cyble.com Open in urlscan Pro
192.0.78.231 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Submission: On April 26 via api (April 26th 2024, 2:12:29 am UTC) from TR — Scanned from DE

Summary HTTP 203 Redirects Links 74 Behaviour Indicators

Summary

This website contacted 52 IPs in 5 countries across 39 domains to perform 203 HTTP transactions. The main IP is 192.0.78.231, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is cyble.com.
TLS certificate: Issued by R3 on March 30th 2024. Valid for: 3 months.

This is the only time cyble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
81	192.0.78.231 192.0.78.231	2635 (AUTOMATTIC) (AUTOMATTIC)
11	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.138.101 172.67.138.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	2606:4700::68... 2606:4700::6811:f8cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2606:4700:440... 2606:4700:4400::ac40:9923	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	104.18.141.119 104.18.141.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:8bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2600:9000:264... 2600:9000:2644:c00:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::ac40:9af8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:780... 2a02:26f0:780::210:a45b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2620:1ec:bdf::67 2620:1ec:bdf::67	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	172.64.153.35 172.64.153.35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2400:52e0:1e0... 2400:52e0:1e00::1079:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2a05:d018:cc3... 2a05:d018:cc3:fe05:8cc9:e724:6e37:8294	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8d11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4f8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:310... 2606:4700:3108::ac42:2af8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:267... 2600:9000:2670:c400:7:d7d6:3c40:93a1	16509 (AMAZON-02) (AMAZON-02)
3	20.119.174.243 20.119.174.243	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.153.4.44 18.153.4.44	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	3.127.196.46 3.127.196.46	16509 (AMAZON-02) (AMAZON-02)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:440... 2606:4700:4400::ac40:96a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.250.74.196 142.250.74.196	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
1	172.217.18.4 172.217.18.4	15169 (GOOGLE) (GOOGLE)
2	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:211... 2600:9000:211e:fa00:4:8491:f2c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.172.103.101 18.172.103.101	16509 (AMAZON-02) (AMAZON-02)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
2 3	34.228.243.82 34.228.243.82	14618 (AMAZON-AES) (AMAZON-AES)
1 1	3.77.215.189 3.77.215.189	16509 (AMAZON-02) (AMAZON-02)
1 1	18.194.168.76 18.194.168.76	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	18.210.220.232 18.210.220.232	14618 (AMAZON-AES) (AMAZON-AES)
1	216.239.34.36 216.239.34.36	15169 (GOOGLE) (GOOGLE)
203	52

81 192.0.78.231 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.138.101 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:f8cb (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:9923 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.141.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:8bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2644:c00:6:9280:1080:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9af8 (United States)

ASN13335 (CLOUDFLARENET, US)

nitroscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:780::210:a45b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::67 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.153.35 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

www.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2400:52e0:1e00::1079:1 (Germany)

ASN200325 (BUNNYCDN, SI)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe05:8cc9:e724:6e37:8294 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8d11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3108::ac42:2af8 (United States)

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2670:c400:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.119.174.243 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

r.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.153.4.44 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-153-4-44.eu-central-1.compute.amazonaws.com

x.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.196.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

app.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:96a3 (United States)

ASN13335 (CLOUDFLARENET, US)

to.getnitropack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.196 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.4 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:fa00:4:8491:f2c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.103.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-103-101.fra60.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.228.243.82 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-228-243-82.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.77.215.189 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-77-215-189.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.194.168.76 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-168-76.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.210.220.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-220-232.compute-1.amazonaws.com

hemsync.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
81	cyble.com cyble.com	774 KB
23	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 5888 api.omappapi.com — Cisco Umbrella Rank: 5994	100 KB
22	wp.com fonts-api.wp.com — Cisco Umbrella Rank: 17759 i0.wp.com — Cisco Umbrella Rank: 3768 s0.wp.com — Cisco Umbrella Rank: 8621 stats.wp.com — Cisco Umbrella Rank: 2879 fonts.wp.com — Cisco Umbrella Rank: 18420 pixel.wp.com — Cisco Umbrella Rank: 2841	705 KB
7	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 4170 api.hubspot.com — Cisco Umbrella Rank: 4845 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4116 app.hubspot.com — Cisco Umbrella Rank: 5595 track.hubspot.com — Cisco Umbrella Rank: 2416 forms.hubspot.com — Cisco Umbrella Rank: 5487	30 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 747 r.clarity.ms — Cisco Umbrella Rank: 837268 c.clarity.ms — Cisco Umbrella Rank: 1371	28 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 328 www.linkedin.com — Cisco Umbrella Rank: 613 px4.ads.linkedin.com — Cisco Umbrella Rank: 6223	3 KB
5	clickagy.com 2 redirects tags.clickagy.com — Cisco Umbrella Rank: 24652 aorta.clickagy.com — Cisco Umbrella Rank: 2146 hemsync.clickagy.com — Cisco Umbrella Rank: 21122	15 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	269 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31 region1.google-analytics.com — Cisco Umbrella Rank: 2404	21 KB
5	adroll.com s.adroll.com — Cisco Umbrella Rank: 3422 d.adroll.com — Cisco Umbrella Rank: 1607	144 KB
4	gartner.com 1 redirects www.gartner.com — Cisco Umbrella Rank: 53998	115 KB
4	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 744	43 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 6963	4 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	285 KB
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 543 d.agkn.com — Cisco Umbrella Rank: 717	1 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1361 insight.adsrvr.org — Cisco Umbrella Rank: 622	4 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4706	3 KB
2	google.com www.google.com — Cisco Umbrella Rank: 2	882 B
2	getnitropack.com to.getnitropack.com — Cisco Umbrella Rank: 12038	278 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	3 KB
2	clearbitjs.com x.clearbitjs.com — Cisco Umbrella Rank: 16569	45 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	70 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2505	2 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 231	36 KB
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 457	98 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 228	761 B
1	clearbit.com app.clearbit.com — Cisco Umbrella Rank: 17072	1 KB
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 84	342 B
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 4475	926 B
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 13490	5 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	273 B
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4787	25 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5216	88 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2216	21 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2206	23 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 781	17 KB
1	nitroscripts.com nitroscripts.com — Cisco Umbrella Rank: 16895	16 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6663	154 KB
1	unpkg.co 1 redirects unpkg.co — Cisco Umbrella Rank: 178253	543 B
203	39

	Domain	Requested by
81	cyble.com	cyble.com
21	a.omappapi.com	cyble.com a.omappapi.com
9	i0.wp.com	cyble.com
8	fonts.wp.com	fonts-api.wp.com
4	fonts.gstatic.com	fonts.googleapis.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	s.adroll.com	cyble.com www.googletagmanager.com s.adroll.com
4	www.gartner.com	1 redirects cyble.com www.gartner.com
4	unpkg.com	2 redirects cyble.com
3	aorta.clickagy.com	2 redirects tags.clickagy.com
3	js.zi-scripts.com	cyble.com js.zi-scripts.com
3	r.clarity.ms	www.clarity.ms
3	region1.google-analytics.com	www.googletagmanager.com
3	www.googletagmanager.com	cyble.com www.googletagmanager.com
2	ws.zoominfo.com	js.zi-scripts.com
2	www.google.com	a.omappapi.com www.gstatic.com
2	c.clarity.ms	1 redirects
2	to.getnitropack.com	nitroscripts.com
2	fonts.googleapis.com	a.omappapi.com
2	x.clearbitjs.com	tag.clearbitscripts.com
2	api.hubspot.com	js.usemessages.com
2	api.omappapi.com	a.omappapi.com
2	www.clarity.ms	cyble.com www.clarity.ms
2	connect.facebook.net	www.googletagmanager.com connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	js.hs-scripts.com	cyble.com www.googletagmanager.com
2	cdnjs.cloudflare.com	cyble.com www.gartner.com
2	fonts-api.wp.com	cyble.com
1	hemsync.clickagy.com	tags.clickagy.com
1	idsync.rlcdn.com
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	insight.adsrvr.org	js.adsrvr.org
1	js.adsrvr.org	cyble.com
1	tags.clickagy.com	cyble.com
1	www.gstatic.com	www.google.com
1	forms.hubspot.com	js.hsleadflows.net
1	track.hubspot.com
1	c.bing.com	1 redirects
1	app.clearbit.com	x.clearbitjs.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	app.hubspot.com	js.usemessages.com
1	perf-na1.hsforms.com	cyble.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	tag.clearbitscripts.com	www.googletagmanager.com
1	www.facebook.com	cyble.com
1	px4.ads.linkedin.com	cyble.com
1	www.linkedin.com	1 redirects
1	pixel.wp.com	cyble.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	d.adroll.com	s.adroll.com
1	snap.licdn.com	www.googletagmanager.com
1	nitroscripts.com	cyble.com
1	stats.wp.com	cyble.com
1	js.hsforms.net	cyble.com
1	s0.wp.com	cyble.com
1	unpkg.co	1 redirects
203	61

This site contains links to these domains. Also see Links.

Domain
cyble.ai
www.cyble.com
getodin.com
thecyberexpress.com
partnernetwork.cyble.com
partnercentral.cyble.com
www.radware.com
www.virustotal.com
attack.mitre.org
blog.cyble.com
trust.cyble.com
twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2024-03-30` - `2024-06-28`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
hsforms.net GTS CA 1P5	`2024-04-15` - `2024-07-14`	3 months	crt.sh
hs-scripts.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
s.adroll.com Amazon RSA 2048 M01	`2023-06-03` - `2024-07-01`	a year	crt.sh
nitroscripts.com GTS CA 1P5	`2024-03-03` - `2024-06-01`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-02-03` - `2024-05-03`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
www.gartner.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-13`	a year	crt.sh
a.omappapi.com R3	`2024-03-29` - `2024-06-27`	3 months	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2023-10-09` - `2024-11-07`	a year	crt.sh
hs-banner.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
hs-analytics.net GTS CA 1P5	`2024-04-13` - `2024-07-12`	3 months	crt.sh
hsleadflows.net E1	`2024-04-05` - `2024-07-04`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
usemessages.com E1	`2024-04-12` - `2024-07-11`	3 months	crt.sh
omappapi.com GTS CA 1P5	`2024-04-18` - `2024-07-17`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
clearbitscripts.com Amazon RSA 2048 M01	`2023-06-11` - `2024-07-09`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh
hsforms.com GTS CA 1P5	`2024-04-17` - `2024-07-16`	3 months	crt.sh
clearbitjs.com Amazon RSA 2048 M02	`2024-02-15` - `2025-03-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
clearbit.com Amazon RSA 2048 M03	`2024-02-15` - `2025-03-16`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2024-03-29` - `2024-06-27`	3 months	crt.sh
getnitropack.com Cloudflare Inc ECC CA-3	`2024-01-13` - `2024-12-31`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
zoominfo.com E1	`2024-04-19` - `2024-07-18`	3 months	crt.sh
*.clickagy.com Amazon ECDSA 256 M02	`2023-09-22` - `2024-10-20`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Frame ID: 48F255891C2DC6B858EFFBD3792D4116
Requests: 196 HTTP requests in this frame

Frame: https://www.gartner.com/peer-insights/vendor-portal/public/Widget/data?widget_id=OGI4MjFjNTctM2JmYS00ZmE3LWE1NjgtOTY0NmZlNGEyNjI4&size=large
Frame ID: 8E800772199F623AF649984D7B3E0753
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/f0f127aca84f47eca502816a30d258d3?uuid=ace766a5a75d481f96637a08d63a75cd&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=f0f127aca84f47eca502816a30d258d3&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: 5816B65EC27AE90094CAE63565223DA7
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=gh0ei0uzguyf
Frame ID: 0E904B47FC133A5DE9C8D17F88CC376D
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=ixkqho4&ref=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&upid=x1swie6&upv=1.1.0&gdpr=1&gdpr_consent=undefined
Frame ID: E396040F6AFEC5F37BD13C5D405A88CA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LOCKBIT Black's Legacy: Unraveling The DragonForce Ransomware Connection - Cyble

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/revslider/[/\w-]+/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

203
Requests

96 %
HTTPS

53 %
IPv6

39
Domains

61
Subdomains

52
IPs

5
Countries

3049 kB
Transfer

8838 kB
Size

52
Cookies

74 Outgoing links

These are links going to different origins than the main page.

URL: https://cyble.ai/auth/login?__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Login

Search URL Search Domain Scan URL

URL: https://www.cyble.com/products/cyble-vision
Title: Award-winning cyber threat intelligence platform, designed to provide enhanced security through real-time intelligence and threat detection.

Search URL Search Domain Scan URL

URL: https://getodin.com/
Title: Cyble OdinNew

Search URL Search Domain Scan URL

URL: https://thecyberexpress.com/
Title: The Cyber ExpressSubscribe

Search URL Search Domain Scan URL

URL: https://partnernetwork.cyble.com/
Title: Cyble Partner Network (CPN)

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/login
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/partner/registration
Title: Become a PartnerRegister

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22IT%20%26%20ITES%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: IT & ITES |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Government%20%26%20LEA%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Government & LEA |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Technology%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Technology |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Healthcare%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Healthcare |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Education%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Education

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22United%20States%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: United States |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22Russian%20Federation%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Russian Federation |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22China%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: China |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22United%20Kingdom%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: United Kingdom |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22Germany%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Germany

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22North%20America%20%28NA%29%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: North America (NA) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Europe%20%26%20UK%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Europe & UK |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Asia%20%26%20Pacific%20%28APAC%29%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Asia & Pacific (APAC) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Middle%20East%20%26%20Africa%20%28MEA%29%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Middle East & Africa (MEA) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Australia%20and%20New%20Zealand%20%28ANZ%29%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Australia and New Zealand (ANZ)

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%22a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%227bdbd180c081fa63ca94f9c22c457376%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: 7bdbd180c081fa63ca94f9c22c457376 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%229f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%222915b3f8b703eb744fc54c81f4a9c67f%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: 2915b3f8b703eb744fc54c81f4a9c67f |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%222.2.2.2%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: 2.2.2.2

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2024-21887%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: CVE-2024-21887 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2023-46805%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: CVE-2023-46805 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2024-21893%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: CVE-2024-21893 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2024-21412%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: CVE-2024-21412 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2021-44228%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: CVE-2021-44228

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1082%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: T1082 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1140%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: T1140 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1083%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: T1083 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1190%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: T1190 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1486%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: T1486

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0011%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: TA0011 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0007%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: TA0007 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0010%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: TA0010 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA577%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: TA577 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0005%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: TA0005

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22security%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: security |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22the-cyber-express%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: the-cyber-express |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22firewall-daily%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: firewall-daily |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22the-cyber-express-news%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: the-cyber-express-news |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22malware%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: malware

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Lockbit%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Lockbit |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Blackcat%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Blackcat |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22VoltTyphoon%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: VoltTyphoon |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Lazarus%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Lazarus |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22MidnightBlizzard%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: MidnightBlizzard

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22CobaltStrike%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: CobaltStrike |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Lockbit%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Lockbit |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Mirai%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Mirai |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Xmrig%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Xmrig |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Darkgate%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Darkgate

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Darkreading%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Darkreading |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Bleepingcomputer%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Bleepingcomputer |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22The%20Hacker%20News%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: The Hacker News |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22The%20Cyber%20Express%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: The Cyber Express |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Infosecurity%20Magazine%22%5D%7D&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&__hsfp=2492303821
Title: Infosecurity Magazine

Search URL Search Domain Scan URL

URL: https://www.radware.com/security/ddos-knowledge-center/ddospedia/dragonforce-malaysia/
Title: DragonForce

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/1250ba6f25fd60077f698a2617c15f89d58c1867339bfd9ee8ab19ce9943304b/detection
Title: binary

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1204/002/
Title: T1204.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1562/001/
Title: T1562.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1070/004/
Title: T1070.004

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1083/
Title: T1083

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1486/
Title: T1486

Search URL Search Domain Scan URL

URL: https://blog.cyble.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://trust.cyble.com/
Title: Cyble Trust Portal

Search URL Search Domain Scan URL

URL: https://twitter.com/cybleglobal
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyble-global/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@cybleglobal
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

https://unpkg.co/gsap@3/dist/gsap.min.js HTTP 302
https://unpkg.com/gsap@3/dist/gsap.min.js HTTP 302
https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

Request Chain 40

https://unpkg.com/gsap@3/dist/Draggable.min.js HTTP 302
https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

Request Chain 43

https://www.gartner.com/reviews/technology-providers/public/Widget/js/widget.js HTTP 301
https://www.gartner.com/peer-insights/vendor-portal/public/Widget/js/widget.js

Request Chain 124

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1714097543738&li_adsId=033fd80f-2385-4c28-802c-4e7f81526119&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1714097543738&li_adsId=033fd80f-2385-4c28-802c-4e7f81526119&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1714097543738%26li_adsId%3D033fd80f-2385-4c28-802c-4e7f81526119%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1714097543738&li_adsId=033fd80f-2385-4c28-802c-4e7f81526119&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1714097543738&li_adsId=033fd80f-2385-4c28-802c-4e7f81526119&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&cookiesTest=true&liSync=true&e_ipv6=AQLFhkfoAFj5DgAAAY8YLNyu90jEa-hGcuTyLmc0VG4Whp8kScN05Y41YBmH8a_S

Request Chain 179

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=CEA75259090140389A9F1033A710D074&RedC=c.clarity.ms&MXFR=3D574AD8A9DA680B36605EB5ADDA668A HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=CEA75259090140389A9F1033A710D074&MUID=33E2951609EA636F1529817B086162EB

Request Chain 198

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:49c90fcf0baffde37a56146f81ead241&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D HTTP 302
https://d.agkn.com/pixel/10751/?che=1714097546511&ip=81.95.5.36&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D216713104864000067169 HTTP 302
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=216713104864000067169 HTTP 302
https://idsync.rlcdn.com/420246.gif?partner_uid=c:49c90fcf0baffde37a56146f81ead241

203 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ 481 KB
88 KB 159ms
132ms Document
text/html 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1022ec744257a5958e4d468b28f458bb010d6636e633e49d242283746329878f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-edge-cache: no-cache
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 26 Apr 2024 02:12:23 GMT
host-header: WordPress.com
link: <https://cyble.com/wp-json/>; rel="https://api.w.org/" <https://cyble.com/wp-json/wp/v2/posts/40648>; rel="alternate"; type="application/json" <https://wp.me/pf01Lu-azC>; rel=shortlink
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding accept, content-type, cookie
x-ac: 2.hhn _atomic_ams MISS
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-hacker: Want root? Visit join.a8c.com and mention this header.
x-nananana: Batcache-Hit
x-nitro-cache: MISS
x-xss-protection: 1; mode=block

GET
H2 200 style.css
cyble.com/wp-content/plugins/gutenberg/build/block-library/ 111 KB
15 KB 7ms
6ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=18.1.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

69051958cee5d58e909a1da658e21fac0c4a7fc1c521b4e45cb378ba58815fd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 10 Apr 2024 06:17:46 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66162f0a-1bad6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
cyble.com/wp-content/themes/astra/assets/css/minified/ 48 KB
10 KB 7ms
7ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=4.6.12

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

55fb81f7628ac54c41192288b6cc325e74bca77bb6e466c6a51fff804d652f49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 18 Apr 2024 11:22:58 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66210292-be20"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
BLOB 200
OK adcd4358-24f4-4416-8183-b88ed0f48b41
https://cyble.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://cyble.com/adcd4358-24f4-4416-8183-b88ed0f48b41
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H2 200 css
fonts-api.wp.com/ 5 KB
1 KB 65ms
26ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.6.12

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

282130b4513ec550a3c9dac332c3d31e9b969503930faf930581c13d172adc6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-nc: BYPASS hhn 2
last-modified: Fri, 26 Apr 2024 02:12:23 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H3 200 style.css
cyble.com/wp-content/plugins/layout-grid/ 58 KB
3 KB 8ms
7ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/layout-grid/style.css?ver=1643201242

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 26 Jan 2022 12:47:22 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"61f142da-e64d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 mediaelementplayer-legacy.min.css
cyble.com/wp-includes/js/mediaelement/ 11 KB
3 KB 9ms
8ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"5f735862-2bf8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 wp-mediaelement.min.css
cyble.com/wp-includes/js/mediaelement/ 4 KB
1 KB 10ms
8ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.5.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"5cfaccce-105a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 pj-news-ticker.css
cyble.com/wp-content/plugins/pj-news-ticker/public/css/ 426 B
730 B 11ms
8ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/pj-news-ticker/public/css/pj-news-ticker.css?ver=1.9.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

790b349be1914fde877d1307143688fb102447716476d468bd5190a4f487b1bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Tue, 23 Jan 2024 12:51:19 GMT
server: nginx
etag: "65afb647-1aa"
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 426
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 general.min.css
cyble.com/wp-content/plugins/wp-job-openings/assets/css/ 38 KB
6 KB 12ms
9ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/wp-job-openings/assets/css/general.min.css?ver=3.4.6

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

144ee8fd3d8997d932fe2b5497979e7cde8fda86b41b0c6e32e47faa8e1157e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 02 Apr 2024 17:55:07 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"660c467b-96c7"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.min.css
cyble.com/wp-content/plugins/wp-job-openings/assets/css/ 18 KB
4 KB 14ms
11ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/wp-job-openings/assets/css/style.min.css?ver=3.4.6

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

36b74f0c72674951730e13d210bf20cbab196d2b93b00871195e03116dffc9d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 02 Apr 2024 17:55:07 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"660c467b-4985"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 header-footer-elementor.css
cyble.com/wp-content/plugins/header-footer-elementor/assets/css/ 776 B
595 B 15ms
12ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.28

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 17 Apr 2024 06:09:05 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661f6781-308"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend-lite.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 116 KB
14 KB 16ms
12ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.21.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0bc0ee31b90f499f89ccb6847b45fc23b37559c41def8ef9d8f198b0f90863bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 15:38:39 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a78ff-1d0a1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 swiper.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/ 16 KB
5 KB 17ms
13ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 15:38:39 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a78ff-4057"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 post-5708.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
706 B 18ms
15ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-5708.css?ver=1712221619

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9281e92347951df7b3764862686c89f3344547c77e10096acbb5196ff6c8645f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 04 Apr 2024 09:06:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"660e6db3-4bd"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend-lite.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 11 KB
2 KB 19ms
16ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.21.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

11f6e7def0540aebfe875eaabc6cde96c72f2ea4f024db3a7695ad07cde1df08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 16:47:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d5a15-2b2d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 uael-frontend.min.css
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/ 634 KB
69 KB 19ms
16ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1.36.30

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8dedac87774b6b9759fce6f3109df0ef693b3c6e2a72111bddf91a11a2a48834

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 12 Mar 2024 07:13:01 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65f0007d-9e63f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 post-9211.css
cyble.com/wp-content/uploads/elementor/css/ 21 KB
2 KB 21ms
18ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-9211.css?ver=1712221619

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3529c4b0684f9e29508a8c2e6b6095b3f7ecb7b5410ff5b1ba306c49bb63f703

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 04 Apr 2024 09:06:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"660e6db3-5359"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend.css
cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/ 74 KB
8 KB 22ms
19ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.28

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6f708315ec1e5f14fcf831768764aad338d6507ac1e5f11c155c820487052544

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 17 Apr 2024 06:09:05 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661f6781-1284f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 subscription-modal.css
cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/ 2 KB
851 B 24ms
21ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/subscription-modal.css?ver=13.4-a.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4191046282188511e39192189081ce8d7e1788b15e33e3f567c35bfafe70ae0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 22 Jan 2024 19:02:16 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65aebbb8-632"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 astra-addon-65e948c9b6c601-76327775.css
cyble.com/wp-content/uploads/astra-addon/ 50 KB
7 KB 26ms
23ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-65e948c9b6c601-76327775.css?ver=4.6.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

da614c06a9daea4f0b2773fc3ce151ac74e5e62966db6315edffe9f7701918a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 07 Mar 2024 04:55:37 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65e948c9-c6f3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 post-19102.css
cyble.com/wp-content/uploads/elementor/css/ 30 KB
4 KB 26ms
23ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-19102.css?ver=1712221620

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b4468ef363d059ed77ab7ae32daafcfb1b98f84d6474dedffd75e4b63de47bee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 04 Apr 2024 09:07:00 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"660e6db4-79cc"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 post-29249.css
cyble.com/wp-content/uploads/elementor/css/ 18 KB
3 KB 27ms
24ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-29249.css?ver=1712221845

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1d06242014fabc7be6a13c137113a9219c51850ca00f5b4ff8e1fb073c308a65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 16:18:32 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a8258-4733"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 post-40176.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
703 B 28ms
25ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-40176.css?ver=1713169016

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fec3ab99b7da211c21498630524f9e2ef23bea1e9fa69ea22f5714ffed68e87e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 08:16:56 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661ce278-49d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts-api.wp.com/ 123 KB
6 KB 68ms
32ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.5.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4b8521fd06207a88a9a06905d578dc414562bee7add4225a0e2478bf6f2a88e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-nc: BYPASS hhn 2
last-modified: Fri, 26 Apr 2024 02:12:23 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H3 200 jetpack.css
cyble.com/wp-content/plugins/jetpack/css/ 105 KB
20 KB 28ms
25ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/css/jetpack.css?ver=13.4-a.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c21d34249d4a61b1d0df5209aeb7cceed64891dcb7233ce6e91771306489baf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 20:40:26 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d90ba-1a512"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery.min.js Show response
cyble.com/wp-includes/js/jquery/ 86 KB
31 KB 30ms
27ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"64ecd5ef-15601"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery-migrate.min.js Show response
cyble.com/wp-includes/js/jquery/ 13 KB
5 KB 31ms
28ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6482bd64-3509"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 related-posts.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/ 6 KB
2 KB 32ms
30ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20240116

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 19 Jun 2023 19:16:28 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6490a98c-1661"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 pj-news-ticker.js Show response
cyble.com/wp-content/plugins/pj-news-ticker/public/js/ 874 B
702 B 33ms
30ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/pj-news-ticker/public/js/pj-news-ticker.js?ver=1.9.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bec72f63e5d121152a0daa5fb9e072ab99918433a082043acc76cb5b9c2aef12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 14 Feb 2024 14:23:19 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65ccccd7-36a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 349 KB
114 KB 68ms
26ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7f135570fa579113752e45267adfacfa8d9de4e297930c307c4654cf56378155

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 116769
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 26 Apr 2024 02:12:23 GMT

GET
H3 200 /
cyble.com/ 7 KB
2 KB 134ms
131ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/?custom-css=25963555b5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2cf5770a4c5c26b38a1fcc2a5a0fdb25169f811f5e1cefe141590e77bf034bd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

cf-edge-cache: no-cache
x-nananana: Batcache-Hit
date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-hacker: Want root? Visit join.a8c.com and mention this header.
content-encoding: br
server: nginx
x-ac: 2.hhn _atomic_ams MISS
vary: Accept-Encoding, accept, content-type, cookie
content-type: text/css;charset=utf-8
cache-control: no-cache
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400
expires: Sat, 26 Apr 2025 02:12:21 GMT

GET
H3 200 visioncyble.png
cyble.com/wp-content/uploads/2023/08/ 6 KB
7 KB 33ms
31ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/visioncyble.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b674ae72e31570fbfba5dd723788233676575b3d5ae6ca6f08846f1af6cd951c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Thu, 31 Aug 2023 04:03:56 GMT
server: nginx
etag: "64f0112c-19b2"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 6578
expires: Thu, 02 May 2024 16:47:25 GMT

GET
H3 200 hawk.png
cyble.com/wp-content/uploads/2024/01/ 4 KB
5 KB 34ms
31ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/01/hawk.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d3e5d32e12dd4b8462cc89b6ea7b148b63a9f7a80b5879257df116c030c9c10c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 22 Jan 2024 14:16:05 GMT
server: nginx
etag: "65ae78a5-11a0"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 4512
expires: Thu, 02 May 2024 16:47:25 GMT

GET
H3 200 Ami-Breached.png
cyble.com/wp-content/uploads/2023/08/ 5 KB
5 KB 8ms
7ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/Ami-Breached.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

39badaa7254daebaccbfc900a8ab3e619aaa048a7306b182ecf19655fdaf3976

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 04 Sep 2023 07:06:50 GMT
server: nginx
etag: "64f5820a-1282"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 4738
expires: Thu, 02 May 2024 16:47:25 GMT

GET
H3 200 cybleodin.png
cyble.com/wp-content/uploads/2023/08/ 7 KB
7 KB 8ms
8ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/cybleodin.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

02691c38db1b70e6897e594025a6080e91d8ff8e6af11d3c76d922af318cdc69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 04 Sep 2023 07:06:50 GMT
server: nginx
etag: "64f5820a-1a66"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 6758
expires: Thu, 02 May 2024 16:47:25 GMT

GET
H3 200 cyberexpress.png
cyble.com/wp-content/uploads/2024/01/ 13 KB
14 KB 7ms
7ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/01/cyberexpress.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a4f072af9676801501625f6a62f9aad94c502c63a6e26f87d950b74ae23609c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 22 Jan 2024 14:15:51 GMT
server: nginx
etag: "65ae7897-3555"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 13653
expires: Thu, 02 May 2024 16:47:25 GMT

GET
H3 200 products-img.webp
cyble.com/wp-content/uploads/2024/02/ 52 KB
53 KB 41ms
38ms Image
image/webp 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/02/products-img.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

45796372411ce0e3dde0f72d9fe5269d0efc7b7033491543a297bb2623e6eee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Fri, 09 Feb 2024 07:48:29 GMT
server: nginx
etag: "65c5d8cd-d0e6"
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 53478
expires: Thu, 02 May 2024 16:47:25 GMT

GET
H3 200 research-report.webp
cyble.com/wp-content/uploads/2024/02/ 22 KB
22 KB 42ms
39ms Image
image/webp 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/02/research-report.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

af359a9b4fe881027d634b8657d489acb4253801c908c389390a1c0e9c077a0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Fri, 09 Feb 2024 07:49:38 GMT
server: nginx
etag: "65c5d912-5766"
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 22374
expires: Thu, 02 May 2024 16:47:25 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 29ms
18ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 105493
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AnKeXT7HQKlmU0bGgb4UCJuJC8hVBeLA0xCyAZP62kJqi9CNFGXNKPPgs0JD9WuFkkhw0zUcP%2BsZDjgkjdU9BDivC5gmqU4UA6sFssgGK%2FQ59bIaPwjMXAseO7MptcUDF5KTdHcf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 87a30c2e1b4da031-FRA
expires: Wed, 16 Apr 2025 02:12:23 GMT

GET
H2

200

gsap.min.js Show response
unpkg.com/gsap@3.12.5/dist/
Redirect Chain

https://unpkg.co/gsap@3/dist/gsap.min.js
https://unpkg.com/gsap@3/dist/gsap.min.js
https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

71 KB
29 KB

20ms
20ms

Script
application/javascript

2606:4700::6811:f8cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Server

2606:4700::6811:f8cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28033e449a31ebcc396e5be8b13b63152bf03094288fb5867034321927bce087

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3749367
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HRWB43A6TE8BD4Z9H4EWPJTV-fra
server: cloudflare
etag: W/"11a16-LSb0wGBJGsmA0JymhziNNhAlbrc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 87a30c2ea9f6905b-FRA

Redirect headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01HWC2HJQ15BBVWF63KPQRB65B-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 266
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /gsap@3.12.5/dist/gsap.min.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 87a30c2e79e4905b-FRA

GET
H2

200

Draggable.min.js Show response
unpkg.com/gsap@3.12.5/dist/
Redirect Chain

https://unpkg.com/gsap@3/dist/Draggable.min.js
https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

35 KB
14 KB

22ms
22ms

Script
application/javascript

2606:4700::6811:f8cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Server

2606:4700::6811:f8cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7851a6e073db7e856a91241c222624ca463042b17666cff2772b5e4ac64436a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3744633
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HRWFMFJCS1K59HAGRS4HR8RQ-fra
server: cloudflare
etag: W/"8a94-HTZjIxm5OZUF37t9NM8RcD3q8Uo"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 87a30c2ea9f8905b-FRA

Redirect headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01HWC2NZB33QN4EJ2TG44Y5NGZ-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 122
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /gsap@3.12.5/dist/Draggable.min.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 87a30c2e79e2905b-FRA

GET
H3 200 widget-icon-list.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 10 KB
1 KB 11ms
7ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

60bb20ed63b85f4b58c6a36f966974b3329c198e320d4abeb99e6f25c9dda949

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 15:38:39 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a78ff-26c9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 02 May 2024 16:59:39 GMT

GET
H3 200 widget-theme-elements.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 10 KB
2 KB 12ms
7ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-theme-elements.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7e90328c9fb59a9181595701de65c08228ae72000742077bccda67ec8fb8a04e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 16:47:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d5a15-2708"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 02 May 2024 16:59:39 GMT

GET
H2

200

widget.js Show response
www.gartner.com/peer-insights/vendor-portal/public/Widget/js/
Redirect Chain

https://www.gartner.com/reviews/technology-providers/public/Widget/js/widget.js
https://www.gartner.com/peer-insights/vendor-portal/public/Widget/js/widget.js

13 KB
4 KB

35ms
35ms

Script
application/javascript

2606:4700:4400::ac40:9923
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/peer-insights/vendor-portal/public/Widget/js/widget.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: H2
Server: 2606:4700:4400::ac40:9923 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6dc90b0b36f3fca84ded0289b324c55a19a663b2b742b9b244508aae6526c51d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
cf-cache-status: HIT
age: 89464
cf-polished: origSize=19335
x-powered-by: Express
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 16 Apr 2024 10:59:11 GMT
server: cloudflare
etag: W/"4b87-18ee68f8c18"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
cf-ray: 87a30c2eda8618b3-FRA

Redirect headers

date: Fri, 26 Apr 2024 02:12:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/html
location: https://www.gartner.com/peer-insights/vendor-portal/public/Widget/js/widget.js
cache-control: max-age=3600
cf-ray: 87a30c2e9a6818b3-FRA
alt-svc: h3=":443"; ma=86400
content-length: 167
expires: Fri, 26 Apr 2024 03:12:23 GMT

GET
H2 200 Figure-1-DragonForce-Leak-Site.png
i0.wp.com/cyble.com/wp-content/uploads/2024/04/ 17 KB
17 KB 46ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/04/Figure-1-DragonForce-Leak-Site.png?w=936&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

dd17676c5608b2e5ab3bdcf1e1c13d5df0e3417932f0b61dc785b20e77e63877

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 17410
x-nc: HIT hhn 4
last-modified: Wed, 24 Apr 2024 11:32:17 GMT
server: nginx
etag: "fbb1af54000e46db"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/04/Figure-1-DragonForce-Leak-Site.png>; rel="canonical"
expires: Fri, 24 Apr 2026 23:32:17 GMT

GET
H3 200 widget-share-buttons.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 32 KB
3 KB 13ms
8ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-share-buttons.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

84ed7bd8190bb3ce70e1c64c5d75200541c90c39d832b995ce558c929ffb1cd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 16:47:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d5a15-7f52"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 02 May 2024 16:59:39 GMT

GET
H3 200 widget-posts.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 14 KB
3 KB 15ms
10ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-posts.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

68e99da8a2eb91fcac4ac231535375cb019d7b37b1463819e990176bc70ba0e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 16:47:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d5a15-3804"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 02 May 2024 16:59:39 GMT

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 6 KB
3 KB 47ms
5ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202417
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 2
date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
last-modified: Wed, 15 Nov 2023 17:05:23 GMT
server: nginx
etag: W/"6554fa53-161b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 22 Apr 2025 00:00:00 GMT

GET
H2 200 cropped-Cyble-Threat-Intelligence.png
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 4 KB
5 KB 10ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png?fit=300%2C100&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

7c62e2dd759bf92e6098e34877ea502a6c161ec325bb677703aba53ec6886d53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 4562
x-nc: HIT hhn 2
last-modified: Wed, 10 Apr 2024 09:49:55 GMT
server: nginx
etag: "0c94240fa7c116b0"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png>; rel="canonical"
expires: Fri, 10 Apr 2026 21:49:55 GMT

GET
H3 200 v2.js Show response
js.hsforms.net/forms/embed/ 482 KB
154 KB 56ms
31ms Script
application/javascript 104.18.141.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 66
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=87a30a943c491c13-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b0047a8901d8ed9f81db3dcb5982114e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5064/bundles/project-v2.js
date: Fri, 26 Apr 2024 02:12:23 GMT
x-amz-version-id: 4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
via: 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 654dd26a-726d-40ca-aac1-be6ad1bea946
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 654dd26a-726d-40ca-aac1-be6ad1bea946
last-modified: Wed, 03 Apr 2024 11:15:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ay7zpAOudhOHs2IPdDJC8qtaS2wTpxZCJi6I6Qfn4zj40SKyStoS5Zj8yzQDFUi8gU9GmobihmEWvYqtKDguaeEh11IC1JQYZw5LnZcLKyeqCRfWifX1xMCrIQkKC6KQ"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-bsp24
cf-ray: 87a30c2e5d3d9f15-FRA
x-amz-cf-id: DqUZ1lYn9xjKRGrLhuyneFCq2IU45LeoaRm4-slL1WlAfhF42oDLpQ==

GET
H3 200 view.css
cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/ 8 KB
1 KB 17ms
12ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/view.css?minify=false&ver=13.4-a.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9b27c9ba5afb802649f3eeedf58bbb587f715d671022b91d0dec8803c3f1aa9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 25 Mar 2024 18:39:50 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6601c4f6-201b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 magamenu-frontend.min.css
cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/ 0
298 B 17ms
13ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/magamenu-frontend.min.css?ver=4.6.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Tue, 13 Feb 2024 18:42:43 GMT
server: nginx
etag: "65cbb823-0"
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 rs6.css
cyble.com/wp-content/plugins/revslider/public/assets/css/ 50 KB
11 KB 18ms
13ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.20

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

20c05c0b39dc686a50593b9340e47730320ce2a96fac26f83a4c9870b7eda748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 08 Feb 2024 07:52:09 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65c48829-c9a7"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/themes/astra/assets/js/minified/ 21 KB
5 KB 18ms
14ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.6.12

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

70476ba53527fab2913c6b57d5666afbbd2e904069b3abffc896302c11d4f020

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 18 Apr 2024 11:22:58 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66210292-554c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 image-cdn.js Show response
cyble.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/ 701 B
678 B 19ms
15ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 08 May 2023 16:57:46 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"64592a0a-2bd"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 2 KB
1 KB 162ms
118ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.6

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d925a7efdf9bcf78f0781af68f6f50617b9bb44e51023a63597b8e98ee207dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f622e0db-fa23-403c-a893-1b77ad962078
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f622e0db-fa23-403c-a893-1b77ad962078
last-modified: Fri, 26 Apr 2024 02:02:13 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-z2d7d
access-control-allow-credentials: true
cache-control: public, max-age=90
cf-ray: 87a30c2e7da26977-FRA
expires: Fri, 26 Apr 2024 02:13:53 GMT

GET
H3 200 rbtools.min.js Show response
cyble.com/wp-content/plugins/revslider/public/assets/js/ 161 KB
62 KB 42ms
40ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.20

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 12 Jan 2024 03:57:42 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65a0b8b6-285db"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 rs6.min.js Show response
cyble.com/wp-content/plugins/revslider/public/assets/js/ 401 KB
106 KB 48ms
47ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.20

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c5f3b2f654d2d8210a481c0164f0a53430cd09b77c34374fe23c9a03f5ad00fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 12 Jan 2024 03:57:42 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65a0b8b6-642f9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 script.min.js Show response
cyble.com/wp-content/plugins/wp-job-openings/assets/js/ 48 KB
16 KB 20ms
16ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/wp-job-openings/assets/js/script.min.js?ver=3.4.6

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f5c4ba1964e745443a0c654fc82f22e7e540e84da7c72d20ea85451cc79a035a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 02 Apr 2024 17:55:07 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"660c467b-be7c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 wp-polyfill-inert.min.js Show response
cyble.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 20ms
16ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"63c7d511-1feb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 regenerator-runtime.min.js Show response
cyble.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 21ms
17ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 19 Sep 2023 19:30:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6509f6d0-19e1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 wp-polyfill.min.js Show response
cyble.com/wp-includes/js/dist/vendor/ 38 KB
14 KB 22ms
18ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

17b79ece7ef9d1454a90156690d33d64387b67a7a7548fc826012512e287a937

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 31 Jan 2024 12:59:56 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65ba444c-96be"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/dom-ready/ 460 B
774 B 23ms
20ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/dom-ready/index.min.js?ver=222ad38e3e5e302c8bbf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Wed, 31 Jan 2024 23:08:20 GMT
server: nginx
etag: "65bad2e4-1cc"
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 460
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 main.js Show response
cyble.com/wp-content/plugins/astra-pro-sites/inc/lib/onboarding/assets/dist/template-preview/ 6 KB
3 KB 24ms
20ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-pro-sites/inc/lib/onboarding/assets/dist/template-preview/main.js?ver=06758d4d807d9d22c6ea

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 20 Mar 2024 13:39:19 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65fae707-19b5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 subscription-modal.js Show response
cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/ 3 KB
1 KB 25ms
21ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/subscription-modal.js?ver=13.4-a.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

30e8dec743d4c3da4cb39797b8bd5da2ba3d68925d5fc9762a62931238e7f6c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 22 Jan 2024 19:02:16 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65aebbb8-de3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 astra-addon-65e948c9d4d3f0-47282823.js Show response
cyble.com/wp-content/uploads/astra-addon/ 37 KB
8 KB 25ms
22ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-65e948c9d4d3f0-47282823.js?ver=4.6.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0ad79ac33c7c41387626a97dedea41c966bb10f37988f79300885ded4e73d8f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 07 Mar 2024 04:55:37 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65e948c9-93ee"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202417.js Show response
stats.wp.com/ 7 KB
3 KB 48ms
5ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202417.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/14377-1704402356565.5398
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Sat, 19 Apr 2025 13:52:42 GMT

GET
H3 200 jetpack-carousel.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/ 23 KB
8 KB 26ms
22ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=13.4-a.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

94f83a6214b9eb056136d8c2de50f1bef8141e7da5aa0c744b5dc80dba388545

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 26 Feb 2024 18:23:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65dcd712-5d89"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 helper.min.js Show response
cyble.com/wp-content/plugins/optinmonster/assets/dist/js/ 2 KB
1 KB 27ms
23ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/optinmonster/assets/dist/js/helper.min.js?ver=2.16.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d235f6969214613f53a2ab9edb8ffa35adb1136626a42803ba9515e9f95b460f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 23 Apr 2024 18:36:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6627ffa1-81d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 imagesloaded.min.js Show response
cyble.com/wp-includes/js/ 5 KB
2 KB 27ms
24ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/imagesloaded.min.js?ver=5.0.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 11 Aug 2023 18:18:26 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"64d67b72-1590"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 uael-nav-menu.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/ 20 KB
4 KB 28ms
25ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/uael-nav-menu.min.js?ver=1.36.30

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a72fb86e087a914701c121d199dbd32977ba67eb19b327c040f02010736eb012

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 12 Mar 2024 07:11:38 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65f0002a-51a4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery_resize.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/ 3 KB
2 KB 29ms
26ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/jquery_resize.min.js?ver=1.36.30

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

54c8ea0d64c3d52573359befbd4e5fab7ff3d18abedf40759fba7d500832177a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 12 Mar 2024 07:11:38 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65f0002a-d5e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 js_cookie.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/ 2 KB
1 KB 30ms
27ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/js_cookie.min.js?ver=1.36.30

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

945f333ee61c0da7432df2210a10e3670b38ac2949abe8599a969c00c5db8965

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 12 Mar 2024 07:11:38 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65f0002a-7a4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 view.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/ 4 KB
2 KB 30ms
27ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/view.js?minify=false&ver=13.4-a.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

59f626902cee1ec6add9c9ac20ae2be6f2e39f4f821a550b73bba584b9d87e03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 25 Mar 2024 18:39:50 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6601c4f6-1013"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 webpack-pro.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 6 KB
3 KB 32ms
29ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.21.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

969e71d2c58889efb61cd106846e486fd055c9e94c3ad19ca545fce0ea709e1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 16:47:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d5a15-16c1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 webpack.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 33ms
30ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.21.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

32b738242f47cce8116f535e6228a564477c47052825795a4d0b4d909df02703

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 15:38:39 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a78ff-1385"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend-modules.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 62 KB
18 KB 34ms
31ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.21.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

150ed93393b7e7892c55d7e93bbe1adf54f9eec80dd5a83846d7fcdfbec9152d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 15:38:39 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a78ff-f721"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/hooks/ 4 KB
2 KB 34ms
31ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/hooks/index.min.js?ver=3aee234ea7807d8d70bc

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 31 Jan 2024 23:08:20 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65bad2e4-10a6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/i18n/ 9 KB
4 KB 35ms
32ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=5baa98e4345eccc97e24

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 31 Jan 2024 23:08:20 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65bad2e4-227d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
7 KB 36ms
33ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.21.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f9a9329601265904d54c430182763d17b07563554581039a81ccd75dc74562a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 16:47:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d5a15-61ea"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 waypoints.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 37ms
35ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 15:38:39 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a78ff-2fa6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 core.min.js Show response
cyble.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 38ms
35ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 02 Feb 2023 16:36:32 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"63dbe690-53be"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 39 KB
13 KB 39ms
36ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.21.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f2d67341a2b727d268ef828a31c6b25fd69cb3aec3de28b689bafc38d4ef8e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 15:38:39 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a78ff-9c24"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 elements-handlers.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 37 KB
10 KB 39ms
37ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.21.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2a10ab2828a2618f138f34578efa80307b551fa2c318bbd3085622518fe89588

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 16:47:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d5a15-958a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/ 102 KB
31 KB 65ms
7ms Script
text/javascript 2600:9000:2644:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3ee3fb5c6959a4450a19fd4096a9e65e8c62c0c6af12870f634007b81a122282

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: 2Awqs6663NBPz7b3pcmHG1RQqhbno8kj
Content-Encoding: gzip
Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
Date: Fri, 26 Apr 2024 01:59:18 GMT
Age: 786
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 25 Apr 2024 11:49:33 GMT
Server: AmazonS3
Etag: W/"468569bd6300066082d4c7b5ba67159f"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: VUOfnHTZJgFKVFmm_loOGONlzd9ORfm2Xds7DOxb59Izb9tvU4DWqw==

GET
H2 200 JPtKKXLsjJbtelUWnenRbIbVJOerqPTK Show response
nitroscripts.com/ 48 KB
16 KB 70ms
24ms Script
text/javascript 2606:4700:4400::ac40:9af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nitroscripts.com/JPtKKXLsjJbtelUWnenRbIbVJOerqPTK

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9af8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c90187bbb11bdeb9386f564773f3d14394c8973e87b2e6eeaad67a010a0bb25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-request-timestamp: 1714097543
date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 26 Apr 2024 01:57:49 GMT
server: cloudflare
age: 874
vary: Accept-Encoding
content-type: text/javascript
access-control-expose-headers: X-Request-Timestamp
cache-control: max-age=600, stale-while-revalidate=31536000
cf-ray: 87a30c2e8a033837-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 262 KB
92 KB 37ms
31ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3ee4c31c858e8320169f5fdd181dce35fa4d45f08b168cf0eba9ae1cad2a7c54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94509
x-xss-protection: 0
last-modified: Fri, 26 Apr 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 26 Apr 2024 02:12:23 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
8 KB 34ms
7ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.6.12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
server: nginx
age: 94403
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7884
x-xss-protection: 0

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
8 KB 39ms
12ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.6.12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:01:14 GMT
server: nginx
age: 94401
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7748
x-xss-protection: 0

GET
H3 200 astra.woff
cyble.com/wp-content/themes/astra/assets/fonts/ 3 KB
4 KB 7ms
7ms Font
application/font-woff 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/fonts/astra.woff

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Thu, 18 Apr 2024 11:22:58 GMT
server: nginx
etag: "66210292-ce8"
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 3304
expires: Thu, 02 May 2024 16:47:29 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
8 KB 39ms
12ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.6.12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:00:32 GMT
server: nginx
age: 93802
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7816
x-xss-protection: 0

GET
H3 200 cropped-Cyble-Threat-Intelligence.png
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 2 KB
2 KB 8ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png?resize=150%2C50&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

9d02f1a51000b5df3329a443ce51f1e8e5052e4d9acf2dde92af8907c0f32860

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 2048
x-nc: HIT hhn 2
last-modified: Mon, 22 Jan 2024 14:31:14 GMT
server: nginx
etag: "c125b91f66c82522"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png>; rel="canonical"
expires: Thu, 22 Jan 2026 02:31:14 GMT

GET
BLOB 200
OK 0e915ce6-f13f-41b1-87c6-24af468875dc
https://cyble.com/ 256 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://cyble.com/0e915ce6-f13f-41b1-87c6-24af468875dc
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4dcabb967a6a348a2508cb74415e86cabe70f4c921e9d36581047e0e89f20555

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 256
Content-Type: application/javascript

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 213 KB
79 KB 26ms
26ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f4f30b0e88091bd1d0b328833de451c6e08ccacf1be5989060cb1f6abfe07bbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80349
x-xss-protection: 0
last-modified: Fri, 26 Apr 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 26 Apr 2024 02:12:23 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 48 KB
17 KB 137ms
34ms Script
application/javascript 2a02:26f0:780::210:a45b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a45b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6cc4c722a50b4152194b13e7e3c8a1a5a5f23b17988f8fa85404394efc5c0984

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Apr 2024 07:42:51 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=46272
accept-ranges: bytes
content-length: 17238

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 26 Apr 2024 01:48:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1455
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 26 Apr 2024 03:48:08 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 218 KB
59 KB 24ms
8ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 26 Apr 2024 02:12:23 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57850
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=12, mss=1294, tbw=2772, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: KrljJW+U79xLbxAGS6nujKLDjngUJFocN36cJTD3vg+IuhEo17PySl+LnKJ9JcDqVycf7EPisjAVMwD1VAJ/Fw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 2 KB
783 B 118ms
118ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d925a7efdf9bcf78f0781af68f6f50617b9bb44e51023a63597b8e98ee207dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 45f13e50-bb7f-4048-b65e-73d8b66a6359
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 45f13e50-bb7f-4048-b65e-73d8b66a6359
last-modified: Fri, 26 Apr 2024 01:57:50 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-zhwhl
access-control-allow-credentials: true
cache-control: public, max-age=90
cf-ray: 87a30c2efdce6977-FRA
expires: Fri, 26 Apr 2024 02:13:53 GMT

GET
H2 200 hf2o0cm7gp Show response
www.clarity.ms/tag/ 667 B
1 KB 223ms
190ms Script
application/x-javascript 2620:1ec:bdf::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ffd8101fbe8da0eee9648c1c377de837bb8f8315b3cf593197b1daff4538d2fe

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: -1
date: Fri, 26 Apr 2024 02:12:23 GMT
x-azure-ref: 20240426T021223Z-15ff45446446qcvnpf7z08rugg00000009xg000000000038
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 667
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

POST
H2 204 collect
region1.google-analytics.com/g/ 0
250 B 37ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45Pe44o0v9106873920za200&_p=1714097543385&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tcfd=10001&gdid=dZTNiMT&cid=270429164.1714097544&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.78%7CGoogle%2520Chrome%3B124.0.6367.78%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1714097543&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&dt=LOCKBIT%20Black%27s%20Legacy%3A%20Unraveling%20The%20DragonForce%20Ransomware%20Connection%20-%20Cyble&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=612
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 26 Apr 2024 02:12:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
8 KB 7ms
7ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.5.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:02:55 GMT
server: nginx
age: 338136
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7840
x-xss-protection: 0

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
8 KB 7ms
7ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:00:59 GMT
server: nginx
age: 1778
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 8000
x-xss-protection: 0

GET
H3 200 LOCKBIT-Blacks-Legacy.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/04/ 233 KB
233 KB 7ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/04/LOCKBIT-Blacks-Legacy.webp?w=1200&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

412fed0df31808e5a31170bf86a92a60e4482af38eb253a35f8b16576eae732a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 238540
x-nc: HIT hhn 4
last-modified: Wed, 24 Apr 2024 11:43:25 GMT
server: nginx
etag: "1f17b315e4f2ea68"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/04/LOCKBIT-Blacks-Legacy.webp>; rel="canonical"
expires: Fri, 24 Apr 2026 23:43:25 GMT

GET
H3 200 purify.min.js Show response
cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/ 21 KB
8 KB 16ms
16ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/purify.min.js

Requested by

Host: www.gartner.com
URL: https://www.gartner.com/reviews/technology-providers/public/Widget/js/widget.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1834356
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7628
last-modified: Fri, 06 Jan 2023 14:33:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63b83136-1dcc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FH2A%2Btar7uanR7MCs0HhgOGqERJdRGB5z3ygjJhoZgfd3%2BbAzqqjgnTFPUvgWu9SgtZii6jtRdxrkvctvCgHC14mn76XTkI5xTbJU8%2FfT9bbM5JlNWi%2BjkNZefHJFw%2FAD7rjxhqm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 87a30c2f4bf2a031-FRA
expires: Wed, 16 Apr 2025 02:12:23 GMT

GET
H3 200 widget.css
www.gartner.com/peer-insights/vendor-portal/public/Widget/css/ 155 KB
111 KB 36ms
35ms Stylesheet
text/css 172.64.153.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/peer-insights/vendor-portal/public/Widget/css/widget.css
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/technology-providers/public/Widget/js/widget.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.35 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 2d7c46ebb2b355059209e45367e00513f668aef1ddac8cd23a8107f67618c239

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
cf-cache-status: HIT
age: 89030
cf-polished: origSize=168770
x-powered-by: Express
x-envoy-upstream-service-time: 5
server-timing: dtSInfo;desc="0", dtRpid;desc="297616541"
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 16 Apr 2024 11:08:09 GMT
server: cloudflare
etag: W/"29342-18ee697c1a8"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
cf-ray: 87a30c2f4d0b383b-FRA

GET
H2 200 data
www.gartner.com/peer-insights/vendor-portal/public/Widget/ Frame 8E80 0
0 56ms
35ms Document
text/html 2606:4700:4400::ac40:9923
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/peer-insights/vendor-portal/public/Widget/data?widget_id=OGI4MjFjNTctM2JmYS00ZmE3LWE1NjgtOTY0NmZlNGEyNjI4&size=large
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/technology-providers/public/Widget/js/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9923 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 86697
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
cf-ray: 87a30c2f7bae371d-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 26 Apr 2024 02:12:23 GMT
server: cloudflare
server-timing: dtSInfo;desc="0", dtRpid;desc="-1026088060"
vary: Accept-Encoding
x-envoy-upstream-service-time: 32
x-oneagent-js-injection: true
x-powered-by: Express
x-ruxit-js-agent: true

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 51 KB
18 KB 48ms
8ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 99142e3048ff980fa6ac618f8f99305efdf4bd1afa17aa842ae535a59716936d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-679
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Mon, 15 Apr 2024 18:01:26 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"661d6b76-cc60"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: b909616b111ab954b813f705fe7a2749
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

POST
H3 200 /
cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ 15 B
313 B 708ms
708ms Ping
text/html 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

88aaa00ed63445a1d87d9d2c4473d0b8ed19a8365c8fdfa5b4ce13580229fcc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary2xCkCbQGoQIPyKtN

Response headers

cf-edge-cache: no-cache
x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Fri, 26 Apr 2024 02:12:24 GMT
strict-transport-security: max-age=31536000
content-encoding: br
x-ac: 2.hhn _atomic_ams BYPASS
server: nginx
vary: Accept-Encoding
x-nitro-beacon: FORWARD
content-type: text/html; charset=utf-8
cache-control: no-cache
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400

GET
H3 200 pxiDyp8kv8JHgFVrJJLm21lVF9eO.woff2
fonts.wp.com/s/poppins/v21/ 9 KB
9 KB 6ms
6ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm21lVF9eO.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f0ae296f5c19db047491f1311d621ff18960b34cfa9cb07b69932a02ec298366

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:02:56 GMT
server: nginx
age: 337818
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 8712
x-xss-protection: 0

GET
H3 200 pxiGyp8kv8JHgFVrJJLucHtA.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
9 KB 7ms
7ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiGyp8kv8JHgFVrJJLucHtA.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:00:54 GMT
server: nginx
age: 159798
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 8668
x-xss-protection: 0

GET
H3 200 odin-sidebar.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 13 KB
13 KB 7ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/odin-sidebar.webp?w=300&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

ce6ca33022b621548150a78dd47d229a8f24524fc8334abc6bd57cd76d21cd2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 12922
x-nc: HIT hhn 4
last-modified: Mon, 19 Feb 2024 06:41:01 GMT
server: nginx
etag: "d59d864bb1573c67"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/01/odin-sidebar.webp>; rel="canonical"
expires: Wed, 18 Feb 2026 18:41:01 GMT

GET
H3 200 Figure-2-Post-on-Cybercrime-Forum.png
i0.wp.com/cyble.com/wp-content/uploads/2024/04/ 44 KB
44 KB 7ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/04/Figure-2-Post-on-Cybercrime-Forum.png?w=936&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

9dc8f7cd5cadd85e7e9d4613948f8ff193b71f0edb131059befca5e447511a1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 44636
x-nc: HIT hhn 3
last-modified: Wed, 24 Apr 2024 11:43:29 GMT
server: nginx
etag: "f669443467f8acee"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/04/Figure-2-Post-on-Cybercrime-Forum.png>; rel="canonical"
expires: Fri, 24 Apr 2026 23:43:29 GMT

GET
H2 200 ELNAF2EZDFHJRAP3ODLCUU Show response
d.adroll.com/consent/check/ 482 B
575 B 212ms
31ms Script
application/javascript 2a05:d018:cc3:fe05:8cc9:e724:6e37:8294
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?pv=77137189232.25912&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&_s=e47da2d8fc489237260635c212b4a714&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe05:8cc9:e724:6e37:8294 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: f3ad47c17d7a3be46f8e0f8a43887410419069238488ed969e72bccb9db86a6b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
server: nginx/1.22.1
content-length: 482
content-type: application/javascript

GET
H2 200 1126903675356441 Show response
connect.facebook.net/signals/config/ 56 KB
12 KB 70ms
69ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1126903675356441?v=2.9.154&r=stable&domain=cyble.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b06701d9327ed824686a01d7413ab99c56af1b21c5c5b103b800f0cf88fc2ebb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 26 Apr 2024 02:12:23 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=12, rtx=0, c=64, mss=1294, tbw=63201, tp=-1, tpl=-1, uplat=62, ullat=0
pragma: public
x-fb-debug: zxgKyOcpE8WAoc0k7E6z/74Wh1YFpPtrCMzRN1jIfD8npkuZI5J4/2Fg+qdMGc0yCQNo/EUF59LI/v3QnJTlRg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 15ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-361856552&gtm=45je44o0z8868834701za200&_p=1714097543385&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tcfd=10001&cid=270429164.1714097544&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.78%7CGoogle%2520Chrome%3B124.0.6367.78%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1714097543&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&dt=LOCKBIT%20Black%27s%20Legacy%3A%20Unraveling%20The%20DragonForce%20Ransomware%20Connection%20-%20Cyble&en=page_view&_fv=1&_ss=1&tfd=717
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 26 Apr 2024 02:12:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/21289959/ 71 KB
23 KB 344ms
323ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/21289959/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd850c79f7a892108802a5759d61f4f7c85a42f3b31adc38e0383427990eccbd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-amz-version-id: TbHCrPqSJMrMGSHImT8qlkESGBxuEK5p
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 2QYYJC0JT5GYWQBY
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: e54671e3-0c72-49b8-9e9c-7bd4d5ff2087
x-envoy-upstream-service-time: 24
x-amz-id-2: QtkLzXzgsdHy0ZemM1PPm8Im+oIpOcPHdOI+mZr8OtB3ZUYEBEd9uPIJ75NnV/J3GmcggHGgk6cvPq//tHDgZzsjlfvPMl+H
x-evy-trace-listener: listener_https
x-request-id: e54671e3-0c72-49b8-9e9c-7bd4d5ff2087
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 17 Apr 2024 06:11:04 GMT
server: cloudflare
etag: W/"c57571820b047732b06e0953e51ec876"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-vhl7w
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 87a30c300db8bb49-FRA
expires: Fri, 26 Apr 2024 02:17:23 GMT

GET
H2 200 21289959.js Show response
js.hs-analytics.net/analytics/1714097400000/ 67 KB
21 KB 183ms
154ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1714097400000/21289959.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6c883009de590c4192b9fbc2e3fe016a79d5fce92c47ca0743ca31d8ffb8cb0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: S3ZC4SKHD0QH0XPQ
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 5b127892-9cb5-4f72-ba9f-1681c79f45f9
x-envoy-upstream-service-time: 36
x-amz-id-2: M3WlVEonP18IsHzL7MRkBxU50tQMdQySiSwizJ8c6YDDRK5h8kbCeOAqJNPePalToGHlT4u10eZfDMPy5FzD4w==
x-evy-trace-listener: listener_https
x-request-id: 5b127892-9cb5-4f72-ba9f-1681c79f45f9
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 24 Apr 2024 18:44:26 GMT
server: cloudflare
etag: W/"e8c9acadab61bce317263ab298ec8e1f"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-pvzd8
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 87a30c3018e2367f-FRA
expires: Fri, 26 Apr 2024 02:17:23 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
88 KB 45ms
15ms Script
application/javascript 2606:4700::6812:8d11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8d11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efb5dc6835aeb8a8e1615ca49df1828cfaf708dc73651c5f1c651f2d2ab3907a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 16769
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1338/bundle/main/lead-flows-release.js&cfRay=87a172ca28ba71bb-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d252299cef5b9176cf0435e72e0baeeb"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1338/bundle/main/lead-flows-release.js
date: Fri, 26 Apr 2024 02:12:23 GMT
x-amz-version-id: FzXUOelq5PzvbDhLOc3Au0ThiCBuXHAc
via: 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: f6fb8585-7e3c-425b-ba5f-48cda37affa2
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-request-id: f6fb8585-7e3c-425b-ba5f-48cda37affa2
last-modified: Wed, 03 Apr 2024 09:27:53 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-bsp24
cf-ray: 87a30c301b503825-FRA
x-amz-cf-id: CjSI0xd6oCeAkPNWFZiFYjKU_22ONFkBuMDeR93Z_X9FuWSCdUBxFQ==

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 82 KB
25 KB 139ms
120ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71044f74ee2d65b306015b22a5a9ff5bdb21d05da01578db752ee6e9db3de66d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1079/bundles/project.js&cfRay=87a30c3008c44dcc-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"010909310c880a9769e72799fe3c85e8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.1079/bundles/project.js
date: Fri, 26 Apr 2024 02:12:23 GMT
x-amz-version-id: Yrf3rlYmrIDIMljDc1LqyI6902h1cODu
via: 1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 4cfba752-ce21-44a5-a3a1-7b0b637c784b
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4cfba752-ce21-44a5-a3a1-7b0b637c784b
last-modified: Wed, 24 Apr 2024 12:19:55 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FTFFYhzeccK5TBTyUWWJLFBzOy19nRWxHv1pN7Uzb48Iwfc5WisfEdHSADPY%2FhhSwY08%2FVyWxAiIK5ES%2FZkZMJoRBgiBh7Y95UBx3gufs8BjnRUwBgiPYD2%2FzSjL25pZM%2FLWjs8khcGtCOa0"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-z4v48
cf-ray: 87a30c3008c44dcc-FRA
x-amz-cf-id: TaVZ645dK-W-d2odwwUEBWSR9Ro4jGimX4vc5SCU5WBMQYp1M4tQDw==

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 85 KB
25 KB 42ms
14ms Script
application/javascript 2606:4700::6810:4f8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4f8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

156b381819247eb013bfd7ad6cd96fed291f0a1bfb55206c8e644bb42576c5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-amz-version-id: GvgLK8fwBknh5qjmyScH5OBLxCldU5fy
via: 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 593
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.16164/bundles/project.js&cfRay=87a2fdb409284d64-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 821e917d-46a2-4879-9905-b958730dd82b
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 821e917d-46a2-4879-9905-b958730dd82b
last-modified: Thu, 25 Apr 2024 15:01:14 UTC
server: cloudflare
etag: W/"62f54fd24c76f93ed036543b6c349661"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-hdb65
cf-ray: 87a30c301ad29753-FRA
x-amz-cf-id: lwjDXKnW5bvBwPVH-3jBMyQ3wOokQqyuRrg677BelhFgLp3s2rn9cQ==
x-hs-target-asset: conversations-embed/static-1.16164/bundles/project.js

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 18ms
9ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=221651828&post=40648&tz=-4&srv=cyble.com&hp=atomic&ac=2&amp=0&j=1%3A13.4-a.3&host=cyble.com&ref=&fcp=537&rand=0.41669207472078806
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 26 Apr 2024 02:12:23 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 9ms
7ms Stylesheet
text/css 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 0d47dbbac748871e5314dc3f196d618bd32e3f102be480b8dc6fdfe2690d676e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-680
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Mon, 15 Apr 2024 18:02:32 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"661d6bb8-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 7e9ab20c4a8d57d9414f4446ee7d1ee7
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 r0hediyvvmvme9sqc9m4 Show response
api.omappapi.com/v2/embed/239265/ 4 KB
2 KB 199ms
110ms XHR
application/json 2606:4700:3108::ac42:2af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/r0hediyvvmvme9sqc9m4
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6aab9f20f816e7e4c01056f5e79e50f5a289af3e2365f637619b99cb8a3a5a11

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: gzip
via: 1.1 d51f8b07f1cd9f6dbf62bb0b0c961f1c.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-cache-config: 0 0
x-amz-cf-pop: FRA60-P10
x-cache-status: HIT
x-cache: Miss from cloudfront
x-optinmonster-campaign: r0hediyvvmvme9sqc9m4
x-user-agent: standard--
last-modified: Thu, 07 Mar 2024 04:49:58 GMT
server: cloudflare
etag: W/"ca86e880d5624e681de678d2dec4dcce"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
cf-ray: 87a30c30dbf4bb9b-FRA
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: mKIHnCtDiwke3yILNC7LHo4zSFc_Lrm4-a5vPgC1SWfcLaCGBKHw_A==
expires: Fri, 26 Apr 2024 02:11:06 GMT

GET
H2 200 hrmi1wlyf5zkw7jqsfln Show response
api.omappapi.com/v2/embed/239265/ 4 KB
2 KB 197ms
109ms XHR
application/json 2606:4700:3108::ac42:2af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/hrmi1wlyf5zkw7jqsfln
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bd40f9074c4f514b346fc6c17bcdf7ee6ddb80c5b4fd2902ab97be22d07cc52

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: gzip
via: 1.1 9b253b6508bd634345864697c48abb50.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-cache-config: 0 0
x-amz-cf-pop: FRA60-P10
x-cache-status: HIT
x-cache: Miss from cloudfront
x-optinmonster-campaign: hrmi1wlyf5zkw7jqsfln
x-user-agent: standard--
last-modified: Thu, 15 Feb 2024 07:35:11 GMT
server: cloudflare
etag: W/"13e11ac6fbb7b3b92b56c9a8daed16e7"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
cf-ray: 87a30c30dbf3bb9b-FRA
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: 29xFlle8uP0XlX0LudL8pgk7GS0-FoIKxtlL4-Au5Q4ySRP6HSayuA==
expires: Fri, 26 Apr 2024 01:48:52 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1714097543738&li_adsId=033fd80f-2385-4c28-802c-4e7f81526119&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1714097543738&li_adsId=033fd80f-2385-4c28-802c-4e7f81526119&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1714097543738%26li_adsId%3D033fd80f-2385-4c28-802c-4e7f81526119%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1714097543738&li_adsId=033fd80f-2385-4c28-802c-4e7f81526119&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1714097543738&li_adsId=033fd80f-2385-4c28-802c-4e7f81526119&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-th...

0
264 B

237ms
199ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1714097543738&li_adsId=033fd80f-2385-4c28-802c-4e7f81526119&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&cookiesTest=true&liSync=true&e_ipv6=AQLFhkfoAFj5DgAAAY8YLNyu90jEa-hGcuTyLmc0VG4Whp8kScN05Y41YBmH8a_S
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 32007AC95D384542A58E4F49BD45FCDE Ref B: FRAEDGE1117 Ref C: 2024-04-26T02:12:24Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYW9m9BZQ0ageLN4iByTw==

Redirect headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 276CE301164F4021B905D2C2C00B0222 Ref B: FRAEDGE2005 Ref C: 2024-04-26T02:12:24Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1714097543738&li_adsId=033fd80f-2385-4c28-802c-4e7f81526119&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&cookiesTest=true&liSync=true&e_ipv6=AQLFhkfoAFj5DgAAAY8YLNyu90jEa-hGcuTyLmc0VG4Whp8kScN05Y41YBmH8a_S
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYW9m894mRaeETKFIoXSw==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
612 B 258ms
186ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 93C0FECD893740B69C3C08D96DBE91BD Ref B: FRAEDGE2005 Ref C: 2024-04-26T02:12:23Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://cyble.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYW9m828ABk7Dep31LHXQ==

GET
H3 200 wp-emoji-release.min.js Show response
cyble.com/wp-includes/js/ 18 KB
5 KB 7ms
7ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 13 Feb 2024 14:36:07 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65cb7e57-4926"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 / Show response
cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ 4 KB
1 KB 876ms
876ms XHR
application/json 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/?relatedposts=1

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20240116

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bbb0e2992d118275ab55b38516eb49d275c202b20dbe37be1250d276f0e4dfb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
x-requested-with: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

cf-edge-cache: no-cache
x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Fri, 26 Apr 2024 02:12:24 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
x-nananana: Batcache-Set
x-ac: 2.hhn _atomic_ams MISS
x-nitro-disabled: 1
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-nitro-disabled-reason: ajax
server: nginx
vary: Accept-Encoding, accept, content-type, cookie
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache
x-nitro-cache: MISS

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 211ms
210ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.16164&mobile=false&messagesUtk=f0f127aca84f47eca502816a30d258d3&traceId=f0f127aca84f47eca502816a30d258d3

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7746f29691f141ffc7bb6cf7d3531dbce57aab1cf13e2d9a538864ff2b70c48e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
X-HubSpot-Messages-Uri: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 321e1823-4a3c-4a5d-b47c-1518e6e42abe
x-envoy-upstream-service-time: 73
content-length: 1383
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 321e1823-4a3c-4a5d-b47c-1518e6e42abe
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-8l89s
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xpg639KN6KCwRYQQ7dmg7gxytKwCLo9yPX7faEYDGWYgp%2BqoWHjmAET%2BzanDYYC54T3b11Nx33bzFf2%2Br%2B2t9uzIpXkb0mqdh%2B%2BQ10yph%2BWjKlMfwDf82MKwwwXGe%2FShDt1pvdwxTcpGqS0Aqg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 87a30c3179db4dcc-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 51ms
9ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1126903675356441&ev=PageView&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&rl=&if=false&ts=1714097543774&sw=1600&sh=1200&v=2.9.154&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1714097543773.1156064612&ler=empty&cdl=API_unavailable&it=1714097543637&coo=false&tm=1&rqm=GET

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=10, mss=1294, tbw=2784, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 26 Apr 2024 02:12:23 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 85 KB
27 KB 8ms
8ms Script
text/javascript 2600:9000:2644:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4196ef94fe2c7befda378bfaad82f3e662be2b5eb1ba9aeffce466ba6bfd0bd4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: zwiFd6r3GuB2cGe7uW1NAFDjPwo1YxA2
Content-Encoding: gzip
Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
Date: Fri, 26 Apr 2024 01:35:50 GMT
Age: 2195
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 23 Apr 2024 14:35:04 GMT
Server: AmazonS3
Etag: W/"df5969d54f039097b5fc81144fa45a1f"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: _MESHyZ9tpDD4rsUk7gWmDgu-DqDKENfRbYQdmYsfVg-N4ACK4M_bQ==

GET
H2 200 tags.js Show response
tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/ 16 KB
5 KB 199ms
158ms Script
application/javascript 2600:9000:2670:c400:7:d7d6:3c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:c400:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Clearbit /

Resource Hash

9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 e999795aa400a9b7027a66ec4ada5728.cloudfront.net (CloudFront)
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P9
etag: W/"9bd0e6149c66576fdc7ae464697b7327"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
x-amz-cf-id: 4sbj6ojErW8LQT3CXgqxWOg1pT8jnZP2qKrz9Kduv86RYEbQ2j6lMg==

GET
H3 200 dialog.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/dialog/ 11 KB
4 KB 7ms
6ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.21.3

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

749050b9e72078b086ef578e9d5c6e764c89985d149a4ac76861004e0e6945ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 15:38:39 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a78ff-2a19"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.32/ 61 KB
26 KB 14ms
14ms Script
application/javascript 2620:1ec:bdf::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.32/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
last-modified: Tue, 23 Apr 2024 17:59:47 GMT
etag: W/"0x8DC63BF29D39BE6"
vary: Accept-Encoding
x-azure-ref: 20240426T021223Z-15ff45446446qcvnpf7z08rugg00000009xg000000000039
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: bf892d9a-701e-0001-2d28-967107000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H3 200 share-buttons.08f4daf4a4285a8632b8.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 2 KB
1 KB 11ms
9ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.08f4daf4a4285a8632b8.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.21.0

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6ce8f0846ff6257a7cd87e81e49f079fe1239506c4875b2d225942d72355f899

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 16:47:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d5a15-628"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 02 May 2024 16:59:41 GMT

GET
H3 200 load-more.bc9573b5d1f73abd80b9.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 11ms
10ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/load-more.bc9573b5d1f73abd80b9.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.21.0

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0dbfaaaf2f76f27cb1a6c0c99a4f2cc90092e45fec2c6d0cde2b36883423fc62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 16:47:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d5a15-147f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 02 May 2024 16:47:26 GMT

GET
H3 200 posts.caaf3e27e57db8207afc.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
2 KB 11ms
11ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/posts.caaf3e27e57db8207afc.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.21.0

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b59c977cc3f991c49a3f474d2e39758f1525e8f223b0a915dc7e3725a474edaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 Apr 2024 16:47:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"661d5a15-cf5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 02 May 2024 16:59:41 GMT

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 137ms
128ms Preflight
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://cyble.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 87a30c30a91d4dcc-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Fri, 26 Apr 2024 02:12:23 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J5XZ%2FQyTfrnvAnd9cl0ReOwvmCgXh6az353ZZZaIcQV%2FLjy5GIbpt2h0Qj2X3hEj9GQEXIYmEx5qcrEKFWY6t5GYL75xmOYjnrjZua5d2HVPh1%2F8sxB1VW0zMqKc8evGPRLm0M%2Bl5URsbzSWvg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-g8cqc
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 2986eb6a-e17b-4aa8-82f6-e7b5a8dc4525
x-request-id: 2986eb6a-e17b-4aa8-82f6-e7b5a8dc4525

GET
H3 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 1 KB
982 B 9ms
8ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.21.3

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

299f9402f0755e36a6a709a61ac24b1b278d91ac21a8515401e75c2ab7843b92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 15:38:39 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a78ff-550"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 02 May 2024 16:47:26 GMT

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 433 B
1 KB 137ms
137ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21289959&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e8dd19ca-3f94-4d45-b105-8eb2d0d8ca10
content-encoding: br
x-envoy-upstream-service-time: 24
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e8dd19ca-3f94-4d45-b105-8eb2d0d8ca10
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zQLy2VIW5PfLW0tXJy1369bx9e5ke3evK%2Fm3TjyGexT%2FVvBHPJOgW1Ah4ObikWejhTGvzKq9M1t%2FT8v5HKYTTIy%2FcmPoj5%2BH3lxOfY3L8pZDinjlBYP3NTFJAJSxTaw9sIZiopNPCC4PMKQiMP3M9ADgh6tZGyr6%2FJI%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 87a30c30f9484dcc-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-t8zkp

GET
H3 200 share-link.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 7ms
6ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.21.3

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.21.3

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1030dee6b293cd2f1331f5355130a5db48929f961ba7409a4d4ce83c73caefdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 25 Apr 2024 15:38:39 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"662a78ff-ac0"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Android-Banking-Trojan.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/04/ 38 KB
39 KB 6ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/04/Android-Banking-Trojan.webp?fit=1200%2C600&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/wp-includes/js/imagesloaded.min.js?ver=5.0.0

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

b2f265c011510de19d6643efb9953d5d25623f6ffa67330ba3c3f3f81f2d4b80

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 39392
x-nc: HIT hhn 4
last-modified: Thu, 25 Apr 2024 16:26:33 GMT
server: nginx
etag: "9db6e2daa69b8234"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/04/Android-Banking-Trojan.webp>; rel="canonical"
expires: Sun, 26 Apr 2026 04:26:33 GMT

GET
H3 200 LOCKBIT-Blacks-Legacy.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/04/ 233 KB
233 KB 7ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/04/LOCKBIT-Blacks-Legacy.webp?fit=1200%2C600&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/wp-includes/js/imagesloaded.min.js?ver=5.0.0

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

412fed0df31808e5a31170bf86a92a60e4482af38eb253a35f8b16576eae732a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 238540
x-nc: HIT hhn 4
last-modified: Wed, 24 Apr 2024 11:39:36 GMT
server: nginx
etag: "a4c42b53bbf65e8c"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/04/LOCKBIT-Blacks-Legacy.webp>; rel="canonical"
expires: Fri, 24 Apr 2026 23:39:36 GMT

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 413 KB
83 KB 8ms
8ms Script
text/javascript 2600:9000:2644:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3ec093226dbb4c5f2767562378e80a955db377003a72f5ff70cd65040983090f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: E8Xqd_XzP1xGQPgJ2rRArNdUFnSvN3pa
Content-Encoding: gzip
Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
Date: Fri, 26 Apr 2024 02:10:26 GMT
Age: 123
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 08 Feb 2024 21:46:10 GMT
Server: AmazonS3
Etag: W/"e1dc09168683fa834f599c01bb66de29"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 3tD8dJCc7ufgeMUjzW1lrJWenx10ryTStNqsYSGUQB2totPivwaTgw==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
205 B 16ms
16ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1717977145&t=pageview&_s=1&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&ul=de-de&de=UTF-8&dt=LOCKBIT%20Black%27s%20Legacy%3A%20Unraveling%20The%20DragonForce%20Ransomware%20Connection%20-%20Cyble&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAAABEAAAAC~&jid=244589759&gjid=1865175311&cid=270429164.1714097544&tid=UA-201575643-1&_gid=1061469118.1714097544&_r=1&_slc=1&gtm=45He44o0n81PMWT557v868834701za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tcfd=10001&npa=1&z=401881973

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 Apr 2024 02:12:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5.ad5ae419.min.js Show response
a.omappapi.com/app/js/ 16 KB
6 KB 8ms
8ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/5.ad5ae419.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 5fd85023d4b7e68daa580930db825421c34ce8a005748eca44c2396922b2402e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-662
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:21:07 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08f03-418b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 4c9f977a1b6bf0e118c52244727618e4
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

POST
H/1.1 204
No Content collect Show response
r.clarity.ms/ 0
289 B 653ms
302ms XHR
text/plain 20.119.174.243
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://r.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.119.174.243 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Fri, 26 Apr 2024 02:12:24 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
926 B 371ms
128ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b6006f0b-05fd-4129-b255-3ce46d6abf8e
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b6006f0b-05fd-4129-b255-3ce46d6abf8e
last-modified: Fri, 26 Apr 2024 02:12:24 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-q69vr
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 87a30c337a8d4db0-FRA

GET
H2 200 destinations.min.js Show response
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/ 0
44 B 455ms
207ms Script
application/javascript 18.153.4.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/destinations.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-153-4-44.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
content-length: 0

GET
H2 200 tracking.min.js Show response
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/ 168 KB
45 KB 426ms
178ms Script
application/javascript 18.153.4.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-153-4-44.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600

GET
H2 200 f0f127aca84f47eca502816a30d258d3
app.hubspot.com/conversations-visitor/21289959/threads/utk/ Frame 5816 0
0 254ms
231ms Document
text/html 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/21289959/threads/utk/f0f127aca84f47eca502816a30d258d3?uuid=ace766a5a75d481f96637a08d63a75cd&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=f0f127aca84f47eca502816a30d258d3&url=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: false
age: 3285
cache-control: max-age=600
cache-tag: staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 87a30c339c0ebb97-FRA
content-encoding: br
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.18616/html/index.html&cfRay=87a30c339c0ebb97&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F21289959%2Fthreads%2Futk%2Ff0f127aca84f47eca502816a30d258d3%3Fuuid%3Dace766a5a75d481f96637a08d63a75cd%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Dcyble.com%26inApp53%3Dfalse%26messagesUtk%3Df0f127aca84f47eca502816a30d258d3%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dtrue%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&cfenv=prod&pdt=2024-04-26&csp=ro
content-type: text/html; charset=utf-8
date: Fri, 26 Apr 2024 02:12:24 GMT
etag: W/"fe713fbe44a0deddd2e87f2e023919eb"
last-modified: Thu, 25 Apr 2024 15:01:14 UTC
origin-trial: Aqk2Dm2ZNOeMxifFm26pJzN4DTOHc1z7UYEx7QaWtHTVqsFhooI36f0r5tbw602aKbEI4WJ0fgx7+KHwlyi4HwwAAABceyJvcmlnaW4iOiJodHRwczovL2h1YnNwb3QuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=87a30c339c0ebb97&resource=conversations-visitor-ui/static-1.18616/html/index.html"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
x-amz-cf-id: vKBSNht055jz3vcvMst9UkNjK22SS7H0futZI8k8ncYPQlYyJLpakw==
x-amz-cf-pop: IAD12-P3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: _K5mn4P9p47gXw3WAZ5_G8OZVLZ9sXnh
x-cache: Hit from cloudfront
x-content-type-options: no-sniff
x-envoy-upstream-service-time: 9
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-kgjsm
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.18616/html/index.html
x-hs-worker-debug-mode: false
x-hubspot-correlation-id: b64be913-985a-41fe-967e-fe495e05e596
x-request-id: b64be913-985a-41fe-967e-fe495e05e596

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
342 B 66ms
20ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-201575643-1&cid=270429164.1714097544&jid=244589759&gjid=1865175311&_gid=1061469118.1714097544&npa=1&_u=aADAAAAAEAAAAC~&z=179999190

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 26 Apr 2024 02:12:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4.d8754c5b.min.js Show response
a.omappapi.com/app/js/ 48 KB
14 KB 8ms
8ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/4.d8754c5b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 0419af108684c7be468d5b2e8813d0f8c6a8dfe6e903f321fb5fb94b538f3f41

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1079
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Thu, 11 Apr 2024 22:05:28 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 382
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"66185ea8-c05a"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 1d87658c7402fc6e64fc5f328f9a55fc
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1 200
OK nextroll-32x32.png
s.adroll.com/i/favicon/ 2 KB
2 KB 8ms
7ms Image
image/png 2600:9000:2644:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Date: Thu, 25 Apr 2024 06:46:56 GMT
Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
Age: 73817
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1615
Last-Modified: Mon, 28 Jun 2021 18:19:21 GMT
Server: AmazonS3
Etag: "403a0a7dcf2d617e7ea852bfb9d11945"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: kKT72sPO0mGSR49U4mBuuyA_RMMP_oGdmfcIcF5LJ6vcSKFCa7v1RQ==

GET
H2 200 17.24171f7e.min.js Show response
a.omappapi.com/app/js/ 975 B
1 KB 9ms
9ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/17.24171f7e.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 228739c5660b9818a95c3b2c13f6c65cf4364f871c0cde499446c985be07a682

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-661
cdn-cachedat: 04/25/2024 21:00:47
cdn-pullzone: 293267
last-modified: Tue, 12 Sep 2023 04:06:13 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 599
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64ffe3b5-3cf"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: baef81236f9bdb6a1c5d39e21cf48e26
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 19.b4e5b44b.min.js Show response
a.omappapi.com/app/js/ 4 KB
3 KB 7ms
5ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/19.b4e5b44b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 753fb193306c662fa5918a839c29e6ac2aa6f6bc9067897914f7f88cb0b7b13a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1079
perma-cache: HIT
cdn-storageserver: DE-383
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:02:36 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08aac-10b0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: e326408556ac6c125a0832f7e1711b37
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 27.b5b10bd4.min.js Show response
a.omappapi.com/app/js/ 6 KB
3 KB 8ms
5ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/27.b5b10bd4.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 76e0cb78cc3495b6f1d43ce22fcd3b86eb896c36449130fa6f57d5d78d24f326

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1079
perma-cache: HIT
cdn-storageserver: DE-679
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Fri, 12 Apr 2024 21:36:07 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"6619a947-1991"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 63f9dd17a01d976d69ef2e116fc7b948
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 32.b9065693.min.js Show response
a.omappapi.com/app/js/ 11 KB
5 KB 10ms
7ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/32.b9065693.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 978277c7385002bbd8eca4f51d7bdac7424ef8c6d267066e36b018b25bf88f7a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-680
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:33 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f25-2c41"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 408fbc64e102a1f6933029aecce30a25
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.d6ea746c.min.js Show response
a.omappapi.com/app/js/ 33 KB
10 KB 11ms
8ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/10.d6ea746c.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: dd46cd5b40060d4af54ab1826b49823e50e5765743b99854f649cd3328df54fd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-383
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-8515"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 618b6043c955b516746944b275cffeb9
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.3271ac0a.min.js Show response
a.omappapi.com/app/js/ 7 KB
3 KB 15ms
13ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/0.3271ac0a.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 7ce730c88c3e9b94213f122d60df45837854975bb99a738f5a1c6890dd897fa5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-663
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 709
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-1d49"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 0458c78f66ed9aa59c9eb7e7afd4ee0f
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 9.09463684.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 11ms
9ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/9.09463684.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 85ac85413190c43521f591c1a6396da00ca53691e1f5efa474b98eb19355864e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1079
perma-cache: HIT
cdn-storageserver: DE-664
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-879"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 2459828a224d06b9bca38c93a25ace5b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 11.f24aae20.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 11ms
10ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/11.f24aae20.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: a8e8b78aa3a03c4da90595ae6701a7354f96b39eb7c2bfe8d48eea3c598a900e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-680
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:02:35 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08aab-a40"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 4c4d5f7cf8922cac0b3136be009edf6a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 28.b1a68bf1.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 12ms
11ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/28.b1a68bf1.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 7145f523095f6104f82d9dbd26409181378e073eecfa04beec262ae8e99fc02f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-661
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-d7b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 119ac08e6a7dcd986d11f4971a3a7ccf
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 26.ece538f7.min.js Show response
a.omappapi.com/app/js/ 2 KB
1 KB 13ms
11ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/26.ece538f7.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 40f5fcdf443b5777b6c40b7bcfb16ffb819fb166c7fb03dc4d3051f298b3a0c5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-383
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 709
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-6b6"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 12f6dddbd273451bb72abad9f46d5d30
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 16.f8b2cea4.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 13ms
12ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/16.f8b2cea4.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: a6117ff5cc0820717586d0f2ca8695cad42bf4194bcd64bcfb089c868dd9f292

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-662
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-51f"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: d5cd8d10bcf9662bd00ceef6c70bfa92
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 1.b1faf420.min.js Show response
a.omappapi.com/app/js/ 11 KB
3 KB 14ms
13ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/1.b1faf420.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 8bea43a9ea37aa3cb1e00bdb138fb4d55b2f3b469914a3e6920b77d1eb114954

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-661
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Mon, 15 Apr 2024 18:01:20 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"661d6b70-2b87"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 218982d2bd88c0a2b1f9381b7b55f545
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.40afa0f2.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 16ms
15ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/21.40afa0f2.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: dc5d4b967ffff9726af04edc42a6fd8c0d270e5d3cf4585ce67ddb2e63848935

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1079
perma-cache: HIT
cdn-storageserver: DE-679
cdn-cachedat: 04/25/2024 21:00:45
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:02:36 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08aac-81f"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 1e39525ff671558e3392cff9a9c0e7bf
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.6a8c2a93.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 16ms
16ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/22.6a8c2a93.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 2c594cdc36288037bc4996e8c3c2ae0ef8945b0935877926a76f97a1fc682f08

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-662
cdn-cachedat: 04/25/2024 21:00:48
cdn-pullzone: 293267
last-modified: Thu, 11 Apr 2024 18:16:51 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"66182913-595"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: f06de4d7cf8416ccbb336572b3d44b1e
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 18.eb4928d4.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 15ms
14ms Script
application/javascript 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/18.eb4928d4.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: daa51ba96131575f0fb77d304db2d12c8c7a297de89be5f4b74b02009fdf9e08

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-661
cdn-cachedat: 04/25/2024 21:02:02
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:02:34 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 588
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08aaa-7a4"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: ce4d2c2d0f033543f5953c1a2cbf54c7
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
2 KB 39ms
16ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans%3Aital%2Cwght%400%2C400&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.d8754c5b.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

12eebba255ce6f856459cab6b183b507be0417a322f46faf7dd71b3c4b0eec27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 26 Apr 2024 00:40:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 26 Apr 2024 02:12:24 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 38ms
16ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Vollkorn%3Aital%2Cwght%400%2C400&family=Poppins%3Aital%2Cwght%400%2C400&family=Montserrat%3Aital%2Cwght%400%2C400&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.d8754c5b.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

236f8f1571bf89d177950bddf1c9e7f8c1cdbfc44f3485aa564f062e7f4e321a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 26 Apr 2024 02:12:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 26 Apr 2024 02:12:24 GMT

GET
H2 200 0ybgGDoxxrvAnPhYGzMlQLzuMasz6Df2MHGeHmmc.woff2
fonts.gstatic.com/s/vollkorn/v23/ 25 KB
25 KB 42ms
16ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/vollkorn/v23/0ybgGDoxxrvAnPhYGzMlQLzuMasz6Df2MHGeHmmc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Vollkorn%3Aital%2Cwght%400%2C400&family=Poppins%3Aital%2Cwght%400%2C400&family=Montserrat%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8905434cd4c13924a376cf7f856282f63c3bcd98a5306395b7f3eec08704d6c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 19:24:23 GMT
x-content-type-options: nosniff
age: 283681
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25644
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:27:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Apr 2025 19:24:23 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 34ms
8ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 20 Apr 2024 13:26:32 GMT
x-content-type-options: nosniff
age: 477952
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Apr 2025 13:26:32 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v26/ 15 KB
15 KB 35ms
9ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 05:32:59 GMT
x-content-type-options: nosniff
age: 160765
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14940
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:46:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Apr 2025 05:32:59 GMT

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.wp.com/s/opensans/v40/ 47 KB
47 KB 9ms
9ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Fri, 26 Apr 2024 02:12:24 GMT
x-content-type-options: nosniff
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: nginx
age: 189600
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 48236
x-xss-protection: 0

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 18 KB
18 KB 46ms
20ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 20 Apr 2024 12:31:52 GMT
x-content-type-options: nosniff
age: 481232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18668
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Apr 2025 12:31:52 GMT

POST
H2 200 p Show response
app.clearbit.com/v1/ 16 B
1 KB 201ms
177ms XHR
application/json 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clearbit.com/v1/p

Requested by

Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding, Origin
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://cyble.com
access-control-expose-headers
content-security-policy-report-only: default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
access-control-allow-credentials: true
content-type: application/json

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 49ms
27ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7914b5c306a51678e7d777317f64c95d31437c47344063ec422c6bb2b4d9d718

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
x-amz-version-id: dVMibCEMTCuxskBoUeMfPfbdoSsUE0a9
via: 1.1 88f858f045c3909fad9cebbada511aee.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: FRA56-P4
age: 86040
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 17 Apr 2024 10:26:25 GMT
server: cloudflare
etag: W/"20a410e0e98a302abb9e907a2c7e0d10"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 87a30c368af79741-FRA
x-amz-cf-id: X4gHxIACiV0U9mAqusjfDpoLFi0GvnONT7WluLdm6cngn2P1CVwiCQ==

POST
H2 200 dropoff
to.getnitropack.com/ 20 B
182 B 71ms
43ms Ping
text/html 2606:4700:4400::ac40:96a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://to.getnitropack.com/dropoff

Requested by

Host: nitroscripts.com
URL: https://nitroscripts.com/JPtKKXLsjJbtelUWnenRbIbVJOerqPTK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:96a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarylowAAgw5HZ1Xpp4X

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: none
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-ray: 87a30c36bce78ed5-FRA

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=CEA75259090140389A9F1033A710D074&RedC=c.clarity.ms&MXFR=3D574AD8A9DA680B36605EB5ADDA668A
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=CEA75259090140389A9F1033A710D074&MUID=33E2951609EA636F1529817B086162EB

42 B
441 B

27ms
27ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=CEA75259090140389A9F1033A710D074&MUID=33E2951609EA636F1529817B086162EB
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Apr 2024 02:12:24 GMT
last-modified: Fri, 01 Mar 2024 22:54:48 GMT
server: Microsoft-IIS/10.0
etag: "3e26b762b6cda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 26 Apr 2024 02:12:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7A8209F3CCF64BC1AD88D4F6B16C2CA5 Ref B: FRA31EDGE0209 Ref C: 2024-04-26T02:12:24Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=CEA75259090140389A9F1033A710D074&MUID=33E2951609EA636F1529817B086162EB
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
937 B 155ms
136ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&t=LOCKBIT+Black%27s+Legacy%3A+Unraveling+The+DragonForce+Ransomware+Connection+-+Cyble&cts=1714097544728&vi=a2c3786f7b66abdeb253fef23b5ad896&nc=true&u=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&b=27441379.1.1714097544727&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4ed72ba0-a4e5-47fb-b1df-0a489ffe59d0
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4ed72ba0-a4e5-47fb-b1df-0a489ffe59d0
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2P%2BbFS1jwV2uteTAnA3clxJJqdPABzME2nL33CE4xGzU7cFNCkV8M0P5R9yhkjEp%2BP98%2FNKXzuGZ7dTNo4%2BbhAlotF%2FTQwpI8bni6niZ1UcQ3BJ8%2BcW4QRN4pkpg6ypZhB5zZ0KBUoYDlQPKKvLP"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-fb59n
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87a30c36bf5f3a92-FRA
x-robots-tag: none

GET
H3 200 cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png
i0.wp.com/cyble.com/wp-content/uploads/2021/11/ 682 B
1 KB 6ms
6ms Other
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2021/11/cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png?fit=32%2C32&ssl=1

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

666ce27930995b7f32000d6d54aa91af08ff3533f24ca54483d75b6090da352f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 682
x-nc: HIT hhn 1
last-modified: Mon, 22 Jan 2024 14:37:24 GMT
server: nginx
etag: "962fc270f78ceb5c"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2021/11/cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png>; rel="canonical"
expires: Thu, 22 Jan 2026 02:37:24 GMT

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 146 B
517 B 172ms
172ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: c0dd2e3a58f1c9502f48af8c30174095ab652b68a25a1ed96c8fe88f00b6c607

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer 07c397b8751687386690
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
visited_url: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Response headers

date: Fri, 26 Apr 2024 02:12:25 GMT
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: FRA56-P4
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: Wz8Ndjd-PHcEPnA=
server: cloudflare
etag: W/"92-qrSjAPokG+cNGoYPpdne5t0owrA"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 87a30c37eddb2c73-FRA
x-amz-cf-id: mRCbLfsKf6BJjXy7Pm3vJIdpf4lcyW2gQu25Xb1uhT71DlZKwI6t-w==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 187ms
175ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
alt-svc: h3=":443"; ma=86400
apigw-requestid: Wz8Nbin2PHcEPFg=
cf-cache-status: DYNAMIC
cf-ray: 87a30c36cd492c73-FRA
date: Fri, 26 Apr 2024 02:12:24 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-amz-cf-id: xPQx8KYoqujSsoK_6lQqtO9Cue2YM9KjKC7Z6rQ-Yrji6zamtdEN3Q==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 171ms
162ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&utk=a2c3786f7b66abdeb253fef23b5ad896&__hstc=27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1&__hssc=27441379.1.1714097544727&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b2059ebfaac76f66672caca3386c1940a05cd7401c645297e8b74f26bacab08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 416d4230-f582-45db-8bbb-5eaba44d3ebc
content-encoding: br
x-envoy-upstream-service-time: 47
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 416d4230-f582-45db-8bbb-5eaba44d3ebc
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-l7wvp
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l1O2oI9wfAD05MMsFt%2FTLO5lDpeSX7yCaZUkxXnjDF82o9O4c1e4LS1gD%2B73XCSHUfdBNSoqW75aTFw5I5j6a85%2FiVYr9qju3lhFQv%2BcfshOMnZM%2B058Nij%2FJI3NlkaJB4LF1PXIBqAKRj9pafue"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 87a30c370ce94dcc-FRA

GET
H2 200 bedd16138ee0a1847e87e4744f4d5fe8-yesno.json Show response
a.omappapi.com/app/campaign-views/b584497dcf5c/r0hediyvvmvme9sqc9m4/ 33 KB
7 KB 23ms
7ms XHR
application/json 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/b584497dcf5c/r0hediyvvmvme9sqc9m4/bedd16138ee0a1847e87e4744f4d5fe8-yesno.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 38070cd4f451b1c209a949ad0c9ce3eae47e0db5d8f61dc4183eba286f4317cf

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-383
cdn-cachedat: 04/25/2024 22:51:08
cdn-pullzone: 293267
last-modified: Thu, 07 Mar 2024 04:50:26 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65e94792-83a5"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 088a11615e51f63a84a0eb8b5775f4d6
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 92d93c6e1364abf9a8e5677f6480ce25-yesno.json Show response
a.omappapi.com/app/campaign-views/b584497dcf5c/hrmi1wlyf5zkw7jqsfln/ 32 KB
6 KB 22ms
7ms XHR
application/json 2400:52e0:1e00::1079:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/b584497dcf5c/hrmi1wlyf5zkw7jqsfln/92d93c6e1364abf9a8e5677f6480ce25-yesno.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1079 /
Resource Hash: 571203e9cb2ce57f18c3e46b01b7f9ca95d59d44d764fc83b0413ff350ceacfd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-661
cdn-cachedat: 04/25/2024 22:51:09
cdn-pullzone: 293267
last-modified: Thu, 15 Feb 2024 07:26:48 GMT
server: BunnyCDN-DE1-1079
cdn-fileserver: 709
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65cdbcb8-8132"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 7267ebbca6d961a6105faa36d089a2e0
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
882 B 39ms
20ms Script
text/javascript 142.250.74.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.196 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f4.1e100.net

Software

GSE /

Resource Hash

3cde5e8ebcddb38b3a64304622f3341e8304a809081a1148558f44740adbe6ce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 26 Apr 2024 02:12:24 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/ 509 KB
203 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

352a6d9b12a5ae3949d370ff42a338ba8bb6ff455d9ba995b1755fb7b99e8824

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 16:03:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 209359
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 207268
x-xss-protection: 0
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 23 Apr 2025 16:03:05 GMT

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 0E90 0
0 49ms
35ms Document
text/html 172.217.18.4
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=gh0ei0uzguyf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.4 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-coHS_3qDEBgkHvHmdiiXSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-coHS_3qDEBgkHvHmdiiXSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 26 Apr 2024 02:12:25 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H/1.1 204
No Content collect Show response
r.clarity.ms/ 0
289 B 108ms
108ms XHR
text/plain 20.119.174.243
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://r.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.119.174.243 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Fri, 26 Apr 2024 02:12:25 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H3 200 / Show response
ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/ 4 KB
3 KB 794ms
783ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

91849e0810eb76cfcb83e9d9a9f8b9e85fca336395b78a44ea7632afd8a34017

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/javascript
visited-url: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
_vtok: ODEuOTUuNS4zNg==
_zitok: e5d86cbc2ff62744301b1714097545
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://cyble.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 87a30c3a39535d63-FRA

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/ Frame 0
0 183ms
163ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://cyble.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 87a30c3919bf6adc-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 26 Apr 2024 02:12:25 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H2 200 /
to.getnitropack.com/ 20 B
96 B 60ms
60ms Ping
text/html 2606:4700:4400::ac40:96a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://to.getnitropack.com/

Requested by

Host: nitroscripts.com
URL: https://nitroscripts.com/JPtKKXLsjJbtelUWnenRbIbVJOerqPTK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:96a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary0htOLoTcD7CfTPxO

Response headers

date: Fri, 26 Apr 2024 02:12:25 GMT
content-encoding: none
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-ray: 87a30c3ce84c8ed5-FRA

GET
H2 200 data.js Show response
tags.clickagy.com/ 36 KB
13 KB 61ms
8ms Script
application/javascript 2600:9000:211e:fa00:4:8491:f2c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:fa00:4:8491:f2c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

85b9dffd781e47c571a53afc2f594c53f9c49ebeadc9adc3fc720d4a6e3a688b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 9OWM.Z0Dh.HHVWQAeO49BBTVx4LoDSWJ
content-encoding: gzip
via: 1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
date: Thu, 25 Apr 2024 05:59:49 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: FRA56-C2
age: 72758
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 08 Feb 2024 19:03:11 GMT
server: AmazonS3
etag: W/"9d6129b555ace3efebf194d38a3e562d"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: 9JWWVuwlL10xWiyPNEzlJqOMxBk33IX1TuPCBtmnntd9fnhT70tZZA==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 10 KB
4 KB 30ms
6ms Script
application/x-javascript 18.172.103.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.103.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-172-103-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3a95689e90e588b166f7b3ecd334959a2d6a3da1d73d557c8fb72fa10cf465dd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 25 Apr 2024 19:52:55 GMT
Content-Encoding: gzip
Via: 1.1 c0ddd35bae9510a7268b5854c63453cc.cloudfront.net (CloudFront)
Last-Modified: Thu, 25 Apr 2024 19:49:47 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
Age: 22772
ETag: W/"d6f0435164aefe6cf324147b77c7b6bb"
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: RDTvRQ8ot1MBVNEcORzvtgqmUwbJCLBtaGueIrYLEicQybYwdq4y3g==

GET
H2 200 up
insight.adsrvr.org/track/ Frame E396 0
0 108ms
35ms Document
text/html 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=ixkqho4&ref=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&upid=x1swie6&upv=1.1.0&gdpr=1&gdpr_consent=undefined
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-length: 0
content-type: text/html
date: Fri, 26 Apr 2024 02:12:26 GMT
server: Kestrel

POST
H2 200 data Show response
aorta.clickagy.com/ 57 B
501 B 298ms
95ms XHR
application/json 34.228.243.82
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aorta.clickagy.com/data
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.243.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-243-82.compute-1.amazonaws.com
Software: Aorta/20240425.4c3b815cb /
Resource Hash: d009e3be0364c13b58cde15a385e1915d5a6475c5b74b59c2d3d9fa1ceafdb9e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 26 Apr 2024 02:12:26 GMT
content-encoding: gzip
server: Aorta/20240425.4c3b815cb
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://cyble.com
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 2ceca16bcc50
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 82

GET
H2

451

420246.gif
idsync.rlcdn.com/
Redirect Chain

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1
https://aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:49c90fcf0baffde37a56146f81ead241&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D
https://d.agkn.com/pixel/10751/?che=1714097546511&ip=81.95.5.36&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D216713104864000067169
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=216713104864000067169
https://idsync.rlcdn.com/420246.gif?partner_uid=c:49c90fcf0baffde37a56146f81ead241

0
98 B

40ms
16ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/420246.gif?partner_uid=c:49c90fcf0baffde37a56146f81ead241
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Fri, 26 Apr 2024 02:12:26 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Fri, 26 Apr 2024 02:12:26 GMT
server: Aorta/20240425.4c3b815cb
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
location: https://idsync.rlcdn.com/420246.gif?partner_uid=c:49c90fcf0baffde37a56146f81ead241
access-control-allow-origin: *
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 2ceca16bcc50
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H2 200 hasHashes Show response
hemsync.clickagy.com/external/ 2 B
322 B 322ms
91ms XHR
text/plain 18.210.220.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.210.220.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-220-232.compute-1.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 26 Apr 2024 02:12:26 GMT
content-encoding: gzip
vary: origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://cyble.com
access-control-expose-headers: content-length, last-modified, expires, content-type
access-control-allow-credentials: true
content-length: 28

POST
H/1.1 204
No Content collect Show response
r.clarity.ms/ 0
289 B 96ms
96ms XHR
text/plain 20.119.174.243
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://r.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.119.174.243 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Fri, 26 Apr 2024 02:12:27 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 14ms
14ms Ping
text/plain 216.239.34.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45Pe44o0v9106873920za200&_p=1714097543385&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tcfd=10001&gdid=dZTNiMT&cid=270429164.1714097544&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.78%7CGoogle%2520Chrome%3B124.0.6367.78%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=AEA&_s=2&sid=1714097543&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection%2F&dt=LOCKBIT%20Black%27s%20Legacy%3A%20Unraveling%20The%20DragonForce%20Ransomware%20Connection%20-%20Cyble&en=scroll&epn.percent_scrolled=90&_et=16&tfd=5631
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 26 Apr 2024 02:12:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

251 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

52 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hsforms.net/	1970-01-20 20:08:19	Name: __cf_bm Value: B36WXsqB6Y4qjcsL7d0eSo7vCFnGlpH20xvkemlnlRg-1714097543-1.0.1.1-UNz7kBwcepS27jc3BrulQmbiBHyJFKKc7WenDkXtU.3TXUGxfbJTFcsdKRjeAps6oGsepzJvRI.P_Sbh69g9Sw
.cyble.com/	1970-01-21 05:44:17	Name: _ga_N9ZXY95EM4 Value: GS1.1.1714097543.1.0.1714097543.0.0.0
cyble.com/	1969-12-31 23:59:59	Name: nitroCachedPage Value: 0
.gartner.com/	1969-12-31 23:59:59	Name: _cfuvid Value: BA.MvqGm6vOTkX3OKwaIg8ZtwdlDBsGWE1ZfnzW7_XQ-1714097543595-0.0.1.1-604800000
.cyble.com/	1970-01-21 05:44:17	Name: _ga_361856552 Value: GS1.1.1714097543.1.0.1714097543.0.0.0
.gartner.com/	1970-01-20 20:08:19	Name: __cf_bm Value: BTwyQTn_eJe_MrjXY3bnbzHs53QQmiwMElgOhmswQGk-1714097543-1.0.1.1-StP4zo6tmrxAea0On76DXglD55pKayT0ayk3r8kY7lRqKpyKv5dPmZRTeI6k4BHQCNHy23kNgvZaHUMj722K8A
cyble.com/	1970-01-21 05:44:17	Name: _omappvp Value: wWeqBJnJmxOrNF815JKStz696zfrPbqBFTy3MhCj2zmZ1qYTHL4clG7oGkePD8cv9dMQXxWIGcZMn0sw9QYWsm6x91ziKsKY
cyble.com/	1970-01-20 20:08:18	Name: _omappvs Value: 1714097543728
www.clarity.ms/	1970-01-21 04:53:53	Name: CLID Value: acb66c7ef7084f90a0ce6353bc47ceb3.20240426.20250426
.cyble.com/	1970-01-20 22:17:53	Name: _fbp Value: fb.1.1714097543773.1156064612
.cyble.com/	1970-01-21 04:53:53	Name: _clck Value: r09pvb%7C2%7Cfl9%7C0%7C1577
.gartner.com/	1970-01-21 04:53:53	Name: cf_clearance Value: YsJZbVMC8LIVL9iUGqODRy2gvOwDkwibKyFqrd9dSQw-1714097543-1.0.1.1-IPxer_mfKIn7JPJROuBFiEM5GKOqVRVLXxCdwNICsQINtcTZRwAYZ1xfApTnJ_jdkABh99noWRiMTPxeNN8cYQ
.cyble.com/	1970-01-20 22:17:53	Name: _gcl_au Value: 1.1.1278716694.1714097544
.cyble.com/	1970-01-21 05:44:17	Name: _ga Value: GA1.2.270429164.1714097544
.cyble.com/	1970-01-20 20:09:43	Name: _gid Value: GA1.2.1061469118.1714097544
.cyble.com/	1970-01-20 20:08:17	Name: _gat_UA-201575643-1 Value: 1
.linkedin.com/	1970-01-20 22:17:53	Name: li_sugr Value: 4b3b2372-c1b2-4ca4-a15a-7800b375e820
.linkedin.com/	1970-01-20 20:09:43	Name: lidc Value: "b=OGST03:s=O:r=O:a=O:p=O:g=3201:u=1:x=1:i=1714097543:t=1714183943:v=2:sig=AQGmVNMEDvjA172IMcP2eWG_d6dAumdW"
.linkedin.com/	1970-01-20 20:51:29	Name: UserMatchHistory Value: AQK684nwqc44vwAAAY8YLNs7_IOtSWjBbjXbZmvOyDd7qPde63DGnkRqzIZm3FY-TLVqs49nVYufcQ
.linkedin.com/	1970-01-20 20:51:29	Name: AnalyticsSyncHistory Value: AQItbto-7jDPAgAAAY8YLNs7bCQqlthtXuGFThkfsI989Ed3sCszeLQPgnLGLLtw8r_-nO7tMAd83qMsp8CawA
.linkedin.com/	1970-01-21 04:53:53	Name: bcookie Value: "v=2&d179e9f5-a4ce-4992-886b-1d6024ee92ef"
.www.linkedin.com/	1970-01-21 04:53:53	Name: bscookie Value: "v=1&2024042602122465a666ff-b261-4112-8689-c99417950a52AQEOurRsKQT3_TtNR3UJi1xgn5ebbXCN"
.linkedin.com/	1970-01-21 00:27:29	Name: li_gc Value: MTswOzE3MTQwOTc1NDQ7MjswMjFW2UmUTnqaGRCm4gaTePpoxjVb4uJLlrgJy8llRIYwFQ==
.hsforms.com/	1970-01-20 20:08:19	Name: __cf_bm Value: AHhaJqHbtbGTt1edS_TgLX15qExAon1okSziIq3k4eE-1714097544-1.0.1.1-huSfULax0oTUrjm0TCkXYIPqGxONGVJkH5QkFuY.ElPAZxfp4MJrxlevvZD2icndna88x1B8OEK6_VX6AWa9LA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Y6TJuKUbw6RVwbNTC5MbSGnh5AtrZBNfKpmz_.8bw5g-1714097544352-0.0.1.1-604800000
.cyble.com/	1970-01-21 04:53:53	Name: cb_user_id Value: null
.cyble.com/	1970-01-21 04:53:53	Name: cb_group_id Value: null
.cyble.com/	1970-01-21 04:53:53	Name: cb_anonymous_id Value: %225e70554e-96ce-4854-9cb4-fd885fbd677e%22
.cyble.com/	1970-01-20 20:09:43	Name: _clsk Value: 16i5q0p%7C1714097544636%7C1%7C1%7Cr.clarity.ms%2Fcollect
.cyble.com/	1970-01-21 00:27:29	Name: messagesUtk Value: f0f127aca84f47eca502816a30d258d3
.cyble.com/	1970-01-21 00:27:29	Name: __hstc Value: 27441379.a2c3786f7b66abdeb253fef23b5ad896.1714097544727.1714097544727.1714097544727.1
.cyble.com/	1970-01-21 00:27:29	Name: hubspotutk Value: a2c3786f7b66abdeb253fef23b5ad896
.cyble.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cyble.com/	1970-01-20 20:08:19	Name: __hssc Value: 27441379.1.1714097544727
.labs.cyble.com/	1970-01-20 20:08:19	Name: __cf_bm Value: jd7TtAHUDVyz.Iq1QldrCJdX8cUXCljP55zz1cPTofQ-1714097544-1.0.1.1-BvUkLQlGkiawSFAg_oNDpklfngaMM6Xe4C2ETLsZ1n6OIBFl34eIj.4sX6.xUjrf7224xnTn.mpR6n35OaGcDA
.labs.cyble.com/	1969-12-31 23:59:59	Name: __cfruid Value: d309ed277da8421a9d1a2b7de207730ac51f2911-1714097544
.hubspot.com/	1970-01-20 20:08:19	Name: __cf_bm Value: wo3ptMHCINNNcFJPqCJR6xMgr3EloSXahOVmANUyAKs-1714097544-1.0.1.1-xoFwZ2QSNW_2b1MGB95XQgYlMaAyaSOZuH5i7sh93ZXAG58b5CJ927TBtODDMIpiVOZJimA1Oabfj8LMpR6uag
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: XRwXFC1nhZeAemUyUbaaVS9RY5Cm2EkD2gV62Ifrpf8-1714097544840-0.0.1.1-604800000
cyble.com/	1970-01-20 20:51:29	Name: omSeen-hrmi1wlyf5zkw7jqsfln Value: 1714097544868
.bing.com/	1970-01-21 05:29:53	Name: MUID Value: 33E2951609EA636F1529817B086162EB
.c.bing.com/	1970-01-20 20:18:22	Name: MR Value: 0
.c.bing.com/	1970-01-21 05:29:53	Name: SRM_B Value: 33E2951609EA636F1529817B086162EB
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 05:29:53	Name: MUID Value: 33E2951609EA636F1529817B086162EB
.c.clarity.ms/	1970-01-20 20:18:22	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 20:08:18	Name: ANONCHK Value: 0
cyble.com/	1970-01-20 20:51:29	Name: omSeen-r0hediyvvmvme9sqc9m4 Value: 1714097544939
.cyble.com/	1970-01-21 04:53:53	Name: _zitok Value: e5d86cbc2ff62744301b1714097545
.zoominfo.com/	1970-01-20 20:08:19	Name: __cf_bm Value: S2V5Zq0xkFUZxYIRLO6qt6Eq625X_Buz5AQM08WjQvk-1714097546-1.0.1.1-FH0l0T8.Wsk37zw4UDXdUlMas2uUNblMwAmUddN4g81.5pf977X8Bq6z9r9fIsX.5BOr0GVoOU2.A67TSg7Djg
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: NaIRAQ74ZekkgZ7jAK6EIgljrghK3MRnjrZtvtorelk-1714097546086-0.0.1.1-604800000
.agkn.com/	1970-01-21 04:53:53	Name: ab Value: 0001%3Aoai%2FcHCfyexQLdSJQKDpno0kcZOcFdmZ
.agkn.com/	1970-01-21 04:53:53	Name: u Value: C\|0AAAAAAAALb3KCgAAAAAA

97 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2017) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2017) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2017) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2017) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2041) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2041) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2041) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2041) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2041) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2041) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2041) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/(Line 2041) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1126903675356441?v=2.9.154&r=stable&domain=cyble.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 97) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://idsync.rlcdn.com/420246.gif?partner_uid=c:49c90fcf0baffde37a56146f81ead241 Message: Failed to load resource: the server responded with a status of 451 ()
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
aa.agkn.com
aorta.clickagy.com
api.hubspot.com
api.omappapi.com
app.clearbit.com
app.hubspot.com
c.bing.com
c.clarity.ms
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
cyble.com
d.adroll.com
d.agkn.com
fonts-api.wp.com
fonts.googleapis.com
fonts.gstatic.com
fonts.wp.com
forms.hubspot.com
hemsync.clickagy.com
i0.wp.com
idsync.rlcdn.com
insight.adsrvr.org
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
js.zi-scripts.com
nitroscripts.com
perf-na1.hsforms.com
pixel.wp.com
px.ads.linkedin.com
px4.ads.linkedin.com
r.clarity.ms
region1.google-analytics.com
s.adroll.com
s0.wp.com
snap.licdn.com
stats.g.doubleclick.net
stats.wp.com
tag.clearbitscripts.com
tags.clickagy.com
to.getnitropack.com
track.hubspot.com
unpkg.co
unpkg.com
ws.zoominfo.com
www.clarity.ms
www.facebook.com
www.gartner.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
x.clearbitjs.com
104.16.117.43
104.17.24.14
104.18.141.119
104.18.37.212
104.19.175.188
13.107.42.14
142.250.74.196
15.197.193.217
172.217.18.4
172.64.153.35
172.67.138.101
18.153.4.44
18.172.103.101
18.194.168.76
18.210.220.232
192.0.76.3
192.0.77.2
192.0.77.32
192.0.78.231
20.119.174.243
2001:4860:4802:34::36
216.239.34.36
2400:52e0:1e00::1079:1
2600:9000:211e:fa00:4:8491:f2c0:93a1
2600:9000:2644:c00:6:9280:1080:93a1
2600:9000:2670:c400:7:d7d6:3c40:93a1
2606:4700:3108::ac42:2af8
2606:4700:4400::ac40:96a3
2606:4700:4400::ac40:991b
2606:4700:4400::ac40:9923
2606:4700:4400::ac40:9af8
2606:4700::6810:4f8e
2606:4700::6810:7674
2606:4700::6810:8bd1
2606:4700::6810:a0a8
2606:4700::6811:f8cb
2606:4700::6812:8d11
2620:1ec:21::14
2620:1ec:bdf::67
2620:1ec:c11::237
2a00:1450:4001:800::2003
2a00:1450:4001:806::200a
2a00:1450:4001:81d::2003
2a00:1450:4001:827::200e
2a00:1450:4001:82a::2008
2a00:1450:400c:c06::9a
2a02:26f0:780::210:a45b
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a05:d018:cc3:fe05:8cc9:e724:6e37:8294
3.127.196.46
3.77.215.189
34.228.243.82
35.244.174.68
68.219.88.97
01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0
02691c38db1b70e6897e594025a6080e91d8ff8e6af11d3c76d922af318cdc69
0419af108684c7be468d5b2e8813d0f8c6a8dfe6e903f321fb5fb94b538f3f41
0ad79ac33c7c41387626a97dedea41c966bb10f37988f79300885ded4e73d8f5
0bc0ee31b90f499f89ccb6847b45fc23b37559c41def8ef9d8f198b0f90863bd
0d47dbbac748871e5314dc3f196d618bd32e3f102be480b8dc6fdfe2690d676e
0dbfaaaf2f76f27cb1a6c0c99a4f2cc90092e45fec2c6d0cde2b36883423fc62
1022ec744257a5958e4d468b28f458bb010d6636e633e49d242283746329878f
1030dee6b293cd2f1331f5355130a5db48929f961ba7409a4d4ce83c73caefdd
11f6e7def0540aebfe875eaabc6cde96c72f2ea4f024db3a7695ad07cde1df08
12eebba255ce6f856459cab6b183b507be0417a322f46faf7dd71b3c4b0eec27
144ee8fd3d8997d932fe2b5497979e7cde8fda86b41b0c6e32e47faa8e1157e7
150ed93393b7e7892c55d7e93bbe1adf54f9eec80dd5a83846d7fcdfbec9152d
156b381819247eb013bfd7ad6cd96fed291f0a1bfb55206c8e644bb42576c5c7
17b79ece7ef9d1454a90156690d33d64387b67a7a7548fc826012512e287a937
1bd40f9074c4f514b346fc6c17bcdf7ee6ddb80c5b4fd2902ab97be22d07cc52
1d06242014fabc7be6a13c137113a9219c51850ca00f5b4ff8e1fb073c308a65
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c
20c05c0b39dc686a50593b9340e47730320ce2a96fac26f83a4c9870b7eda748
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252
228739c5660b9818a95c3b2c13f6c65cf4364f871c0cde499446c985be07a682
236f8f1571bf89d177950bddf1c9e7f8c1cdbfc44f3485aa564f062e7f4e321a
24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3
25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08
265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2
28033e449a31ebcc396e5be8b13b63152bf03094288fb5867034321927bce087
282130b4513ec550a3c9dac332c3d31e9b969503930faf930581c13d172adc6a
299f9402f0755e36a6a709a61ac24b1b278d91ac21a8515401e75c2ab7843b92
2a10ab2828a2618f138f34578efa80307b551fa2c318bbd3085622518fe89588
2c594cdc36288037bc4996e8c3c2ae0ef8945b0935877926a76f97a1fc682f08
2cf5770a4c5c26b38a1fcc2a5a0fdb25169f811f5e1cefe141590e77bf034bd4
2d7c46ebb2b355059209e45367e00513f668aef1ddac8cd23a8107f67618c239
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
30e8dec743d4c3da4cb39797b8bd5da2ba3d68925d5fc9762a62931238e7f6c1
32b738242f47cce8116f535e6228a564477c47052825795a4d0b4d909df02703
3529c4b0684f9e29508a8c2e6b6095b3f7ecb7b5410ff5b1ba306c49bb63f703
352a6d9b12a5ae3949d370ff42a338ba8bb6ff455d9ba995b1755fb7b99e8824
36b74f0c72674951730e13d210bf20cbab196d2b93b00871195e03116dffc9d8
38070cd4f451b1c209a949ad0c9ce3eae47e0db5d8f61dc4183eba286f4317cf
39badaa7254daebaccbfc900a8ab3e619aaa048a7306b182ecf19655fdaf3976
3a95689e90e588b166f7b3ecd334959a2d6a3da1d73d557c8fb72fa10cf465dd
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3c90187bbb11bdeb9386f564773f3d14394c8973e87b2e6eeaad67a010a0bb25
3cde5e8ebcddb38b3a64304622f3341e8304a809081a1148558f44740adbe6ce
3ec093226dbb4c5f2767562378e80a955db377003a72f5ff70cd65040983090f
3ee3fb5c6959a4450a19fd4096a9e65e8c62c0c6af12870f634007b81a122282
3ee4c31c858e8320169f5fdd181dce35fa4d45f08b168cf0eba9ae1cad2a7c54
40f5fcdf443b5777b6c40b7bcfb16ffb819fb166c7fb03dc4d3051f298b3a0c5
412fed0df31808e5a31170bf86a92a60e4482af38eb253a35f8b16576eae732a
4191046282188511e39192189081ce8d7e1788b15e33e3f567c35bfafe70ae0a
4196ef94fe2c7befda378bfaad82f3e662be2b5eb1ba9aeffce466ba6bfd0bd4
45796372411ce0e3dde0f72d9fe5269d0efc7b7033491543a297bb2623e6eee6
4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9
4b2059ebfaac76f66672caca3386c1940a05cd7401c645297e8b74f26bacab08
4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
4b8521fd06207a88a9a06905d578dc414562bee7add4225a0e2478bf6f2a88e1
4dcabb967a6a348a2508cb74415e86cabe70f4c921e9d36581047e0e89f20555
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641
4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36
50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07
54c8ea0d64c3d52573359befbd4e5fab7ff3d18abedf40759fba7d500832177a
55fb81f7628ac54c41192288b6cc325e74bca77bb6e466c6a51fff804d652f49
571203e9cb2ce57f18c3e46b01b7f9ca95d59d44d764fc83b0413ff350ceacfd
59f626902cee1ec6add9c9ac20ae2be6f2e39f4f821a550b73bba584b9d87e03
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e
5fd85023d4b7e68daa580930db825421c34ce8a005748eca44c2396922b2402e
60bb20ed63b85f4b58c6a36f966974b3329c198e320d4abeb99e6f25c9dda949
666ce27930995b7f32000d6d54aa91af08ff3533f24ca54483d75b6090da352f
68e99da8a2eb91fcac4ac231535375cb019d7b37b1463819e990176bc70ba0e4
69051958cee5d58e909a1da658e21fac0c4a7fc1c521b4e45cb378ba58815fd0
6aab9f20f816e7e4c01056f5e79e50f5a289af3e2365f637619b99cb8a3a5a11
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cc4c722a50b4152194b13e7e3c8a1a5a5f23b17988f8fa85404394efc5c0984
6ce8f0846ff6257a7cd87e81e49f079fe1239506c4875b2d225942d72355f899
6dc90b0b36f3fca84ded0289b324c55a19a663b2b742b9b244508aae6526c51d
6f708315ec1e5f14fcf831768764aad338d6507ac1e5f11c155c820487052544
70476ba53527fab2913c6b57d5666afbbd2e904069b3abffc896302c11d4f020
71044f74ee2d65b306015b22a5a9ff5bdb21d05da01578db752ee6e9db3de66d
7145f523095f6104f82d9dbd26409181378e073eecfa04beec262ae8e99fc02f
749050b9e72078b086ef578e9d5c6e764c89985d149a4ac76861004e0e6945ca
753fb193306c662fa5918a839c29e6ac2aa6f6bc9067897914f7f88cb0b7b13a
76e0cb78cc3495b6f1d43ce22fcd3b86eb896c36449130fa6f57d5d78d24f326
7746f29691f141ffc7bb6cf7d3531dbce57aab1cf13e2d9a538864ff2b70c48e
7851a6e073db7e856a91241c222624ca463042b17666cff2772b5e4ac64436a1
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
790b349be1914fde877d1307143688fb102447716476d468bd5190a4f487b1bc
7914b5c306a51678e7d777317f64c95d31437c47344063ec422c6bb2b4d9d718
7c62e2dd759bf92e6098e34877ea502a6c161ec325bb677703aba53ec6886d53
7ce730c88c3e9b94213f122d60df45837854975bb99a738f5a1c6890dd897fa5
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7e90328c9fb59a9181595701de65c08228ae72000742077bccda67ec8fb8a04e
7f135570fa579113752e45267adfacfa8d9de4e297930c307c4654cf56378155
84ed7bd8190bb3ce70e1c64c5d75200541c90c39d832b995ce558c929ffb1cd7
85ac85413190c43521f591c1a6396da00ca53691e1f5efa474b98eb19355864e
85b9dffd781e47c571a53afc2f594c53f9c49ebeadc9adc3fc720d4a6e3a688b
88aaa00ed63445a1d87d9d2c4473d0b8ed19a8365c8fdfa5b4ce13580229fcc7
8905434cd4c13924a376cf7f856282f63c3bcd98a5306395b7f3eec08704d6c8
8bea43a9ea37aa3cb1e00bdb138fb4d55b2f3b469914a3e6920b77d1eb114954
8dedac87774b6b9759fce6f3109df0ef693b3c6e2a72111bddf91a11a2a48834
91849e0810eb76cfcb83e9d9a9f8b9e85fca336395b78a44ea7632afd8a34017
9281e92347951df7b3764862686c89f3344547c77e10096acbb5196ff6c8645f
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
945f333ee61c0da7432df2210a10e3670b38ac2949abe8599a969c00c5db8965
94f83a6214b9eb056136d8c2de50f1bef8141e7da5aa0c744b5dc80dba388545
969e71d2c58889efb61cd106846e486fd055c9e94c3ad19ca545fce0ea709e1f
978277c7385002bbd8eca4f51d7bdac7424ef8c6d267066e36b018b25bf88f7a
99142e3048ff980fa6ac618f8f99305efdf4bd1afa17aa842ae535a59716936d
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b27c9ba5afb802649f3eeedf58bbb587f715d671022b91d0dec8803c3f1aa9d
9d02f1a51000b5df3329a443ce51f1e8e5052e4d9acf2dde92af8907c0f32860
9dc8f7cd5cadd85e7e9d4613948f8ff193b71f0edb131059befca5e447511a1e
9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed
a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4
a4f072af9676801501625f6a62f9aad94c502c63a6e26f87d950b74ae23609c6
a6117ff5cc0820717586d0f2ca8695cad42bf4194bcd64bcfb089c868dd9f292
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
a72fb86e087a914701c121d199dbd32977ba67eb19b327c040f02010736eb012
a8e8b78aa3a03c4da90595ae6701a7354f96b39eb7c2bfe8d48eea3c598a900e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af359a9b4fe881027d634b8657d489acb4253801c908c389390a1c0e9c077a0b
b06701d9327ed824686a01d7413ab99c56af1b21c5c5b103b800f0cf88fc2ebb
b2f265c011510de19d6643efb9953d5d25623f6ffa67330ba3c3f3f81f2d4b80
b4468ef363d059ed77ab7ae32daafcfb1b98f84d6474dedffd75e4b63de47bee
b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1
b59c977cc3f991c49a3f474d2e39758f1525e8f223b0a915dc7e3725a474edaf
b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1
b674ae72e31570fbfba5dd723788233676575b3d5ae6ca6f08846f1af6cd951c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bbb0e2992d118275ab55b38516eb49d275c202b20dbe37be1250d276f0e4dfb6
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bec72f63e5d121152a0daa5fb9e072ab99918433a082043acc76cb5b9c2aef12
c0dd2e3a58f1c9502f48af8c30174095ab652b68a25a1ed96c8fe88f00b6c607
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c21d34249d4a61b1d0df5209aeb7cceed64891dcb7233ce6e91771306489baf7
c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094
c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196
c5f3b2f654d2d8210a481c0164f0a53430cd09b77c34374fe23c9a03f5ad00fb
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cd850c79f7a892108802a5759d61f4f7c85a42f3b31adc38e0383427990eccbd
ce6ca33022b621548150a78dd47d229a8f24524fc8334abc6bd57cd76d21cd2d
d009e3be0364c13b58cde15a385e1915d5a6475c5b74b59c2d3d9fa1ceafdb9e
d235f6969214613f53a2ab9edb8ffa35adb1136626a42803ba9515e9f95b460f
d3e5d32e12dd4b8462cc89b6ea7b148b63a9f7a80b5879257df116c030c9c10c
d6c883009de590c4192b9fbc2e3fe016a79d5fce92c47ca0743ca31d8ffb8cb0
d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9
d925a7efdf9bcf78f0781af68f6f50617b9bb44e51023a63597b8e98ee207dba
da614c06a9daea4f0b2773fc3ce151ac74e5e62966db6315edffe9f7701918a6
daa51ba96131575f0fb77d304db2d12c8c7a297de89be5f4b74b02009fdf9e08
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc5d4b967ffff9726af04edc42a6fd8c0d270e5d3cf4585ce67ddb2e63848935
dd17676c5608b2e5ab3bdcf1e1c13d5df0e3417932f0b61dc785b20e77e63877
dd46cd5b40060d4af54ab1826b49823e50e5765743b99854f649cd3328df54fd
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
efb5dc6835aeb8a8e1615ca49df1828cfaf708dc73651c5f1c651f2d2ab3907a
f0ae296f5c19db047491f1311d621ff18960b34cfa9cb07b69932a02ec298366
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
f2d67341a2b727d268ef828a31c6b25fd69cb3aec3de28b689bafc38d4ef8e0d
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3ad47c17d7a3be46f8e0f8a43887410419069238488ed969e72bccb9db86a6b
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f4f30b0e88091bd1d0b328833de451c6e08ccacf1be5989060cb1f6abfe07bbb
f5c4ba1964e745443a0c654fc82f22e7e540e84da7c72d20ea85451cc79a035a
f9a9329601265904d54c430182763d17b07563554581039a81ccd75dc74562a1
fec3ab99b7da211c21498630524f9e2ef23bea1e9fa69ea22f5714ffed68e87e
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ffd8101fbe8da0eee9648c1c377de837bb8f8315b3cf593197b1daff4538d2fe

cyble.com Open in urlscan Pro 192.0.78.231 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

203 Requests

96 %HTTPS

53 %IPv6

39 Domains

61 Subdomains

52 IPs

5 Countries

3049 kBTransfer

8838 kBSize

52 Cookies

74 Outgoing links

Redirected requests

203 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cyble.com Open in urlscan Pro
192.0.78.231 Public Scan

Screenshot
Live screenshot

Full Image

203
Requests

96 %
HTTPS

53 %
IPv6

39
Domains

61
Subdomains

52
IPs

5
Countries

3049 kB
Transfer

8838 kB
Size

52
Cookies

203 HTTP transactions
0 data transactions