www.nisos.com Open in urlscan Pro
162.159.134.42 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Submission: On June 14 via api (June 14th 2023, 3:40:43 pm UTC) from DE — Scanned from DE

Summary HTTP 117 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 34 IPs in 5 countries across 26 domains to perform 117 HTTP transactions. The main IP is 162.159.134.42, located in and belongs to CLOUDFLARENET, US. The main domain is www.nisos.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 7th 2022. Valid for: a year.

This is the only time www.nisos.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
50	162.159.134.42 162.159.134.42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1634	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:853b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.192.125 18.66.192.125	16509 (AMAZON-02) (AMAZON-02)
1	52.200.29.199 52.200.29.199	14618 (AMAZON-AES) (AMAZON-AES)
15	23.36.162.205 23.36.162.205	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
3	2606:4700:e6:... 2606:4700:e6::ac40:cb1c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.84.88.12 99.84.88.12	16509 (AMAZON-02) (AMAZON-02)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:310... 2a02:26f0:3100::1735:28f0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 5	2600:9000:20c... 2600:9000:20c3:1000:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:710... 2a02:26f0:7100::210:172	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	18.66.112.110 18.66.112.110	16509 (AMAZON-02) (AMAZON-02)
1	52.213.12.174 52.213.12.174	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:237... 2600:9000:237d:7c00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:806e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6812:18c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:78be	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8ace	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:6cc7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.252.67.122 34.252.67.122	16509 (AMAZON-02) (AMAZON-02)
1	18.203.70.56 18.203.70.56	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:d5f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:9a53	() ()
117	34

50 162.159.134.42 (None, )

ASN13335 (CLOUDFLARENET, US)

www.nisos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1634 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:853b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.192.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-125.muc50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.200.29.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-29-199.compute-1.amazonaws.com

lltrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 23.36.162.205 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-205.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e6::ac40:cb1c (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.88.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-12.muc50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:28f0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:20c3:1000:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::210:172 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-110.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.213.12.174 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-12-174.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:237d:7c00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:806e (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:18c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:78be (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ace (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:6cc7 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.252.67.122 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-67-122.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.70.56 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-70-56.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d5f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (None, )

ASN- ()

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	nisos.com www.nisos.com	476 KB
16	6sc.co j.6sc.co — Cisco Umbrella Rank: 6484 c.6sc.co — Cisco Umbrella Rank: 9628 ipv6.6sc.co — Cisco Umbrella Rank: 6605 b.6sc.co — Cisco Umbrella Rank: 4269	18 KB
6	adroll.com 1 redirects s.adroll.com — Cisco Umbrella Rank: 2705 d.adroll.com — Cisco Umbrella Rank: 1432	25 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 408 www.linkedin.com — Cisco Umbrella Rank: 563 px4.ads.linkedin.com — Cisco Umbrella Rank: 6542	5 KB
5	gstatic.com fonts.gstatic.com	75 KB
4	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1987 ka-f.fontawesome.com — Cisco Umbrella Rank: 4145	24 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2377	16 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 389	13 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 749 script.hotjar.com — Cisco Umbrella Rank: 1067 in.hotjar.com — Cisco Umbrella Rank: 5501	73 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	225 KB
2	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2462 forms.hubspot.com	2 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4971 forms.hscollectedforms.net — Cisco Umbrella Rank: 5088	26 KB
2	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 2638 content.hotjar.io — Cisco Umbrella Rank: 5923	417 B
2	google.de www.google.de — Cisco Umbrella Rank: 4835	515 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 124	404 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2890 www.google.com — Cisco Umbrella Rank: 3	661 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60	21 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 80	2 KB
1	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4470	983 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2379	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3542	3 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4538	88 KB
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1027	377 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 960	5 KB
1	lltrck.com lltrck.com — Cisco Umbrella Rank: 33485
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2641	1 KB
117	26

	Domain	Requested by
50	www.nisos.com	www.nisos.com
13	b.6sc.co	www.nisos.com
5	s.adroll.com	1 redirects www.googletagmanager.com s.adroll.com www.nisos.com
5	fonts.gstatic.com	www.nisos.com
3	js.hs-banner.com	js.hs-scripts.com js.hs-banner.com
3	px.ads.linkedin.com	3 redirects
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.nisos.com
3	ka-f.fontawesome.com	kit.fontawesome.com
3	www.googletagmanager.com	www.nisos.com www.googletagmanager.com
2	www.google.de	www.nisos.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.googleapis.com	www.nisos.com
1	forms.hubspot.com	js.hsleadflows.net
1	track.hubspot.com
1	forms.hsforms.com	www.nisos.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	content.hotjar.io	script.hotjar.com
1	d.adroll.com	s.adroll.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	www.google.com	www.nisos.com
1	px4.ads.linkedin.com	www.nisos.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	in.hotjar.com	script.hotjar.com
1	vc.hotjar.io	script.hotjar.com
1	region1.analytics.google.com	www.googletagmanager.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	snap.licdn.com	www.googletagmanager.com
1	script.hotjar.com	static.hotjar.com
1	j.6sc.co	www.nisos.com
1	lltrck.com	www.nisos.com
1	static.hotjar.com	www.nisos.com
1	js.hs-scripts.com	www.nisos.com
1	kit.fontawesome.com	www.nisos.com
117	39

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
www.facebook.com
www.instagram.com

Subject Issuer	Validity	Valid
nisos.com Cloudflare Inc ECC CA-3	`2022-10-07` - `2023-10-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-03` - `2024-05-02`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
lltrck.com Go Daddy Secure Certificate Authority - G2	`2022-07-25` - `2023-08-26`	a year	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
s.adroll.com Amazon RSA 2048 M01	`2023-06-03` - `2024-07-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2022-11-08` - `2023-12-07`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Frame ID: 2E60A4AD047B302C79659D1FEA4888EA
Requests: 116 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page not found - Nisos

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

117
Requests

98 %
HTTPS

71 %
IPv6

26
Domains

39
Subdomains

34
IPs

5
Countries

1116 kB
Transfer

4124 kB
Size

25
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/nisos
Title: Follow

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/nisos/
Title: Follow

Search URL Search Domain Scan URL

URL: https://www.facebook.com/nisos.managed.intelligence/
Title: Follow

Search URL Search Domain Scan URL

URL: https://www.instagram.com/nisos.managed.intelligence/
Title: Follow

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 85

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757228758&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757228758&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4343073%26time%3D1686757228758%26url%3Dhttps%253A%252F%252Fwww.nisos.com%252Fresearch%252Ftrigona-ransomware-explained%252F***IOCs%253A***IP%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757228758&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757228758&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=true&e_ipv6=AQK-aXS_2NK5tQAAAYi6kMO3FNcnEZbxAsC9_q9tWvk-R_NxDnwrgx63UBLrJJcR5BAnHAGPxxtw9F6CSAcX7l77h6Ar

Request Chain 87

https://s.adroll.com/j/pre/ZCNLOBHP6JAMPK46MHW4HJ/FQF5LWUC4ZDBZCUBYYYETE/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

117 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 404 Primary Request ***IOCs:***IP Show response
www.nisos.com/research/trigona-ransomware-explained/ 134 KB
26 KB 416ms
359ms Document
text/html 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9198751141182778ff336c74f4d7e3ad6757f13199c7958dcb7be81182fa2c34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 7d73ac012a491b9f-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 14 Jun 2023 15:40:28 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
ki-cache-type: None
ki-cf-cache-status: BYPASS
ki-edge: v=19.0.6;mv=1.1.3
link: <https://www.nisos.com/wp-json/>; rel="https://api.w.org/"
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5023xb%2BTj%2F%2FwZJaJqTBT8Lv%2Fpl8PNMClC2VLajVsPilhlkKvMoBVeWVkCyJXIGfLlEoLVI3bPeqtVjHD5ZeaaQABQ%2BvJE2Se4%2BqIwKnmGsZB0oeLp5Uyevmc2UWegZY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-edge-location-klb: 1
x-frame-options: SAMEORIGIN
x-kinsta-cache: HIT

GET
H2 200 style.min.css
www.nisos.com/wp-includes/css/dist/block-library/ 95 KB
13 KB 68ms
67ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-includes/css/dist/block-library/style.min.css?ver=3bc2f6d635f19ab24e7adf5b4e33d3b8

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,88b53538fc0e54512cead375ab30fb58fbd06633718ae385fd75a2b970c9cfd5
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 115
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:43:35 GMT
server: cloudflare
etag: W/"642f04c7-17ced"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=orXXguD2R%2Bgcy%2Fz9WBC9sd0dBcQWRaU1K%2BqcRstKrczfxUg8FbbDoCymPFK8iSV3nG6OwTXdfMMuJ29qT%2Ftx7RK0miFw9Hout8Av0TEa7Dva0lhs3CJcoLbhkjBhang%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac036d331b9f-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 swiper.min.css
www.nisos.com/wp-content/plugins/dg-blog-carousel/styles/ 19 KB
3 KB 50ms
49ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/dg-blog-carousel/styles/swiper.min.css?ver=3bc2f6d635f19ab24e7adf5b4e33d3b8

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46bbc7b22b8c58dc664cd4b31da0906636b96c8d64b839b1671d3eff081f6c1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,4b3cc2a010bb32274103334332a2dc990b984e5e8e6ff72c0b368b32b5be1896
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 374
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Aug 2022 16:43:01 GMT
server: cloudflare
etag: W/"62e95415-4d50"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S3Zl2RVoaUQeISlcy4UxXLQEqkSRSZ4cdVamHOE0JMQlWVaLDPm9IEXr%2BlO%2FisfsNft9JFUqbJRpx6EMx%2B5MhXnD%2Fn3I5BbN27k5qNHdFTzJUcQhH1xloKeXY0wxEnU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac036d351b9f-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
www.nisos.com/wp-content/plugins/monarch/css/ 113 KB
14 KB 50ms
50ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/monarch/css/style.css?ver=1.4.14

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f820d93daf383e178bda2912f5bee00e90e56390597820622643fa8e5e487143

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,b39b0a0ede3780dcb00d16eb59c7dd039b8dcbedaebee368cb2819b843baa6a0
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 73210
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 19:09:25 GMT
server: cloudflare
etag: W/"61688065-1c56d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H8wPocS45OW6fPPPxWueyMgPionT6ilzgsHDfHkKUrWiajNsofIzXKoV2DiWyo1bkf1M0XFqRqXcy4j1YPu7no1I%2FIm4kzXPmLYEaoAcTsm2QnfeK%2FNDx6eq5isAgBQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac036d361b9f-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 84ms
30ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

67eb879fb1645c73ccbaac598e815fd3901eb5114228021d686b8b5e470edbbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 14 Jun 2023 13:43:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Jun 2023 15:40:28 GMT

GET
H3 200 front.min.css
www.nisos.com/wp-content/plugins/popups-for-divi/styles/ 7 KB
2 KB 178ms
178ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/popups-for-divi/styles/front.min.css?ver=3.0.5

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba2eeab126375c9cc2fabe9a6fe35f25dea57c52df280e6e24a790f5f45be878

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,b9ac426e1e9d65602937f14f305030ead098ae4fcde8d4be7c3254c79215cbe6
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 06 Jul 2022 19:34:32 GMT
server: cloudflare
etag: W/"62c5e3c8-1c9f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2FcD4xBlA1zLG4OVMAd3Xl08VchEU3PIkcjFdUDKGqn2OffEkXGdqRF4p7p0Q5%2BFf9JC42tNLf3plzHpajXQyXgJUh6H1bn25lsTSx%2BQd9VAQ3n15H9QOsYJEGrBnv0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb289156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 search-filter.min.css
www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/css/ 36 KB
7 KB 177ms
175ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/css/search-filter.min.css?ver=2.5.14

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c90d3c0b0e49b95857fbd4a60728451deb97ac4079be355467deac9ee7de4a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,1a81ac67ffe4c03d4748628c61333e8eeded4c74b90ca49d8a289d47712195e0
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 24 Apr 2023 15:06:23 GMT
server: cloudflare
etag: W/"64469aef-91f3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LPdR2a4bqVyfuwvHsgOcbeXSiLENPEZi5ODOGraJPILZMjxwYOlpLBNYDOKphIK3bQ7Lc7PKlMKtLtSurjxFKdLMB1GF2x638nBrRAgSKZpKo%2Bnl45vsujQU2F1cUA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb2d9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.min.css
www.nisos.com/wp-content/themes/Divi/ 26 KB
7 KB 157ms
155ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/themes/Divi/style.min.css?ver=4.20.4

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba7e231732c5791c70061b395c1d28b929f28ed1f6ec000fad64727a36c46da3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,f386483d672dda793762337e3261104edf5cb2f404140c243f9c14656dae14ea
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:46:18 GMT
server: cloudflare
etag: W/"642f056a-680e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TV2KR34UTA9WS6dEbsJhZVvhq9twBoX3%2BDPthn1Hcwffwd%2F2xoVx24WnB1AVeepjHFxSPm9LiXbaB49VJCtxLrcp1EiZ6sqdAcKbF0qmZx5cOWbSXmd%2BGl9npFRG%2F14%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb2f9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 et-divi-dynamic-tb-9107-late.css
www.nisos.com/wp-content/et-cache/notfound/ 628 B
880 B 136ms
134ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-9107-late.css?ver=1686688277

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

925d5ba38a0c2f9ab7df22566d1b0eec56615e69ea93b84c5e79a7f3074eb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,b47d06dbde3646fc81f045ef7513995d9fb0a135e6ea93559961d5a990709b23
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 13 Jun 2023 20:49:18 GMT
server: cloudflare
etag: W/"6488d64e-274"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o2p7Egm6TSeBgbVIFYYW3nnXyyHPQEtu1K2J4ftS0qneUbN8WPKavoyOXV4x8P1Tp4jFgDdU3J6m6oGfOgM0pDWo1dj9QK0tP7tfRmGdFdd5l6y2%2FooukvL09uEL8sI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb309156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 et-divi-dynamic-tb-9107.css
www.nisos.com/wp-content/et-cache/notfound/ 94 KB
15 KB 156ms
154ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-9107.css?ver=1686688277

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b4e13a4e12823ec6fe43ef5d7775abe7c9badf09c6f51693eb7722a924c68e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,0e5bcf162e766100d4f58674917f3c0b49427be5fc96c3cf52cccb60a32d53c4
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 13 Jun 2023 20:31:17 GMT
server: cloudflare
etag: W/"6488d215-17757"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQioDDyws7YsMhQOM9jS19jDAQnMcblWL7iw0U6mAX2xEk1BhSN7tP4xKLY2gL7eJJDSZ68kWmPeS2CeZV3DoZWgmS0T6uYIchj9r%2BpKNTP81USi%2FhSDXtXeGrF9gLs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb319156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.min.css
www.nisos.com/wp-content/plugins/dg-advanced-heading/styles/ 4 KB
1 KB 134ms
133ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/dg-advanced-heading/styles/style.min.css?ver=1.0.1

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26764edc2000ff1b83064a99effb1fe10e7cddf5b1a2c406a6d10a86b852eda6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,873323157c00d783cb7b90d4a55e8b95210eb876e983f1cbd8f760fd27167860
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Sep 2022 14:34:06 GMT
server: cloudflare
etag: W/"6319fd5e-e6e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2Fr%2BasxmXokhWhFYBEYwpJ2wqGrV9ixSZ7NftuBljRDB8wMwX6sAk8c7KRlH3q%2B0hGREmt5kztntOJT4rfJPWYiQQKfzdnXle1M7KsaMqnKLMA3tc2f2Wfh30v6qAzE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb339156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.min.css
www.nisos.com/wp-content/plugins/dg-blog-carousel/styles/ 11 KB
2 KB 132ms
130ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/dg-blog-carousel/styles/style.min.css?ver=1.0.15

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43bfa4cb8df3cc265a138e9e526679040ac26b50498319031ad41b77c6f01f84

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,05dbb013f7db58185451dafd6adb5d0d3af981ef13fa9b8c85327b9cd3d3990d
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Aug 2022 16:43:01 GMT
server: cloudflare
etag: W/"62e95415-2a52"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtaB2zI6mXb4UM0J8ErbaK3wb0UWNUkhH9blZV5kfCqorofsVjWBQicUHJzYFZp5%2B2fLIXju8X8Gyj1yjVQG%2BNjw%2BofpHK5GPD%2Bcbm8bAMF6GsH0kRWo7AieYnuDKSw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb349156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.min.css
www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/styles/ 414 KB
30 KB 153ms
151ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/styles/style.min.css?ver=4.9.34

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa5ba6fab394d537af1ad89a49479e9953ab0f96251532163c794a3ccea938e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,e5fe29412d6e3f9b5710560ecd0b725d41299e76601fa54cb5e50bd3012a00ac
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 May 2023 17:29:27 GMT
server: cloudflare
etag: W/"645a82f7-678e2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Kk0WJocSoomsTslpBNdTyHptOIK47%2BgcvDg3NsL87RppTwrWP71oNznccqT7GD8kDYY2qdqzArHu4OoDJ5GYjHtRMfC%2FLE6cDbNM9BJmoTy1Eav9w2oJRexlldmt4I%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb359156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 magnific_popup.css
www.nisos.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/ 6 KB
2 KB 178ms
176ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/magnific_popup.css?ver=4.9.34

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca3af915877e0f119ce0df14dfce6249f76222c600e23882fa7c7f99788971cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,af73cdea617c649b330ae3647a74cb9865332f0fc5ed8ac13914c1055476e559
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:46:19 GMT
server: cloudflare
etag: W/"642f056b-1946"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OOlMuvD%2FrnZjdRsFXHVoldFwpDVu597o%2FFhzejH8DoJaW9wrOAYiE5BRP1qDM27gC43m9HCbuCt7XvTC12Rikzyu2kOk6jLwgPwKjXnC77AG5H8VvpaSze%2FaQoU%2FSco%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb369156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 swiper.css
www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 22 KB
4 KB 195ms
193ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/swiper.css?ver=4.9.34

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e53a639010f02dd7e7c3859f82daeffa535fc069b3e4145640af023dc386f86

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,90e094d277e81dee92dfbd4dcca5ace43e2396d58bc08f6445b0b4f70a582a67
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 May 2023 17:29:27 GMT
server: cloudflare
etag: W/"645a82f7-5737"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0vprQ4Y%2Bd09RiEZ21nM%2BwotvgQpTn741UmlSTaurzDN23qZlm7b9QtLCajmPou%2FHRrMjE0RdT1HI%2Fyd90WfxGPQ2qbFQwt4Ibq42mHcuKVBk%2FraaS9tcYy7MO6pNoEw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb379156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 popup.css
www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 7 KB
2 KB 111ms
109ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/popup.css?ver=4.9.34

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c81b4086d742cf938f6fbc06de7dab26cce2ea6a889b6cf94a356251495631

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,ae94453bdf50fc9455df1902d94914353c270ba72508d3e932b0923ec729caa0
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 May 2023 17:29:27 GMT
server: cloudflare
etag: W/"645a82f7-1b60"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LubrX%2FokIMCs7QBE%2BYK3RmDXXhoxpY%2BFHikcr2FHafJKT0cqLuul0cB5iGuIkvNlPyK0xADJUx2ljhOgcFmFRFWy7btYZTDFNCcIlQ70yevWVMhcC7hjv%2BCzZ60%2FMA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb389156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 animate.css
www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 83 KB
6 KB 135ms
133ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/animate.css?ver=4.9.34

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2414767fbf3e93d3269cb3795b6c667da0f58a8f662dfd8aabb0807243d1134f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,270c2e6f46317d504dabd8865e09334f4c600b3d816303dcf30efc674623751b
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 May 2023 17:29:27 GMT
server: cloudflare
etag: W/"645a82f7-14d7b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tin9pIWobdKklbspIDBNMsNJMn1uFHGKPZBkU8mdQI6qvaN1zTdF4A4TycSpDyet4bRwWH2cj03SQwdWUt4DKD0SnxaRW4M3n7DltxRfJ44Qu9tRSfEW%2B5fNPblg7ls%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb399156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 readmore.css
www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 2 KB
1 KB 113ms
111ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/readmore.css?ver=4.9.34

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e103f8eeb3f4ba878184dea6d2137c6d5d2e0356e62fb5b8385c3d0e0ec598fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,6c03f7226438a7d0fd440a1b10df2303dbebae4899b7b6b71ba8f6cb98aafa48
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 May 2023 17:29:27 GMT
server: cloudflare
etag: W/"645a82f7-6b2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o5PeAoGJ5HmeV2G8lpRQp9spLkI%2F%2FSYU0Gey1u%2BdsfC2dB4EqU6SQZdN2wKMD1221hPf65xkkTU8hr87PXwO93szgOiTvN%2FlMWgmgNyn5hjET8v%2BjtTgJNg1apr71zI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb3b9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.css
www.nisos.com/wp-content/uploads/custom-layouts/ 18 KB
3 KB 136ms
133ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/uploads/custom-layouts/style.css?ver=41

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d6a60541b6205300575d1c6a1e92c4c139f4dccadfe00ff9b3a85ceb6c81110

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,c7200c1295aca72f5be4b699166384fdb3a236a124f28cdaaafaa14443142a83
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:40:13 GMT
server: cloudflare
etag: W/"642f03fd-472b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SIb%2BRTKGBmphbNyPy9zu%2Boy1iepU7EJaFRHWDqoBl%2F7XJwpG8k%2BVrZPk5EkrARP8FE%2F3eLF%2F9IGqephF0%2F%2BPmUyb6Wek0WG645NiQpLR0vwOatFhpXTzUeaMDszLuiA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb3c9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick.css
www.nisos.com/wp-content/themes/nisos-child/ 5 KB
2 KB 136ms
134ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/themes/nisos-child/slick.css?ver=3bc2f6d635f19ab24e7adf5b4e33d3b8

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99a15b32a81b6f965c2e5bd6c582f7ffc73adfa751fc2465a00f3104e7a6cf95

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,5fbc5fe2c5a13b70a03e378015eed45fa113cc3e07dcc33bb6263b8300b7142d
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 22 Nov 2021 15:10:41 GMT
server: cloudflare
etag: W/"619bb2f1-1327"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2Fay1tbINU8mKH%2FajmdFc5f1quUtERNlRICIR5N9zsMyQG%2FEMoQ57f6Jv78cccMaY3COAZg6k4G2ch7dNNHnvhsL9DG0Y8kVvM%2FibBYN9Fc7xT5e5za3O6fuOUsF9XQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb3d9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.css
www.nisos.com/wp-content/themes/nisos-child/ 14 KB
4 KB 178ms
176ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/themes/nisos-child/style.css?ver=4.20.4

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

754233622f501da9f79ca0d4626d442150d84aee8a909201132fa960b2bf803c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,fbe70093782887fcb889dc883ac3b9ba916e10dafbb96ba5a96a080863c496f0
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 24 Jan 2023 20:21:41 GMT
server: cloudflare
etag: W/"63d03dd5-3778"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sIZWzJx6cgU%2BrGfl21p3ossWAHYylpF5e8%2FA%2F0%2FVRIcN4GMEHhh93sNsejtCE5C%2F%2BjxihiZ6hA6lMnvuJQeDKtYFj%2BTrBhw4XTpOZJDG4HvLK45k4hl4yYb9dSlhxgc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb3e9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 DOMPurify.min.js Show response
www.nisos.com/wp-content/plugins/svg-support/vendor/DOMPurify/ 21 KB
9 KB 178ms
176ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/svg-support/vendor/DOMPurify/DOMPurify.min.js?ver=1.0.1

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50c36bc2a71485bc6939c1f5de3d1b38ff260d9de91dac1855df0b50c35d81bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,0e8150840593df9bd0f4ce4a0b74b2d49d90c869f1ea097b1379495e962f0cac
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 22 Dec 2022 15:13:47 GMT
server: cloudflare
etag: W/"63a4742b-52b1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CbDBHYHVnO12vjiKtrVGRsGn4G27hZHSvy%2BSRqY0ODyh%2FKsL5rhlR%2FUDkT3%2BsmFAegWgH8smPKWNNOzlcH%2BqlhuPuL4F7ayxkk6zcjhMtyYbqlmrm7%2FunZIJNWfykc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb429156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery.min.js Show response
www.nisos.com/wp-includes/js/jquery/ 88 KB
32 KB 113ms
112ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,222a13131a49c24deee95ba060d5206b4903536022794aad6170fb9f1fefc9c8
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 419
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:43:35 GMT
server: cloudflare
etag: W/"642f04c7-15ed7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yADyibHwv9%2FfJxhyxy29R4jrCPGRBEB3a8HczL%2F24%2F%2F1nYafnkC3gPfEqBeU%2BbhcbcerOfD5cvfqrCjxG1JYhbOYQUNjNqOe%2BiO6FFLA%2Fzo9ThZ8VurH72ehBAjmns0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb439156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery-migrate.min.js Show response
www.nisos.com/wp-includes/js/jquery/ 13 KB
6 KB 194ms
193ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,14cf7fc0bbdcb4c27f17e961d028f68223e417036e493f75213810624f82c00b
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 419
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:43:35 GMT
server: cloudflare
etag: W/"642f04c7-3470"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1EHSCwlthMYtbm59gXcYqc9ZJ%2BNRPeUwm7GhFLZ%2FlVd4tQirfB6huZFsc8mEeYju9Xzia6lKL0%2Fq5AL9OhrpgYAebx6OThLgdfBg72aEt05LQVDAkumNDbp5T3CVP4E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb459156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 svgs-inline-min.js Show response
www.nisos.com/wp-content/plugins/svg-support/js/min/ 2 KB
1 KB 195ms
194ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/svg-support/js/min/svgs-inline-min.js?ver=1.0.1

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eabc19480b6212343af7996aa06029eb00e8a05d9709b4c8b05e3222558a12f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,7bcad437b9e70caddd0e55c4807867d6de7c499835da36a897bf620af656900d
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 108394
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 22 Dec 2022 15:13:47 GMT
server: cloudflare
etag: W/"63a4742b-601"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RVTUz%2BzST%2B7Br%2FfPqqytYHJkY4dg4%2BViTRJ4mV0U6CFHQsvHyY6s0Br1co9poLgassKt7TzCsx1Hjv0zw8u8KUnijWQ%2F9Y67IyJwAb0xtt%2BkyljEnkpK5dspEhbc%2B9U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb479156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ie-compat.min.js Show response
www.nisos.com/wp-content/plugins/popups-for-divi/scripts/ 10 KB
4 KB 195ms
194ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/popups-for-divi/scripts/ie-compat.min.js?ver=3.0.5

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6aed488d128d02850cfb20b4de28a2eceffddd04342f413bbe88a141235a976

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,f748acf366c5bbea00b8be5fad3d89e32a05b1a742a6208421cc074a828b78b6
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 06 Jul 2022 19:34:32 GMT
server: cloudflare
etag: W/"62c5e3c8-2712"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N2qsssFnXYdreoKVCpYIgWxlpw50F3odJdcJXtUw%2BgzpHcCC9Ulqzv6Ef8MU%2BkpQ5eardkOzT6imOZlBQetVO5qvNVgxxh7TVAbiTjYIOhZXYQNlXEhUhtrm4TOVO4g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb489156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 search-filter-build.min.js Show response
www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/js/ 64 KB
20 KB 196ms
195ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/js/search-filter-build.min.js?ver=2.5.14

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbcc9f3151a357828aa120dc98bafa35359d42c83b4cd39693009f43e2ae9098

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,0c21e2bb1283e80621ac1ad2d9d182dcd66450e1edb18a20184fc4a0a8ab1726
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 108394
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 24 Apr 2023 15:06:23 GMT
server: cloudflare
etag: W/"64469aef-10074"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g7svCS9wT9NjAUDDkpC6Izlgu%2FHgN4FRJSYAEcKrTXYjPcd8eziyPWnZ%2BU5b1f3fL1bm%2FLA9HjkcQc%2F3pzKg02v2%2BjO81hDfefK4nAkNW7R3SiQnknd6sq7MDqvt%2BxY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb499156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 chosen.jquery.min.js Show response
www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/js/ 28 KB
8 KB 111ms
110ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/js/chosen.jquery.min.js?ver=2.5.14

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73881513a7e7f8944a311bea8e80e9fad946e256ae74d62b5c8d469dc6df0186

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,280351e81b2a6fc9a850db62a7374c4403d3b3f2c511e8e6644f509e144b27b9
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 24 Apr 2023 15:06:23 GMT
server: cloudflare
etag: W/"64469aef-71c1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kwweA1jDo4gtfJTHJBLd9mt0N8TE0u0kVDQpOvqEOnGQey4%2FWoNTYdqRGhLECdj0sskwaKHDap5ti%2FU2J9DYuEVHNVekiWWryeLVNQIuCF96P7lc4Xd5dI5NyYihFvA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac03fb4b9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 799 B
470 B 81ms
31ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Zilla+Slab&display=swap

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5489746d9317f7924511ff59d5781ef51906900a231fe46684c1e512a09ef076

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 14 Jun 2023 15:40:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Jun 2023 15:40:28 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 88ms
35ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-145073476-1

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6eaff3cbb09a3a966e595e32979f74af982aa32ca919ad7ca87e22c79709add9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 50194
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 14 Jun 2023 15:40:28 GMT

GET
H3 200 alt-nisos-logo.png
www.nisos.com/wp-content/uploads/2023/04/ 18 KB
19 KB 60ms
57ms Image
image/png 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nisos.com/wp-content/uploads/2023/04/alt-nisos-logo.png

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57f4680898f2af59bf83a8bedb562603677780be4133457db08e6314c6438723

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,9e1cc11f922671cae97c6059e0bef5e438bbaee348bf1fa087f49aef62e5be2d
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 18447
last-modified: Mon, 17 Apr 2023 14:31:45 GMT
server: cloudflare
etag: "643d5851-480f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e4OED9u4XJhucqziLJ77RXhILONEQpVo%2BcD40AsJiU%2FYEDHuXII4uhCoOK7h9lbBrYjpTFa0Eb7JcdEmDwoElyW8oR2dEitaiPCt0zq3yQkSGB3naBqn23Stqb8cT6E%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
accept-ranges: bytes
cf-ray: 7d73ac054d129156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 NISOS_logo_high_res_vert_white@2x.png
www.nisos.com/wp-content/uploads/2021/01/ 9 KB
10 KB 65ms
62ms Image
image/png 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nisos.com/wp-content/uploads/2021/01/NISOS_logo_high_res_vert_white@2x.png

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10fd67d6c6eac5cdfda0b370fb6b23bc1fc4b9f1f1a7cb8b401aac906f2a6822

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,c548b1b1af14ae1266c3e98a1feac25ef7fcd047721cb91230d4687e03a7c78e
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 9652
last-modified: Thu, 02 Dec 2021 00:19:22 GMT
server: cloudflare
etag: "61a8110a-25b4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5TnxicZXyf1kwTUaPT5USar0%2F3afXgqFQtj9xirTT7LnixVLKtQ2g682LSosBM1o8JV99jlJA7T%2B41BcaIoUP6VSHara%2B45oWqi0UTsDTpkJjXb3z0aph%2Fv5Lw25HWA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
accept-ranges: bytes
cf-ray: 7d73ac054d139156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 9379eed59c.js Show response
kit.fontawesome.com/ 11 KB
5 KB 97ms
49ms Script
text/javascript 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/9379eed59c.js

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ef3755c1c0e73dd384a7a7c4d07fb899808284d0639a70d7db43fc51c3e6419

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://www.nisos.com/
Origin: https://www.nisos.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
strict-transport-security: max-age=31536000; preload
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray: 7d73ac059a6c9c00-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: F2iQfrBVpSlvzCEImH2j

GET
H3 200 imagesloaded.min.js Show response
www.nisos.com/wp-includes/js/ 5 KB
2 KB 60ms
59ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,ac16e648bbd8ab246c8802531e2e281b0d0094b44172184e8992cc74dcb58374
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 19:08:54 GMT
server: cloudflare
etag: W/"61688046-15fd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7UoTFJ7EIgjKq5SN1kSk8KgDDYYs9GvZXw5SqtXb0bGeGuWVV5a3SjOnMtEeUYqdbiNO8GZX%2BwojvwYQfThMZpPjUNiuQGUp1LrscNSWz8I2GUBybJVxXGQEjqr7OC4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054ce59156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 masonry.min.js Show response
www.nisos.com/wp-includes/js/ 24 KB
8 KB 59ms
59ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-includes/js/masonry.min.js?ver=4.2.2

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,186526930cac930fbf1401b86ea72183e8e160b637663475dbd3020cd6e38006
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 176239
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 19:08:54 GMT
server: cloudflare
etag: W/"61688046-5e4a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cw1edIfyIKrqmY%2Bv%2FwLcMrxu9aC8Dx6MXExblLILxPdTT3hQSxMS4X4E5Cf55eVHr9EEqvHr52Ui4JjAXdEPIv%2FI8Dk2GIwFW8rAD4BcvnzWflw08pDu3zIHKrseees%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054ce69156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 custom-layouts.js Show response
www.nisos.com/wp-content/plugins/custom-layouts/assets/js/frontend/ 362 B
903 B 58ms
56ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/custom-layouts/assets/js/frontend/custom-layouts.js?ver=1.4.9

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e71262c3e6d9eac19580f7725c2f1619790e8feb7fa6f536c029d94dcedc128

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,5b613f47a8eddddb04331b01c34c663b8c0c661de721af79ee619081763329b5
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:40:12 GMT
server: cloudflare
etag: W/"642f03fc-16a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KLer8SonVpOMd%2BkfUEtTgi71QilFB%2Bd57YdkMGeZS%2Fvo8pqYDimvg1eljsWuLxh%2B6qNC6gL83SOXRCMOsi6iBIGPbtsjFeeMZTg5cu2NWV2IgDb9if0YDggXaDtI1rY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054cf89156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 anime.min.js Show response
www.nisos.com/wp-content/plugins/dg-advanced-heading/scripts/ 17 KB
8 KB 93ms
91ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/dg-advanced-heading/scripts/anime.min.js?ver=8.7.1

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71f229efc891fac06cdafe9765967f3dc1ce71db155e7130042e7e64aab7f43a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,8daca3b0c76ead811179a1bb2cba48637591af5a6347a97d69bef348ae5dabc8
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 108393
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Sep 2022 14:34:06 GMT
server: cloudflare
etag: W/"6319fd5e-437e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2ByDakkU8CycSOuRWsNHvcPnYsRqgsbmhb6Qi8qnNb%2BqdpFOcuBdXRaYUEiL8B%2BWuNgZtnacMF%2BoiR6kYzfSexxQ%2BQc9xNPijrGkmfHfC8OKBR6Op3MBLI6Bjr2AQgI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054cfb9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 swiper.min.js Show response
www.nisos.com/wp-content/plugins/dg-blog-carousel/scripts/ 135 KB
36 KB 86ms
83ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/dg-blog-carousel/scripts/swiper.min.js?ver=5.2.1

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a75aa5bab9865958cd01d39856dc37e96491296ef55f5d2fdce2915b1ea1c58

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,e66a057b995eae5a249d4c5562c57804698c142eb05edea085f1b7e7e2549fe1
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Aug 2022 16:43:00 GMT
server: cloudflare
etag: W/"62e95414-21cea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EGZeNR%2FtgSEn5qixw732rJOcFd9oWAlcMvkbaNPJKvilv5O0ZFhQwdM4s4F0Mu8RwkaYfRO%2B3hdXa92gj9HNrQoqgvlB6SABh%2FRy6rQ7bu1cSfVEZSFl9s9Gp6Y5mrE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054cfe9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 6068438.js Show response
js.hs-scripts.com/ 2 KB
1 KB 449ms
393ms Script
application/javascript 2606:4700::6812:853b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Requested by: Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:853b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee7a1a33221cee8138a2fb7ba06f2ec2d170d48bd3d7ec49772240877e0d74a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
cf-cache-status: EXPIRED
x-hubspot-correlation-id: e9a06a26-15a7-44b9-98d0-9a45a479d830
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 462dc25c-04be-41ad-a00d-e5388adfb74e
last-modified: Wed, 14 Jun 2023 15:38:24 GMT
server: cloudflare
x-trace: 2B0511D742E9E7F9B4EE96C97287E21C27AACC886F000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.nisos.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-kk642
cf-ray: 7d73ac05adaf373c-FRA
expires: Wed, 14 Jun 2023 15:41:28 GMT

GET
H3 200 idle-timer.min.js Show response
www.nisos.com/wp-content/plugins/monarch/js/ 3 KB
2 KB 59ms
56ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.4.14

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80fa756dda143f69fb3ce750e905cc8188150dc4c6b7539bf3627fe26530b405

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,d0dbb38299fae013682e2a5637d1349fb5f6339fc7e063c7134c2acae29be3a3
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 176228
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 19:09:25 GMT
server: cloudflare
etag: W/"61688065-a4b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zHZr3xXZIkmbFnMPOZoS%2F%2BS6DI%2Bv9Tuv2KE7H3cSUa2lv8tRDt%2FtXK2%2BQT4Fd50V81yVE0pDG6MnBtY2sKWg9VET0Q6ixrc3S0XdwPP%2FxrJZaBeUHFvzo4KvTDsSjsM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054cff9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 custom.js Show response
www.nisos.com/wp-content/plugins/monarch/js/ 26 KB
6 KB 60ms
57ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/monarch/js/custom.js?ver=1.4.14

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43b5c9ad80f0a5d1c63568583e9cf6cd5ca8454a680f4ee80d5d63d00b15a360

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,f11c497a4440a3b44ec456d9755a2d49a57e835b202d0bc8a566875f94868ce2
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 19:09:25 GMT
server: cloudflare
etag: W/"61688065-6855"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qP%2FLpay9PuAyktuob87ss1ImrF9MZ%2BpJXbNoGU%2Bp%2BihFYUAT4606d9EfG0AdSN85rOlnN0j2g7oh2QAS8rPNrUkQTXDclwAuNkJ6O0euMFHwqPdjXiYA3tuF7O%2BPcew%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d009156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 front.min.js Show response
www.nisos.com/wp-content/plugins/popups-for-divi/scripts/ 65 KB
22 KB 66ms
63ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/popups-for-divi/scripts/front.min.js?ver=3.0.5

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5cec8800ffe6b92993466f61ec4f4d5ee6dee946a942b9356559821585fb650

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,23af53dee9725f3caaf30aca7a821d7286e5bc7619b02a4a822f326c90fa97a7
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 06 Jul 2022 19:34:32 GMT
server: cloudflare
etag: W/"62c5e3c8-10394"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ss3EpK%2BjeA6VwtUz%2BRqMGTH0jVzZQsKYLVHMzfW40m39lk1jPY737NN7LMIO3Ip6CrC39kpXaZRF4uGsW5aXCk1Oesd4712WbooW0TJDHZrYVm%2FjHrydrXYxOeU9SHs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d029156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 core.min.js Show response
www.nisos.com/wp-includes/js/jquery/ui/ 21 KB
8 KB 65ms
62ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,09feba44757de3dc5eefee3fddbc61100ff6515bf8096daa7e267547e18f3509
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:43:35 GMT
server: cloudflare
etag: W/"642f04c7-53be"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJMef707Sx5SVkmIPT5yEiR3ly3sKxAjAAIU687YtrsjJwW9PZ5%2B7DjtNJPbYsz8vVzbxZe5cU1pdoIvlPGYLgYkdg9k0BOvbsCNFuh00iXDGG115mN3Bkhnb4aGDZQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d039156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 datepicker.min.js Show response
www.nisos.com/wp-includes/js/jquery/ui/ 36 KB
12 KB 63ms
60ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.2

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db5ffd916dbeb4938cc236cb3a42e73a56987f28c5deb9f3beccbe2c4af19307

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,9bdfe29266775059ca7799e044a7ced0e5a22604c5e7816be9718a10e3621d64
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 176239
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:43:35 GMT
server: cloudflare
etag: W/"642f04c7-8f79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lx%2BEZHJwCWIkZuG5YqCu0oZ7u%2B1Q%2FTCfQMol5jGPJu0Zq%2BXP2HUH22nbgmQ0500Wf52%2Fec8FCbWh8Pl4tTN5yfXm8eTz5qz2BR8Q9dPdzo%2F%2Fjar4QH%2B2hqvTEWuaBCo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d049156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 slick.js Show response
www.nisos.com/wp-content/themes/nisos-child/ 42 KB
11 KB 97ms
94ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/themes/nisos-child/slick.js?ver=1.5.3

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0521badda7c602b73185aa5e23dd04fcb5f5ce5e0f1d693ff2cf9474178c1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,7f28b306da0223e553d055dba958a569ba4b06045676e30a0a81032de4e77caa
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 22 Nov 2021 15:10:41 GMT
server: cloudflare
etag: W/"619bb2f1-a794"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YvELCZN8qgZLI5xkTqs8GSfQfrnUk81jV3Tv4WC10FeqWXTQyc2yY5B9fNPTYiQcVNNd007DMRykhKdLzwMrkiAZOWxgLt7XdWiJQpeuFrQ4xNX6ICAMTYmyj8VTSA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d059156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 main.js Show response
www.nisos.com/wp-content/themes/nisos-child/ 6 KB
3 KB 66ms
63ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/themes/nisos-child/main.js

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67154bc8868a4e60ffeb64c6512e70acb648a5420a5eb7eaf86b20bb0a8457e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,2497eda5ba28c1994d05448790851963bf661954a158a9d28c1a909c4ced576f
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 176229
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 24 Jan 2023 19:31:39 GMT
server: cloudflare
etag: W/"63d0321b-1800"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fCSW9cLoAkRr2TiipdrPGW98lIytmylDfUZvfPZU4A1v19GcQtfOpy1abOUB5G%2Frmg5TrMvee9PaOSLPPsVEG871R3Ee5dsB2QveVpNpSZedHXrIy1c7uWdfwLDtGXA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d079156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 scripts.min.js Show response
www.nisos.com/wp-content/themes/Divi/js/ 268 KB
62 KB 77ms
73ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/themes/Divi/js/scripts.min.js?ver=4.20.4

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97490bd354a26885acf09c0ba5b4c3c76d12bb55193f13456d3aa2ded6eda6fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,0078fe226f21135f02b76b9cea82d51452e37145e772c0de1ad7931b4196d7b1
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 7506
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:46:19 GMT
server: cloudflare
etag: W/"642f056b-42f5a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xmkyZhXGzbVLTNclenEhGTinuwQ9U%2BWaqYYJM8JrFMmNhNMb25ewk1aJu5pUZS9%2B6ht1UecM4PbMAIsuDV%2Fu7eXYImr%2BOYOjj8gioeETfG%2BCcuVd0KiGqX4cNvo3mvw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d099156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery.fitvids.js Show response
www.nisos.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 3 KB
2 KB 66ms
63ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.20.4

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,7f53c136c574ac7f93303a17b8c2e84d7698ba503053c26c12a25b7b65d2e809
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 176230
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:46:19 GMT
server: cloudflare
etag: W/"642f056b-d15"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CghLu4OxVtZDq8fAt10dRooZ0gzdnezCFbVlOYQkVGaHwKgw0MHzWWalzzsKe%2FkIlkmXZ21%2FBaA8czJvKTy8LaMWp1eJRR99JIEdZrEZoKQisswRTqsRD6zGgNY7XPI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d0c9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend-bundle.min.js Show response
www.nisos.com/wp-content/plugins/dg-advanced-heading/scripts/ 16 KB
4 KB 63ms
59ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/dg-advanced-heading/scripts/frontend-bundle.min.js?ver=1.0.1

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36e3278d17196da0532b353687c478f36936ecc8b6493d0b176ba69fdff05427

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,c231fe047aace500e7fb3a658afade5bf646b52fb2f2451aa05032563266a943
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Sep 2022 14:34:06 GMT
server: cloudflare
etag: W/"6319fd5e-40a4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TcrzA%2F67Og7NVLil84n6HMQSrtTdcU0QecscZxLLTbOIGR%2FP4bjVU%2Bsu81R3yDYq42tvsF34yN2FVYbnKoIiqRTrQKaYqF%2FOFy62zvIqnG0bZ1AYIgT7AHSPB9GJfPw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d0d9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend-bundle.min.js Show response
www.nisos.com/wp-content/plugins/dg-blog-carousel/scripts/ 4 KB
2 KB 61ms
58ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/dg-blog-carousel/scripts/frontend-bundle.min.js?ver=1.0.15

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1786585ac9beb929463e7f963468e7e40da9b7b0111a0aab6673abdd2309b0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,b7d3ae58bce83150d812aa0cf8fb54ef4132df3ccfd7a0b7c69e118919a2446e
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169447
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Aug 2022 16:43:00 GMT
server: cloudflare
etag: W/"62e95414-1054"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RwiCUPtepiTUSHsPTp4rRiCzhOjjS5R0%2B1j0z2K0JfEUzLLLon2vOlYG5OU1zbCBjkhJQ%2FS2PMt2l6FoVXzzQ%2FexiZMc4zFoy70A%2Bk%2BYXCVAdwcfR4vw9Spm%2Bd%2BGR4g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d0f9156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 common.js Show response
www.nisos.com/wp-content/themes/Divi/core/admin/js/ 1 KB
1 KB 61ms
58ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.20.4

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,350374433f14b9e16af3c54b9a984c379cdda6c3314c5fa4572f3406a048d4fe
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:46:18 GMT
server: cloudflare
etag: W/"642f056a-53f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=spDmemejz5BHlEC7LhyHTqe7ora5tJoDDm8T8kC4reRFmtcBKtbk6bcUMdIbBNQmNKs3DSgCJxfhMn0RpjfVajR3htIkMFrKtisTJbjgeeG1O%2BvTcXl2Q8O8rpo4JGg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d109156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 lazyload.min.js Show response
www.nisos.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 9 KB
4 KB 93ms
90ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,a19d81d2b3a4e8aab2799c388ddcec8c72ef5af8b1bd2f9718c88cf1557ecadd
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 176239
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 10 May 2023 12:27:01 GMT
server: cloudflare
etag: W/"645b8d95-22bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lp8MWBq7MhMLqL3bZL2KkS53cavt8a2lXuhAM75rgsvwjct%2Fp%2FOZFeCLjgbgX6ADkLG5pihxSNyXpN4uth0nc4%2F5AKma1nakQccv7Zk%2B8hPTubkJ55bJfZCYejnQAFA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d159156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 255 KB
89 KB 119ms
66ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TCFL7R7

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

40e0507ce4a240a0e28a21fe17d0a8a418423eceea15f51d57b77f07d70c5cca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 90694
x-xss-protection: 0
last-modified: Wed, 14 Jun 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 14 Jun 2023 15:40:28 GMT

GET
H2 200 hotjar-3206651.js Show response
static.hotjar.com/c/ 9 KB
4 KB 101ms
36ms Script
application/javascript 18.66.192.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3206651.js?sv=5

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.192.125 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-192-125.muc50.r.cloudfront.net

Software

Resource Hash

12d03201aa733372057226d7a64c2fa3544859acb87fd88347950d1fbe66727a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Wed, 14 Jun 2023 15:40:28 GMT
via: 1.1 6ef87569c26a159f552948d3c30a2be0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 41
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/91c8c2780ab96eb20c5a53bda714aa6d
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: uAj8g_icBvNtggvxG_GEcE9KS3-6380VZGG3k5ghsgcs52IJn69Wtg==

GET
H2 403 lt-v3.js
lltrck.com/scripts/ 0
0 374ms
113ms Script
text/html 52.200.29.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lltrck.com/scripts/lt-v3.js?llid=33234
Requested by: Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.29.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-29-199.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 6si.min.js Show response
j.6sc.co/ 35 KB
11 KB 138ms
24ms Script
application/javascript 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 May 2023 00:27:16 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64641f64-8a3f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 11052
expires: Wed, 14 Jun 2023 15:40:28 GMT

GET
H3 200 et-divi-dynamic-tb-9107-late.css
www.nisos.com/wp-content/et-cache/notfound/ 628 B
883 B 102ms
100ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-9107-late.css

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

925d5ba38a0c2f9ab7df22566d1b0eec56615e69ea93b84c5e79a7f3074eb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,f4b3b59bfbc6d2cfd542d8c58d34ce9cbf6150ed35167059d381c9c8631bfedd
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 174
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 13 Jun 2023 20:49:18 GMT
server: cloudflare
etag: W/"6488d64e-274"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L4gZEmsr556TRZ1%2BCjz%2BScYps61h7eAWsmaqixb2r9cjeXlpPLnRt591CixMenXG1fY5xjJ%2FiKUfUryPHvVKrVyqtw4mc1UDqSCF47LcEajpSmrJ06OGnnuMZJxp0M0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac054d179156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtuZnIGiV3w.woff2
fonts.gstatic.com/s/assistant/v18/ 13 KB
13 KB 78ms
24ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/assistant/v18/2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtuZnIGiV3w.woff2

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71e85b13d24a31d782e71da9f9192b5160369ec5ad1cb37988555d3eb93225d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nisos.com/
Origin: https://www.nisos.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 18:14:20 GMT
x-content-type-options: nosniff
age: 77168
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12868
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 19:44:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Jun 2024 18:14:20 GMT

GET
H3 200 modules.woff
www.nisos.com/wp-content/themes/Divi/core/admin/fonts/modules/social/ 10 KB
7 KB 89ms
89ms Font
application/font-woff 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nisos.com/wp-content/themes/Divi/core/admin/fonts/modules/social/modules.woff

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-9107-late.css?ver=1686688277

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20476c3fffc3c6f35095c566e8eff0342e3ddb73841c39b58455dc970522e7f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nisos.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-9107-late.css?ver=1686688277
Origin: https://www.nisos.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,d48bfb68e0c79abe90e09219ab29fbbce8c657ef768bca57e406056af03018b3
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 108393
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 06 Apr 2023 17:46:18 GMT
server: cloudflare
etag: W/"642f056a-28e8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oiO5GnJiw3cbHRsOHONlziyN9JlP6iGZmZjUUaAtyrMuHu6bMbYQ1hXczwmKbbxs2WnS6QPWrYshLaR3fjljpeHgEGA9OgjISu%2B1eN7hTVxs4R%2ByE6TuCfo%2FOzkDLIc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 7d73ac056d309156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2
fonts.gstatic.com/s/rubik/v26/ 24 KB
24 KB 95ms
45ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v26/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ece9d22203d0bc59232a7ff5bc7b4df4342c89630387b0366595ba92b724957e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nisos.com/
Origin: https://www.nisos.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 01:39:01 GMT
x-content-type-options: nosniff
age: 50487
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24396
x-xss-protection: 0
last-modified: Wed, 08 Mar 2023 21:57:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Jun 2024 01:39:01 GMT

GET
H2 200 2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQttRnIGiV3w.woff2
fonts.gstatic.com/s/assistant/v18/ 13 KB
13 KB 90ms
40ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/assistant/v18/2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQttRnIGiV3w.woff2

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd94017c98cb7e9337f4bcc1e3dbf22ad1e048853d188bf896591d9e1f11af67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nisos.com/
Origin: https://www.nisos.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 15:47:48 GMT
x-content-type-options: nosniff
age: 345160
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12880
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 19:44:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 Jun 2024 15:47:48 GMT

GET
H2 200 2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtjhgIGiV3w.woff2
fonts.gstatic.com/s/assistant/v18/ 12 KB
13 KB 71ms
21ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/assistant/v18/2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtjhgIGiV3w.woff2

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3175dd776c73e3f90beb2340fd7d138a7fce24c1054a73f08216b1aa7e357534

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nisos.com/
Origin: https://www.nisos.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 23:16:34 GMT
x-content-type-options: nosniff
age: 318234
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12768
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 19:45:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 Jun 2024 23:16:34 GMT

GET
H2 200 2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtgFgIGiV3w.woff2
fonts.gstatic.com/s/assistant/v18/ 12 KB
13 KB 105ms
55ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/assistant/v18/2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtgFgIGiV3w.woff2

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ca9f43967b272f585a9feb7ffc604462bea2cd2339e0a173899fe45e95b37c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nisos.com/
Origin: https://www.nisos.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 09:23:06 GMT
x-content-type-options: nosniff
age: 109042
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12772
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 19:44:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Jun 2024 09:23:06 GMT

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 59 KB
13 KB 85ms
30ms Fetch
text/css 2606:4700:e6::ac40:cb1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=9379eed59c
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/9379eed59c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:cb1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
via: 1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 111249
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GsMnfQcgJRSARQa798iFOIl%2B%2B130NSR%2Fzn3G1PKAyFJlCCtvN7cGhtVv9u6k4t6tA0soLdZV8Ld5BvrJrVRGtCVPZjnqh7Vcy6bLJ4ZB88O5cT93oEHzWBMOqPN%2BOuSFRPvvNMIKF9VicezNt9oOQMrJxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7d73ac064a479b76-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: jSJlH0c01qV3K15KWd3baEHzy_yip0S--aS7SanQ49rgGQdRKvhY8Q==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 26 KB
4 KB 88ms
32ms Fetch
text/css 2606:4700:e6::ac40:cb1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=9379eed59c
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/9379eed59c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:cb1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
via: 1.1 3fdf3aacaef6ec40c4eedb85c8144da2.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 171945
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w9Qphzq44PLBhG7Xy728Hr2GhVjMVbD142dIx1JoO56vFI0%2F68ML%2FxC%2FJYuiert%2F94zhlurN4CtLyNU6rnbKeeDuShj1ow0WjRQxrrxQNEYwa0WlWmBpAEpoM4o5O3Xp7tKSa%2FnFbZG2EpTLjETAuBdhRg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7d73ac064a499b76-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: Tiy9sAJEa66vbVN2bhKn6E14hnpAObSrVhSOQRbFnsf2DxD2gfAXBw==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 3 KB
2 KB 84ms
29ms Fetch
text/css 2606:4700:e6::ac40:cb1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=9379eed59c
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/9379eed59c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:cb1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
via: 1.1 0335d8a6e5dbedaa3f85a6ff68c7805a.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG52-P2
age: 169446
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bTxfP8L9FJyK8217EPDkCpNPcq53td4fJXXfDFXPoQusLO4lWrXMZeYoc9ZNSUKR5aQ%2BBM5QKgwyUQjpuCztqUxwt1%2BLfXCdx6virvukxci%2BvcMyXyPibyJY8gbU7%2BwoLMONI5MtszK55AyoIj%2FTMEBSqg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7d73ac064a4c9b76-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: bht331G0DCJLnLM_wICNiZYFMQhJCRJXAKV6JsMo8hIs82ZbE2jIoQ==

GET
H2 200 modules.5718b73ab85bca652332.js Show response
script.hotjar.com/ 270 KB
69 KB 102ms
31ms Script
application/javascript 99.84.88.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.5718b73ab85bca652332.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3206651.js?sv=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.88.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-88-12.muc50.r.cloudfront.net

Software

Resource Hash

5bad0658ea23d85d08fe0c5484686cf9c7e7ebefefc47627c8013a0f1647c289

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 09:34:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 21981
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 70036
last-modified: Wed, 14 Jun 2023 09:33:13 GMT
etag: "aa0a9ff38247ad4cf62104f735a1a78c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: DLQyvFMVJ5sMb5ycwmM-t0C_QtrOHeKsLRcg1AiCqNM3A_B3YwDi2w==

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 101ms
48ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFL7R7

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 14 Jun 2023 15:40:28 GMT
last-modified: Thu, 11 May 2023 18:08:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5D9EEA5AAFFE43CBAB4B997F0D54E99E Ref B: FRA31EDGE0720 Ref C: 2023-06-14T15:40:28Z
etag: "80df77953384d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12183

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 120ms
38ms Script
application/x-javascript 2a02:26f0:3100::1735:28f0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFL7R7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28f0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=34670
accept-ranges: bytes
content-length: 4777

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 67 KB
22 KB 132ms
28ms Script
text/javascript 2600:9000:20c3:1000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFL7R7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 226c9a2c80c75e3c5d7d197c484adb7d63e6ea36270af348bc223be73e8cd059

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

X-Amz-Version-Id: 7FBoqqSL1b96.AgPH.JEYo4TSgYS0kb0
Content-Encoding: gzip
Via: 1.1 a1e8102a85e1e5a1d6e04d628d5dc180.cloudfront.net (CloudFront)
Date: Wed, 14 Jun 2023 15:08:36 GMT
Age: 1939
X-Amz-Cf-Pop: MUC50-C1
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 09 May 2023 21:27:29 GMT
Server: AmazonS3
Etag: W/"7866810a321f41ea101e7bcfaa572323"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: XEXtscebPfbl9lilMjNnyEM8VrHDUGzWQmeKu3OjLYdnFUvaprlGmw==

GET
H2 200 / Show response
c.6sc.co/ 7 B
192 B 29ms
21ms XHR
text/html 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-162-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.nisos.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 35 B
328 B 96ms
21ms XHR
text/html 2a02:26f0:7100::210:172
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e138af303de806c49edb94be80e081bd3160788645d900acdcbef59eafc3a8af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 15:40:28 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.nisos.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:1010:3:1011:8d3e:58b0:dbb
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468543_34603374_648698383_21_983_19_0_-";dur=1
content-length: 35
expires: Wed, 14 Jun 2023 15:40:28 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 250ms
249ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3dfff14e51083acf56ac79a38773850e&svisitor=null&visitor=9492fd09-cdd2-4327-8c86-56ff63ec9503&session=f79d563e-2fda-4b24-828f-10ad6ef0eab1&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2014%20Jun%202023%2015%3A40%3A28%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2015%3A40%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%223dfff14e51083acf56ac79a38773850e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2015%3A40%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2015%3A40%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Nisos%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&pageViewId=a21956bb-247c-4ecf-86fb-0b15d59e844e

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 255 KB
87 KB 41ms
40ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CTEG3MX1VW&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-145073476-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ec5b093c01e73e57b35ff693fca913647edc1add2c8db87b1cd5cf2dcf722a6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88926
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 14 Jun 2023 15:40:28 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 73ms
22ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-145073476-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 14 Jun 2023 14:35:27 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 3901
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Wed, 14 Jun 2023 16:35:27 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
253 B 81ms
28ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-CTEG3MX1VW&gtm=45je36c0&_p=688034880&_gaz=1&cid=1571934386.1686757229&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1686757228&sct=1&seg=0&dl=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&dt=Page%20not%20found%20-%20Nisos&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CTEG3MX1VW&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 15:40:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nisos.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
253 B 85ms
28ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-CTEG3MX1VW&cid=1571934386.1686757229&gtm=45je36c0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CTEG3MX1VW&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 15:40:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nisos.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 95ms
45ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-CTEG3MX1VW&cid=1571934386.1686757229&gtm=45je36c0&aip=1&z=1863196471

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 15:40:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
206 B 29ms
29ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=688034880&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&ul=en-us&de=UTF-8&dt=Page%20not%20found%20-%20Nisos&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=583018138&gjid=466227828&cid=1571934386.1686757229&tid=UA-145073476-1&_gid=247910834.1686757229&_r=1&gtm=457e36c0&jsscut=1&z=1187828314

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nisos.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 15:40:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nisos.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 272ms
272ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3dfff14e51083acf56ac79a38773850e&svisitor=null&visitor=9492fd09-cdd2-4327-8c86-56ff63ec9503&session=f79d563e-2fda-4b24-828f-10ad6ef0eab1&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A1010%3A3%3A1011%3A8d3e%3A58b0%3Adbb%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Nisos%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&pageViewId=a21956bb-247c-4ecf-86fb-0b15d59e844e

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 204 3206651 Show response
vc.hotjar.io/sessions/ 0
256 B 102ms
48ms XHR
text/plain 18.66.112.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/3206651?s=0.25&r=0.16544346036288426
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.5718b73ab85bca652332.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-110.fra56.r.cloudfront.net
Software: Python/3.8 aiohttp/3.8.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
via: 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
server: Python/3.8 aiohttp/3.8.4
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: 2APXU0oOfjH-01lB6m-e8iceZe2vOFb5S4ImytxFy23K2oeqBaLOhw==

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/3206651/ 148 B
322 B 184ms
56ms XHR
application/json 52.213.12.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/3206651/visit-data?sv=5
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.5718b73ab85bca652332.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.213.12.174 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-12-174.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ca9d3bdace9ebc26af8da67aaf1e2392aa60db9e2b889568f318a768773c3a68

Request headers

Referer: https://www.nisos.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 29ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-145073476-1&cid=1571934386.1686757229&jid=583018138&gjid=466227828&_gid=247910834.1686757229&_u=YADAAUAAAAAAACAAI~&z=860551956

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nisos.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 14 Jun 2023 15:40:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nisos.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 149003803.js Show response
bat.bing.com/p/action/ 0
118 B 175ms
174ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/149003803.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 14 Jun 2023 15:40:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 45310CF091194D9D91BABB4449044846 Ref B: FRA31EDGE0720 Ref C: 2023-06-14T15:40:28Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
287 B 44ms
44ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=149003803&tm=gtm002&Ver=2&mid=1f72ab58-025a-4e4e-8d53-af910aa35e63&sid=c9ed04800ac911eebde463cd633f576b&vid=c9ed25f00ac911ee86b2dbf0002ac5ba&vids=1&msclkid=N&gtm_tag_source=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Page%20not%20found%20-%20Nisos&p=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&r=&lt=900&evt=pageLoad&sv=1&rn=489193

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 15:40:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A2BF69DB7E104D0A9AE9EE03189C16B9 Ref B: FRA31EDGE0720 Ref C: 2023-06-14T15:40:28Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4343073/domain/nisos.com/ 36 B
377 B 82ms
27ms XHR
application/json 2600:9000:237d:7c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4343073/domain/nisos.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:237d:7c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.nisos.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 14:01:50 GMT
content-encoding: gzip
via: 1.1 ac1ae217387c42a8268a34d5a89f4b46.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 5917
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=11068
x-amz-cf-id: z67vbIrmWPgVKtgOKpvm8IC4xg0xPaQr_4NChaajo9zEhfdLsELMuQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757228758&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757228758&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4343073%26time%3D1686757228758%26url%3Dhttps%253A%252F%252Fwww.nisos.com%252Frese...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757228758&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757228758&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=tr...

0
266 B

280ms
208ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757228758&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=true&e_ipv6=AQK-aXS_2NK5tQAAAYi6kMO3FNcnEZbxAsC9_q9tWvk-R_NxDnwrgx63UBLrJJcR5BAnHAGPxxtw9F6CSAcX7l77h6Ar
Requested by: Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: DDA638D44E654577A02D21A8996F91C5 Ref B: DUS30EDGE0412 Ref C: 2023-06-14T15:40:29Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX+GMWAcP7JmH2eGjzAUA==

Redirect headers

date: Wed, 14 Jun 2023 15:40:29 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: EB2F66A602964BB9A66847768C0F3122 Ref B: FRAEDGE2005 Ref C: 2023-06-14T15:40:29Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757228758&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=true&e_ipv6=AQK-aXS_2NK5tQAAAYi6kMO3FNcnEZbxAsC9_q9tWvk-R_NxDnwrgx63UBLrJJcR5BAnHAGPxxtw9F6CSAcX7l77h6Ar
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX+GMV8Zn7cwT/B/S/ILw==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/exp/ZCNLOBHP6JAMPK46MHW4HJ/ 38 B
795 B 28ms
28ms Script
application/javascript 2600:9000:20c3:1000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/ZCNLOBHP6JAMPK46MHW4HJ/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e6c19d4ee9832249a4a542057fe1cda984efb525973cb294831ec5ecc42367f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

X-Amz-Version-Id: DjOpQH2sw6uC5p3PKudk47QAd2CrhYAs
Date: Wed, 14 Jun 2023 15:33:20 GMT
Via: 1.1 a1e8102a85e1e5a1d6e04d628d5dc180.cloudfront.net (CloudFront)
Age: 27882
X-Amz-Cf-Pop: MUC50-C1
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 38
Last-Modified: Tue, 21 Mar 2023 16:36:52 GMT
Server: AmazonS3
Etag: "f5a64db38c4218cefe3f9d7531faf9a1"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: kuZ3pqASuSxJDj5qmcM-Nm54ZtR-P2OksK7fyRjv3C5TlTcWy8kKAQ==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/ZCNLOBHP6JAMPK46MHW4HJ/FQF5LWUC4ZDBZCUBYYYETE/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
756 B

28ms
28ms

Script
application/javascript

2600:9000:20c3:1000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Requested by: Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol: HTTP/1.1
Server: 2600:9000:20c3:1000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date: Tue, 13 Jun 2023 20:37:20 GMT
Via: 1.1 a1e8102a85e1e5a1d6e04d628d5dc180.cloudfront.net (CloudFront)
Age: 68607
X-Amz-Cf-Pop: MUC50-C1
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: aAgNnvDNRwY2IMUDKLVarRfdYNvXmPRMLHlg7viCYlgzXwsD1YzZdA==

Redirect headers

Date: Wed, 14 Jun 2023 07:55:46 GMT
Via: 1.1 a1e8102a85e1e5a1d6e04d628d5dc180.cloudfront.net (CloudFront)
Age: 27882
X-Amz-Cf-Pop: MUC50-C1
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 9cTEKxyEM6XcclbwKd9hXReTj1FyDPR8uwg9KXGFp2A9Wa_M8YdOxg==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/ZCNLOBHP6JAMPK46MHW4HJ/FQF5LWUC4ZDBZCUBYYYETE/ 0
808 B 81ms
29ms Script
text/javascript 2600:9000:20c3:1000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/ZCNLOBHP6JAMPK46MHW4HJ/FQF5LWUC4ZDBZCUBYYYETE/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:1000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

X-Amz-Version-Id: _bUiIGpFoqC9pllPMxuBpAUJZavfgMUL
Date: Wed, 14 Jun 2023 15:33:22 GMT
Via: 1.1 2d469870f5a756385a1eb37325629a1e.cloudfront.net (CloudFront)
Age: 427
X-Amz-Cf-Pop: MUC50-C1
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Mon, 12 Jun 2023 12:21:56 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 2cIYjRPqOSGgVCHPYWc9kDNWxjk8XudU65xBtsON2hIMPsEW2mrxdw==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 100ms
49ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-145073476-1&cid=1571934386.1686757229&jid=583018138&_u=YADAAUAAAAAAACAAI~&z=1913002676

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 15:40:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 46ms
46ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-145073476-1&cid=1571934386.1686757229&jid=583018138&_u=YADAAUAAAAAAACAAI~&z=1913002676

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Jun 2023 15:40:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 545 KB
88 KB 103ms
37ms Script
application/javascript 2606:4700::6811:806e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:806e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53c6e25ad853b5a6ad922795465a0e178c87af06b8a7ab3bde53b7b6939902c8

Request headers

Referer: https://www.nisos.com/
Origin: https://www.nisos.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-encoding: br
age: 17619
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1213/bundle/main/lead-flows-release.js&cfRay=7d71fddf3cd0162f-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"e0a28490756bd60883ddd702b459f472"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1213/bundle/main/lead-flows-release.js
date: Wed, 14 Jun 2023 15:40:28 GMT
x-amz-version-id: 8pz0uDcBGYlrsmWQyDnHbF47HkG8cM.I
via: 1.1 61bbe72b71f7b857c695c31fdeb7b3a6.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P1
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3f792d9d-1455-4f75-9247-c4eaa3833114
last-modified: Tue, 06 Jun 2023 12:07:08 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-frzj9
cf-ray: 7d73ac0888a09b3f-FRA
x-amz-cf-id: D90L6IMg-ihfl_QE9oO-pFMGbWb612o4oLaCZPqbDUnGOHhCQVxjPA==

GET
H2 200 6068438.js Show response
js.hs-banner.com/ 60 KB
16 KB 96ms
31ms Script
text/javascript 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/6068438.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea452eadc5efaf0bc3c4c5285e5f1b4f4c92a5b01c26c99d7f5f89c9442749ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
x-amz-version-id: lPvgFgL3qGjwKQFUqumxetd2DFL88LOM
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: ZA93X9K8QCGMF7E0
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
age: 75
x-envoy-upstream-service-time: 57
x-amz-id-2: wvVF8FX20rtfRe3Qf+kkOiJ+mU3luevL0H+qfYaEImF2GqfH5xbduUSSn5AYd4VOXU6kkYV2YG4=
x-evy-trace-listener: listener_https
x-request-id: 340f7a7c-b106-46a4-af4a-f36e1ec84749
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 17 Apr 2023 15:46:35 GMT
server: cloudflare
etag: W/"21995b8612a52259cde29a69cc701923"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.nisos.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-f4w7q
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7d73ac088aec18b3-FRA
expires: Wed, 14 Jun 2023 15:44:13 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 95ms
29ms Script
application/javascript 2606:4700::6810:78be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:78be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eed334d1c96abd8c03aacf86a2a30fb9d391290f27e49b0fa456a7af8f1a1bf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
x-amz-version-id: wXOaVt.1FYp5SJSGbufdokAhWgyD7J.j
via: 1.1 25d9b5959eaa82bb18ee3f35e6bf34b4.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD12-P1
age: 597
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.381/bundles/pixels-release.js&cfRay=7d739d7339062c19-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 29ec3d74-fa6e-41a7-aeba-4128eb824055
last-modified: Mon, 05 Jun 2023 12:31:29 UTC
server: cloudflare
etag: W/"3907b3424cd18a581148905ead09299a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-s8xd8
cf-ray: 7d73ac088c722c5f-FRA
x-amz-cf-id: Y3JTU0ZQ9zIzE6TaieUVCt4T_1L93DNVzNuAbr22Kdb_YKRay9YcjA==
x-hs-target-asset: adsscriptloaderstatic/static-1.381/bundles/pixels-release.js

GET
H2 200 6068438.js Show response
js.hs-analytics.net/analytics/1686757200000/ 66 KB
21 KB 565ms
499ms Script
text/javascript 2606:4700::6810:8ace
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1686757200000/6068438.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8ace , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc75fde9d885436158a8f8cf693cd18c626e9ae9ebae204e19df8832220a9588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:29 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: W3R7HR2DXHY58B6F
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-envoy-upstream-service-time: 34
x-amz-id-2: OgilrvI+y8zIYlg/WrIH8WyAynyJdd7593dUPlEt01wueYIZmc+0/nmSEt/RVawX1HACL+ZMgo4=
x-evy-trace-listener: listener_https
x-request-id: 5693729c-1a9f-4e79-8549-e76476379eb8
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 31 May 2023 18:58:16 GMT
server: cloudflare
etag: W/"53f50056e73efe4d372a3c3d7b9e2afa"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-2sbs7
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7d73ac0889639962-FRA
expires: Wed, 14 Jun 2023 15:45:29 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 98ms
33ms Script
application/javascript 2606:4700::6811:6cc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6cc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f148a333a7585ab1391cceb303d946f5bf1b38ba6bb8eae863125ccde728bb3

Request headers

Referer: https://www.nisos.com/
Origin: https://www.nisos.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:28 GMT
x-amz-version-id: S1jmwKbmrdTaJO._teNI0LpuWSvl4WIJ
via: 1.1 31341771a4bfa40d7b1f61883ffb56c6.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD12-P1
age: 386
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.378/bundles/project.js&cfRay=7d73a297aa342bb2-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 11d61425-3ad2-4bf0-9de2-8a31d005bbc3
last-modified: Tue, 13 Jun 2023 09:45:35 UTC
server: cloudflare
etag: W/"b19afd994dc32a5784e74169cca8128a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-cxzff
cf-ray: 7d73ac088e582bdd-FRA
x-amz-cf-id: bCt-fkF_PyWjs7S9PyHK6gGZ6HA4EBBjr_IG0FwsEoEyy2P9uw9YRQ==
x-hs-target-asset: collected-forms-embed-js/static-1.378/bundles/project.js

GET
H2 200 ZCNLOBHP6JAMPK46MHW4HJ Show response
d.adroll.com/consent/check/ 467 B
560 B 484ms
46ms Script
application/javascript 34.252.67.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ZCNLOBHP6JAMPK46MHW4HJ?pv=87395817034.06871&arrfrr=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&_s=1624d6e87667b0c2c97b49beb58c9e82&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.67.122 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-67-122.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: 3d12712965227046026c0ead2501d09957aa06c47d5c6054e090dfed39838fd0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:29 GMT
server: nginx/1.22.1
content-length: 467
content-type: application/javascript

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 248ms
140ms XHR
application/json 18.203.70.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.5718b73ab85bca652332.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.70.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-70-56.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c6d313e1357b4d8b37bb3ef2957e5dfe4fbb962d08ac51a5a3ab7d852d15156b

Request headers

Referer: https://www.nisos.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 14 Jun 2023 15:40:29 GMT
content-length: 56
vary: Origin
content-type: application/json

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
0 165ms
122ms Preflight
application/octet-stream 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.nisos.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.nisos.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 7d73ac091d7e18c1-FRA
content-length: 0
content-type: application/octet-stream
date: Wed, 14 Jun 2023 15:40:29 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-ns2gd
x-evy-trace-virtual-host: all
x-request-id: 255a9031-4581-4907-9abb-a09ca50b0fb6

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
167 B 136ms
136ms XHR
text/plain 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/6068438.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nisos.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 14 Jun 2023 15:40:29 GMT
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: eb8b9905-9db4-4e88-a125-b049b09f54dc
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 16
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 23d87363-5027-4c26-abb7-293f6106ef42
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.nisos.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-2sbs7
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7d73ac09de6318c1-FRA

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
471 B 135ms
135ms XHR
application/json 2606:4700::6811:6cc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=6068438&utk=
Requested by: Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6cc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 486c0b266a6576698325f0f56089aa3891fdc3f6f0d8f162435e3bfca57848fb

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.nisos.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:29 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: a2a4c050-12d8-4342-a751-f9691687257d
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: aeadc4e8-6333-44ca-88b2-298b7b79fb7b
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.nisos.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-xhv87
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 7d73ac08fede2bdd-FRA

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
983 B 189ms
134ms Image
image/gif 2606:4700::6811:d5f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 14 Jun 2023 15:40:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: 79f06846-0cd1-4550-ac79-7167c00b4836
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ca404e67-27d7-4304-98b0-34ddf56c4512
Server: cloudflare
X-Trace: 2B1BE79272EC8FC7290DD95FF70FFA3EA5A4732DEF000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-qr8ft
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7d73ac0a2be09a05-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 526ms
525ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 210ms
159ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=6068438&ct=standard-page&pu=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&t=Page+not+found+-+Nisos&cts=1686757230121&vi=2250baa363e1c34e949375c3aca7f2bc&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 809491e3-cc4e-4aef-a3ed-d315d2d5118a
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c776a9ef-5d48-43fb-aa80-d0ba8afa30cc
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GCoND7SX0KBdF6TQYvhqcY%2Fq%2Bc5J7OavFLTTCPvWifBRBHvmzLep2AXapWwf2eeXa%2BONDYnJwI48jGM0aCmgdXYraBEljW99DiM2C2zQpgo0syBMulsM0Eol83KzPzZbnS7mnhJQioCOe%2BGJgpqI"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-8bmqp
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7d73ac10aadb03d0-FRA
x-robots-tag: none

GET
H3 200 alt-nisos-logo.png
www.nisos.com/wp-content/uploads/2023/04/ 18 KB
19 KB 54ms
54ms Image
image/png 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nisos.com/wp-content/uploads/2023/04/alt-nisos-logo.png

Requested by

Host: www.nisos.com
URL: https://www.nisos.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57f4680898f2af59bf83a8bedb562603677780be4133457db08e6314c6438723

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:30 GMT
ki-cache-tag: 55585fc0-2726-4e8a-bfac-54fdf091b637,9e1cc11f922671cae97c6059e0bef5e438bbaee348bf1fa087f49aef62e5be2d
cf-cache-status: HIT
ki-edge: v=19.0.6;mv=1.1.3
x-content-type-options: nosniff
age: 169449
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 18447
last-modified: Mon, 17 Apr 2023 14:31:45 GMT
server: cloudflare
etag: "643d5851-480f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hCs%2FU9uwySPxNTB9jlSOUfZbnizp7dy7G6xTaD3e3yZ1qP%2BBgAikTlsKdoe0Rk%2B4a2OVVp961NQhaxt7G5Qn2yjP9fU7e%2BhTqfhBbB9l2PkudqI%2FRR3sQjtxAXaGM2w%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
accept-ranges: bytes
cf-ray: 7d73ac106bf29156-FRA
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 220ms
219ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 260ms
259ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:31 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 220ms
220ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:32 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 274ms
274ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:33 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
486 B 224ms
224ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:34 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 232ms
231ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
486 B 242ms
241ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
486 B 293ms
293ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:37 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
486 B 240ms
240ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:38 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 241ms
183ms XHR
application/json 2606:4700::6813:9a53

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=6068438&currentUrl=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

afa546437f15218e413cbd8343d63897a7ddbf9ad316b5e0bb89419b02a98771

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 00c909e0-ab9a-4382-85a7-992cfc075bb5
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 29
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c728ddce-137b-44ae-ab79-dd244e347eea
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.nisos.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NXhH0Iobm0XJkh4LFII7nH%2BD2v0Ibc%2Fsfupk0oEn1Jge3NLtIUjiba2hNtup6vmtzF9%2BD8nnYS1nvWQ1Cj3BPDR15rIrScKClLHHouU1TvLKEvNSvCa22Q78qxD%2Bb0N9ViCX0j%2B2IxgUTPUMEAwl"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7d73ac47eb12193c-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-jkmcj

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 274ms
273ms Image
image/gif 23.36.162.205
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.205 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-205.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nisos.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 15:40:41 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

201 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nisos.com/	1970-01-20 14:42:13	Name: _gcl_au Value: 1.1.2135498111.1686757229
www.nisos.com/	1970-01-20 22:08:37	Name: _gd_visitor Value: 9492fd09-cdd2-4327-8c86-56ff63ec9503
www.nisos.com/	1970-01-20 12:32:51	Name: _gd_session Value: f79d563e-2fda-4b24-828f-10ad6ef0eab1
.nisos.com/	1970-01-20 22:08:37	Name: _ga_CTEG3MX1VW Value: GS1.1.1686757228.1.0.1686757228.60.0.0
.nisos.com/	1970-01-20 22:08:37	Name: _ga Value: GA1.2.1571934386.1686757229
.nisos.com/	1970-01-20 12:34:03	Name: _gid Value: GA1.2.247910834.1686757229
.nisos.com/	1970-01-20 12:32:37	Name: _gat_gtag_UA_145073476_1 Value: 1
.nisos.com/	1970-01-20 21:18:13	Name: _hjSessionUser_3206651 Value: eyJpZCI6ImYyOTA2ODEyLTFmMzAtNWVhNy1hMTBlLTgwZWEyYmQ1MjdkYyIsImNyZWF0ZWQiOjE2ODY3NTcyMjg2ODYsImV4aXN0aW5nIjpmYWxzZX0=
.nisos.com/	1970-01-20 12:32:39	Name: _hjFirstSeen Value: 1
.nisos.com/	1970-01-20 12:32:37	Name: _hjIncludedInSessionSample_3206651 Value: 1
.nisos.com/	1970-01-20 12:32:39	Name: _hjSession_3206651 Value: eyJpZCI6IjhlOTU1M2JjLTdmZGEtNDE3Ny04NzRmLTU5Yzg2NjMzYjNjMiIsImNyZWF0ZWQiOjE2ODY3NTcyMjg2OTQsImluU2FtcGxlIjp0cnVlfQ==
.nisos.com/	1970-01-20 12:32:39	Name: _hjAbsoluteSessionInProgress Value: 1
.nisos.com/	1970-01-20 12:34:03	Name: _uetsid Value: c9ed04800ac911eebde463cd633f576b
.nisos.com/	1970-01-20 21:54:13	Name: _uetvid Value: c9ed25f00ac911ee86b2dbf0002ac5ba
.bing.com/	1970-01-20 21:54:13	Name: MUID Value: 3B8BA16D3D8365B52D05B25D3C2F64F6
www.nisos.com/	1970-01-20 12:34:03	Name: ln_or Value: eyI0MzQzMDczIjoiZCJ9
.6sc.co/	1970-01-20 22:08:37	Name: 6suuid Value: cdd5ce17b97e06006cdf896492030000d98c1f00
.linkedin.com/	1970-01-20 14:42:13	Name: li_sugr Value: c874cd08-a81c-4ea5-9cb8-a0d6c527a6db
.linkedin.com/	1970-01-20 21:18:13	Name: bcookie Value: "v=2&e44109a6-a445-4840-8581-a47cdcf66f89"
.linkedin.com/	1970-01-20 12:34:03	Name: lidc Value: "b=OGST06:s=O:r=O:a=O:p=O:g=2673:u=1:x=1:i=1686757228:t=1686843628:v=2:sig=AQETsaLeJmhr7WoND7M08x_ozN4FjHYc"
.linkedin.com/	1970-01-20 13:15:49	Name: UserMatchHistory Value: AQIt0F_uYoA_EAAAAYi6kMIjwLvEGrN4DaGjhE9_AWhrDFKfCTIz49DFYWns0K6I-jllK8L3CBVTZg
.linkedin.com/	1970-01-20 13:15:49	Name: AnalyticsSyncHistory Value: AQIIOkdmGs7dXAAAAYi6kMIjT8QZBQo6QoTH6lrbeZsZpnBLf1txKX-qMCLdc2-EdaF1jFrvIOP3bHxLzuZneA
.www.linkedin.com/	1970-01-20 21:18:13	Name: bscookie Value: "v=1&202306141540291e470c11-dc4f-4ee1-80e4-249db78b3100AQEQATZ1q822P_kwCc4EjXngkC5kdFU3"
.linkedin.com/	1970-01-20 16:51:49	Name: li_gc Value: MTswOzE2ODY3NTcyMjk7MjswMjGQpqWxH3Uoq9l6DDOvmQWhqXa6yLY1C85G4yP+AJUEEg==
.hubspot.com/	1970-01-20 12:32:39	Name: __cf_bm Value: BPJlGzKWC4cKC_cYESBojUVWx9.hTsmjW6tMtslj2sQ-1686757230-0-AdaQYl+sabak+ycoNCC89Cbi8y8QLSV9duRaaR9V0jgLQkDRKeGT6nMJYQ9mm/I7Fmn5aWqD/cGlzUoN7oY6YlQ=

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.nisos.com/research/trigona-ransomware-explained/*IOCs:IP Message*: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://lltrck.com/scripts/lt-v3.js?llid=33234 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.6sc.co
bat.bing.com
c.6sc.co
cdn.linkedin.oribi.io
content.hotjar.io
d.adroll.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
in.hotjar.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
ka-f.fontawesome.com
kit.fontawesome.com
lltrck.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
track.hubspot.com
vc.hotjar.io
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.nisos.com
13.107.42.14
162.159.134.42
18.203.70.56
18.66.112.110
18.66.192.125
2001:4860:4802:34::36
2001:4860:4802:36::178
23.36.162.205
2600:9000:20c3:1000:6:9280:1080:93a1
2600:9000:237d:7c00:2:53b2:240:93a1
2606:4700::6810:78be
2606:4700::6810:8ace
2606:4700::6811:6cc7
2606:4700::6811:806e
2606:4700::6811:d5f3
2606:4700::6812:1634
2606:4700::6812:18c4
2606:4700::6812:853b
2606:4700::6813:9a53
2606:4700::6813:9b53
2606:4700:e6::ac40:cb1c
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:829::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2003
2a00:1450:4001:830::200a
2a00:1450:400c:c0c::9a
2a02:26f0:3100::1735:28f0
2a02:26f0:7100::210:172
34.252.67.122
52.200.29.199
52.213.12.174
99.84.88.12
0521badda7c602b73185aa5e23dd04fcb5f5ce5e0f1d693ff2cf9474178c1fee
0a75aa5bab9865958cd01d39856dc37e96491296ef55f5d2fdce2915b1ea1c58
0e53a639010f02dd7e7c3859f82daeffa535fc069b3e4145640af023dc386f86
10fd67d6c6eac5cdfda0b370fb6b23bc1fc4b9f1f1a7cb8b401aac906f2a6822
12d03201aa733372057226d7a64c2fa3544859acb87fd88347950d1fbe66727a
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
20476c3fffc3c6f35095c566e8eff0342e3ddb73841c39b58455dc970522e7f7
226c9a2c80c75e3c5d7d197c484adb7d63e6ea36270af348bc223be73e8cd059
2414767fbf3e93d3269cb3795b6c667da0f58a8f662dfd8aabb0807243d1134f
26764edc2000ff1b83064a99effb1fe10e7cddf5b1a2c406a6d10a86b852eda6
2b4e13a4e12823ec6fe43ef5d7775abe7c9badf09c6f51693eb7722a924c68e9
2d6a60541b6205300575d1c6a1e92c4c139f4dccadfe00ff9b3a85ceb6c81110
3175dd776c73e3f90beb2340fd7d138a7fce24c1054a73f08216b1aa7e357534
36e3278d17196da0532b353687c478f36936ecc8b6493d0b176ba69fdff05427
3d12712965227046026c0ead2501d09957aa06c47d5c6054e090dfed39838fd0
40e0507ce4a240a0e28a21fe17d0a8a418423eceea15f51d57b77f07d70c5cca
43b5c9ad80f0a5d1c63568583e9cf6cd5ca8454a680f4ee80d5d63d00b15a360
43bfa4cb8df3cc265a138e9e526679040ac26b50498319031ad41b77c6f01f84
462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace
46bbc7b22b8c58dc664cd4b31da0906636b96c8d64b839b1671d3eff081f6c1e
486c0b266a6576698325f0f56089aa3891fdc3f6f0d8f162435e3bfca57848fb
4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7
50c36bc2a71485bc6939c1f5de3d1b38ff260d9de91dac1855df0b50c35d81bd
53c6e25ad853b5a6ad922795465a0e178c87af06b8a7ab3bde53b7b6939902c8
5489746d9317f7924511ff59d5781ef51906900a231fe46684c1e512a09ef076
56c81b4086d742cf938f6fbc06de7dab26cce2ea6a889b6cf94a356251495631
57f4680898f2af59bf83a8bedb562603677780be4133457db08e6314c6438723
5bad0658ea23d85d08fe0c5484686cf9c7e7ebefefc47627c8013a0f1647c289
67154bc8868a4e60ffeb64c6512e70acb648a5420a5eb7eaf86b20bb0a8457e3
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
67eb879fb1645c73ccbaac598e815fd3901eb5114228021d686b8b5e470edbbd
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ca9f43967b272f585a9feb7ffc604462bea2cd2339e0a173899fe45e95b37c5
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
6eaff3cbb09a3a966e595e32979f74af982aa32ca919ad7ca87e22c79709add9
71e85b13d24a31d782e71da9f9192b5160369ec5ad1cb37988555d3eb93225d9
71f229efc891fac06cdafe9765967f3dc1ce71db155e7130042e7e64aab7f43a
73881513a7e7f8944a311bea8e80e9fad946e256ae74d62b5c8d469dc6df0186
754233622f501da9f79ca0d4626d442150d84aee8a909201132fa960b2bf803c
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7f148a333a7585ab1391cceb303d946f5bf1b38ba6bb8eae863125ccde728bb3
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
80fa756dda143f69fb3ce750e905cc8188150dc4c6b7539bf3627fe26530b405
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8c90d3c0b0e49b95857fbd4a60728451deb97ac4079be355467deac9ee7de4a4
8e71262c3e6d9eac19580f7725c2f1619790e8feb7fa6f536c029d94dcedc128
8ef3755c1c0e73dd384a7a7c4d07fb899808284d0639a70d7db43fc51c3e6419
9198751141182778ff336c74f4d7e3ad6757f13199c7958dcb7be81182fa2c34
925d5ba38a0c2f9ab7df22566d1b0eec56615e69ea93b84c5e79a7f3074eb02a
97490bd354a26885acf09c0ba5b4c3c76d12bb55193f13456d3aa2ded6eda6fd
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
99a15b32a81b6f965c2e5bd6c582f7ffc73adfa751fc2465a00f3104e7a6cf95
a1786585ac9beb929463e7f963468e7e40da9b7b0111a0aab6673abdd2309b0b
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
afa546437f15218e413cbd8343d63897a7ddbf9ad316b5e0bb89419b02a98771
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b5cec8800ffe6b92993466f61ec4f4d5ee6dee946a942b9356559821585fb650
b6aed488d128d02850cfb20b4de28a2eceffddd04342f413bbe88a141235a976
ba2eeab126375c9cc2fabe9a6fe35f25dea57c52df280e6e24a790f5f45be878
ba7e231732c5791c70061b395c1d28b929f28ed1f6ec000fad64727a36c46da3
bc75fde9d885436158a8f8cf693cd18c626e9ae9ebae204e19df8832220a9588
bd94017c98cb7e9337f4bcc1e3dbf22ad1e048853d188bf896591d9e1f11af67
c6d313e1357b4d8b37bb3ef2957e5dfe4fbb962d08ac51a5a3ab7d852d15156b
ca3af915877e0f119ce0df14dfce6249f76222c600e23882fa7c7f99788971cc
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
ca9d3bdace9ebc26af8da67aaf1e2392aa60db9e2b889568f318a768773c3a68
db5ffd916dbeb4938cc236cb3a42e73a56987f28c5deb9f3beccbe2c4af19307
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e103f8eeb3f4ba878184dea6d2137c6d5d2e0356e62fb5b8385c3d0e0ec598fd
e138af303de806c49edb94be80e081bd3160788645d900acdcbef59eafc3a8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6c19d4ee9832249a4a542057fe1cda984efb525973cb294831ec5ecc42367f7
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
ea452eadc5efaf0bc3c4c5285e5f1b4f4c92a5b01c26c99d7f5f89c9442749ac
eabc19480b6212343af7996aa06029eb00e8a05d9709b4c8b05e3222558a12f1
ec5b093c01e73e57b35ff693fca913647edc1add2c8db87b1cd5cf2dcf722a6c
ece9d22203d0bc59232a7ff5bc7b4df4342c89630387b0366595ba92b724957e
ee7a1a33221cee8138a2fb7ba06f2ec2d170d48bd3d7ec49772240877e0d74a8
eed334d1c96abd8c03aacf86a2a30fb9d391290f27e49b0fa456a7af8f1a1bf8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f820d93daf383e178bda2912f5bee00e90e56390597820622643fa8e5e487143
fa5ba6fab394d537af1ad89a49479e9953ab0f96251532163c794a3ccea938e3
fbcc9f3151a357828aa120dc98bafa35359d42c83b4cd39693009f43e2ae9098
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

www.nisos.com Open in urlscan Pro 162.159.134.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

117 Requests

98 %HTTPS

71 %IPv6

26 Domains

39 Subdomains

34 IPs

5 Countries

1116 kBTransfer

4124 kBSize

25 Cookies

4 Outgoing links

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.nisos.com Open in urlscan Pro
162.159.134.42 Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

98 %
HTTPS

71 %
IPv6

26
Domains

39
Subdomains

34
IPs

5
Countries

1116 kB
Transfer

4124 kB
Size

25
Cookies

117 HTTP transactions
0 data transactions