b3f5b3084387f5dfa9f8c75b875ae5c
b87ef0d3efd5789f76452acedd2279c9951c1edd7c4ab1d917b0438020a4ec4c
b94c51991f082d6083d02b820714e32617d90205d4f084d853240786eedb861c
ba04666869db60cb73d99939d290efbb6a1cbd47a4130e90594453aff305b0c9
c506af2ad4857b2f51e006235a3d4dfa21cedf45e5e95418fce3aed90ce272ee
c657586ecd1caeb6f6c1e2ca6e51a40c14e04d7e074c881e0c3427cf74f98d5e
c7262c1b93b8cf8838d63c5fabed448e4801256be80579c7168e158c7ecd78db
c79c78fb8ad4ce09aacf81ae8b8461468cdb53ef7d61f97e37cd42d25b16b7e6
c7d4ed310b67114b3dc29a2f8761ba080ad68bbe4f5ab301f1ab45bb031545d0
c8bd1370d358031c02d1bf357a3d06bdc0477555e39d76bda04f2764f9c09df5
d333ce94eb3faa402180ba8d71ff3fe26a9e678188e94d4fdb2fd12cfd7f654f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de49ade9fe0ce9f092b86ce3c4df039f3169b8dc54af66ee4756007a94cbec85
dedc35aea6dd16e758bbb0294f3cdd4c7695667212b88c85c21f14404e2e2788
e16ced21eba76d048705c9eb9b2d0943a03f0af8658d79fc96d646785e5a6c54
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed661a9c7d4c523aa4a53e87d211d0182a8c3001b72ff1f229032f9d621616a2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f00dc6f648012875ae18e591965f7bc47e13b1c9b1a89e147d8af986537b973d

www.vmray.com Open in urlscan Pro 99.86.4.115 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

49 Requests

100 %HTTPS

57 %IPv6

6 Domains

7 Subdomains

7 IPs

3 Countries

306 kBTransfer

795 kBSize

4 Cookies

0 Outgoing links

Redirected requests

49 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.vmray.com Open in urlscan Pro
99.86.4.115 Public Scan

Screenshot
Live screenshot

Full Image

49
Requests

100 %
HTTPS

57 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

306 kB
Transfer

795 kB
Size

4
Cookies

49 HTTP transactions
0 data transactions