urlscan.io logo urlscan.io
SecurityTrails logo

www.secureworks.com Open in urlscan Pro
23.100.35.118  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Submission: On October 23 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 37 IPs in 6 countries across 33 domains to perform 94 HTTP transactions. The main IP is 23.100.35.118, located in San Jose, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.secureworks.com.
TLS certificate: Issued by Thawte RSA CA 2018 on August 28th 2020. Valid for: a year.
This is the only time www.secureworks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 23.100.35.118 8075 (MICROSOFT...)
39 2a02:26f0:64:... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
2 2620:12a:8001::2 54113 (FASTLY)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 23.36.237.138 16625 (AKAMAI-AS)
2 3 209.167.231.17 7160 (NETDYNAMICS)
1 142.0.173.134 7160 (NETDYNAMICS)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 151.101.114.110 54113 (FASTLY)
6 2a00:1450:400... 15169 (GOOGLE)
1 151.101.112.157 54113 (FASTLY)
2 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
1 172.217.22.2 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a03:2880:f01... 32934 (FACEBOOK)
3 23.37.35.171 16625 (AKAMAI-AS)
1 13.224.194.13 16509 (AMAZON-02)
1 163.171.132.119 54994 (QUANTILNE...)
2 52.85.32.102 16509 (AMAZON-02)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 3 185.33.220.145 29990 (ASN-APPNEX)
1 99.86.2.7 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 162.247.242.18 23467 (NEWRELIC-...)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.3 13414 (TWITTER)
1 104.244.42.133 13414 (TWITTER)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 206.19.49.24 7018 (ATT-INTER...)
1 52.85.32.40 16509 (AMAZON-02)
2 2 54.228.192.197 16509 (AMAZON-02)
1 2 13.225.73.16 16509 (AMAZON-02)
2 2a03:2880:f11... 32934 (FACEBOOK)
94 37
1    23.100.35.118 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.secureworks.com
39    2a02:26f0:64::210:6b83 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
pcdnscwx001.azureedge.net
1    2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2620:12a:8001::2 (United States)

ASN54113 (FASTLY, US)
live-scwx-pe.pantheonsite.io
3    2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    23.36.237.138 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-36-237-138.deploy.static.akamaitechnologies.com
img.en25.com
3    209.167.231.17 (United States)

ASN7160 (NETDYNAMICS, US)
PTR: e017.en25.com
s1659.t.eloqua.com
1    142.0.173.134 (United States)

ASN7160 (NETDYNAMICS, US)
web.secureworks.com
1    2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
1    151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
6    2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    2a02:26f0:10c:5a0::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
snap.licdn.com
2    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    172.217.22.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s14-in-f2.1e100.net
www.googleadservices.com
3    2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)
script.crazyegg.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    23.37.35.171 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-35-171.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
1    13.224.194.13 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-13.fra2.r.cloudfront.net
tag.demandbase.com
1    163.171.132.119 (Germany)

ASN54994 (QUANTILNETWORKS, US)
trk.techtarget.com
2    52.85.32.102 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-32-102.ham50.r.cloudfront.net
js.driftt.com
1    68.67.153.60 (United States)

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net
s.ml-attr.com
3    185.33.220.145 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
1    99.86.2.7 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-2-7.fra6.r.cloudfront.net
attr.ml-api.io
2    2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    162.247.242.18 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-6.nr-data.net
bam.nr-data.net
2    2a05:f500:11:101::b93f:9005 (Ireland)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    104.244.42.3 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    104.244.42.133 (United States)

ASN13414 (TWITTER, US)
t.co
1    2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)
apt.techtarget.com
1    52.85.32.40 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-32-40.ham50.r.cloudfront.net
api.company-target.com
2    54.228.192.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-192-197.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
2    13.225.73.16 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-16.fra2.r.cloudfront.net
segments.company-target.com
2    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
39 azureedge.net
pcdnscwx001.azureedge.net
1 MB
6 google-analytics.com
www.google-analytics.com
19 KB
3 company-target.com
api.company-target.com
segments.company-target.com
2 KB
3 linkedin.com
px.ads.linkedin.com
www.linkedin.com
2 KB
3 doubleclick.net
stats.g.doubleclick.net
googleads.g.doubleclick.net
1 KB
3 adnxs.com
secure.adnxs.com
3 KB
3 6sc.co
j.6sc.co
c.6sc.co
b.6sc.co
8 KB
3 crazyegg.com
script.crazyegg.com
36 KB
3 eloqua.com
s1659.t.eloqua.com
2 KB
3 cookielaw.org
cdn.cookielaw.org
24 KB
2 facebook.com
www.facebook.com
359 B
2 bidr.io
match.prod.bidr.io
1019 B
2 nr-data.net
bam.nr-data.net
461 B
2 google.de
www.google.de
625 B
2 google.com
www.google.com
625 B
2 driftt.com
js.driftt.com
45 KB
2 techtarget.com
trk.techtarget.com
apt.techtarget.com
3 KB
2 facebook.net
connect.facebook.net
92 KB
2 bing.com
bat.bing.com
9 KB
2 licdn.com
snap.licdn.com
3 KB
2 pantheonsite.io
live-scwx-pe.pantheonsite.io
15 KB
2 secureworks.com
www.secureworks.com
web.secureworks.com
37 KB
1 t.co
t.co
448 B
1 twitter.com
analytics.twitter.com
651 B
1 ml-api.io
attr.ml-api.io
484 B
1 ml-attr.com
s.ml-attr.com
284 B
1 demandbase.com
tag.demandbase.com
17 KB
1 googleadservices.com
www.googleadservices.com
11 KB
1 ads-twitter.com
static.ads-twitter.com
2 KB
1 newrelic.com
js-agent.newrelic.com
11 KB
1 jquery.com
code.jquery.com
30 KB
1 en25.com
img.en25.com
3 KB
1 googletagmanager.com
www.googletagmanager.com
57 KB
94 33
Domain Requested by
39 pcdnscwx001.azureedge.net www.secureworks.com
pcdnscwx001.azureedge.net
6 www.google-analytics.com www.googletagmanager.com
3 secure.adnxs.com 2 redirects j.6sc.co
3 script.crazyegg.com www.googletagmanager.com
script.crazyegg.com
3 s1659.t.eloqua.com 2 redirects www.secureworks.com
3 cdn.cookielaw.org www.googletagmanager.com
cdn.cookielaw.org
2 www.facebook.com
2 segments.company-target.com 1 redirects
2 match.prod.bidr.io 2 redirects
2 px.ads.linkedin.com 1 redirects
2 bam.nr-data.net js-agent.newrelic.com
2 www.google.de
2 www.google.com
2 stats.g.doubleclick.net www.google-analytics.com
2 js.driftt.com www.secureworks.com
js.driftt.com
2 connect.facebook.net www.secureworks.com
connect.facebook.net
2 bat.bing.com www.googletagmanager.com
2 snap.licdn.com www.googletagmanager.com
snap.licdn.com
2 live-scwx-pe.pantheonsite.io www.secureworks.com
pcdnscwx001.azureedge.net
1 api.company-target.com tag.demandbase.com
1 apt.techtarget.com
1 b.6sc.co
1 t.co
1 analytics.twitter.com static.ads-twitter.com
1 c.6sc.co j.6sc.co
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.linkedin.com 1 redirects
1 attr.ml-api.io
1 s.ml-attr.com 1 redirects
1 trk.techtarget.com www.secureworks.com
1 tag.demandbase.com www.secureworks.com
1 j.6sc.co www.secureworks.com
1 www.googleadservices.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 js-agent.newrelic.com www.secureworks.com
1 code.jquery.com cdn.cookielaw.org
1 web.secureworks.com www.secureworks.com
1 img.en25.com www.secureworks.com
1 www.googletagmanager.com www.secureworks.com
1 www.secureworks.com
94 40
Subject Issuer Validity Valid
www.secureworks.com
Thawte RSA CA 2018		 2020-08-28 -
2021-09-02		 a year crt.sh
*.azureedge.net
Microsoft IT TLS CA 5		 2019-01-24 -
2021-01-24		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.pantheon.io
DigiCert SHA2 Secure Server CA		 2020-07-16 -
2021-07-20		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2020-07-01 -
2021-07-01		 a year crt.sh
*.en25.com
DigiCert SHA2 Secure Server CA		 2020-08-13 -
2021-11-12		 a year crt.sh
*.t.eloqua.com
DigiCert SHA2 Secure Server CA		 2020-03-09 -
2022-04-08		 2 years crt.sh
web.secureworks.com
Thawte EV RSA CA 2018		 2020-07-09 -
2022-04-09		 2 years crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA		 2020-10-06 -
2021-10-16		 a year crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-10-23 -
2021-05-07		 6 months crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA		 2020-08-14 -
2021-08-19		 a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
www.bing.com
Microsoft IT TLS CA 4		 2020-10-20 -
2021-04-20		 6 months crt.sh
www.googleadservices.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-06-09 -
2021-06-09		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-09-11 -
2020-12-10		 3 months crt.sh
*.6sc.co
DigiCert SHA2 Secure Server CA		 2020-01-07 -
2021-04-07		 a year crt.sh
tag.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2020-10-14 -
2021-11-15		 a year crt.sh
trk.techtarget.com
Sectigo RSA Domain Validation Secure Server CA		 2020-02-17 -
2022-05-17		 2 years crt.sh
drift.com
Amazon		 2020-09-21 -
2021-10-23		 a year crt.sh
*.ml-api.io
Amazon		 2020-02-06 -
2021-03-06		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-09-22 -
2020-12-15		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-09-22 -
2020-12-15		 3 months crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2020-08-05 -
2021-02-05		 6 months crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA		 2019-01-23 -
2021-03-08		 2 years crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA		 2020-03-05 -
2021-03-02		 a year crt.sh
t.co
DigiCert SHA2 High Assurance Server CA		 2020-03-05 -
2021-03-02		 a year crt.sh
*.google.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.techtarget.com
Sectigo RSA Domain Validation Secure Server CA		 2019-10-25 -
2021-10-24		 2 years crt.sh
api.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2020-10-09 -
2021-10-28		 a year crt.sh
*.company-target.com
Go Daddy Secure Certificate Authority - G2		 2019-06-19 -
2021-08-18		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Frame ID: 30B4207DB8290187A485C949FB89D949
Requests: 93 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: C0EDA2BAC2448F8D9C7DE41B00E95D93
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

94
Requests

100 %
HTTPS

48 %
IPv6

33
Domains

40
Subdomains

37
IPs

6
Countries

1688 kB
Transfer

3640 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45
  • https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled HTTP 302
  • https://s1659.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled&elqCookie=1
Request Chain 46
  • https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled&firstPartyCookieDomain=web.secureworks.com HTTP 302
  • https://web.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled&elq1pcGUID=D8A899ADB55B4B3A81DA7AA7FC9F6B36
Request Chain 61
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.secureworks.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=www.secureworks.com&pId=5151737694427977287
Request Chain 72
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756%2C2386324&time=1603484702956&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D26756%252C2386324%26time%3D1603484702956%26url%3Dhttps%253A%252F%252Fwww.secureworks.com%252Fblog%252Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756%2C2386324&time=1603484702956&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&liSync=true
Request Chain 85
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AAMp6k6_JngAAA-vvc6yJA HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAMp6k6_JngAAA-vvc6yJA&verifyHash=1f3a1340a6674c6aee51b12d80c692bdb3826955

94 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
www.secureworks.com/blog/ 		271 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.100.35.118 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
af444d5c5617fa879ad24bf7e4abe895a539d6fb5cd8fdaecb4af54f9a21e0a7
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Host
www.secureworks.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control
no-cache, no-store
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
-1
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
Set-Cookie
ASP.NET_SessionId=ds1arbwerzqtpwwxnpp2gdvf; path=/; HttpOnly; SameSite=Lax SC_ANALYTICS_GLOBAL_COOKIE=dc35ece5337c48c8816d479f4491a294|False; expires=Mon, 21-Oct-2030 20:24:59 GMT; path=/; HttpOnly ApplicationGatewayAffinity=324eae91ff21aeb30e33c21363d7e7070cea41b85ecb475862c8f50aedf97aa4;Path=/;Domain=www.secureworks.com ApplicationGatewayAffinityCORS=324eae91ff21aeb30e33c21363d7e7070cea41b85ecb475862c8f50aedf97aa4;Path=/;Domain=www.secureworks.com;SameSite=None;Secure
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
no-referrer-when-downgrade
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Date
Fri, 23 Oct 2020 20:24:59 GMT
Content-Length
35673
html5reset-1.6.1.css
pcdnscwx001.azureedge.net/content/app/css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/css/html5reset-1.6.1.css
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 14 Oct 2020 18:33:09 GMT
server
Microsoft-IIS/10.0
etag
"689c247758a2d61:0"
x-frame-options
DENY
content-type
text/css
status
200
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
573
x-content-type-options
nosniff
western-typographies.css
pcdnscwx001.azureedge.net/content/app/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/css/western-typographies.css?v=05012019
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 14 Oct 2020 18:33:09 GMT
server
Microsoft-IIS/10.0
etag
"9e782b7758a2d61:0"
x-frame-options
DENY
content-type
text/css
status
200
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
365
x-content-type-options
nosniff
main.css
pcdnscwx001.azureedge.net/content/app/css/ 		436 KB
65 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
81615783cdf3c0a5ccc5e3d8f0142bd63cd26d7f2edb16ba114e80d79ffa3135
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 14 Oct 2020 18:33:09 GMT
server
Microsoft-IIS/10.0
etag
"348e2a7758a2d61:0"
x-frame-options
DENY
content-type
text/css
status
200
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
65715
x-content-type-options
nosniff
jquery-3.3.1.min.js
pcdnscwx001.azureedge.net/content/app/js/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/js/jquery-3.3.1.min.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 14 Oct 2020 18:33:09 GMT
server
Microsoft-IIS/10.0
etag
"68fa257758a2d61:0"
x-frame-options
DENY
content-type
application/javascript
status
200
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
30358
x-content-type-options
nosniff
knockout.3.5.0.min.js
pcdnscwx001.azureedge.net/content/app/js/ 		66 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/js/knockout.3.5.0.min.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
97407a0e155a4f783c0848c3515025b308ac6b4e1599f5936e73ad62a236c394
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 14 Oct 2020 18:33:09 GMT
server
Microsoft-IIS/10.0
etag
"24f6277758a2d61:0"
x-frame-options
DENY
content-type
application/javascript
status
200
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
25042
x-content-type-options
nosniff
react.production.min.js
pcdnscwx001.azureedge.net/content/react/lib/ 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/react/lib/react.production.min.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 22 Jul 2020 21:41:40 GMT
server
Microsoft-IIS/10.0
etag
W/"0821ae27060d61:0"
x-frame-options
DENY
content-type
application/javascript
status
200
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
4898
x-content-type-options
nosniff
react-dom.production.min.js
pcdnscwx001.azureedge.net/content/react/lib/ 		116 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/react/lib/react-dom.production.min.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 22 Jul 2020 21:41:40 GMT
server
Microsoft-IIS/10.0
etag
W/"0821ae27060d61:0"
x-frame-options
DENY
content-type
application/javascript
status
200
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
38049
x-content-type-options
nosniff
Arke.SecureWorks.EloquaFormV2.js
pcdnscwx001.azureedge.net/content/app/js/form/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/js/form/Arke.SecureWorks.EloquaFormV2.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
11b8cb90c14ea180dae7d0c0a9c47e98b4c7a7a408ef867ef8c64c846612519c
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 14 Oct 2020 18:33:09 GMT
server
Microsoft-IIS/10.0
etag
"24d82c7758a2d61:0"
x-frame-options
DENY
content-type
application/javascript
status
200
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
1828
x-content-type-options
nosniff
emergency-icon-02.ashx
pcdnscwx001.azureedge.net/~/media/Images/Icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/Icons/emergency-icon-02.ashx?modified=20200713133031
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
dd521f8f0cb2b38870c852086eff9c00365c88a82a7430a597bcebdd8a9c6569
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="emergency-icon-02.png"
content-length
1105
etag
3c8ba49ec7994d569f5a624ba34bd1db
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 13 Jul 2020 13:30:31 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:00 GMT
x-frame-options
DENY
content-type
image/png
cache-control
public, max-age=290637
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Tue, 27 Oct 2020 05:08:57 GMT
sw_logo_black.ashx
pcdnscwx001.azureedge.net/~/media/Images/logos/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/logos/sw_logo_black.ashx?modified=20200805202625&la=en&hash=00B7331C64676ED90B47EC4C68B55240
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b5ecd7807e3023d657d18fbe832848e8e65843843ebd748f7225e314b17d5221
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="sw_logo_black.svg"
content-length
4728
etag
33b882a931e84894a7c864998125bcce
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 05 Aug 2020 20:26:25 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:00 GMT
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=273168
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Tue, 27 Oct 2020 00:17:48 GMT
btn-arrow.svg
pcdnscwx001.azureedge.net/content/rc/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/content/rc/images/btn-arrow.svg
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
11d5ce34f206afb82ddf5e90ac14a2572bf9ee7177623d3a22d961d14bbd71ae
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
image/svg+xml
status
200
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
2096
x-content-type-options
nosniff
arrow-back.svg
pcdnscwx001.azureedge.net/content/rc/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/content/rc/images/arrow-back.svg
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0a8b1ef45e2622985d8d86e6317525253a50b84b7a37e92b14f2af14f430e10e
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
image/svg+xml
status
200
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
1025
x-content-type-options
nosniff
blue_mesh_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2D/004%20blue%20mesh/ 		49 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2D/004%20blue%20mesh/blue_mesh_360x190.ashx?modified=20180130151343
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6977fbc057927802533b66343c7d51580a8c5989aa849a9cb61571b1a267c531
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="blue_mesh_360x190.jpg"
content-length
50443
etag
da528d966a24428eab4064c0694c0eeb
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 30 Jan 2018 15:13:43 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:00 GMT
x-frame-options
DENY
content-type
image/jpeg
cache-control
public, max-age=260357
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Mon, 26 Oct 2020 20:44:17 GMT
gtm.js
www.googletagmanager.com/ 		194 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8360838958784ead38b5037d6c1f8f3800a4c326270ea4e14763d0e573a29300
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:00 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58683
x-xss-protection
0
last-modified
Fri, 23 Oct 2020 20:07:38 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 23 Oct 2020 20:25:00 GMT
visuelt-light.woff
pcdnscwx001.azureedge.net/content/app/fonts/visuelt/ 		63 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/fonts/visuelt/visuelt-light.woff
Requested by
Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bb0a60a6f91d085789101283e6cab2782ab60f6182229a962695d408a3cd7ca3
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://www.secureworks.com
Referer
https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
status
200
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
font/x-woff
access-control-allow-origin
*
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
64920
x-content-type-options
nosniff
visuelt-medium.woff
pcdnscwx001.azureedge.net/content/app/fonts/visuelt/ 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/fonts/visuelt/visuelt-medium.woff
Requested by
Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://www.secureworks.com
Referer
https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
status
200
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
font/x-woff
access-control-allow-origin
*
date
Fri, 23 Oct 2020 20:25:00 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
36448
x-content-type-options
nosniff
abstract-blue-red-hexagons-360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/abstract-0034_blue-red-hexagons/ 		100 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/abstract-0034_blue-red-hexagons/abstract-blue-red-hexagons-360x190.ashx?modified=20200616140709
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2eb58837ef914e32290d2da428a42a22ad4e80eb50acc71796d25a92c1b37751
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="abstract-blue-red-hexagons-360x190.jpg"
content-length
102060
etag
6e220a7fc5ac496dafdccde7b9ec972c
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 16 Jun 2020 14:07:09 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/jpeg
cache-control
public, max-age=290606
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
x-akamai-path-stats
[1:15225:4775]
expires
Tue, 27 Oct 2020 05:08:27 GMT
podcast-thumb-01.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Podcasts/ 		42 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/Insights/Resources/Podcasts/podcast-thumb-01.ashx?modified=20200930171415
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
99349d6261b1df0deaa347406ebd15a8d8d9c8cedd0ab077533a15e1366b08ea
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="podcast-thumb-01.jpg"
content-length
43394
etag
c12bfa897cca462a810a04b511d91402
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 30 Sep 2020 17:14:15 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/jpeg
cache-control
public, max-age=277181
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Tue, 27 Oct 2020 01:24:42 GMT
icomoon.ttf
pcdnscwx001.azureedge.net/content/app/fonts/icomoon-new/ 		3 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/fonts/icomoon-new/icomoon.ttf?8und5p
Requested by
Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://www.secureworks.com
Referer
https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
status
200
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
application/octet-stream
access-control-allow-origin
*
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
2904
x-content-type-options
nosniff
visuelt-black.woff
pcdnscwx001.azureedge.net/content/app/fonts/visuelt/ 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/fonts/visuelt/visuelt-black.woff
Requested by
Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://www.secureworks.com
Referer
https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
status
200
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
font/x-woff
access-control-allow-origin
*
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
35128
x-content-type-options
nosniff
visuelt-bold.woff
pcdnscwx001.azureedge.net/content/app/fonts/visuelt/ 		35 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/fonts/visuelt/visuelt-bold.woff
Requested by
Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
acc248ead4890c65f3e2792cfe555e4d98c961f4b564bc4a77e86270dd3051f7
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://www.secureworks.com
Referer
https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
status
200
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
font/x-woff
access-control-allow-origin
*
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
36300
x-content-type-options
nosniff
icomoon.ttf
pcdnscwx001.azureedge.net/content/app/fonts/icomoon/ 		3 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/fonts/icomoon/icomoon.ttf?3dz4z
Requested by
Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
50f6d5d4c63ae14f65d7a8a91f989edd305a348fdd279c1dd69b94403d64ac46
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://www.secureworks.com
Referer
https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
status
200
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
application/octet-stream
access-control-allow-origin
*
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
2736
x-content-type-options
nosniff
abstract-blue-red-hexagons-375x410.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/abstract-0034_blue-red-hexagons/ 		215 KB
217 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/abstract-0034_blue-red-hexagons/abstract-blue-red-hexagons-375x410.ashx?modified=20200616140710
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d0a8d0fe6e5d630afcd093fa15bc50d6f9c4543d6ea5a5b44998bc5e3d0a59a4
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="abstract-blue-red-hexagons-375x410.jpg"
content-length
220072
etag
a1882a3d01324ff692f26931e959e046
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 16 Jun 2020 14:07:10 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/jpeg
cache-control
public, max-age=289214
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Tue, 27 Oct 2020 04:45:15 GMT
human_0006_man-laptop_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2018/Human/human_man_laptop/ 		64 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2018/Human/human_man_laptop/human_0006_man-laptop_360x190.ashx?modified=20180613214800
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
095da0c5c45a7ee44ee3fcb10c8467e89bd21dec339c6be6ca30ea55fdd3ccc7
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="human_0006_man-laptop_360x190.jpg"
content-length
65701
etag
e5ac6f5804a7475b8fdbfcfa22c8be33
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 13 Jun 2018 21:48:00 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/jpeg
cache-control
public, max-age=447356
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Thu, 29 Oct 2020 00:40:57 GMT
red-carbon_375x410.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2019/abstract_0007_red-carbon/ 		44 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2019/abstract_0007_red-carbon/red-carbon_375x410.ashx?modified=20190731190257
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fa9e263370d6f1a0e0608f6fa0c2fd083eba7d1f3d2c4a7ef0c70b0f798b6cfe
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="red-carbon_375x410.jpg"
content-length
44904
etag
b1c8c5b624c740a9a8af95004c106f4e
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 31 Jul 2019 19:02:57 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/jpeg
cache-control
public, max-age=383234
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Wed, 28 Oct 2020 06:52:15 GMT
abstract_0017_red_paper-lines_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/abstract-0017_paper_lines/red_paper-lines/ 		99 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2020/abstract-0017_paper_lines/red_paper-lines/abstract_0017_red_paper-lines_360x190.ashx?modified=20200116142043
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ea673a104f40b57fbb61a963f4fd8beb24ec86f7d6fa5dec38c6dff17244c5fe
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="abstract_0017_red_paper-lines_360x190.jpg"
content-length
100988
etag
09c8913461bf4926b3c1ff0fc29c8f78
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 16 Jan 2020 14:20:43 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/jpeg
cache-control
public, max-age=391730
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Wed, 28 Oct 2020 09:13:51 GMT
computer2men_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2D/058%20computer%202%20men/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2D/058%20computer%202%20men/computer2men_360x190.ashx?modified=20180129192040
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e7df1ea5872ea78df36575269bdf6a9dbc01297df168346deab966cc81dbfc80
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="computer2men_360x190.jpg"
content-length
48674
etag
e4f5101d51724748b305367fe810d964
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 29 Jan 2018 19:20:40 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/jpeg
cache-control
public, max-age=210603
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Mon, 26 Oct 2020 06:55:04 GMT
abstract_0005_red-electric-bursts_360x190.ashx
pcdnscwx001.azureedge.net/~/media/Images/Insights/2019/abstract_0005_red-electric-bursts/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/Insights/2019/abstract_0005_red-electric-bursts/abstract_0005_red-electric-bursts_360x190.ashx?modified=20190409214959
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ac7e1b48c70581f5fbdc5bfd015dd55e9f75076a0b07330a23bd95419a50eafd
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="abstract_0005_red-electric-bursts_360x190.jpeg"
content-length
29616
etag
25d4c1479cc9413ca90a430f7e978a03
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 09 Apr 2019 21:49:59 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/jpeg
cache-control
public, max-age=62360
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Sat, 24 Oct 2020 13:44:21 GMT
linkedin.ashx
pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/ 		966 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/linkedin.ashx?modified=20151001162233
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5a9e4352db3a1f75caf77c79146fd0f059ba043d692bae117b2d291d0c4ac7ad
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="linkedin.svg"
content-length
966
etag
0381e34e4c5a42c49da29271c74c47a6
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 01 Oct 2015 16:22:33 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=19752
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Sat, 24 Oct 2020 01:54:13 GMT
twitter.ashx
pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/twitter.ashx?modified=20151001162249
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e15a809168d9a16a22e0c2428da1fb9541e4288724ad734efd66ef6bafee52d9
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="twitter.svg"
content-length
1339
etag
ec6990570ccd41139b7ce0f297010c73
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 01 Oct 2015 16:22:49 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=417383
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Wed, 28 Oct 2020 16:21:24 GMT
facebook2.ashx
pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/ 		587 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/facebook2.ashx?modified=20190116141121
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
42166c909b8db5b9d362bfc1c28a3f7e06f109aa449a70b3bd293a6e6bf62ac2
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="facebook2.svg"
content-length
587
etag
83a284c3f8dc4e0695cacbc73ba98d2f
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Jan 2019 14:11:21 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=388945
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Wed, 28 Oct 2020 08:27:26 GMT
github.ashx
pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/~/media/Images/SharedElements/Footer/github.ashx?modified=20190116135435
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
1a914a4b01d30dc7a83ccf4407787ab02647c601e2e9b174f49cbd190de57313
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
content-disposition
inline; filename="github.svg"
content-length
1129
etag
1b7369e537844d1a9514570987ea7777
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Jan 2019 13:54:35 GMT
server
Microsoft-IIS/10.0
date
Fri, 23 Oct 2020 20:25:01 GMT
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=523247
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
expires
Thu, 29 Oct 2020 21:45:48 GMT
dell-technologies.png
pcdnscwx001.azureedge.net/content/app/img/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/content/app/img/dell-technologies.png
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fe8d0e6533b5e64fe2af6c2740160c4776b6942e1a94cad2ef14afab2566447f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
image/png
status
200
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
2543
x-content-type-options
nosniff
libs.min.js
pcdnscwx001.azureedge.net/content/app/js/ 		156 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/js/libs.min.js?v=08202020
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
58b410a2aaad21a9a4d3aebefc8f3a8b5020b07cb9859d3873c8e7fd8dc74c90
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 14 Oct 2020 18:33:09 GMT
server
Microsoft-IIS/10.0
etag
"ece297758a2d61:0"
x-frame-options
DENY
content-type
application/javascript
status
200
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
42076
x-content-type-options
nosniff
main.js
pcdnscwx001.azureedge.net/content/app/js/ 		169 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/js/main.js?v=10152020
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
22c5269d53acef49ae7ff50fca9c5bf94fc7098f45c8a24a8569328d3558bfbd
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 14 Oct 2020 18:33:09 GMT
server
Microsoft-IIS/10.0
etag
"742a2b7758a2d61:0"
x-frame-options
DENY
content-type
application/javascript
status
200
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
45532
x-content-type-options
nosniff
products.js
pcdnscwx001.azureedge.net/content/rc/js/ 		130 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/rc/js/products.js?v=08202020
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
81c7050fb96f1d247ebe514a61d8a6c2544b986a7d06afb27dcd36f3e5a3843f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 Jul 2020 19:46:24 GMT
server
Microsoft-IIS/10.0
etag
"0a88a74175ad61:0"
x-frame-options
DENY
content-type
application/javascript
status
200
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
28572
x-content-type-options
nosniff
scripts
live-scwx-pe.pantheonsite.io/wp-json/pdg/v1/ 		44 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live-scwx-pe.pantheonsite.io/wp-json/pdg/v1/scripts
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bb07034088c79ed24afbb13924cc4f67f54a4ea49410d6f3d001b9a1dd3f4b67
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-styx-req-id
174ababd-1557-11eb-9608-761fed219634
age
9765
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
x-cache
HIT, HIT
status
200
strict-transport-security
max-age=300
x-pantheon-styx-hostname
styx-fe2-b-9879df98d-jbzzz
content-length
14109
via
1.1 varnish, 1.1 varnish
x-served-by
cache-mdw17372-MDW, cache-fra19156-FRA
pragma
cache
link
<https://live-scwx-pe.pantheonsite.io/wp-json/>; rel="https://api.w.org/"
server
nginx
x-timer
S1603484701.121229,VS0,VE2
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
expires
Fri, 23 Oct 2020 20:42:16 GMT
cache-control
max-age=10800
accept-ranges
bytes
x-robots-tag
noindex
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
x-cache-hits
2, 1
default.css
pcdnscwx001.azureedge.net/content/app/css/highlighter/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/css/highlighter/default.css
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 14 Oct 2020 18:33:09 GMT
server
Microsoft-IIS/10.0
etag
"ea83b7758a2d61:0"
x-frame-options
DENY
content-type
text/css
status
200
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
580
x-content-type-options
nosniff
highlight.pack.js
pcdnscwx001.azureedge.net/content/app/js/libs/ 		50 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/js/libs/highlight.pack.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 14 Oct 2020 18:33:09 GMT
server
Microsoft-IIS/10.0
etag
"1a2b347758a2d61:0"
x-frame-options
DENY
content-type
application/javascript
status
200
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
vary
Accept-Encoding
content-length
20267
x-content-type-options
nosniff
112cf759-b07b-4df7-b9c1-b87dc63309fb.js
cdn.cookielaw.org/langswitch/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/langswitch/112cf759-b07b-4df7-b9c1-b87dc63309fb.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ca0ad73064122932dddb8b1a95ce78abd25cb76569bbb0c7381356bee1dd0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Oct 2020 20:25:01 GMT
content-encoding
GZIP
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
F0Pi2/A0fvAQwKAiuhBzzA==
age
3964
status
200
vary
Accept-Encoding
content-length
669
cf-request-id
05f8bbe9c600002ba1f41ee000000001
x-ms-lease-status
unlocked
last-modified
Wed, 09 Sep 2020 14:49:43 GMT
server
cloudflare
etag
0x8D854CF96E38D97
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
2862904a-c01e-014f-5fc3-865aab000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5e6e2f560c172ba1-FRA
arrow.svg
pcdnscwx001.azureedge.net/content/app/img/svg/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pcdnscwx001.azureedge.net/content/app/img/svg/arrow.svg
Requested by
Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c414c4b0d50c45bc35cd0beae9dd6e255bc68bb44b7f2298f55ad4e1ba9efec0
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
image/svg+xml
status
200
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
2359
x-content-type-options
nosniff
visuelt-regular.woff
pcdnscwx001.azureedge.net/content/app/fonts/visuelt/ 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pcdnscwx001.azureedge.net/content/app/fonts/visuelt/visuelt-regular.woff
Requested by
Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6b83 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://www.secureworks.com
Referer
https://pcdnscwx001.azureedge.net/content/app/css/main.css?v=10152020
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 15 Jun 2020 08:15:26 GMT
server
Microsoft-IIS/10.0
status
200
etag
"023ab1fed42d61:0"
x-frame-options
DENY
content-type
font/x-woff
access-control-allow-origin
*
date
Fri, 23 Oct 2020 20:25:01 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
accept-ranges
bytes
content-length
34560
x-content-type-options
nosniff
elqCfg.min.js
img.en25.com/i/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img.en25.com/i/elqCfg.min.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.36.237.138 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-237-138.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6b4ebd6049c806e3eef1bd770b2d8b4fdd75803861ead3584ee753e41988efae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Connection
keep-alive
Content-Length
2115
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Fri, 17 Jul 2020 18:55:09 GMT
Date
Fri, 23 Oct 2020 20:25:01 GMT
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
no-cache, no-store
ETag
"8bc15cb6b5cd61:0"
Accept-Ranges
bytes
Expires
Fri, 23 Oct 2020 20:25:01 GMT
6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js
cdn.cookielaw.org/consent/ 		70 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/112cf759-b07b-4df7-b9c1-b87dc63309fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e3029651acd5396424095ee660fd7af6a3a957b15da16171be2fc346f92a25c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Oct 2020 20:25:01 GMT
content-encoding
GZIP
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
7RsK3jQTdd5GbbFUBCnn3Q==
age
3964
status
200
vary
Accept-Encoding
content-length
17456
cf-request-id
05f8bbeae300002ba1a818e000000001
x-ms-lease-status
unlocked
last-modified
Wed, 09 Sep 2020 14:49:49 GMT
server
cloudflare
etag
0x8D854CF9A1EDB8D
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
76e08364-c01e-010b-7bc3-8686c7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5e6e2f57c9c22ba1-FRA
track_event
live-scwx-pe.pantheonsite.io/wp-json/pdg/v1/ 		2 B
556 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live-scwx-pe.pantheonsite.io/wp-json/pdg/v1/track_event?url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Requested by
Host: pcdnscwx001.azureedge.net
URL: https://pcdnscwx001.azureedge.net/content/app/js/jquery-3.3.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-styx-req-id
d3daba92-156d-11eb-b7fd-7eed1e7dcbbe
age
0
x-cache
MISS, MISS
status
200
x-cache-hits
0, 0
strict-transport-security
max-age=300
content-length
22
via
1.1 varnish
x-served-by
cache-mdw17321-MDW, cache-fra19138-FRA
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
server
nginx
x-timer
S1603484701.428952,VS0,VE178
vary
Accept-Encoding
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
accept-ranges
bytes
x-robots-tag
noindex
link
<https://live-scwx-pe.pantheonsite.io/wp-json/>; rel="https://api.w.org/"
x-pantheon-styx-hostname
styx-fe2-a-b54bc866d-9vs57
svrGP.aspx
s1659.t.eloqua.com/visitor/v200/
Redirect Chain
  • https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled
  • https://s1659.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled&elqCookie=1
49 B
406 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1659.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled&elqCookie=1
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.167.231.17 , United States, ASN7160 (NETDYNAMICS, US),
Reverse DNS
e017.en25.com
Software
/
Resource Hash
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000;
X-Content-Type-Options
nosniff
Date
Fri, 23 Oct 2020 20:25:01 GMT
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control
private,no-cache, no-store
Content-Type
image/gif
Content-Length
49
X-XSS-Protection
1; mode=block
Expires
-1

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000;
X-Content-Type-Options
nosniff
Date
Fri, 23 Oct 2020 20:25:01 GMT
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Location
https://s1659.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled&elqCookie=1
Cache-Control
private,no-cache, no-store
Content-Type
text/html; charset=utf-8
Content-Length
264
X-XSS-Protection
1; mode=block
Expires
-1
svrGP.aspx
web.secureworks.com/visitor/v200/
Redirect Chain
  • https://s1659.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled&firstPartyCookieDomain=web.secureworks.com
  • https://web.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled&elq1pcGUID=D8A899ADB55B4B3A81DA7AA7FC9F6B36
49 B
535 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://web.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled&elq1pcGUID=D8A899ADB55B4B3A81DA7AA7FC9F6B36
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
142.0.173.134 , United States, ASN7160 (NETDYNAMICS, US),
Reverse DNS
Software
/
Resource Hash
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000;
X-Content-Type-Options
nosniff
Date
Fri, 23 Oct 2020 20:25:02 GMT
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control
private,no-cache, no-store
Content-Type
image/gif
Content-Length
49
X-XSS-Protection
1; mode=block
Expires
-1

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000;
X-Content-Type-Options
nosniff
Date
Fri, 23 Oct 2020 20:25:01 GMT
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Location
https://web.secureworks.com/visitor/v200/svrGP.aspx?pps=3&siteid=1659&ref2=elqNone&tzo=-60&ms=430&optin=disabled&elq1pcGUID=D8A899ADB55B4B3A81DA7AA7FC9F6B36
Cache-Control
private,no-cache, no-store
Content-Type
text/html; charset=utf-8
Content-Length
297
X-XSS-Protection
1; mode=block
Expires
-1
optanon.css
cdn.cookielaw.org/skins/6.5.0/default_flat_top_two_button_black/v2/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/skins/6.5.0/default_flat_top_two_button_black/v2/css/optanon.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ff5e46e97edbe794ecf0c917de78c1ebded3ffd180442254b8dcd670e7a43a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Oct 2020 20:25:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
FYelWtAijHiKzOk3w5ur4Q==
age
2766
status
200
vary
Accept-Encoding
content-length
5551
cf-request-id
05f8bbeaff00002ba1ba919000000001
x-ms-lease-status
unlocked
last-modified
Thu, 27 Aug 2020 03:43:13 GMT
server
cloudflare
etag
0x8D84A3B536C442F
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
16fe4112-401e-00bf-1d2e-7ccc90000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5e6e2f57fa352ba1-FRA
jquery-3.3.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Origin
https://www.secureworks.com
Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:01 GMT
content-encoding
gzip
last-modified
Sat, 20 Jan 2018 17:26:44 GMT
server
nginx
status
200
etag
W/"5a637bd4-1538f"
vary
Accept-Encoding
x-hw
1603484701.dop234.fr8.t,1603484701.cds207.fr8.hc,1603484701.cds057.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30288
nr-1184.min.js
js-agent.newrelic.com/ 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1184.min.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:02 GMT
content-encoding
gzip
x-amz-request-id
A21809B1C987C063
x-cache
HIT
status
200
content-length
10624
x-amz-id-2
5/0iWHe8AbcxZN6Jo3BmJ2Q+tztfRSNwr+lcNTrsM79nJm6KurTN6rNwf14f8ELquc1TIDOjlf4=
x-served-by
cache-hhn4076-HHN
last-modified
Mon, 28 Sep 2020 16:34:45 GMT
server
AmazonS3
x-timer
S1603484703.874802,VS0,VE0
etag
"3d7f312be60d08a2568e311e4762f3af"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
27177
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
4154
date
Fri, 23 Oct 2020 19:15:48 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Fri, 23 Oct 2020 21:15:48 GMT
uwt.js
static.ads-twitter.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:02 GMT
content-encoding
gzip
age
82350
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1958
x-served-by
cache-hhn4023-HHN
last-modified
Wed, 21 Oct 2020 21:46:56 GMT
x-timer
S1603484703.974758,VS0,VE0
etag
"a4cc3f907681b24a3efd540acd5d2996+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
insight.min.js
snap.licdn.com/li.lms-analytics/ 		965 B
761 B 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:5a0::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 23 Oct 2020 20:25:02 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 Sep 2020 22:01:48 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=62565
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
448
bat.js
bat.bing.com/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:02 GMT
content-encoding
gzip
last-modified
Tue, 20 Oct 2020 22:19:32 GMT
x-msedge-ref
Ref A: DFA67207BB104BEF9BD6FAAFD5D3B232 Ref B: FRAEDGE1516 Ref C: 2020-10-23T20:25:02Z
status
200
etag
"0b27f152fa7d61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
8454
conversion_async.js
www.googleadservices.com/pagead/ 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
0bfb81a6d3e2ed2e0cb381a9f933355ff00e64cd0d80724e83559861cad12711
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11472
x-xss-protection
0
server
cafe
etag
8286593240961886057
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 23 Oct 2020 20:25:02 GMT
6279.js
script.crazyegg.com/pages/scripts/0097/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/scripts/0097/6279.js?445412
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ba257ebacb02fb63c4143bd8500d938781ceed14dc1366cf471e8b2c99ebe39

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:03 GMT
content-encoding
gzip
cf-cache-status
HIT
ce-version
11.1.118
age
12940
cf-polished
origSize=2833
status
200
cf-request-id
05f8bbf0f200002c56333d4000000001
last-modified
Fri, 23 Oct 2020 16:49:23 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
cf-ray
5e6e2f6139002c56-FRA
cf-bgj
minify
fbevents.js
connect.facebook.net/en_US/ 		88 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
23070
x-xss-protection
0
pragma
public
x-fb-debug
l44ZmPoaGUVVx7hsbT+X/lCwe83/nIqo6QsHZfj0KmgXAxUHAnZ+EjF7KOyVrdHRV2+sTCo1l1/Yz0zYacQBpg==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Fri, 23 Oct 2020 20:25:02 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
expires
Sat, 01 Jan 2000 00:00:00 GMT
6si.min.js
j.6sc.co/ 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.35.171 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-35-171.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
779651bc146d489786b9b4ab590d2784547448e4b85cf1bb9036b31e404d1a37

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 23 Oct 2020 20:25:02 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Sep 2020 22:09:24 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5f6d1914-3a6c"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Access-Control-Max-Age
86400
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
6116
cd4e45c0.min.js
tag.demandbase.com/ 		62 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.demandbase.com/cd4e45c0.min.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.13 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-13.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b63a29874562edf5bede71bb6d62278853b20b1255ebf260143ba3216bb78a6

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
rKaP34enDnCW7rx0GuaQrce3N9GpEPik
content-encoding
gzip
last-modified
Thu, 03 Sep 2020 14:13:49 GMT
server
AmazonS3
age
3086
etag
"521d1f8a42ad328412273bba3a5d81c1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
status
200
cache-control
public, max-age=3600
date
Fri, 23 Oct 2020 19:33:38 GMT
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
j5YsVFqZPBKRo0aEejj4r3Oc-GyQx-rMPIaTxopvoKh82Di3NiEzbA==
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
tracking.js
trk.techtarget.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software
PWS/8.3.1.0.8 /
Resource Hash
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 23 Oct 2020 20:25:03 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Jun 2019 20:11:17 GMT
Server
PWS/8.3.1.0.8
Age
85
X-Ws-Request-Id
5f933c1f_PSdgflkfFRA2sg7_58273-62760
Content-Type
text/javascript
Via
1.1 PSmgnyNY2no188:0 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA2gb73:3 (W)
Cache-Control
max-age=600
X-Cache-Spec
Yes
X-Px
ht PSdgflkfFRA2gb73FRA
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1711
Expires
Fri, 23 Oct 2020 20:33:38 GMT
2mnfp3myy8iz.js
js.driftt.com/include/1603485000000/ 		137 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/include/1603485000000/2mnfp3myy8iz.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.32.102 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-32-102.ham50.r.cloudfront.net
Software
nginx /
Resource Hash
7bc1dc7d2a673a36a6e7b3d26c7fd8f5cc42d8b2d41a98e4de2a5ebdaaea9bf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:03 GMT
content-encoding
gzip
x-amz-cf-pop
HAM50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 13 Oct 2020 15:05:22 GMT
server
nginx
etag
W/"a48548cec5608126b24de4cbfe9bfb8d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
via
1.1 5d217f1e3e1cc27be2d78854345b4f25.cloudfront.net (CloudFront)
cache-control
max-age=10
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
OKwlwviDWSzkPaLHuOvXMw52OsjfKTpTsO_-mFVWWgaiTDGFNHKAsA==
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.secureworks.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.secureworks.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=www.secureworks.com&pId=5151737694427977287
4 B
484 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://attr.ml-api.io/?domain=www.secureworks.com&pId=5151737694427977287
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.7 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-7.fra6.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 23 Oct 2020 20:25:03 GMT
Via
1.1 2f0580a0593ad9d3fb82aee9226d8179.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA6-C1
x-amzn-RequestId
82d3b879-68da-48aa-bce8-a80c1e997c1b
X-Cache
Miss from cloudfront
Content-Type
image/jpeg
X-Amzn-Trace-Id
Root=1-5f933c1f-308f73d176bb1cf3429f12d5;Sampled=0
Connection
keep-alive
x-amz-apigw-id
U4ZU9F2ZoAMF9sA=
Content-Length
4
X-Amz-Cf-Id
pGUj95fKenlXXILXkXWLoLm7wo6nIbVs2vmLKDgv_qPOYUnywdd_OA==

Redirect headers

Pragma
no-cache
Date
Fri, 23 Oct 2020 20:25:03 GMT
X-Proxy-Origin
82.102.20.235; 82.102.20.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.230:80
AN-X-Request-Uuid
b2b2bced-3593-407e-8d31-f55a450cd318
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://attr.ml-api.io/?domain=www.secureworks.com&pId=5151737694427977287
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-1042506-1&cid=331411351.1603484703&jid=165725716&gjid=1432436407&_gid=110030532.1603484703&_u=YGBAgEABAAAAAE~&z=1840964706
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 23 Oct 2020 20:25:02 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://www.secureworks.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
67 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-1281488-1&cid=331411351.1603484703&jid=1853563078&gjid=800282434&_gid=110030532.1603484703&_u=YGDAiEABBAAAAE~&z=460895669
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 23 Oct 2020 20:25:02 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://www.secureworks.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j86&a=120253989&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&ul=en-us&de=UTF-8&dt=Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=165725716&gjid=1432436407&cid=331411351.1603484703&tid=UA-1042506-1&_gid=110030532.1603484703&gtm=2wgae1P6Z7M2&z=1132547231
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Oct 2020 16:22:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14552
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
405 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j86&a=120253989&t=pageview&_s=1&dl=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&ul=en-us&de=UTF-8&dt=Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAiEABBAAAAE~&jid=1853563078&gjid=800282434&cid=331411351.1603484703&tid=UA-1281488-1&_gid=110030532.1603484703&gtm=2wgae1P6Z7M2&cd1=non-company%20visitor&cd2=non-company%20visitor&cd3=non-company%20visitor&cd4=non-company%20visitor&cd5=non-company%20visitor&cd6=non-company%20visitor&cd7=non-company%20visitor&cd8=non-company%20visitor&cd9=non-company%20visitor&cd10=non-company%20visitor&cd11=non-company%20visitor&cd12=non-company%20visitor&cd13=non-company%20visitor&cd14=non-company%20visitor&cd15=non-company%20visitor&cd16=non-company%20visitor&z=1296172720
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Oct 2020 16:22:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14552
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
insight.beta.min.js
snap.licdn.com/li.lms-analytics/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:5a0::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 23 Oct 2020 20:25:02 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 Sep 2020 22:01:48 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=66373
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1799
1414384078852603
connect.facebook.net/signals/config/ 		235 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1414384078852603?v=2.9.27&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9af590939edf1ea144c5604dd8334f3b81eac15575bc049404b0289245f3a1b0
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
RgapiNSV/o50tSjFPpF2wYVI3wIHLwqfBcl8hJfw+JNY+rCtUvu4L7SO+CrlUoabwRakixuemR7Eqha6CX4XHw==
x-fb-trip-id
664085054
date
Fri, 23 Oct 2020 20:25:03 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
expires
Sat, 01 Jan 2000 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-1042506-1&cid=331411351.1603484703&jid=165725716&_u=YGBAgEABAAAAAE~&z=1622028720
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Oct 2020 20:25:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-1042506-1&cid=331411351.1603484703&jid=165725716&_u=YGBAgEABAAAAAE~&z=1622028720
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Oct 2020 20:25:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a198656738
bam.nr-data.net/1/ 		57 B
275 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/a198656738?a=380774640&v=1184.ab39b52&to=bwBXMEpSWEpRUUcIDlZKeDJ7HGVQRFdQDhNdJloKTEFZVVxXQU4oVgFQHA%3D%3D&rst=4420&ck=1&ref=https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&ap=1582&be=2327&fe=4260&dc=2780&perf=%7B%22timing%22:%7B%22of%22:1603484698524,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:1,%22c%22:1,%22s%22:18,%22ce%22:543,%22rq%22:543,%22rp%22:2317,%22rpe%22:2480,%22dl%22:2320,%22di%22:2779,%22ds%22:2779,%22de%22:2799,%22dc%22:4258,%22l%22:4258,%22le%22:4343%7D,%22navigation%22:%7B%7D%7D&fp=2492&fcp=2492&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
57
Content-Type
text/javascript;charset=ISO-8859-1
0
bat.bing.com/action/ 		0
92 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=56073499&Ver=2&mid=9a76b790-aa19-4b07-99dd-321769d41bac&sid=d4b992e0156d11ebae17b3a68a1c6517&vid=d4b9b4a0156d11eba4362b018cff60a5&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks&p=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&r=&lt=4343&evt=pageLoad&msclkid=N&sv=1&rn=929164
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Fri, 23 Oct 2020 20:25:02 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 5708AC7017054243A564DBD83FDDAA90 Ref B: FRAEDGE1516 Ref C: 2020-10-23T20:25:02Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756%2C2386324&time=1603484702956&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D26756%252C2386324%26time%3D1603484702956%26url%3Dhttps%253A%252F%252Fwww.securewo...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756%2C2386324&time=1603484702956&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&liSync...
0
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756%2C2386324&time=1603484702956&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&liSync=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:03 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
QPmCl9e4QBawP+aghSsAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
920Rjde4QBbAtQsW/CoAAA==
pragma
no-cache
x-li-pop
afd-prod-lor1
x-msedge-ref
Ref A: 0F2B6EDB9DE349EB8ABD2A0014C8919B Ref B: FRAEDGE1217 Ref C: 2020-10-23T20:25:03Z
x-frame-options
sameorigin
date
Fri, 23 Oct 2020 20:25:02 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=26756%2C2386324&time=1603484702956&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/648366107/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/648366107/?random=1603484702960&cv=9&fst=1603484702960&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgae1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&tiba=Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ba72ee8306b24119425cef142ce74fb59dc52a38a7561f9c5d839af504d79bcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Oct 2020 20:25:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1071
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
c.6sc.co/ 		47 B
375 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.35.171 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-35-171.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8fdfd5426e92dded1941cdda0d0f59b826065d235790ad345efc636e75ab70e1

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 23 Oct 2020 20:25:03 GMT
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.secureworks.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
47
getuidj
secure.adnxs.com/ 		11 B
705 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Oct 2020 20:25:03 GMT
X-Proxy-Origin
82.102.20.235; 82.102.20.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.5:80
AN-X-Request-Uuid
de1c2008-b566-4bd3-88c8-18d8dec72898
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.secureworks.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
11
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
adsct
analytics.twitter.com/i/ 		31 B
651 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nvfy0&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
0
x-response-time
119
pragma
no-cache
last-modified
Fri, 23 Oct 2020 20:25:03 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
a5d34b85e83d05e9864899984a7bd5c5
x-transaction
00c6543a00ccf330
expires
Tue, 31 Mar 1981 05:00:00 GMT
adsct
t.co/i/ 		43 B
448 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nvfy0&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
108
pragma
no-cache
last-modified
Fri, 23 Oct 2020 20:25:03 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
3bf1725016708a194da46f281f0b17d1
x-transaction
00e3c74a00813aa8
expires
Tue, 31 Mar 1981 05:00:00 GMT
/
www.google.com/pagead/1p-user-list/648366107/ 		42 B
519 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/648366107/?random=1603484702960&cv=9&fst=1603483200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgae1&sendb=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&tiba=Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks&async=1&fmt=3&is_vtc=1&random=1543575368&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Oct 2020 20:25:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/648366107/ 		42 B
519 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/648366107/?random=1603484702960&cv=9&fst=1603483200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgae1&sendb=1&frm=0&url=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&tiba=Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks&async=1&fmt=3&is_vtc=1&random=1543575368&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Oct 2020 20:25:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
6279.json
script.crazyegg.com/pages/data-scripts/0097/ 		16 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/data-scripts/0097/6279.json?t=5344949
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6279.js?445412
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddcf4422783ad43a08fe50a6772fc2b14d9700d89e9b0d38b41044f3dfa276b4

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:03 GMT
content-encoding
gzip
cf-cache-status
HIT
age
12938
ce-version
11.1.118
status
200
content-length
2190
cf-request-id
05f8bbf1440000248414864000000001
last-modified
Fri, 23 Oct 2020 16:49:25 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
cf-ray
5e6e2f620f982484-FRA
11.1.118.js
script.crazyegg.com/pages/versioned/common-scripts/ 		99 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/common-scripts/11.1.118.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0097/6279.js?445412
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9417079952dbe5d1b1bc0bf209d04bcf97459ce3c271837b4d9c45a48e3ecfa

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:03 GMT
content-encoding
gzip
cf-cache-status
HIT
age
18494
cf-polished
origSize=105320
status
200
cf-request-id
05f8bbf1e200002c562c80a000000001
last-modified
Mon, 14 Sep 2020 15:45:13 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
cf-ray
5e6e2f624bd22c56-FRA
cf-bgj
minify
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=db8067e51eb58581f03147464f6063b2&svisitor=a05e6cc1b52a00001e3c935fd20300002c850000&visitor=ed453f38-1474-4eaa-8c05-910dc99cb38b&session=2504909d-50e2-4cc6-8609-31847674e11d&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22Popular%20downloader%20malware%20highlights%20the%20dangers%20of%20using%20easy-to-guess%20passwords.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks%22%7D&cb=84703115&r=&thirdParty=%7B%7D&pageURL=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.35.171 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-35-171.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 23 Oct 2020 20:25:03 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 19:02:58 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502962-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
activity.gif
apt.techtarget.com/activity/ 		43 B
450 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=17588164&version=2.0&ref=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&r=1603484703139
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 23 Oct 2020 20:25:03 GMT
Last-Modified
Tue, 26 Mar 2019 18:30:29 GMT
ETag
"2b-5850384029cff"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=26
Content-Length
43
ip.json
api.company-target.com/api/v2/ 		436 B
942 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&page_title=Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks&src=tag&key=bd6faef5461d3df6bcbccb67a2eb484c
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/cd4e45c0.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.32.40 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-32-40.ham50.r.cloudfront.net
Software
nginx /
Resource Hash
0d24e9923edbf8af778b0e4b424f25f68e5eaf62a395eb7a2242206bf4955b30

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:03 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
HAM50-C1
x-cache
Miss from cloudfront
status
200
request-id
0b766f9c-ed99-43fc-91b5-5ffdc2b3fbbf
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://www.secureworks.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 8c7d2e4b1dd1d9cc43ca7f060033ac41.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
R9_oUg8CauiWJFDtMj6DS2HuftmVI5PDJjl_oCYGuI2s8wfIw5Sm7Q==
expires
Thu, 22 Oct 2020 20:25:03 GMT
validateCookie
segments.company-target.com/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AAMp6k6_JngAAA-vvc6yJA
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAMp6k6_JngAAA-vvc6yJA&verifyHash=1f3a1340a6674c6aee51b12d80c692bdb3826955
26 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAMp6k6_JngAAA-vvc6yJA&verifyHash=1f3a1340a6674c6aee51b12d80c692bdb3826955
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.73.16 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-16.fra2.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 23 Oct 2020 20:25:03 GMT
Via
1.1 df26103dc140569d7032449c70c3b141.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA2-C2
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
229ce78c63077467
X-Amz-Cf-Id
mgRExJohLekWuk9uqUrg8l9KRFPgs6wJCnpPEMsUf_Uz4ogM69dxmA==

Redirect headers

Date
Fri, 23 Oct 2020 20:25:03 GMT
Via
1.1 df26103dc140569d7032449c70c3b141.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA2-C2
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AAMp6k6_JngAAA-vvc6yJA&verifyHash=1f3a1340a6674c6aee51b12d80c692bdb3826955
Connection
keep-alive
trace-id
60acf56abea30c30
Content-Length
0
X-Amz-Cf-Id
tqXpTWCgg8UvPGPH72NevvjOq_AO6SanQaY-ef2dlyjDgKT6taUCdQ==
/
www.facebook.com/tr/ 		44 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1414384078852603&ev=PageView&dl=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&rl=&if=false&ts=1603484703268&sw=1600&sh=1200&v=2.9.27&r=stable&ec=0&o=30&fbp=fb.1.1603484703267.1199646918&it=1603484702934&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:03 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 23 Oct 2020 20:25:03 GMT
index.html
js.driftt.com/deploy/assets/ Frame C0ED 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/deploy/assets/index.html
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1603485000000/2mnfp3myy8iz.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.32.102 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-32-102.ham50.r.cloudfront.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
js.driftt.com
:scheme
https
:path
/deploy/assets/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader

Response headers

status
200
content-type
text/html; charset=utf-8
content-length
894
server
nginx
last-modified
Tue, 13 Oct 2020 15:05:22 GMT
x-amz-server-side-encryption
AES256
accept-ranges
bytes
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 23 Oct 2020 20:25:03 GMT
etag
"e6bb65f85e419beda3231798abde6eb3"
cache-control
max-age=10
x-cache
Hit from cloudfront
via
1.1 5d217f1e3e1cc27be2d78854345b4f25.cloudfront.net (CloudFront)
x-amz-cf-pop
HAM50-C1
x-amz-cf-id
QPNVRhB5fuxROJ9D9kYne-rtui4cyZKqCyE_am-Uj-r8cx0ZQEqwRQ==
/
www.facebook.com/tr/ 		44 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1414384078852603&ev=Microdata&dl=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&rl=&if=false&ts=1603484703773&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks%22%2C%22meta%3Adescription%22%3A%22Popular%20downloader%20malware%20highlights%20the%20dangers%20of%20using%20easy-to-guess%20passwords.%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.secureworks.com%2F%2Fpcdnscwx001.azureedge.net%2F~%2Fmedia%2FImages%2FInsights%2FPeople%2Fpeople_0002_screenrow%2Fpeople_0002_screenrow_800x800.ashx%3Fmodified%3D20151111191728%22%2C%22og%3Adescription%22%3A%22Popular%20downloader%20malware%20highlights%20the%20dangers%20of%20using%20easy-to-guess%20passwords.%22%2C%22og%3Atitle%22%3A%22Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%22%2C%22twitter%3Aurl%22%3A%22https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.27&r=stable&ec=1&o=30&fbp=fb.1.1603484703267.1199646918&it=1603484702934&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 23 Oct 2020 20:25:03 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 23 Oct 2020 20:25:03 GMT
collect
www.google-analytics.com/ 		35 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j86&a=120253989&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&ul=en-us&de=UTF-8&dt=Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%202032182&_u=aHDAiEABBAAAAE~&jid=&gjid=&cid=331411351.1603484703&tid=UA-1042506-1&_gid=110030532.1603484703&gtm=2wgae1P6Z7M2&z=1507646529
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Oct 2020 16:22:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14557
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j86&a=120253989&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&ul=en-us&de=UTF-8&dt=Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Message%20Received&el=Playbook%20ID%3A%202032182&_u=aHDAiEABBAAAAE~&jid=&gjid=&cid=331411351.1603484703&tid=UA-1042506-1&_gid=110030532.1603484703&gtm=2wgae1P6Z7M2&z=1106187257
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Oct 2020 16:22:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14557
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j86&a=120253989&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&ul=en-us&de=UTF-8&dt=Lazy%20Passwords%20Become%20Rocket%20Fuel%20for%20Emotet%20SMB%20Spreader%20%7C%20Secureworks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Message%20Received&el=Playbook%20ID%3A%202032182&_u=aHDAiEABBAAAAE~&jid=&gjid=&cid=331411351.1603484703&tid=UA-1042506-1&_gid=110030532.1603484703&gtm=2wgae1P6Z7M2&z=1679893598
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Oct 2020 16:22:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14557
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
a198656738
bam.nr-data.net/events/1/ 		24 B
186 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/events/1/a198656738?a=380774640&v=1184.ab39b52&to=bwBXMEpSWEpRUUcIDlZKeDJ7HGVQRFdQDhNdJloKTEFZVVxXQU4oVgFQHA%3D%3D&rst=14420&ck=1&ref=https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.secureworks.com
Access-Control-Allow-Credentials
true
Content-Length
24
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

133 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| NREUM object| newrelic function| __nr_require function| $ function| jQuery object| ko object| React object| ReactDOM object| _elqQ object| Arke undefined| GetElqContentPersonalizationValue object| dataLayer function| postscribe object| google_tag_manager function| Carousel object| core object| __core-js_shared__ function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| IScroll function| lity function| $clamp function| _inherits function| _classCallCheck function| initScrollMore function| initLoadMore function| initHeaderPanel function| initCarousel function| initSameHeight function| initRetinaCover function| openExpandedFooterSitemap function| closeExpandedFooterSitemap function| ThreatProfilesModel function| initEloquaForms function| _get function| _createClass object| elements undefined| parms function| FormField number| SEARCH_RESULTS_ITEMS_PER_TYPE function| SearchResultType object| DSW function| Hammer object| picturefillCFG function| picturefill boolean| nav_hover number| scrollTop function| preloadImages number| cofset number| win function| countUp object| Vimeo boolean| VimeoPlayerResizeEmbeds_ object| AOS object| PDGData object| PDG object| EloquaData object| Eloqua object| Fulfillment object| MarketoCleanup object| MarketoErrors object| MarketoData object| Marketo function| MarketoForm object| MarketoOversight object| MIT object| MITMap object| MITData function| set_elq_quiz_codes function| Cookies object| hljs object| OneTrust string| containerName string| languageSwitcherFileName string| useDocumentLanguage string| languageSwitcherFilePathPart string| languageSwitcherURL function| getLanguageSwitcherScriptPath function| isLanguageSwitcherFile function| OptanonWrapper object| elqCookieValue object| _elq undefined| a undefined| c function| jsonFeed object| Optanon string| OnetrustActiveGroups string| OptanonActiveGroups object| google_tag_data string| GoogleAnalyticsObject function| ga function| twq string| _linkedin_data_partner_id object| uetq function| fbq function| _fbq object| _6si object| techtargetic function| drift function| driftt string| _linkedin_partner_id object| _linkedin_data_partner_ids object| gaplugins object| gaGlobal object| gaData function| UET function| lintrk boolean| _already_called_lintrk function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| twttr boolean| _storagePopulated object| true object| CE2 string| CE_USER_DATA_URL function| __extends object| Demandbase object| __db function| DBSegment object| CE2BH object| platform boolean| __DRIFTT_WIDGET_INCLUDED__ string| __DRIFT_INSTANCE_ID__ boolean| __DRIFTT_SHOW_WIDGET_ON_BOOT__

6 Cookies

Domain/Path Name / Value
.secureworks.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Fri+Oct+23+2020+22%3A25%3A02+GMT%2B0200+(Central+European+Summer+Time)&version=6.5.0&landingPath=https%3A%2F%2Fwww.secureworks.com%2Fblog%2Flazy-passwords-become-rocket-fuel-for-emotet-smb-spreader&groups=0_288081%3A1%2C0_288078%3A1%2C0_270850%3A1%2C0_288138%3A1%2C1%3A1%2C0_227367%3A1%2C0_227365%3A1%2C0_288077%3A1%2C0_288083%3A1%2C2%3A1%2C0_288079%3A1%2C0_227370%3A1%2C3%3A1%2C0_270866%3A1%2C0_227368%3A1%2C0_288080%3A1%2C4%3A1%2C0_288082%3A1%2C0_227354%3A1%2C0_227355%3A1%2C0_227357%3A1
.www.secureworks.com/ Name: ApplicationGatewayAffinity
Value: 324eae91ff21aeb30e33c21363d7e7070cea41b85ecb475862c8f50aedf97aa4
www.secureworks.com/ Name: ASP.NET_SessionId
Value: ds1arbwerzqtpwwxnpp2gdvf
.secureworks.com/ Name: ELOQUA
Value: GUID=D8A899ADB55B4B3A81DA7AA7FC9F6B36
www.secureworks.com/ Name: SC_ANALYTICS_GLOBAL_COOKIE
Value: dc35ece5337c48c8816d479f4491a294|False
.www.secureworks.com/ Name: ApplicationGatewayAffinityCORS
Value: 324eae91ff21aeb30e33c21363d7e7070cea41b85ecb475862c8f50aedf97aa4

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.company-target.com
apt.techtarget.com
attr.ml-api.io
b.6sc.co
bam.nr-data.net
bat.bing.com
c.6sc.co
cdn.cookielaw.org
code.jquery.com
connect.facebook.net
googleads.g.doubleclick.net
img.en25.com
j.6sc.co
js-agent.newrelic.com
js.driftt.com
live-scwx-pe.pantheonsite.io
match.prod.bidr.io
pcdnscwx001.azureedge.net
px.ads.linkedin.com
s.ml-attr.com
s1659.t.eloqua.com
script.crazyegg.com
secure.adnxs.com
segments.company-target.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tag.demandbase.com
trk.techtarget.com
web.secureworks.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.secureworks.com
104.244.42.133
104.244.42.3
13.224.194.13
13.225.73.16
142.0.173.134
151.101.112.157
151.101.114.110
162.247.242.18
163.171.132.119
172.217.22.2
185.33.220.145
2001:4de0:ac19::1:b:3a
206.19.49.24
209.167.231.17
23.100.35.118
23.36.237.138
23.37.35.171
2606:4700::6810:9540
2606:4700::6813:9308
2620:12a:8001::2
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:803::2004
2a00:1450:4001:806::2008
2a00:1450:4001:808::2002
2a00:1450:4001:818::2003
2a00:1450:4001:819::2003
2a00:1450:4001:819::2004
2a00:1450:4001:824::200e
2a00:1450:400c:c0c::9c
2a02:26f0:10c:5a0::25ea
2a02:26f0:64::210:6b83
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
52.85.32.102
52.85.32.40
54.228.192.197
68.67.153.60
99.86.2.7
01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03
095da0c5c45a7ee44ee3fcb10c8467e89bd21dec339c6be6ca30ea55fdd3ccc7
0a8b1ef45e2622985d8d86e6317525253a50b84b7a37e92b14f2af14f430e10e
0ba257ebacb02fb63c4143bd8500d938781ceed14dc1366cf471e8b2c99ebe39
0bfb81a6d3e2ed2e0cb381a9f933355ff00e64cd0d80724e83559861cad12711
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d24e9923edbf8af778b0e4b424f25f68e5eaf62a395eb7a2242206bf4955b30
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11b8cb90c14ea180dae7d0c0a9c47e98b4c7a7a408ef867ef8c64c846612519c
11d5ce34f206afb82ddf5e90ac14a2572bf9ee7177623d3a22d961d14bbd71ae
154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1a914a4b01d30dc7a83ccf4407787ab02647c601e2e9b174f49cbd190de57313
1b63a29874562edf5bede71bb6d62278853b20b1255ebf260143ba3216bb78a6
22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538
22c5269d53acef49ae7ff50fca9c5bf94fc7098f45c8a24a8569328d3558bfbd
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eb58837ef914e32290d2da428a42a22ad4e80eb50acc71796d25a92c1b37751
30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3ff5e46e97edbe794ecf0c917de78c1ebded3ffd180442254b8dcd670e7a43a5
42166c909b8db5b9d362bfc1c28a3f7e06f109aa449a70b3bd293a6e6bf62ac2
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
50f6d5d4c63ae14f65d7a8a91f989edd305a348fdd279c1dd69b94403d64ac46
58b410a2aaad21a9a4d3aebefc8f3a8b5020b07cb9859d3873c8e7fd8dc74c90
5a9e4352db3a1f75caf77c79146fd0f059ba043d692bae117b2d291d0c4ac7ad
5e3029651acd5396424095ee660fd7af6a3a957b15da16171be2fc346f92a25c
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
6977fbc057927802533b66343c7d51580a8c5989aa849a9cb61571b1a267c531
6b4ebd6049c806e3eef1bd770b2d8b4fdd75803861ead3584ee753e41988efae
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
779651bc146d489786b9b4ab590d2784547448e4b85cf1bb9036b31e404d1a37
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
7bc1dc7d2a673a36a6e7b3d26c7fd8f5cc42d8b2d41a98e4de2a5ebdaaea9bf7
81615783cdf3c0a5ccc5e3d8f0142bd63cd26d7f2edb16ba114e80d79ffa3135
81c7050fb96f1d247ebe514a61d8a6c2544b986a7d06afb27dcd36f3e5a3843f
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8360838958784ead38b5037d6c1f8f3800a4c326270ea4e14763d0e573a29300
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
8fdfd5426e92dded1941cdda0d0f59b826065d235790ad345efc636e75ab70e1
97407a0e155a4f783c0848c3515025b308ac6b4e1599f5936e73ad62a236c394
99349d6261b1df0deaa347406ebd15a8d8d9c8cedd0ab077533a15e1366b08ea
9af590939edf1ea144c5604dd8334f3b81eac15575bc049404b0289245f3a1b0
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f
ac7e1b48c70581f5fbdc5bfd015dd55e9f75076a0b07330a23bd95419a50eafd
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acc248ead4890c65f3e2792cfe555e4d98c961f4b564bc4a77e86270dd3051f7
af444d5c5617fa879ad24bf7e4abe895a539d6fb5cd8fdaecb4af54f9a21e0a7
b5ecd7807e3023d657d18fbe832848e8e65843843ebd748f7225e314b17d5221
ba72ee8306b24119425cef142ce74fb59dc52a38a7561f9c5d839af504d79bcc
baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f
bb07034088c79ed24afbb13924cc4f67f54a4ea49410d6f3d001b9a1dd3f4b67
bb0a60a6f91d085789101283e6cab2782ab60f6182229a962695d408a3cd7ca3
bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25
c414c4b0d50c45bc35cd0beae9dd6e255bc68bb44b7f2298f55ad4e1ba9efec0
c5ca0ad73064122932dddb8b1a95ce78abd25cb76569bbb0c7381356bee1dd0e
c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe
c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56
d0a8d0fe6e5d630afcd093fa15bc50d6f9c4543d6ea5a5b44998bc5e3d0a59a4
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
d9417079952dbe5d1b1bc0bf209d04bcf97459ce3c271837b4d9c45a48e3ecfa
db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd521f8f0cb2b38870c852086eff9c00365c88a82a7430a597bcebdd8a9c6569
ddcf4422783ad43a08fe50a6772fc2b14d9700d89e9b0d38b41044f3dfa276b4
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e15a809168d9a16a22e0c2428da1fb9541e4288724ad734efd66ef6bafee52d9
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7df1ea5872ea78df36575269bdf6a9dbc01297df168346deab966cc81dbfc80
ea673a104f40b57fbb61a963f4fd8beb24ec86f7d6fa5dec38c6dff17244c5fe
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f
fa9e263370d6f1a0e0608f6fa0c2fd083eba7d1f3d2c4a7ef0c70b0f798b6cfe
fe8d0e6533b5e64fe2af6c2740160c4776b6942e1a94cad2ef14afab2566447f