blog.cyble.com Open in urlscan Pro
192.0.78.213  Public Scan

26 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

• https://s.adroll.com/j/exp/ELNAF2EZDFHJRAP3ODLCUU/index.js HTTP 302
• https://s.adroll.com/j/exp/index.js

Request Chain 117

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1690489668649&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1690489668649&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1690489668649%26url%3Dhttps%253A%252F%252Fblog.cyble.com%252F2023%252F05%252F10%252Funraveling-akira-ransomware%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1690489668649&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&cookiesTest=true&liSync=true

122 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response blog.cyble.com/2023/05/10/unraveling-akira-ransomware/	298 KB 68 KB	260ms 206ms	Document text/html	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 3ebdc4ee1ae3bd4ea0aa1f55f787dc23cc1408f6f9a236e60945ccea72271cbd Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=291, must-revalidate cf-edge-cache cache,platform=wordpress content-encoding br content-type text/html; charset=UTF-8 date Thu, 27 Jul 2023 20:27:45 GMT host-header WordPress.com last-modified Thu, 27 Jul 2023 20:27:36 GMT link <https://blog.cyble.com/wp-json/>; rel="https://api.w.org/" <https://blog.cyble.com/wp-json/wp/v2/posts/17040>; rel="alternate"; type="application/json" <https://wp.me/pbX1h1-4qQ>; rel=shortlink server nginx strict-transport-security max-age=31536000 vary Accept-Encoding Cookie x-ac 2.hhn _atomic_ams BYPASS x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. x-nananana Batcache-Hit x-pingback https://blog.cyble.com/xmlrpc.php
GET H2	200	wp-emoji-release.min.js Show response blog.cyble.com/wp-includes/js/	18 KB 5 KB	175ms 175ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:45 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 02 Feb 2023 00:53:25 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"63db0985-4904" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ blog.cyble.com/_static/	2 MB 214 KB	240ms 240ms	Stylesheet text/css	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJylVNtymzAQ/aEqghhjeOjkUzpCWpONBcvoEsZ/3wXjmtRAyvRFaKWzh7M39Z3Q1AZogwzv0ICXygenePUQvNTeywZbPCMYeXYj0rzwyQvf/Ogfzp2NNbZe1pHNClwtq4jWyMqSvgiLlVPuKn24WlhztepKMYjaodkGfkDolL7cv78+WRM5qWKgRoWA+n4jPtEAdQ44irkcMBjYYTS8HEG8Qn//IbbaRsO5+ODoGazAcmpYwdzoWC84YaFW+jpPyao3383trTS+gzJMfiYK/JkchhgfZVmBrDE+cXBNJCDDbnR/7sV4tiVuUc6/NMeiBt9jB27kuG2XGGJnSZk5w4DvyAdxPCXFtz8UnaO9aqMNyP0Ez+lnJzGwRC6l2KLakF2+pune6nNnyR5NzRrElyi+GZSGTLQwpPvC6+Js3ZWO0y+UMdTO9yLP1LF6zapcl+UhF6fiUJxOabIj4OJQHvfAs+SwB54nT+xraZhSKD1pVPbW71+MNSJNdEEQLfEbA48+2t3yZwYJ1YOnZqLhg8n+fzJ+aluzb4AXeTxZ3D/OTzQO6mjV4lT/XaABPu0H6FvzM83LJCvSLC9/A+ymh2s= Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 4cd6b97c694fe01d045463fa570cb12ace776287055a340e7033a72a79f4862c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 27 Jul 2023 20:27:45 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 27 Jul 2023 18:11:09 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"8d3a8065c070604de9cb7fa5025e2248" vary Accept-Encoding content-type text/css;charset=utf-8 cache-control max-age=31536000 host-header WordPress.com
GET H2	200	css fonts-api.wp.com/	3 KB 685 B	65ms 42ms	Stylesheet text/css	192.0.77.32
General Check archive.org Show headers Download Go to Full URL https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.6 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash a1020a8c9c2ec5c451dfc31ff1564dee690d603c4cb68049328581adc77ca7c2 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:45 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip cross-origin-resource-policy cross-origin x-xss-protection 0 x-nc BYPASS hhn 2 last-modified Thu, 27 Jul 2023 20:27:45 GMT server nginx cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin
GET H2	200	css fonts-api.wp.com/	76 KB 3 KB	64ms 42ms	Stylesheet text/css	192.0.77.32
General Check archive.org Show headers Download Go to Full URL https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 43cd95e62bc0c1b1d69ca1cd990e165063bc64005b3ee18aa947404de928441d Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:45 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip cross-origin-resource-policy cross-origin x-xss-protection 0 x-nc BYPASS hhn 2 last-modified Thu, 27 Jul 2023 20:25:23 GMT server nginx cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin
GET H2	200	front.min.js Show response blog.cyble.com/wp-content/plugins/cookie-notice/js/	8 KB 2 KB	181ms 177ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.9 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 28 Jun 2023 18:11:08 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"649c77bc-21fc" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	179 KB 65 KB	372ms 23ms	Script application/javascript	142.250.186.104
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.104 , United States, ASN (), Reverse DNS Software Google Tag Manager / Resource Hash 46376fa7cb68c54fb9ac022df1c51aaf68ac4747aca7c043229866caa1fc81b1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 66106 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 27 Jul 2023 20:27:46 GMT
GET H2	200	MicrosoftTeams-image-43.png i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/	73 KB 73 KB	39ms 14ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/MicrosoftTeams-image-43.png?resize=1024%2C407&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 53e36237c918e2a3331c2ae9c40462595ad8dc3b5fbbbe8c1ea5283e15366bef Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Wed, 10 May 2023 09:55:19 GMT server nginx etag "e09252335870e1d1" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/05/MicrosoftTeams-image-43.png>; rel="canonical" content-length 74284 expires Fri, 09 May 2025 21:55:19 GMT
GET H2	200	subscribe-to-CRIL.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2021/11/	16 KB 16 KB	33ms 8ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 3 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Sat, 10 Dec 2022 20:48:17 GMT server nginx etag "90f4a9863ca68d73" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <http://blog.cyble.com/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg>; rel="canonical" content-length 16232 expires Tue, 10 Dec 2024 08:48:17 GMT
GET H2	200	v2.js Show response js.hsforms.net/forms/	527 KB 165 KB	485ms 148ms	Script application/javascript	104.16.184.65
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.184.65 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 285e3a9f61142dff4f5abda4ef2dfb3de389251a7e896177b4f8e6b211d112c1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers content-encoding br x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3479/bundles/project-v2.js&cfRay=7ed79ffdec5d39c2-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"2c2b740599b21d2396d7ada645018b0a" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3479/bundles/project-v2.js date Thu, 27 Jul 2023 20:27:46 GMT x-amz-version-id SgDHDcoCL7BDQREHby44tn8AMbx4aR91 via 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status EXPIRED nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 7c32566c-957a-44e9-8e03-b47f16b9e1a9 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 7c32566c-957a-44e9-8e03-b47f16b9e1a9 last-modified Mon, 24 Jul 2023 09:13:37 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OafcysdsZQs47x7Nw5Jicj9xfH8qaDf5pmd6C9%2F2reIegOfDse%2FY0lX%2B1TY%2F0VqvmExmgXrvkaJoThgjcevW%2BEPeow9LJCyN0ro2kPm0nQVJ8jXgrGInRynxgouEeVHk"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-mm66x cf-ray 7ed79ffdec5d39c2-FRA x-amz-cf-id bnhn9Uo28qrzUUbCa9UxOHmTJ-vizR40Brp5em1BPE6lhMK3AaiBfA==
GET H2	200	aib-injectable.js Show response injection.amibreached.com/	2 KB 1 KB	426ms 81ms	Script application/javascript	172.67.71.104
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/aib-injectable.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.71.104 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash 186cb05caa2a06748336b3123d7ac53986a650cffcab18f34e5c0ee3c057f591 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 89c822bb1ce1445a7be6d1057088cfbe.cloudfront.net (CloudFront) cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:50 GMT server cloudflare etag W/"662ed2e07a2c9b151332e0a8da3b9922" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=byyNwl3FQ%2BT3Rgd0FniEMjhaa8OYbzeR33IsZDUOSM975D6hXSazi%2FP3rpHJO4o1hkm44Q9uoOM4ZQGuQeoO%2FzUiR6hObL1b48Gcd5xh8FjCqFbpDAsl7sSYnh8L8%2BTwy3bWWUZBuRPdXOs%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7ed7a001796f4dc1-FRA x-amz-cf-id evDU7g65KVzbAk87FKMRhlC4T4MSpl8ub_17PG_NtUFZd746IpebjA==
GET H2	200	bilmur.min.js Show response s0.wp.com/wp-content/js/	7 KB 3 KB	14ms 7ms	Script application/javascript	192.0.77.32
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/js/bilmur.min.js?m=202330 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash e0f724e7902c0b2186d8395984c312696dc8be9ae0c187792f032fb0955fcf9a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 27 Jul 2023 20:27:46 GMT content-encoding br x-ac 2.hhn _dfw MISS last-modified Thu, 29 Jun 2023 15:07:20 GMT server nginx etag W/"649d9e28-1bf2" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Tue, 23 Jul 2024 00:00:01 GMT
GET H2	200	/ blog.cyble.com/_static/	37 KB 8 KB	178ms 177ms	Stylesheet text/css	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJyVjFsKgCAQAC+ULQaZP9FZTJewfOG6eP0I6gD9zjDTi7A5NUwNSuDDJ4ITWzH2gpgdBySwpmYmDEDdF6xi5+QCjpZo6D/qV4gPPIMtrlItk5y1VvoGzj40MA== Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash cd924076cd6bdad7693c484ab0a812a3e8eb905cf751b36b9533dc97380eb277 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 27 Dec 2022 16:34:28 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"f10c7e84a22172fd36bd0473ba2ec996" vary Accept-Encoding content-type text/css;charset=utf-8 cache-control max-age=31536000 host-header WordPress.com
GET H2	200	/ Show response blog.cyble.com/_static/	21 KB 5 KB	181ms 176ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??wp-content/themes/astra/assets/js/minified/frontend.min.js,wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?m=1688580674 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash f9d498e1b9cff1af27250e8d52ebf9eaf672ff517d586e0d381e7bf348bc6ea1 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 05 Jul 2023 18:11:14 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"8ee86e3fe916069b68662d1100a8e664" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	21289959.js Show response js.hs-scripts.com/	3 KB 1 KB	455ms 123ms	Script application/javascript	104.18.136.59
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.136.59 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash c2035aa1aa4bf7a9821c7ff1232bd6584a35e304a48ef9431b6b30aad778cc60 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT content-encoding br x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id ac9b1c86-3be2-446a-928a-64cb75da775d x-envoy-upstream-service-time 12 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id ac9b1c86-3be2-446a-928a-64cb75da775d last-modified Thu, 27 Jul 2023 18:47:40 GMT server cloudflare x-trace 2BA165CFAE57885F9CF4EAC0415F58850A643F4056000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-virtual-host all cache-control public, max-age=60 access-control-allow-credentials true x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-wnhdc cf-ray 7ed7a001facf9bf8-FRA expires Thu, 27 Jul 2023 20:28:46 GMT
GET H2	200	astra-addon-64a5b24b8d5a86-42311370.js Show response blog.cyble.com/wp-content/uploads/astra-addon/	35 KB 7 KB	178ms 172ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/uploads/astra-addon/astra-addon-64a5b24b8d5a86-42311370.js?m=1688580683 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 9c27e42954cc6f080f4857edb857af0788e836eec0388f043989364be9ae0594 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 05 Jul 2023 18:11:23 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"64a5b24b-8d16" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	e-202330.js Show response stats.wp.com/	7 KB 3 KB	31ms 7ms	Script application/javascript	192.0.76.3
General Check archive.org Show headers Download Go to Full URL https://stats.wp.com/e-202330.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-minify-cache hit x-nc HIT hhn date Thu, 27 Jul 2023 20:27:46 GMT content-encoding br server nginx x-minify t etag W/13576-1684460848292.3706 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 expires Mon, 22 Jul 2024 07:22:05 GMT
GET H2	200	jquery.min.js Show response blog.cyble.com/wp-includes/js/jquery/	88 KB 31 KB	184ms 178ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 08 Mar 2023 18:37:33 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6408d5ed-15ed7" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.cyble.com/_static/	290 KB 75 KB	194ms 189ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFDgmh8TDtU1DamBJw4ixOuOzr55aGVZroRqWqudjnHN9yDsr6BrMBrg7yfWaI12FRzrZRJ1g46xcHfjkH1ZBP4FMVMLfWc7UHbSCqHVGSBRCcWClWwtnR7WLvbx6gMybrRGAE1MyQuBJFJfisAZXXJyXWPBHGYyK0dclmsKkIbL9guN3eTvO5WQB0tMLH29tugusAKejmWG27+tTZoqkaHSkzYLGpcjFBQyFZ78izFL0EYyynruR7wABxBB63VxJpgZGkaWZ2yoxWUuj/szksU6IAZZ3FM56RQJx4guUOViFSIRDwGeq+6HK7iNmL1FQsv0L4YZiJLg9EOTIZgR/0rW/uSfwELKZAeN1ZRPGBmP6BidCCuOquAH8H2mY51hDbYURvJDI9ndpd/LlQn5DbyyvqxAxcBtSHe1+uN6+rt+VqvfkGRqPMtw== Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 7fc128b444073b63e39f22307af5d3f806c42a38ee559dd86597aa2b8c09b206 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 27 Jul 2023 18:11:09 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"d217d2344741d148ba6377efa55a8124" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	index.min.js Show response blog.cyble.com/wp-content/plugins/gutenberg/build/i18n/	9 KB 4 KB	178ms 172ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=5baa98e4345eccc97e24 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6489ad36-227d" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	frontend.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	24 KB 7 KB	179ms 174ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.14.1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 51187f64d3c89b9bba020ac511217aed3ea94cfc82aa3c5450b6132cfab4c039 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Jun 2023 18:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6499d4be-5f3c" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.cyble.com/_static/	33 KB 10 KB	181ms 176ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js,wp-includes/js/jquery/ui/core.min.js?m=1687803068 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash f7f54c64cbe8e1c50bf7e5d79509a8e98213738228ada4fb4dca88bebae7d788 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Jun 2023 18:11:08 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"3766434b9bc8548d00099956a269f6f8" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	frontend.min.js Show response blog.cyble.com/wp-content/plugins/elementor/assets/js/	40 KB 13 KB	180ms 175ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.14.1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 46b04afecdaf08e04385a7cabaec357f6edfc6a8b2b156d8c624c2621894f3de Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Jun 2023 18:11:07 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6499d4bb-9f6e" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	elements-handlers.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	29 KB 7 KB	178ms 173ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.14.1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 2feda11fe1d4d6dc59a32761af395530aa758ba4e27ccff22b90b3eac656fa60 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Jun 2023 18:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6499d4be-74fb" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery.sticky.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/lib/sticky/	4 KB 2 KB	183ms 179ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?m=1687803070 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Jun 2023 18:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6499d4be-e89" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	roundtrip.js Show response s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/	97 KB 29 KB	407ms 40ms	Script text/javascript	65.9.95.83
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 65.9.95.83 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash afab458b9991b0c88640f55554297924df180781f2fbedc6cc42dfffebd6b8c6 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers X-Amz-Version-Id 6BAxbwKL2QxynxIQHkoLp7vctTucTxn. Content-Encoding gzip Via 1.1 8197d89da72990bb606996d5e7c73ab6.cloudfront.net (CloudFront) Date Thu, 27 Jul 2023 19:59:26 GMT Age 1701 X-Amz-Cf-Pop PRG50-C1 X-Amz-Server-Side-Encryption AES256 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Last-Modified Sat, 22 Jul 2023 11:43:31 GMT Server AmazonS3 Etag W/"08c8d9154d1c55fb84dcee2fa8d5dad7" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type text/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=3600, must-revalidate Access-Control-Allow-Credentials false Access-Control-Max-Age 600 Access-Control-Allow-Headers * X-Amz-Cf-Id iujD16OVBbm2N2jSpRpnBuO5iE419j3ja4Z8hg--yhY_f5aEXg1JKw==
GET H2	200	api.min.js Show response a.omappapi.com/app/js/	53 KB 19 KB	399ms 19ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/api.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 75cba60a3295dbb319dcb7644383ceb3fc071931f5b9005bc33274cd4b881116 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-167 cdn-cachedat 07/27/2023 05:59:46 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:35 GMT server BunnyCDN-DE1-1082 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed7-d3d7" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid d96802a951f6e9d889ad3346ee163995 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkq0.woff2 fonts.wp.com/s/lora/v32/	19 KB 19 KB	38ms 14ms	Font font/woff2	192.0.77.32
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkq0.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 7ff7d3790060dcf14289ea0e50e7df1f00893e53e882ff3101e078b2f948589f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Tue, 21 Feb 2023 21:45:57 GMT server nginx age 60006 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 19300 x-xss-protection 0
GET H2	200	S6uyw4BMUTPHjx4wXg.woff2 fonts.wp.com/s/lato/v24/	23 KB 23 KB	38ms 15ms	Font font/woff2	192.0.77.32
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Tue, 02 May 2023 15:17:22 GMT server nginx age 587 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 23580 x-xss-protection 0
GET H2	200	fa-solid-900.woff2 blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/	76 KB 77 KB	194ms 194ms	Font application/font-woff2	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJylVNtymzAQ/aEqghhjeOjkUzpCWpONBcvoEsZ/3wXjmtRAyvRFaKWzh7M39Z3Q1AZogwzv0ICXygenePUQvNTeywZbPCMYeXYj0rzwyQvf/Ogfzp2NNbZe1pHNClwtq4jWyMqSvgiLlVPuKn24WlhztepKMYjaodkGfkDolL7cv78+WRM5qWKgRoWA+n4jPtEAdQ44irkcMBjYYTS8HEG8Qn//IbbaRsO5+ODoGazAcmpYwdzoWC84YaFW+jpPyao3383trTS+gzJMfiYK/JkchhgfZVmBrDE+cXBNJCDDbnR/7sV4tiVuUc6/NMeiBt9jB27kuG2XGGJnSZk5w4DvyAdxPCXFtz8UnaO9aqMNyP0Ez+lnJzGwRC6l2KLakF2+pune6nNnyR5NzRrElyi+GZSGTLQwpPvC6+Js3ZWO0y+UMdTO9yLP1LF6zapcl+UhF6fiUJxOabIj4OJQHvfAs+SwB54nT+xraZhSKD1pVPbW71+MNSJNdEEQLfEbA48+2t3yZwYJ1YOnZqLhg8n+fzJ+aluzb4AXeTxZ3D/OTzQO6mjV4lT/XaABPu0H6FvzM83LJCvSLC9/A+ymh2s= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://blog.cyble.com/_static/??-eJylVNtymzAQ/aEqghhjeOjkUzpCWpONBcvoEsZ/3wXjmtRAyvRFaKWzh7M39Z3Q1AZogwzv0ICXygenePUQvNTeywZbPCMYeXYj0rzwyQvf/Ogfzp2NNbZe1pHNClwtq4jWyMqSvgiLlVPuKn24WlhztepKMYjaodkGfkDolL7cv78+WRM5qWKgRoWA+n4jPtEAdQ44irkcMBjYYTS8HEG8Qn//IbbaRsO5+ODoGazAcmpYwdzoWC84YaFW+jpPyao3383trTS+gzJMfiYK/JkchhgfZVmBrDE+cXBNJCDDbnR/7sV4tiVuUc6/NMeiBt9jB27kuG2XGGJnSZk5w4DvyAdxPCXFtz8UnaO9aqMNyP0Ez+lnJzGwRC6l2KLakF2+pune6nNnyR5NzRrElyi+GZSGTLQwpPvC6+Js3ZWO0y+UMdTO9yLP1LF6zapcl+UhF6fiUJxOabIj4OJQHvfAs+SwB54nT+xraZhSKD1pVPbW71+MNSJNdEEQLfEbA48+2t3yZwYJ1YOnZqLhg8n+fzJ+aluzb4AXeTxZ3D/OTzQO6mjV4lT/XaABPu0H6FvzM83LJCvSLC9/A+ymh2s= Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 x-ac 2.hhn _atomic_ams BYPASS last-modified Mon, 26 Jun 2023 18:11:08 GMT server nginx etag "6499d4bc-13174" access-control-allow-methods GET, HEAD content-type application/font-woff2 access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 78196 expires Thu, 03 Aug 2023 20:27:46 GMT
GET H2	200	fa-brands-400.woff2 blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/	75 KB 75 KB	658ms 658ms	Font application/font-woff2	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJylVNtymzAQ/aEqghhjeOjkUzpCWpONBcvoEsZ/3wXjmtRAyvRFaKWzh7M39Z3Q1AZogwzv0ICXygenePUQvNTeywZbPCMYeXYj0rzwyQvf/Ogfzp2NNbZe1pHNClwtq4jWyMqSvgiLlVPuKn24WlhztepKMYjaodkGfkDolL7cv78+WRM5qWKgRoWA+n4jPtEAdQ44irkcMBjYYTS8HEG8Qn//IbbaRsO5+ODoGazAcmpYwdzoWC84YaFW+jpPyao3383trTS+gzJMfiYK/JkchhgfZVmBrDE+cXBNJCDDbnR/7sV4tiVuUc6/NMeiBt9jB27kuG2XGGJnSZk5w4DvyAdxPCXFtz8UnaO9aqMNyP0Ez+lnJzGwRC6l2KLakF2+pune6nNnyR5NzRrElyi+GZSGTLQwpPvC6+Js3ZWO0y+UMdTO9yLP1LF6zapcl+UhF6fiUJxOabIj4OJQHvfAs+SwB54nT+xraZhSKD1pVPbW71+MNSJNdEEQLfEbA48+2t3yZwYJ1YOnZqLhg8n+fzJ+aluzb4AXeTxZ3D/OTzQO6mjV4lT/XaABPu0H6FvzM83LJCvSLC9/A+ymh2s= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://blog.cyble.com/_static/??-eJylVNtymzAQ/aEqghhjeOjkUzpCWpONBcvoEsZ/3wXjmtRAyvRFaKWzh7M39Z3Q1AZogwzv0ICXygenePUQvNTeywZbPCMYeXYj0rzwyQvf/Ogfzp2NNbZe1pHNClwtq4jWyMqSvgiLlVPuKn24WlhztepKMYjaodkGfkDolL7cv78+WRM5qWKgRoWA+n4jPtEAdQ44irkcMBjYYTS8HEG8Qn//IbbaRsO5+ODoGazAcmpYwdzoWC84YaFW+jpPyao3383trTS+gzJMfiYK/JkchhgfZVmBrDE+cXBNJCDDbnR/7sV4tiVuUc6/NMeiBt9jB27kuG2XGGJnSZk5w4DvyAdxPCXFtz8UnaO9aqMNyP0Ez+lnJzGwRC6l2KLakF2+pune6nNnyR5NzRrElyi+GZSGTLQwpPvC6+Js3ZWO0y+UMdTO9yLP1LF6zapcl+UhF6fiUJxOabIj4OJQHvfAs+SwB54nT+xraZhSKD1pVPbW71+MNSJNdEEQLfEbA48+2t3yZwYJ1YOnZqLhg8n+fzJ+aluzb4AXeTxZ3D/OTzQO6mjV4lT/XaABPu0H6FvzM83LJCvSLC9/A+ymh2s= Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT strict-transport-security max-age=31536000 x-ac 2.hhn _atomic_ams BYPASS last-modified Mon, 26 Jun 2023 18:11:08 GMT server nginx etag "6499d4bc-12bdc" access-control-allow-methods GET, HEAD content-type application/font-woff2 access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 76764 expires Thu, 03 Aug 2023 20:27:46 GMT
GET H2	200	S6u9w4BMUTPHh6UVSwiPGQ.woff2 fonts.wp.com/s/lato/v24/	23 KB 23 KB	38ms 15ms	Font font/woff2	192.0.77.32
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Tue, 02 May 2023 15:07:25 GMT server nginx age 508 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 23040 x-xss-protection 0
GET H2	200	Cyble-CIRIL-pyyv4ww1nowvginyhq7nrmlg0x8pxv1qcifo3udnvq.png blog.cyble.com/wp-content/uploads/elementor/thumbs/	4 KB 5 KB	180ms 178ms	Image image/png	192.0.78.213
General Check archive.org Show headers Download Go to Show image Full URL https://blog.cyble.com/wp-content/uploads/elementor/thumbs/Cyble-CIRIL-pyyv4ww1nowvginyhq7nrmlg0x8pxv1qcifo3udnvq.png Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash ef896b86a77ae191af41c2714906decbab4bbb7fd32321c14f4f398eb7f264ba Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT strict-transport-security max-age=31536000 x-ac 2.hhn _atomic_ams BYPASS last-modified Sat, 10 Dec 2022 19:16:39 GMT server nginx etag "6394db17-11bc" access-control-allow-methods GET, HEAD content-type image/png access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 4540 expires Thu, 03 Aug 2023 20:27:46 GMT
GET H2	200	Akira-Ransomware-Blog.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/	619 KB 620 KB	14ms 12ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/Akira-Ransomware-Blog.jpg?w=1200&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 3fc75b310b9849bfcf72268734036ffa7d63498902a1a98b1387e3d8417f4455 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Wed, 10 May 2023 09:33:16 GMT server nginx etag "d36d6fb99f9404c9" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/05/Akira-Ransomware-Blog.jpg>; rel="canonical" content-length 633806 expires Fri, 09 May 2025 21:33:16 GMT
GET H2	200	Figure-2-Akira-ransomware-Leaksite.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/	36 KB 37 KB	14ms 12ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/Figure-2-Akira-ransomware-Leaksite.jpg?resize=1024%2C628&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash aeba888e0317744e78aafa9c76f44504212c00096e39ae562833af3ab973c751 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Wed, 10 May 2023 09:55:21 GMT server nginx etag "26f11d0791bda3c3" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/05/Figure-2-Akira-ransomware-Leaksite.jpg>; rel="canonical" content-length 37282 expires Fri, 09 May 2025 21:55:21 GMT
GET H2	200	Figure-3-File-details.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/	32 KB 32 KB	14ms 13ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/Figure-3-File-details.jpg?w=907&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 6828409166dfc08a639d3a193301772d55ed45446218f94a411d81312c4647dd Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 3 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Wed, 10 May 2023 09:43:38 GMT server nginx etag "eab8c727ceb1fa4d" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/05/Figure-3-File-details.jpg>; rel="canonical" content-length 32758 expires Fri, 09 May 2025 21:43:38 GMT
GET H2	200	Figure-4-GetLogicalDriveStringsW-API.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/	36 KB 36 KB	16ms 15ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/Figure-4-GetLogicalDriveStringsW-API.jpg?w=998&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 032fa6dd1cc02f5eaa262ce12608e20a30f59cd864854b8d98613250565be66f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Wed, 10 May 2023 09:43:47 GMT server nginx etag "b74bc7fd56491887" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/05/Figure-4-GetLogicalDriveStringsW-API.jpg>; rel="canonical" content-length 36402 expires Fri, 09 May 2025 21:43:47 GMT
GET H2	200	Figure-5-Malware-Writing-Ransom-Notes.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/	68 KB 68 KB	14ms 13ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/05/Figure-5-Malware-Writing-Ransom-Notes.jpg?resize=1024%2C509&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 4050b7a73bdb3c71c705770393546ef6418b798889e2076681b407ac78866ff4 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Wed, 10 May 2023 09:55:26 GMT server nginx etag "49553442dd6d9448" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/05/Figure-5-Malware-Writing-Ransom-Notes.jpg>; rel="canonical" content-length 69334 expires Fri, 09 May 2025 21:55:26 GMT
GET H2	200	Cyble-Demo.png i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/	53 KB 53 KB	13ms 12ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/Cyble-Demo.png?fit=350%2C350&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 355d7866d54c66c2f0234ce19b3681557856ba185da2fa62ddf55b6a2b8f4b8d Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Mon, 26 Jun 2023 08:17:43 GMT server nginx etag "678065db59662840" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/06/Cyble-Demo.png>; rel="canonical" content-length 54172 expires Wed, 25 Jun 2025 20:17:43 GMT
GET H/1.1	200 OK	json Show response forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/	38 KB 7 KB	486ms 155ms	XHR application/json	104.17.211.243
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/json?hs_static_app=forms-embed&hs_static_app_version=1.3479&X-HubSpot-Static-App-Info=forms-embed-1.3479 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.17.211.243 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 308ccd44724ca8271652d778b98f2510d5eb5c64f7acdf9c33ce8af8f061b4ab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers X-Origin-Hublet na1 Date Thu, 27 Jul 2023 20:27:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 7c991037-ff83-464b-a173-c9204e50e741 Transfer-Encoding chunked x-envoy-upstream-service-time 40 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 7c991037-ff83-464b-a173-c9204e50e741 Server cloudflare X-Trace 2BD7E147C0207F2880DA1AD517B60CF2ADBBCD6058000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://blog.cyble.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 7ed7a002bcc11cad-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-cxrpn
GET H2	200	v2.js Show response js.hsforms.net/forms/	527 KB 164 KB	19ms 18ms	Script application/javascript	104.16.184.65
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.184.65 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 285e3a9f61142dff4f5abda4ef2dfb3de389251a7e896177b4f8e6b211d112c1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers content-encoding br age 0 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3479/bundles/project-v2.js&cfRay=7ed79ffdec5d39c2-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"2c2b740599b21d2396d7ada645018b0a" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3479/bundles/project-v2.js date Thu, 27 Jul 2023 20:27:46 GMT x-amz-version-id SgDHDcoCL7BDQREHby44tn8AMbx4aR91 via 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 7c32566c-957a-44e9-8e03-b47f16b9e1a9 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 7c32566c-957a-44e9-8e03-b47f16b9e1a9 last-modified Mon, 24 Jul 2023 09:13:37 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K6H9tOmPSvKuxKSwIW1R6lzxKSoI6hDBkmNYOzN1Gg20Sa097Bnaz9JDVuAXFFSu%2B0ZpLqUKj6fIGx7B3Qjq4Y%2FK8okdERf6CXxX2MiEwcqzZUi%2FB3xXVOrszFVdpzp7"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-mm66x cf-ray 7ed7a000a80f39c2-FRA x-amz-cf-id bnhn9Uo28qrzUUbCa9UxOHmTJ-vizR40Brp5em1BPE6lhMK3AaiBfA==
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.wp.com/s/opensans/v35/	47 KB 47 KB	7ms 7ms	Font font/woff2	192.0.77.32
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 27 Jul 2023 20:27:46 GMT x-content-type-options nosniff last-modified Tue, 02 May 2023 15:08:53 GMT server nginx age 320 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 48412 x-xss-protection 0
GET H/1.1	200 OK	json Show response forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/	38 KB 7 KB	469ms 152ms	XHR application/json	104.17.211.243
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/json?hs_static_app=forms-embed&hs_static_app_version=1.3479&X-HubSpot-Static-App-Info=forms-embed-1.3479 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.17.211.243 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 08d98c098613578c95dfe124896a025f1b319b87febc9c99758d5cf1990613e8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers X-Origin-Hublet na1 Date Thu, 27 Jul 2023 20:27:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 548ad0cf-4bf1-4ffd-8b8b-4e8eadcd2cbd Transfer-Encoding chunked x-envoy-upstream-service-time 31 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 548ad0cf-4bf1-4ffd-8b8b-4e8eadcd2cbd Server cloudflare X-Trace 2BDD050F03730A5F7FAE28307D9ED105CE034BFE6B000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://blog.cyble.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 7ed7a0031f25363f-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-llkhw
GET H2	200	g.gif pixel.wp.com/	50 B 93 B	14ms 8ms	Image image/gif	192.0.76.3
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?v=ext&blog=176605947&post=17040&tz=-4&srv=blog.cyble.com&hp=atomic&ac=2&amp=0&j=1%3A12.4-beta&host=blog.cyble.com&ref=&fcp=1291&rand=0.3045672654724636 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers access-control-allow-origin * date Thu, 27 Jul 2023 20:27:46 GMT cache-control no-cache server nginx content-length 50 content-type image/gif
GET H2	200	js Show response www.googletagmanager.com/gtag/	254 KB 86 KB	26ms 25ms	Script application/javascript	142.250.186.104
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.104 , United States, ASN (), Reverse DNS Software Google Tag Manager / Resource Hash f53604f153154db9460950508f57b1e8c642a3421f8da096f84addeef84933f0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 87512 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 27 Jul 2023 20:27:46 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	335ms 6ms	Script text/javascript	172.217.16.206
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.206 , United States, ASN (), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Thu, 27 Jul 2023 19:44:24 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 2603 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Thu, 27 Jul 2023 21:44:24 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	188 KB 69 KB	26ms 25ms	Script application/javascript	142.250.186.104
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.104 , United States, ASN (), Reverse DNS Software Google Tag Manager / Resource Hash 698b986445f46e8a2f14b1c43c3d323e05b9e5fe2897dd6f7437e11870aa3d53 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 70805 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 27 Jul 2023 20:27:47 GMT
GET H2	200	api.min.css a.omappapi.com/app/js/	10 KB 3 KB	16ms 16ms	Stylesheet text/css	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/api.min.css Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 33f897ca159acb01fcde84b1ffe808809c448a4c330399054750baf72f07d4eb Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:46 GMT content-encoding br cdn-edgestorageid 1082 perma-cache HIT cdn-storageserver DE-168 cdn-cachedat 07/27/2023 06:00:50 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:12:37 GMT server BunnyCDN-DE1-1082 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebf15-2644" vary Accept-Encoding, Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 954480bd0da170b1cf5e15c64250b284 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	poopcsalbacovn7gzkxg Show response api.omappapi.com/v2/embed/239265/	3 KB 2 KB	219ms 125ms	XHR application/json	65.9.95.92
General Check archive.org Show headers Download Go to Full URL https://api.omappapi.com/v2/embed/239265/poopcsalbacovn7gzkxg Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.95.92 , United States, ASN (), Reverse DNS Software Pagely Gateway/1.5.1 / Resource Hash 40ca23f50bb22c719c27794b5ae6dbca57f4b9848884b8c148fedcdbf71cdd22 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding gzip via 1.1 f18b0bd4a5b62e5fb49428cc4789689e.cloudfront.net (CloudFront) x-cache-config 0 0 x-amz-cf-pop PRG50-C1 x-cache-status HIT x-cache Miss from cloudfront x-optinmonster-campaign poopcsalbacovn7gzkxg x-user-agent standard-- last-modified Tue, 13 Jun 2023 05:36:50 GMT server Pagely Gateway/1.5.1 etag W/"81d4578a000851a55a6118875c255bed" vary Accept-Encoding, User-Agent content-type application/json access-control-allow-origin * access-control-expose-headers X-OptinMonster-Campaign, X-User-Agent cache-control public, max-age=30, stale-while-revalidate=1800 access-control-allow-headers X-CSRF-Token x-amz-cf-id cipY0gzaf0dyVh1_PXF8uvDhesg60Qepz0OvCoV7wYr9k_WGMfGVRg== expires Thu, 27 Jul 2023 20:17:27 GMT
GET H/1.1	200 OK	index.js Show response s.adroll.com/j/exp/ Redirect Chain https://s.adroll.com/j/exp/ELNAF2EZDFHJRAP3ODLCUU/index.js https://s.adroll.com/j/exp/index.js	28 B 785 B	22ms 22ms	Script application/javascript	65.9.95.83
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/exp/index.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol HTTP/1.1 Server 65.9.95.83 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers X-Amz-Version-Id KLTaAvzmAP.1_rS.URSLlTS3u46mZQHP Date Thu, 27 Jul 2023 17:25:44 GMT Via 1.1 8197d89da72990bb606996d5e7c73ab6.cloudfront.net (CloudFront) Age 10930 X-Amz-Cf-Pop PRG50-C1 X-Amz-Server-Side-Encryption AES256 X-Cache Hit from cloudfront Connection keep-alive Content-Length 28 Last-Modified Tue, 21 Mar 2023 16:39:30 GMT Server AmazonS3 Etag "5816cced8568d223aa09d889f300692b" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type application/javascript Access-Control-Allow-Origin * Access-Control-Max-Age 600 Access-Control-Allow-Credentials false Accept-Ranges bytes Access-Control-Allow-Headers * X-Amz-Cf-Id qm7aeOwAsoPH14E0sz2bQ9zA2UYtSILFavCqHhhMsfy7l5VjD9K54A== Redirect headers Date Thu, 27 Jul 2023 15:23:07 GMT Via 1.1 8197d89da72990bb606996d5e7c73ab6.cloudfront.net (CloudFront) Age 18279 X-Amz-Cf-Pop PRG50-C1 X-Cache Hit from cloudfront Connection keep-alive Content-Length 0 Server AmazonS3 Access-Control-Max-Age 600 Access-Control-Allow-Methods GET Content-Type application/xml Location https://s.adroll.com/j/exp/index.js Access-Control-Allow-Origin * Access-Control-Allow-Credentials false Access-Control-Allow-Headers * X-Amz-Cf-Id faNJW_1Mh4eEADrtIouvpaDOnpB_GUJSV4lhM1VDR4OQaSmId9wK6Q==
GET H2	200	share-buttons.0bdd88c45462dfb2b073.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	1 KB 677 B	172ms 172ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.0bdd88c45462dfb2b073.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFDgmh8TDtU1DamBJw4ixOuOzr55aGVZroRqWqudjnHN9yDsr6BrMBrg7yfWaI12FRzrZRJ1g46xcHfjkH1ZBP4FMVMLfWc7UHbSCqHVGSBRCcWClWwtnR7WLvbx6gMybrRGAE1MyQuBJFJfisAZXXJyXWPBHGYyK0dclmsKkIbL9guN3eTvO5WQB0tMLH29tugusAKejmWG27+tTZoqkaHSkzYLGpcjFBQyFZ78izFL0EYyynruR7wABxBB63VxJpgZGkaWZ2yoxWUuj/szksU6IAZZ3FM56RQJx4guUOViFSIRDwGeq+6HK7iNmL1FQsv0L4YZiJLg9EOTIZgR/0rW/uSfwELKZAeN1ZRPGBmP6BidCCuOquAH8H2mY51hDbYURvJDI9ndpd/LlQn5DbyyvqxAxcBtSHe1+uN6+rt+VqvfkGRqPMtw== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash d9fcd9e31806c20825c12745ea66858fe132fe36f4df94bb62c8a308282aeab4 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Jun 2023 18:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6499d4be-4bd" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Thu, 03 Aug 2023 20:27:47 GMT
GET H2	200	load-more.b18fee69ce12204b4582.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	5 KB 2 KB	172ms 172ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/load-more.b18fee69ce12204b4582.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFDgmh8TDtU1DamBJw4ixOuOzr55aGVZroRqWqudjnHN9yDsr6BrMBrg7yfWaI12FRzrZRJ1g46xcHfjkH1ZBP4FMVMLfWc7UHbSCqHVGSBRCcWClWwtnR7WLvbx6gMybrRGAE1MyQuBJFJfisAZXXJyXWPBHGYyK0dclmsKkIbL9guN3eTvO5WQB0tMLH29tugusAKejmWG27+tTZoqkaHSkzYLGpcjFBQyFZ78izFL0EYyynruR7wABxBB63VxJpgZGkaWZ2yoxWUuj/szksU6IAZZ3FM56RQJx4guUOViFSIRDwGeq+6HK7iNmL1FQsv0L4YZiJLg9EOTIZgR/0rW/uSfwELKZAeN1ZRPGBmP6BidCCuOquAH8H2mY51hDbYURvJDI9ndpd/LlQn5DbyyvqxAxcBtSHe1+uN6+rt+VqvfkGRqPMtw== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash d1f3c4973bbbf7c18880114500ab4c1830d0aafebb0560ee5f480f69e915bfb6 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Jun 2023 18:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6499d4be-15eb" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Thu, 03 Aug 2023 20:27:47 GMT
GET H2	200	posts.e33113a212454e383747.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	3 KB 1 KB	172ms 171ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/posts.e33113a212454e383747.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFDgmh8TDtU1DamBJw4ixOuOzr55aGVZroRqWqudjnHN9yDsr6BrMBrg7yfWaI12FRzrZRJ1g46xcHfjkH1ZBP4FMVMLfWc7UHbSCqHVGSBRCcWClWwtnR7WLvbx6gMybrRGAE1MyQuBJFJfisAZXXJyXWPBHGYyK0dclmsKkIbL9guN3eTvO5WQB0tMLH29tugusAKejmWG27+tTZoqkaHSkzYLGpcjFBQyFZ78izFL0EYyynruR7wABxBB63VxJpgZGkaWZ2yoxWUuj/szksU6IAZZ3FM56RQJx4guUOViFSIRDwGeq+6HK7iNmL1FQsv0L4YZiJLg9EOTIZgR/0rW/uSfwELKZAeN1ZRPGBmP6BidCCuOquAH8H2mY51hDbYURvJDI9ndpd/LlQn5DbyyvqxAxcBtSHe1+uN6+rt+VqvfkGRqPMtw== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 0f776703b57f047bdbf5409e66a63e3916605612cd6211149b4b74e31572092c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Jun 2023 18:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6499d4be-cfd" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Thu, 03 Aug 2023 20:27:47 GMT
GET H2	200	text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor/assets/js/	1 KB 704 B	173ms 173ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFDgmh8TDtU1DamBJw4ixOuOzr55aGVZroRqWqudjnHN9yDsr6BrMBrg7yfWaI12FRzrZRJ1g46xcHfjkH1ZBP4FMVMLfWc7UHbSCqHVGSBRCcWClWwtnR7WLvbx6gMybrRGAE1MyQuBJFJfisAZXXJyXWPBHGYyK0dclmsKkIbL9guN3eTvO5WQB0tMLH29tugusAKejmWG27+tTZoqkaHSkzYLGpcjFBQyFZ78izFL0EYyynruR7wABxBB63VxJpgZGkaWZ2yoxWUuj/szksU6IAZZ3FM56RQJx4guUOViFSIRDwGeq+6HK7iNmL1FQsv0L4YZiJLg9EOTIZgR/0rW/uSfwELKZAeN1ZRPGBmP6BidCCuOquAH8H2mY51hDbYURvJDI9ndpd/LlQn5DbyyvqxAxcBtSHe1+uN6+rt+VqvfkGRqPMtw== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 96dc57a589aa2a2646991d33dada196111b64af2b4301fdd509f59c11d4f33e4 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Jun 2023 18:11:07 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6499d4bb-550" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Thu, 03 Aug 2023 20:27:47 GMT
GET H2	200	web-interactives-embed.js Show response js.hubspot.com/	62 KB 19 KB	464ms 131ms	Script application/javascript	104.19.154.83
General Check archive.org Show headers Download Go to Full URL https://js.hubspot.com/web-interactives-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 18a126264ccf1b57353c1716284f1938d97f6c9c1107b42f0f5f1119fdc8bd5f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://blog.cyble.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers content-encoding br x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.405/bundles/project.js&cfRay=7ed7a0055e3c3631-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"e50552ef5fa3c8468ae54211ce4b32f6" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control max-age=600 x-hs-target-asset web-interactives-embed/static-2.405/bundles/project.js date Thu, 27 Jul 2023 20:27:47 GMT x-amz-version-id 4regXpB5ZVq4jYlMfK8HxsaBt3Cun5OH via 1.1 7c77abdf1c625c25627fe2a24e660a34.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status EXPIRED nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 71ccd5b8-a3b7-4f83-b623-905516f8fad5 x-cache Hit from cloudfront cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 71ccd5b8-a3b7-4f83-b623-905516f8fad5 last-modified Thu, 27 Jul 2023 03:59:43 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K5ccetvMPmN3Lw3YvHzrMIVO19B58UNtpgt%2BY7kmT52p1dX%2FiAhXnx3xWuiUahIINFjAzFXl12k0G1%2B4MCkMGJ8DdG6OVcaWCiP2jrryS%2FSYfkRYONHj5NZAnbMmjZq0"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-qrxbq cf-ray 7ed7a0055e3c3631-FRA x-amz-cf-id a5Q_QT8uOscoVuJXUjICqtlJLt6DqA_b4tCeM7CllYkAhYHkcfxAiw==
GET H2	200	leadflows.js Show response js.hsleadflows.net/	539 KB 86 KB	345ms 14ms	Script application/javascript	104.17.131.110
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.17.131.110 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 34e8744466c5ff918e7c5dc146e8dec70cfcdbdd60b773f2bcaa5e5409d7512b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://blog.cyble.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers content-encoding br x-evy-trace-route-service-name envoyset-translator age 37223 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1223/bundle/main/lead-flows-release.js&cfRay=7ed413443a8c35e8-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"ec18ee4dbbad7ceab888c3cda4eb9705" vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=86400, max-age=0 x-hs-target-asset lead-flows-js/static-1.1223/bundle/main/lead-flows-release.js date Thu, 27 Jul 2023 20:27:47 GMT x-amz-version-id RJnwkomo1rBqmkgtVuuzVEpsjxOWMbB. via 1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id d5427502-e705-4498-8b41-ea66e1e27b5d x-cache Miss from cloudfront cache-tag staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 68 x-evy-trace-route-configuration listener_https/all x-request-id d5427502-e705-4498-8b41-ea66e1e27b5d last-modified Tue, 18 Jul 2023 09:47:02 UTC server cloudflare access-control-max-age 3000 x-hs-cache-status MISS x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-nnm64 cf-ray 7ed7a00558a418d7-FRA x-amz-cf-id OVhI6TtpzQ8Wx1VWLy_kPj2ppCfzqJH9eGzwKwZjLj1FtzHOWfZcmA==
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 3 KB	346ms 15ms	Script application/javascript	104.16.121.190
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.121.190 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash e10ce26ead0eca58cd5346843538415611b745bfd29825322efad56424a4c911 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT x-amz-version-id aAzOiTTzU7.XykyGrcpmeR7PTeB2LyLv via 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT x-amz-cf-pop IAD12-P3 age 395 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.387/bundles/pixels-release.js&cfRay=7ed7965f88fa9ba1-FRA x-cache Hit from cloudfront x-hubspot-correlation-id 9fd3bcbe-b5e4-4651-aa82-17f0c757d590 cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod content-encoding br x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 9fd3bcbe-b5e4-4651-aa82-17f0c757d590 last-modified Tue, 18 Jul 2023 03:27:27 UTC server cloudflare etag W/"784f994871e489c9943a65326d43e875" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-5c7n7 cf-ray 7ed7a0055db89183-FRA x-amz-cf-id iMn34RasgISKc_iTllAiMO82Y7y6gOyM0c1jgQu4XI7Wzx4Jdkuaaw== x-hs-target-asset adsscriptloaderstatic/static-1.387/bundles/pixels-release.js
GET H2	200	banner.js Show response js.hs-banner.com/v2/21289959/	210 KB 65 KB	717ms 384ms	Script text/javascript	104.18.24.196
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/21289959/banner.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.24.196 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 1b198e6b8c03a2fcbd389a74e71642eb5fe5339510f8d7df65bb2e6fa29f4398 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT x-amz-version-id veK9ew0VhxQ6wuOQ1VsINz09jjqLfJPF content-encoding br cf-cache-status REVALIDATED x-amz-request-id CTQVFR0H41XSPTEK x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-envoy-upstream-service-time 24 x-amz-id-2 /Q51Y2BoefF5Di7yYUppLOvvAp05y0heepi3jXvII0q5WpewA62txdClXtcb/LTUTBMnUqQIdWg= x-evy-trace-listener listener_https x-request-id d0cbfdf2-3ab1-47a1-82a4-5607251377a7 x-evy-trace-route-configuration listener_https/all last-modified Thu, 22 Jun 2023 18:59:58 GMT server cloudflare etag W/"b19e4f1a69c9783d5760e5a9f9494280" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-2sbs7 vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 7ed7a0055c659164-FRA expires Thu, 27 Jul 2023 20:32:47 GMT
GET H2	200	21289959.js Show response js.hs-analytics.net/analytics/1690489500000/	66 KB 21 KB	495ms 158ms	Script text/javascript	104.16.138.206
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1690489500000/21289959.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.138.206 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash ba6d2b0489281dcfa1880e5aadaa245ea1f77cf666a38033e2d6e9535cbfca86 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT x-amz-version-id null content-encoding br cf-cache-status MISS x-amz-request-id 2AVEC9CZKTH1S96H x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 5fbfc5fa-cf2e-4097-9e41-c393f01061ff x-envoy-upstream-service-time 39 x-amz-id-2 JVQdxr/nwB1rKemFwvE4gIQJRkvngLwKw0vrIhKLHIXauqi2KnknpZDjy7PuQdLnc9vU4kO9Ji/OwdqFwzI6H+bru0AgLJdvsEEv442iZNY= x-evy-trace-listener listener_https x-request-id 5fbfc5fa-cf2e-4097-9e41-c393f01061ff x-evy-trace-route-configuration listener_https/all last-modified Thu, 20 Jul 2023 16:39:52 GMT server cloudflare etag W/"5c3dc8f087940437dc2fa7374d1ba8b9" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-ns2gd cache-control max-age=300,public access-control-allow-credentials false cf-ray 7ed7a0056dd5bb7a-FRA expires Thu, 27 Jul 2023 20:32:47 GMT
GET H2	200	conversations-embed.js Show response js.usemessages.com/	76 KB 22 KB	353ms 15ms	Script application/javascript	104.17.98.172
General Check archive.org Show headers Download Go to Full URL https://js.usemessages.com/conversations-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.17.98.172 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash efba13392274ca4b6a31321273c3dd84403cd1104255e9b423de3196f5bd1495 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT x-amz-version-id kn0l3Ah9QsmalbREgOLUrZnI9RAHwkB0 via 1.1 53b70ac9dc46d1c13992b291cf22a9aa.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT x-amz-cf-pop IAD12-P3 age 207 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.13639/bundles/project.js&cfRay=7ed79af5eb8d9bd0-FRA x-cache Hit from cloudfront x-hubspot-correlation-id 746e68f2-79b8-4ff5-8e54-4832f3d44634 cache-tag staticjsapp-conversations-embed-web-prod,staticjsapp-prod content-encoding br x-envoy-upstream-service-time 2 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 746e68f2-79b8-4ff5-8e54-4832f3d44634 last-modified Wed, 19 Jul 2023 05:12:49 UTC server cloudflare etag W/"81f2c1ef40a95abbdca7d3b54172da86" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-mm66x cf-ray 7ed7a0056d6d9be8-FRA x-amz-cf-id 2BmgvYwgQie0O0NoAyefDnzGLIcmoqbhfupb_2dwhLfLJnCuRN9-6Q== x-hs-target-asset conversations-embed/static-1.13639/bundles/project.js
POST H2	204	collect region1.google-analytics.com/g/	0 253 B	338ms 14ms	Ping text/plain	216.239.34.36
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45je37q0&_p=768031154&cid=171533065.1690489667&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1690489667&sct=1&seg=0&dl=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&dt=Cyble%20%E2%80%94%20Unraveling%20Akira%20Ransomware&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.239.34.36 , United States, ASN (), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers pragma no-cache date Thu, 27 Jul 2023 20:27:47 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 54 B	316ms 15ms	Ping text/plain	216.239.34.36
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-4FJGSRPM4S&gtm=45je37q0&_p=768031154&gdid=dZTNiMT&cid=171533065.1690489667&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1690489667&sct=1&seg=0&dl=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&dt=Cyble%20%E2%80%94%20Unraveling%20Akira%20Ransomware&en=page_view&_fv=1&_ss=1&_ee=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.239.34.36 , United States, ASN (), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers pragma no-cache date Thu, 27 Jul 2023 20:27:47 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ELNAF2EZDFHJRAP3ODLCUU Show response d.adroll.com/consent/check/	454 B 547 B	416ms 32ms	Script application/javascript	63.33.34.20
General Check archive.org Show headers Download Go to Full URL https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?pv=14494959155.653353&arrfrr=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&_s=1630ef596c08229a90489dd411e6e5c6&_b=2 Requested by Host: s.adroll.com URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 63.33.34.20 Dublin, Ireland, ASN (), Reverse DNS Software nginx/1.22.1 / Resource Hash 473c2d6623bcd400ad0c4516af3c2acf03c96455a44df517e10e03990f0e54b4 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT server nginx/1.22.1 content-length 454 content-type application/javascript
GET H2	200	v2.js Show response js.hsforms.net/forms/ Frame 41B3	527 KB 164 KB	23ms 23ms	Script application/javascript	104.16.184.65
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.184.65 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 285e3a9f61142dff4f5abda4ef2dfb3de389251a7e896177b4f8e6b211d112c1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers content-encoding br age 1 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3479/bundles/project-v2.js&cfRay=7ed79ffdec5d39c2-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"2c2b740599b21d2396d7ada645018b0a" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3479/bundles/project-v2.js date Thu, 27 Jul 2023 20:27:47 GMT x-amz-version-id SgDHDcoCL7BDQREHby44tn8AMbx4aR91 via 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 7c32566c-957a-44e9-8e03-b47f16b9e1a9 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 7c32566c-957a-44e9-8e03-b47f16b9e1a9 last-modified Mon, 24 Jul 2023 09:13:37 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJQRpDGZ7woqfYeTyU%2FXLOMHqK4CIBzS3Mv0XLJUOeDxpL0yy95QIMzV9ecvy6Va2ZHgDOhivXl1f0SMeIiUwhkKNjYxJlmVMC1tMpErjtTcDGNsTTcgJOohslocx%2B1M"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-mm66x cf-ray 7ed7a003cc6939c2-FRA x-amz-cf-id bnhn9Uo28qrzUUbCa9UxOHmTJ-vizR40Brp5em1BPE6lhMK3AaiBfA==
GET H2	200	v2.js Show response js.hsforms.net/forms/ Frame D340	527 KB 164 KB	17ms 16ms	Script application/javascript	104.16.184.65
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.184.65 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 285e3a9f61142dff4f5abda4ef2dfb3de389251a7e896177b4f8e6b211d112c1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers content-encoding br age 1 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3479/bundles/project-v2.js&cfRay=7ed79ffdec5d39c2-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"2c2b740599b21d2396d7ada645018b0a" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3479/bundles/project-v2.js date Thu, 27 Jul 2023 20:27:47 GMT x-amz-version-id SgDHDcoCL7BDQREHby44tn8AMbx4aR91 via 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 7c32566c-957a-44e9-8e03-b47f16b9e1a9 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 7c32566c-957a-44e9-8e03-b47f16b9e1a9 last-modified Mon, 24 Jul 2023 09:13:37 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QEMAnwwGuHD2tYFIhUcK9%2FJ0FlJ56dJ1rrGX1fJQ75WPVQnLopjtTmuGNirx0NtPY4TubVVry72hoxf08%2BxMbf1nao1i0Zu3aFaZICq0WFh9hGNvJHeWiE7E3PQOQq1V"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-mm66x cf-ray 7ed7a0041cd839c2-FRA x-amz-cf-id bnhn9Uo28qrzUUbCa9UxOHmTJ-vizR40Brp5em1BPE6lhMK3AaiBfA==
GET H2	200	5.836faa73.min.js Show response a.omappapi.com/app/js/	17 KB 6 KB	15ms 15ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/5.836faa73.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash a13e3dad68ec3f41295eb43111c72ab0e68287603b98b03a09b49268e046aa2b Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1081 perma-cache HIT cdn-storageserver DE-679 cdn-cachedat 07/27/2023 06:00:41 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:36 GMT server BunnyCDN-DE1-1082 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed8-4260" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 2ac8a0b5921cbccdd6044ca1e51063bb cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H/1.1	200 OK	counters.gif forms.hsforms.com/embed/v3/	35 B 1016 B	442ms 125ms	Image image/gif	104.17.211.243
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.17.211.243 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Thu, 27 Jul 2023 20:27:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 507337a8-8b1a-436a-8ddd-b5aaabdadf43 x-envoy-upstream-service-time 1 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 507337a8-8b1a-436a-8ddd-b5aaabdadf43 Server cloudflare X-Trace 2B7DB3A70741070E753FD19EEC0A8E7D71018B61E3000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-2ls4d Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 7ed7a0065cf98fd0-FRA
GET H/1.1	200 OK	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 1016 B	462ms 126ms	Image image/gif	104.17.211.243
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.17.211.243 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Thu, 27 Jul 2023 20:27:47 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id a4b67669-31e5-431c-b8a3-10f5177484b9 x-envoy-upstream-service-time 7 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a4b67669-31e5-431c-b8a3-10f5177484b9 Server cloudflare X-Trace 2B1505FCB2B1C01B47DAE1DE8492C672DCE627C24F000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-cxrpn Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 7ed7a006ee4637c6-FRA
GET H2	200	share-link.min.js Show response blog.cyble.com/wp-content/plugins/elementor/assets/lib/share-link/	3 KB 1 KB	174ms 173ms	Script application/javascript	192.0.78.213
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.14.1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.14.1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.213 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash 138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Jun 2023 18:11:08 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6499d4bc-a3c" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	webfont.js Show response a.omappapi.com/app/js/webfont/1.5.18/	16 KB 7 KB	16ms 15ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-382 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Mon, 03 Jul 2023 22:21:18 GMT server BunnyCDN-DE1-1082 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64a349de-40cb" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid b5c35a9839537c23ccdba13cef951961 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	4.276dd6c9.min.js Show response a.omappapi.com/app/js/	46 KB 14 KB	15ms 15ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/4.276dd6c9.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash b3fc0b6580422265c6d738b58a8ffda11c111ea40d709bd1670681db1f746391 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1081 perma-cache HIT cdn-storageserver DE-680 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:37 GMT server BunnyCDN-DE1-1082 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed9-b955" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid b778b9b5b2bcae2d7692cfe0c28ffa1f cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	ALPHV-Ransomware.png i0.wp.com/blog.cyble.com/wp-content/uploads/2023/07/	55 KB 56 KB	9ms 7ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/07/ALPHV-Ransomware.png?fit=300%2C150&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFDgmh8TDtU1DamBJw4ixOuOzr55aGVZroRqWqudjnHN9yDsr6BrMBrg7yfWaI12FRzrZRJ1g46xcHfjkH1ZBP4FMVMLfWc7UHbSCqHVGSBRCcWClWwtnR7WLvbx6gMybrRGAE1MyQuBJFJfisAZXXJyXWPBHGYyK0dclmsKkIbL9guN3eTvO5WQB0tMLH29tugusAKejmWG27+tTZoqkaHSkzYLGpcjFBQyFZ78izFL0EYyynruR7wABxBB63VxJpgZGkaWZ2yoxWUuj/szksU6IAZZ3FM56RQJx4guUOViFSIRDwGeq+6HK7iNmL1FQsv0L4YZiJLg9EOTIZgR/0rW/uSfwELKZAeN1ZRPGBmP6BidCCuOquAH8H2mY51hDbYURvJDI9ndpd/LlQn5DbyyvqxAxcBtSHe1+uN6+rt+VqvfkGRqPMtw== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash e9b10c757cd907f80a9cb8f85a48df736e16463b6be04766292b2889eca409e2 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 27 Jul 2023 20:27:47 GMT x-content-type-options nosniff last-modified Wed, 26 Jul 2023 15:08:00 GMT server nginx etag "a5525611fc7b4c09" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/07/ALPHV-Ransomware.png>; rel="canonical" content-length 56804 expires Sat, 26 Jul 2025 03:08:00 GMT
GET H2	200	Threat-Actor-Targeting-Developers.png i0.wp.com/blog.cyble.com/wp-content/uploads/2023/07/	33 KB 34 KB	11ms 10ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/07/Threat-Actor-Targeting-Developers.png?fit=300%2C150&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFDgmh8TDtU1DamBJw4ixOuOzr55aGVZroRqWqudjnHN9yDsr6BrMBrg7yfWaI12FRzrZRJ1g46xcHfjkH1ZBP4FMVMLfWc7UHbSCqHVGSBRCcWClWwtnR7WLvbx6gMybrRGAE1MyQuBJFJfisAZXXJyXWPBHGYyK0dclmsKkIbL9guN3eTvO5WQB0tMLH29tugusAKejmWG27+tTZoqkaHSkzYLGpcjFBQyFZ78izFL0EYyynruR7wABxBB63VxJpgZGkaWZ2yoxWUuj/szksU6IAZZ3FM56RQJx4guUOViFSIRDwGeq+6HK7iNmL1FQsv0L4YZiJLg9EOTIZgR/0rW/uSfwELKZAeN1ZRPGBmP6BidCCuOquAH8H2mY51hDbYURvJDI9ndpd/LlQn5DbyyvqxAxcBtSHe1+uN6+rt+VqvfkGRqPMtw== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash dce15af4227a7439ab348c41eb85e4601ddd8aca8cb0069845093b6672895586 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 27 Jul 2023 20:27:47 GMT x-content-type-options nosniff last-modified Tue, 25 Jul 2023 15:00:08 GMT server nginx etag "bd6394cb6ade9289" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/07/Threat-Actor-Targeting-Developers.png>; rel="canonical" content-length 34184 expires Fri, 25 Jul 2025 03:00:08 GMT
GET H2	200	Cyble-blogs-Lucastealer-1.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2023/07/	56 KB 57 KB	12ms 10ms	Image image/webp	192.0.77.2
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/07/Cyble-blogs-Lucastealer-1.jpg?fit=300%2C150&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFDgmh8TDtU1DamBJw4ixOuOzr55aGVZroRqWqudjnHN9yDsr6BrMBrg7yfWaI12FRzrZRJ1g46xcHfjkH1ZBP4FMVMLfWc7UHbSCqHVGSBRCcWClWwtnR7WLvbx6gMybrRGAE1MyQuBJFJfisAZXXJyXWPBHGYyK0dclmsKkIbL9guN3eTvO5WQB0tMLH29tugusAKejmWG27+tTZoqkaHSkzYLGpcjFBQyFZ78izFL0EYyynruR7wABxBB63VxJpgZGkaWZ2yoxWUuj/szksU6IAZZ3FM56RQJx4guUOViFSIRDwGeq+6HK7iNmL1FQsv0L4YZiJLg9EOTIZgR/0rW/uSfwELKZAeN1ZRPGBmP6BidCCuOquAH8H2mY51hDbYURvJDI9ndpd/LlQn5DbyyvqxAxcBtSHe1+uN6+rt+VqvfkGRqPMtw== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash f67fa281462ab28da45ff27d66aaf64517a8115713b6c1a2c916c564f3948fa4 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers x-nc HIT hhn 4 date Thu, 27 Jul 2023 20:27:47 GMT x-content-type-options nosniff last-modified Fri, 21 Jul 2023 16:17:26 GMT server nginx etag "ce6a1fc35eb06650" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/07/Cyble-blogs-Lucastealer-1.jpg>; rel="canonical" content-length 57736 expires Mon, 21 Jul 2025 04:17:26 GMT
GET H2	200	17.24171f7e.min.js Show response a.omappapi.com/app/js/	975 B 1 KB	15ms 14ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/17.24171f7e.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 228739c5660b9818a95c3b2c13f6c65cf4364f871c0cde499446c985be07a682 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-167 cdn-cachedat 07/26/2023 10:47:02 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:37 GMT server BunnyCDN-DE1-1082 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed9-3cf" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 64cb34c11af2c4ef852a094c912c840b cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	20.07612c4b.min.js Show response a.omappapi.com/app/js/	4 KB 3 KB	16ms 13ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/20.07612c4b.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 3ed056e9bba4b9521c3f6c9dde2e83fd3238e4744e99005950e603b0a96c93ac Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1081 perma-cache HIT cdn-storageserver DE-164 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:36 GMT server BunnyCDN-DE1-1082 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed8-10b0" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 9f9f1001a77466bc672681dbb2e381f6 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	28.0fe9e5e4.min.js Show response a.omappapi.com/app/js/	6 KB 3 KB	27ms 24ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/28.0fe9e5e4.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 8af5cf0e46629a72963c7c79d818739e5fcb81dea49e866fa9eefcd1ea26ed8a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1081 perma-cache HIT cdn-storageserver DE-588 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:37 GMT server BunnyCDN-DE1-1082 cdn-fileserver 382 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed9-1966" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid ee9b9044508f1d3c692ea94cd70e3cb8 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	33.f44683d9.min.js Show response a.omappapi.com/app/js/	10 KB 4 KB	19ms 16ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/33.f44683d9.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 9914b23af2c66ccfc2b7777ce993e7af4357b782b4f5253e5c91497d0b0d7087 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-382 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Fri, 07 Jul 2023 21:09:27 GMT server BunnyCDN-DE1-1082 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64a87f07-290f" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid bb30938465f71b8bf6979ef4ed1422aa cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	10.802b2c2c.min.js Show response a.omappapi.com/app/js/	31 KB 10 KB	21ms 18ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/10.802b2c2c.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash c371ecf19ed596de3a98e21929685d58df6765fbac31d228f611fedf69e7f9fc Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1082 perma-cache HIT cdn-storageserver DE-164 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:39 GMT server BunnyCDN-DE1-1082 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebedb-7d23" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 79c31909d77d7a661edd6f4e0f4aaa72 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	0.003c2423.min.js Show response a.omappapi.com/app/js/	7 KB 3 KB	28ms 26ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/0.003c2423.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash ecfcbdc65d077d6f2001e9ec45ca741a41580c17d70a5bb533e874aa96f0f39c Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-680 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:37 GMT server BunnyCDN-DE1-1082 cdn-fileserver 382 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed9-1d49" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 8f659c10ab1ada3e9d90983f98d344fd cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	9.9ad6d657.min.js Show response a.omappapi.com/app/js/	2 KB 2 KB	27ms 25ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/9.9ad6d657.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 605a4c3db835803cba7a34601049e541256ccb19ce3c25122d779316a88281ed Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-168 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:36 GMT server BunnyCDN-DE1-1082 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed8-879" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 3a2a7605a4f3532b85284f25fe4d534a cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	11.a4776b0c.min.js Show response a.omappapi.com/app/js/	3 KB 2 KB	23ms 20ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/11.a4776b0c.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash b46743b1c56a518c10fae52d88cf2184f1ed8efd8309afe7d3e1b881afb9a000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1082 perma-cache HIT cdn-storageserver DE-382 cdn-cachedat 07/27/2023 06:00:50 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:36 GMT server BunnyCDN-DE1-1082 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed8-a40" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 693e00ab0222e4e9b9436ea897167a84 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	29.35407502.min.js Show response a.omappapi.com/app/js/	3 KB 2 KB	24ms 22ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/29.35407502.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 8c80cc990f6cb3515625f9d75dc6be708134fd32cf52d09900b946115712da8f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1082 perma-cache HIT cdn-storageserver DE-679 cdn-cachedat 07/27/2023 06:00:50 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:38 GMT server BunnyCDN-DE1-1082 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebeda-d7b" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 87b0ad900df7e0e2cc9346acbc7641c1 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	27.3157f1ba.min.js Show response a.omappapi.com/app/js/	2 KB 1 KB	25ms 23ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/27.3157f1ba.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 638985c9a6e6960ba61048594609333e53866413aba83ff6ba52ec24c569b4f0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1081 perma-cache HIT cdn-storageserver DE-587 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:37 GMT server BunnyCDN-DE1-1082 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed9-6b6" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 45fcf4f07bc8e2082e718865e019839e cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	16.011df1fb.min.js Show response a.omappapi.com/app/js/	1 KB 1 KB	28ms 26ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/16.011df1fb.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 82e021fb1a1b39453f94ffb4c55b2738672f9363e9b882fb9246e0533c1e3552 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-165 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:37 GMT server BunnyCDN-DE1-1082 cdn-fileserver 587 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed9-51f" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid a8841a4b2ab331ee3cf1004e9293d704 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	1.5a2c3907.min.js Show response a.omappapi.com/app/js/	11 KB 3 KB	28ms 27ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/1.5a2c3907.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 1c42ee2385c5e7f4746096c332f246f0443b800b8ef398f254ad28a05b9a5b0f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1082 perma-cache HIT cdn-storageserver DE-164 cdn-cachedat 07/27/2023 06:00:50 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:37 GMT server BunnyCDN-DE1-1082 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebed9-2abc" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid d6d6cb215a7df8ad37e60a891d0f192e cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	22.d55cdc37.min.js Show response a.omappapi.com/app/js/	2 KB 2 KB	29ms 28ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/22.d55cdc37.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash a7fce5648512a91c8d7c1c38aae8b340fc2bcd5a1c3dd5dabac5e196954333fb Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-676 cdn-cachedat 07/26/2023 10:47:01 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:39 GMT server BunnyCDN-DE1-1082 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebedb-81f" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid eeb32e0c801f77e4cf67f742404b7a7d cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	2.1d2ef60a.min.js Show response a.omappapi.com/app/js/	3 KB 2 KB	29ms 27ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/2.1d2ef60a.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 18e4061366bd182768ed6ed3843616ed6aa9c51f897039817a1ab4a4c43585fa Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-679 cdn-cachedat 07/26/2023 10:47:22 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:38 GMT server BunnyCDN-DE1-1082 cdn-fileserver 382 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebeda-a8d" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 1346424e9b19b4888cf3e9a29ed83b84 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	19.4ee0da33.min.js Show response a.omappapi.com/app/js/	2 KB 2 KB	46ms 45ms	Script application/javascript	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/19.4ee0da33.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash b1e603a511449eb37de5cfe00a9f12ab396fe0c8d8fcea8a4449b24bead21e0f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-167 cdn-cachedat 07/26/2023 10:47:26 cdn-pullzone 293267 last-modified Mon, 24 Jul 2023 18:11:39 GMT server BunnyCDN-DE1-1082 cdn-fileserver 382 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"64bebedb-7a4" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 9196105a1f6e3d1c9cec8e44cbd92a87 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
POST H2	200	collect Show response www.google-analytics.com/j/	2 B 206 B	20ms 19ms	XHR text/plain	172.217.16.206
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=768031154&t=pageview&_s=1&dl=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&ul=en-us&de=UTF-8&dt=Cyble%20%E2%80%94%20Unraveling%20Akira%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACUABBAAAACAAI~&jid=1114238755&gjid=247780270&cid=171533065.1690489667&tid=UA-201575643-1&_gid=433072896.1690489667&_r=1&gtm=457e37q0&did=dZTNiMT&gdid=dZTNiMT&jsscut=1&z=1913035755 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.206 , United States, ASN (), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 27 Jul 2023 20:27:47 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 345 B	390ms 36ms	XHR text/plain	108.177.15.154
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-201575643-1&cid=171533065.1690489667&jid=1114238755&gjid=247780270&_gid=433072896.1690489667&_u=YCDACUAABAAAACAAI~&z=1575728162 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.177.15.154 , United States, ASN (), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Thu, 27 Jul 2023 20:27:47 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	css fonts.googleapis.com/	3 KB 1 KB	351ms 19ms	Stylesheet text/css	142.250.186.106
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:400 Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.106 , United States, ASN (), Reverse DNS Software ESF / Resource Hash d265615b79f98fdfff370ea32da7b4b02317fc6017b898cfb9c657a65618ac07 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 27 Jul 2023 20:27:47 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Thu, 27 Jul 2023 20:09:00 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 27 Jul 2023 20:27:47 GMT
GET H2	200	590d3d292d6178957f6f2d56cd112c07-optin.json Show response a.omappapi.com/app/campaign-views/b584497dcf5c/poopcsalbacovn7gzkxg/	32 KB 6 KB	353ms 24ms	XHR application/json	169.150.247.39
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/campaign-views/b584497dcf5c/poopcsalbacovn7gzkxg/590d3d292d6178957f6f2d56cd112c07-optin.json Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 169.150.247.39 Frankfurt am Main, Germany, ASN (), Reverse DNS Software BunnyCDN-DE1-1082 / Resource Hash 801cc197035c539bb4a679fc5e7196cf27c47fbd83626e83164eec8209bd13ef Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding br cdn-edgestorageid 1080 perma-cache HIT cdn-storageserver DE-588 cdn-cachedat 07/26/2023 11:15:58 cdn-pullzone 293267 last-modified Tue, 13 Jun 2023 05:38:24 GMT server BunnyCDN-DE1-1082 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.04 etag W/"648800d0-7f5b" vary Accept-Encoding content-type application/json access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 0228384f57ba77f28464d4dcb82dc789 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	public Show response api.hubspot.com/livechat-public/v1/message/	297 B 1 KB	132ms 131ms	XHR application/json	104.19.154.83
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.13639&mobile=false&messagesUtk=d81a1a53513c4bbb829c8f4b05ef4d94&traceId=d81a1a53513c4bbb829c8f4b05ef4d94 Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 9021f725af6bbdac45ce4811d188a147fad6780f8c91896e011aa7db4ba50fac Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 X-HubSpot-Messages-Uri https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 08264c23-5320-4830-b1d1-75d36f2db1a1 x-envoy-upstream-service-time 7 alt-svc h3=":443"; ma=86400 content-length 235 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 08264c23-5320-4830-b1d1-75d36f2db1a1 server cloudflare x-trace 2BBA2D31740AF67C641A171BB0FBDC62BE1BE9ABFA000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-ltr78 cache-control no-cache, no-store, no-transform, must-revalidate, max-age=0 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p7qoITw6WTv0IHQ6FYIN5t3uu%2FjijsjAAZIlp%2BHXWrWH8TOuuUeCMRj01MHxoyUNP4qhuwRpeHgp7%2FWwAiW%2BZzaGVXy5ypN4zSqSQ8z7zWGbQVsSJlEHJG5NJZ3oHAliFQ%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7ed7a0069fd23631-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
OPTIONS H2	200	public api.hubspot.com/livechat-public/v1/message/ Frame	0 0	148ms 132ms	Preflight text/plain	104.19.154.83
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.13639&mobile=false&messagesUtk=d81a1a53513c4bbb829c8f4b05ef4d94&traceId=d81a1a53513c4bbb829c8f4b05ef4d94 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers x-hubspot-messages-uri Access-Control-Request-Method GET Origin https://blog.cyble.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://blog.cyble.com allow HEAD,GET,OPTIONS alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7ed7a005bec23631-FRA content-length 18 content-type text/plain; charset=utf-8 date Thu, 27 Jul 2023 20:27:47 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mrIaiokahM%2BS4AYHdyrCv0YcT7J9sfZ9lHvjVRM1sKbexCBSBLTJ1HJqxsQ16WpmBCnF%2B9AzXQH3S5MaA2vYGEJ7IPEcjoZJ0aTTNrrE8zAp5Uqid9aRXjveJl3kUgI05A%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding x-content-type-options nosniff x-envoy-upstream-service-time 2 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-mst4w x-evy-trace-virtual-host all x-hubspot-correlation-id 0ef34484-16c6-414d-be75-6d17e28bb91b x-request-id 0ef34484-16c6-414d-be75-6d17e28bb91b x-trace 2BE918B86F0D81316550F94FAF0C5C8A1383B22672000000000000000000
GET H2	200	combinedConfigs Show response cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/	136 B 1 KB	140ms 121ms	Fetch application/json	104.19.154.83
General Check archive.org Show headers Download Go to Full URL https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21289959&currentUrl=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F Requested by Host: js.hubspot.com URL: https://js.hubspot.com/web-interactives-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 0268b589d424a686ee986465b7917ac6c852be4fd6908331002878205beee576 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:47 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id bb3d5ecd-f35f-4932-b1ff-cab91ef17e39 content-encoding br x-envoy-upstream-service-time 7 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id bb3d5ecd-f35f-4932-b1ff-cab91ef17e39 server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials true cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CbNSWfUW4FDWzHZdDINQDZfKShqoeviKR6YuzrPUToYS8B3KyrxHGbHnNAdDntYQq8XdN0ItWkGubpYkGjB0jrJGHCObmubb6Od1yWUmcGILU5KdcU7aWfPmZ4c1rcCMuj1xW3c1Y3t8qJr%2B9o8%3D"}],"group":"cf-nel","max_age":604800} x-robots-tag noindex, follow access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 7ed7a0067fac3631-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-g2zls
GET H/1.1	200 OK	consent_tcfv2.js Show response s.adroll.com/j/	418 KB 56 KB	26ms 26ms	Script text/javascript	65.9.95.83
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/consent_tcfv2.js Requested by Host: s.adroll.com URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 65.9.95.83 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash 47e5ff66931402cb5755d7eed98a6d23ee556a7f8e9c1dd340d351c27f669a0f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers X-Amz-Version-Id wD7IUQmRA9PUuld8lU58FBeuMlOqC6p6 Content-Encoding gzip Via 1.1 8197d89da72990bb606996d5e7c73ab6.cloudfront.net (CloudFront) Date Thu, 27 Jul 2023 20:23:56 GMT Age 232 X-Amz-Cf-Pop PRG50-C1 X-Amz-Server-Side-Encryption AES256 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Last-Modified Wed, 05 Jul 2023 21:39:27 GMT Server AmazonS3 Etag W/"3306a47faf7223d93fb356e8a73d1942" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type text/javascript Access-Control-Allow-Origin * Cache-Control max-age=300, must-revalidate Access-Control-Allow-Credentials false Access-Control-Max-Age 600 Access-Control-Allow-Headers * X-Amz-Cf-Id xnLkGHx5rHJVuI8-5krN2Q5Ycn9-dwENdAzeKppXLPOv-mODB8DuPA==
GET H/1.1	200 OK	nextroll-32x32.png s.adroll.com/i/favicon/	2 KB 2 KB	22ms 22ms	Image image/png	65.9.95.83
General Check archive.org Show headers Download Go to Show image Full URL https://s.adroll.com/i/favicon/nextroll-32x32.png Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 65.9.95.83 , United States, ASN (), Reverse DNS Software AmazonS3 / Resource Hash bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers X-Amz-Version-Id eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0 Date Thu, 27 Jul 2023 17:25:48 GMT Via 1.1 8197d89da72990bb606996d5e7c73ab6.cloudfront.net (CloudFront) Age 10920 X-Amz-Cf-Pop PRG50-C1 X-Amz-Server-Side-Encryption AES256 X-Cache Hit from cloudfront Connection keep-alive Content-Length 1615 Last-Modified Mon, 28 Jun 2021 18:19:21 GMT Server AmazonS3 Etag "403a0a7dcf2d617e7ea852bfb9d11945" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type image/png Access-Control-Allow-Origin * Access-Control-Max-Age 600 Access-Control-Allow-Credentials false Accept-Ranges bytes Access-Control-Allow-Headers * X-Amz-Cf-Id PYytENkPzFseQgZDEkagpDOv-LmmetwckP5s4nv7xIIddlZISNxOgA==
GET H/1.1	200 OK	counters.gif perf-na1.hsforms.com/embed/v3/	35 B 1 KB	447ms 110ms	Image image/gif	104.17.212.243
General Check archive.org Show headers Download Go to Show image Full URL https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.17.212.243 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Thu, 27 Jul 2023 20:27:48 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status MISS x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 8a8ec8be-fb8c-4b5e-85a5-bf9c59147520 x-envoy-upstream-service-time 1 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8a8ec8be-fb8c-4b5e-85a5-bf9c59147520 Last-Modified Thu, 27 Jul 2023 20:27:48 GMT Server cloudflare X-Trace 2B1C8B4D8DDB12F7DE3CC3A4CE099FE4F0715BD82E000000000000000000 Vary origin, Accept-Encoding Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-dfxrz Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false Accept-Ranges bytes X-Robots-Tag none CF-RAY 7ed7a0095df25c98-FRA
GET H2	200	memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 fonts.gstatic.com/s/opensans/v35/	18 KB 19 KB	333ms 7ms	Font font/woff2	142.250.186.35
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v35/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:400 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.35 , United States, ASN (), Reverse DNS Software sffe / Resource Hash 441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Wed, 26 Jul 2023 11:49:36 GMT x-content-type-options nosniff age 117492 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 18664 x-xss-protection 0 last-modified Tue, 02 May 2023 15:19:23 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 25 Jul 2024 11:49:36 GMT
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	114 B 1 KB	460ms 125ms	XHR application/json	104.17.200.204
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=21289959 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.17.200.204 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 90b705145ef82e9d8493aae55c9bfb3200ec0620c8946b20b0b28366557d6a4a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 00afe7d6-60ed-4e75-95a3-f9a7a63ab4cf content-encoding br x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 00afe7d6-60ed-4e75-95a3-f9a7a63ab4cf server cloudflare x-trace 2BE61E0D65A39F87DC7D894380F01FF2D3DCD0A953000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-6htpc access-control-max-age 180 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hlhbfV8iutVU7fPuiS%2FuFv2bHErgWTlk%2BxzZJGvOAb176mBftbMd0XG22ihESV1gHZt4at%2FlBW4rqSQAaKQtND7HjWwZiM9aRO0vMfPZ5H8tIrcbggoYZy9gA1lBHI6s"}],"group":"cf-nel","max_age":604800} cf-ray 7ed7a00a0c3a3625-FRA access-control-allow-headers *
GET H2	200	stats.json Show response injection.amibreached.com/ Frame 62A7	124 B 962 B	390ms 70ms	Fetch application/json	172.67.71.104
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/stats.json Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.71.104 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash bbdb1d21246d1c1a65aca8b41818f593b2d4704a459983866c0d331151b91887 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront) cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 45987 x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:52 GMT server cloudflare etag W/"b660d52d56d1db01c2e37397c007a1e4" vary Accept-Encoding access-control-allow-methods GET content-type application/json access-control-allow-origin https://blog.cyble.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hk8NK8jdaSnX9bParsuvFNgv4MHAb%2FoN%2BP7JNmk9crCBjTgdHprGRGO8x44OWJZe%2FzvLUuZ9BUtFiQJn3ZxqxSFWb3XGpBcJP4wwVkVaI4O3Tee8DwnaMiMeLFcumxWR3REbrTTRjDmTIG0%3D"}],"group":"cf-nel","max_age":604800} access-control-expose-headers x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, x-origin access-control-max-age 3000 access-control-allow-credentials true cf-ray 7ed7a00a5dd31987-FRA x-amz-cf-id jMe8-mwTT5LF1j3fOPYhmcisYjSKrTc6NAAysw00OBmYPUoEfSG0pA==
GET H2	200	__ptq.gif track.hubspot.com/	45 B 628 B	481ms 146ms	Image image/gif	104.19.154.83
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&t=Cyble+%E2%80%94+Unraveling+Akira+Ransomware&cts=1690489668166&vi=bb25542215544747b37dd2540fc3e754&nc=true&u=27441379.bb25542215544747b37dd2540fc3e754.1690489668164.1690489668164.1690489668164.1&b=27441379.1.1690489668164&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 9283a6f8-a7a0-4492-80dc-420c3b42cd01 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 7 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 9283a6f8-a7a0-4492-80dc-420c3b42cd01 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hcsyRkQZGaOdqlsxxCaTunLMwFGrsUs6k4DRZ%2F%2B2XPCrvH9EnaGmR8uBJREt6WHHg6%2BWjcaucVVnn%2BijyLQjgVCLvKnEiadcjMFtw%2FZQYLQHpwT4PmuxApleCi5p8R5%2FSOrR"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-2c4rt x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7ed7a00c2d349253-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 629 B	504ms 175ms	Image image/gif	104.19.154.83
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=6f78625e-24a7-4f8f-b383-62ab6ae82681&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&t=Cyble+%E2%80%94+Unraveling+Akira+Ransomware&cts=1690489668167&vi=bb25542215544747b37dd2540fc3e754&nc=true&u=27441379.bb25542215544747b37dd2540fc3e754.1690489668164.1690489668164.1690489668164.1&b=27441379.1.1690489668164&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 3490f2af-baca-4ae6-baad-27d45083756c p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 26 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3490f2af-baca-4ae6-baad-27d45083756c server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mNzcf3bKOXdPHA1nFHC3JnH%2Bp%2FZ5BY7Jpa2T14L2XoO9df%2Fp0Gz6u9iCS29zYxl07QYbBAEyfhEZduWzOgx5fe2Ffix9AvzYqZZkpXvqH6QDTbXdGqYn7J4xyG0uqvH4QDkh"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-xtt4j x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7ed7a00c2d359253-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	484ms 155ms	Image image/gif	104.19.154.83
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=6f78625e-24a7-4f8f-b383-62ab6ae82681&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&t=Cyble+%E2%80%94+Unraveling+Akira+Ransomware&cts=1690489668168&vi=bb25542215544747b37dd2540fc3e754&nc=true&u=27441379.bb25542215544747b37dd2540fc3e754.1690489668164.1690489668164.1690489668164.1&b=27441379.1.1690489668164&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id ea2fb8f9-ee33-483a-b0b6-2d6f8077906d p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 9 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id ea2fb8f9-ee33-483a-b0b6-2d6f8077906d server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m5QH73AuFAIX6by9hzL1eFQixHS104d1nChOYvJjTyignMSlcLaJgndiIRufq%2FuPngRTdBKp17CSaQ%2FVRoC4ASfu70Fx8avtqK%2BxqHf50PC65B7nomau408x1oH0fGIuo8ru"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-vrlgm x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7ed7a00c2d369253-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 577 B	483ms 157ms	Image image/gif	104.19.154.83
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=e09c06c9-1d19-4e47-af02-9acbdf72db2a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&t=Cyble+%E2%80%94+Unraveling+Akira+Ransomware&cts=1690489668169&vi=bb25542215544747b37dd2540fc3e754&nc=true&u=27441379.bb25542215544747b37dd2540fc3e754.1690489668164.1690489668164.1690489668164.1&b=27441379.1.1690489668164&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id fbeaf476-6249-4eb7-a76a-cf5a84c2ccb9 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 5 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id fbeaf476-6249-4eb7-a76a-cf5a84c2ccb9 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5QBOTXpN1rKbn8m4w2cqzmBOMSPgWmbsa5F759Cln1AA4kpduE8abDHEOQwkX%2F8YZg3xQzWWjv%2BU6zOV62F83iL74R5XCmW9JrtcmY41F9PhCSgqvQMLPIRiV3tpdF82jBg"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-pwxm2 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7ed7a00c2d379253-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 626 B	475ms 150ms	Image image/gif	104.19.154.83
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=e09c06c9-1d19-4e47-af02-9acbdf72db2a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&t=Cyble+%E2%80%94+Unraveling+Akira+Ransomware&cts=1690489668169&vi=bb25542215544747b37dd2540fc3e754&nc=true&u=27441379.bb25542215544747b37dd2540fc3e754.1690489668164.1690489668164.1690489668164.1&b=27441379.1.1690489668164&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id a3f69bde-81e0-493a-b271-7f4f74d67aa1 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 13 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a3f69bde-81e0-493a-b271-7f4f74d67aa1 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xaqUbYa9JKmpcyMui%2B%2BxRcOttCeRTjBKbzlndkl1bQYndkE6sxj%2B86aoaohkNKWhdBIS6ZeK1zsLRQqM8iRjH9A%2Bz83MUtHOV29x3C3ZxS0fwq5YFn1FZfZQGLJqnQeeevY"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-pwxm2 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7ed7a00c2d389253-FRA x-robots-tag none
GET H2	200	json Show response forms.hubspot.com/lead-flows-config/v1/config/	4 KB 2 KB	151ms 134ms	XHR application/json	104.19.154.83
General Check archive.org Show headers Download Go to Full URL https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&utk=bb25542215544747b37dd2540fc3e754&__hstc=27441379.bb25542215544747b37dd2540fc3e754.1690489668164.1690489668164.1690489668164.1&__hssc=27441379.1.1690489668164&currentUrl=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F Requested by Host: js.hsleadflows.net URL: https://js.hsleadflows.net/leadflows.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 00bb3ff9ee33226b3ae232142d914f011da76447e9d8c626d0f5993748eeec30 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 47e8dddb-f068-4b3f-a9a1-a1f8bc9eea70 content-encoding br x-envoy-upstream-service-time 22 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 47e8dddb-f068-4b3f-a9a1-a1f8bc9eea70 server cloudflare vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vZO%2FdxKkyJTwZqHNpNoq%2FpkOjYW4qI8Fe7kWGQhSm95n7SP%2FwFjeWXnvNyQ2qiwJ0Qqhl%2BhNIcZICziNZQEapQo4%2FwUMMt3vsa7qS%2BFBPGPclK3E%2BbfQYLH5eKprW0YlljRv"}],"group":"cf-nel","max_age":604800} x-robots-tag none access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 7ed7a00a5c9d3631-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-nt996
GET H2	200	inject.8d8a39d8fa64efbb0671.bundle.js Show response injection.amibreached.com/ Frame 62A7	130 KB 44 KB	61ms 59ms	Script application/javascript	172.67.71.104
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.71.104 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash 9af44543fbf7b09c3d68e46dcb21d2cb9ec5f18bbd537cea92360a85c5db793e Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront) cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"046f84a87526210ff005ab33291675c9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1MLWj5l4lTxyRFcDYSpqsKpReSbdJ7JftnrU7PxR6XVSb0x%2F%2B0iTNYyHj9YXLS3hTegsGVAdEdyfhcc7c%2Fi5xOfaTMQPXWtQQDO5DVpqFtgfPQ%2BICQwimTUw%2Fa3HUdrik3YTqfcx6KeOGw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7ed7a00adc5a4dc1-FRA x-amz-cf-id NDghhaHqMLkge28JCZnlbZUk9rLLo1mXfQloZh00KjsYALisrb-9IQ==
GET H2	200	main.8d8a39d8fa64efbb0671.css injection.amibreached.com/css/ Frame 62A7	703 B 766 B	60ms 59ms	Stylesheet text/css	172.67.71.104
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/css/main.8d8a39d8fa64efbb0671.css Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.71.104 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash c7d0240fd43289ab1411c5fa1277574ee436d3a3bbb82d34c4d82f32d04517b8 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 9810d82af8847b51b9c3048141069a64.cloudfront.net (CloudFront) cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"ff4f518052149a21c5b6397b3f717f6a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ak%2FzG50hOgLVTYTmJ0BOm4KVP9BRmhXUtqPvA%2BYdq58C6jCH5CzRvLHljEQ1xbW5pp2jBIVdbKiobWnLrsilBcAgVAF0bLzzfDNX0O4bDn5lrVfPfjtC%2BDsQpmNylXrBaZBsAFzTtkNMZnw%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7ed7a00adc5b4dc1-FRA x-amz-cf-id 5WIOLMvA1zBv0erILLpmy9FCHXNmZr4hnFZbHRg_QqjNrNel-En7fA==
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	356ms 14ms	Script application/x-javascript	2.21.20.141
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.21.20.141 Frankfurt am Main, Germany, ASN (), Reverse DNS Software / Resource Hash fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 24 Jul 2023 09:07:54 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=19786 accept-ranges bytes content-length 4862
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	293ms 139ms	Image image/gif	104.19.154.83
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=16&fi=790ac0ff-0b05-4061-9a47-31d43798706a&lfi=3647704&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&t=Cyble+%E2%80%94+Unraveling+Akira+Ransomware&cts=1690489668347&vi=bb25542215544747b37dd2540fc3e754&nc=true&u=27441379.bb25542215544747b37dd2540fc3e754.1690489668164.1690489668164.1690489668164.1&b=27441379.1.1690489668164&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id ca266577-0c8a-42b9-b1bd-670ff6ccf9f0 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 11 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id ca266577-0c8a-42b9-b1bd-670ff6ccf9f0 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJ0f%2F%2BIDUQdFGs1soLaWUz%2FBXppBfaENpLnJQ2pwZY8OyzJZxWXK2Ok%2FM81A8gKoyzdOh46QkhJGKBjqLgl1ONGlp9f8s0YOcqVO%2BwvQ2%2FQoiyZQoJoKC2U4LHJKP8464dko"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-vrlgm x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7ed7a00c2d399253-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 426 B	135ms 135ms	Image image/gif	104.19.154.83
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=16&fi=cee71856-29e8-471c-8003-80db9e58e8dc&lfi=5011554&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&t=Cyble+%E2%80%94+Unraveling+Akira+Ransomware&cts=1690489668349&vi=bb25542215544747b37dd2540fc3e754&nc=true&u=27441379.bb25542215544747b37dd2540fc3e754.1690489668164.1690489668164.1690489668164.1&b=27441379.1.1690489668164&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 3d27e495-207a-4215-9b0c-dbdea64325da p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 3d27e495-207a-4215-9b0c-dbdea64325da server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=URitVKXEn10Uj17r7nLbyAuv1aLLD9Rd%2FvM%2F3ap08Ytvn8eYiZB%2FZ3jlZv6oEXyc4S1hajhz%2FDsXypdbtrfuqTzCQjCLZSMAIm92q14PotKK7KLGVZzDQtV1GBHBlIBXi4f1"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-pwxm2 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7ed7a00d1e6b9253-FRA x-robots-tag none
GET H2	200	272.8d8a39d8fa64efbb0671.css injection.amibreached.com/css/ Frame 62A7	348 KB 53 KB	57ms 56ms	Stylesheet text/css	172.67.71.104
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.71.104 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash c77d2ba289d0e2827ad7f79b00972a63c7f4426d89b8ce6b5da90a368760cfe4 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront) cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"a858af055119af47585aeffbfd69ceac" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1F3jSNgIeWc0G7Rt39NQBOLg8EP9PhLrPi8J710dBZJOwrRiLGhIaSYwW%2B8EudBFbEgfkP94%2F3TsUYwIfyiIetDmRj9QVX6aiiVeZh2xTs6cSlI%2BRsHu74YIFVJD5ydkK03aYO9xtNc7eg8%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7ed7a00b5cf84dc1-FRA x-amz-cf-id XQrjAQb1whY-Gvd4vn2JO0L4BF5YSIr6TSF_ci9AuH1pO3v64qNFag==
GET H2	200	272.8d8a39d8fa64efbb0671.chunk.js Show response injection.amibreached.com/chunks/ Frame 62A7	381 KB 101 KB	66ms 65ms	Script application/javascript	172.67.71.104
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/chunks/272.8d8a39d8fa64efbb0671.chunk.js Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.71.104 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash 29d409fee0f34ebc05fa36076c101b77e28dccbcfdbfbf4cf248371820ca9ddb Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront) cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:50 GMT server cloudflare etag W/"a161e1a55882deeacea4aadc5ab6a660" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7M7xp9XQYLnK9zGbyjvSlDjG7K1xZuYtU4IoX0ytp9c7p8U9wwp5cK0Ze2nMxpnyQ3cuqbVQtpndf3HYiRqYo6yIO0K9DSt%2FvnDtiVX8Ms%2BeY2MdXGdp7kvkxJZ6ANeZw4qL70avOUKWMus%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7ed7a00b5cfa4dc1-FRA x-amz-cf-id Ic-DLskReE_9dtzrKPOi82Y43jeKQGYSrgvcIjyhT3DGeThYbS6eMw==
GET H2	200	349.8d8a39d8fa64efbb0671.css injection.amibreached.com/css/ Frame 62A7	3 KB 1 KB	708ms 708ms	Stylesheet text/css	172.67.71.104
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/css/349.8d8a39d8fa64efbb0671.css Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.71.104 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash 9d904f71a4d973dac278821490969eb0a63dd97635584930bbbbec0a3e608d75 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:49 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront) cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"d5e9ad0edf5f90c0d209a111611b1fba" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9v1wP%2FsrvEhU9TRkz0SkC40OylXutahXqRr4hOKtBsJTUSR%2BQ5gjp7tFwIWJCTbZcZvV5Ycv8o4XjVoxL4H43523hqOHwSqOug64kjnT9kCOvlUL2nfY46SrM8yycpYypxW%2FzNnLjADBPv4%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7ed7a00b5cfc4dc1-FRA x-amz-cf-id IciCps4BhPP1cPD7oOylRJLeb3rFh9H-PkZAO4OvzFZvofxfiY33Hg==
GET H2	200	349.8d8a39d8fa64efbb0671.chunk.js Show response injection.amibreached.com/chunks/ Frame 62A7	16 KB 5 KB	57ms 56ms	Script application/javascript	172.67.71.104
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/chunks/349.8d8a39d8fa64efbb0671.chunk.js Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.71.104 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash a2c197367cb631f88fca96c13ec0c06d0a99bc5398d0349716bc06ce7a91e8ce Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:48 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront) cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"0e05edf25a54d46e1a8ef01ec442978b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bu3hReFwQcs6CTQQTpZBGD8q1rtVfho3pSvVKAzFXpCiVmamHX5MthtDyMhqvlpVNC2B7nJq4EmgGYfF7o5A9xBUPP5mVzv4LMXn6WDeZQ5aYl%2FbbH0QkTQQ7lRTULZMmKGoXH3fQchM4AU%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7ed7a00b5cfd4dc1-FRA x-amz-cf-id Qx3LcML4AXPOMix-9o9q_Vx7ezJNWcPAt7n6l2ao0W49rIChC8p3HA==
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/4053396/domain/blog.cyble.com/	36 B 376 B	359ms 11ms	XHR application/json	13.224.189.31
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/4053396/domain/blog.cyble.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.189.31 , United States, ASN (), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:22:40 GMT content-encoding gzip via 1.1 9568a708c8ab21597698ebe7dce6c42e.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 age 309 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=3600 x-amz-cf-id k1SZS2P_KTbHRDAPVcCNzmBZObfLT2DW3i-2JuvoH61Sn7f0VRKXvw==
GET H2	200	collect px.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1690489668649&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1690489668649&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1690489668649%26url%3Dhttps%253A%252F%252Fblog.cyble.com%252F202... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1690489668649&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&cookiesTest=true&liSync=true	0 173 B	187ms 187ms	Image application/javascript	13.107.42.14
General Check archive.org Show headers Download Go to Show image Full URL https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1690489668649&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&cookiesTest=true&liSync=true Protocol H2 Server 13.107.42.14 , United States, ASN (), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:49 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: A0F86D1620084A6F807BB680FB62711C Ref B: FRAEDGE1114 Ref C: 2023-07-27T20:27:49Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lor1 x-li-proto http/2 content-length 0 x-li-uuid AAYBfcxBqfRYEokLfAwR5A== Redirect headers strict-transport-security max-age=31536000 content-security-policy default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default x-content-type-options nosniff date Thu, 27 Jul 2023 20:27:48 GMT linkedin-action 1 x-cache CONFIG_NOCACHE content-length 0 x-li-uuid AAYBfcw+pVXRR7JS0k3SRg== pragma no-cache x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: AC2B5EB8BB8B4078847C2FC5C5321D03 Ref B: FRAEDGE1114 Ref C: 2023-07-27T20:27:49Z x-frame-options sameorigin x-li-fabric prod-lor1 location https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1690489668649&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&cookiesTest=true&liSync=true cache-control no-cache, no-store x-li-proto http/2 expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	primeicons.ttf injection.amibreached.com/assets/fonts/ Frame 62A7	56 KB 57 KB	40ms 40ms	Font binary/octet-stream	172.67.71.104
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/assets/fonts/primeicons.ttf Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.71.104 , United States, ASN (), Reverse DNS Software cloudflare / Resource Hash c1e93246e1f3ea9a11fa1a6d7c14e48a1da911f92043e2e6ef59da5ffd38f070 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:49 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 e2b54bf207e847b49c9502989bb23b48.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 6408 x-amz-cf-pop HAM50-P2 x-cache Hit from cloudfront content-length 57384 last-modified Mon, 23 May 2022 20:31:50 GMT server cloudflare etag "121254f73060bcbb53ca13258dbd134f" vary Accept-Encoding access-control-allow-methods GET content-type binary/octet-stream access-control-allow-origin https://blog.cyble.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LsO5WCEWH%2BmM4CLkKPBYDN7TLQHoQd36rhTZrrBgmLvMwAIjmYUForkL63us47LzI4cNEBmhBJZi6BylgqLSMLUjfZ8ls8kAixWAcPgA3y906HbTyECT01vlEuFhDkqMM7MWNa3QRWJgvAo%3D"}],"group":"cf-nel","max_age":604800} access-control-expose-headers x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, x-origin cache-control max-age=120 access-control-allow-credentials true access-control-max-age 3000 accept-ranges bytes cf-ray 7ed7a00ffe001987-FRA x-amz-cf-id U_YyVnaqj1dcDxqqTXzcgf-wzUebZ3TeoWKkobH9LRcc8KVvd89dJA==
GET H2	204	boom.gif pixel.wp.com/	0 37 B	7ms 7ms	Image text/plain	192.0.76.3
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.003&largest_contentful_paint=1409&batcache_hit=0&provider=wordpress.com&service=atomic&custom_properties=%7B%22devicepx%22%3A%220%22%7D&effective_connection_type=4g&rtt=0&downlink=10000&host_name=blog.cyble.com&url_path=%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&nt_fetchStart=0&nt_domainLookupStart=1&nt_domainLookupEnd=38&nt_connectStart=38&nt_connectEnd=55&nt_secureConnectionStart=45&nt_requestStart=55&nt_responseStart=261&nt_responseEnd=364&nt_domLoading=264&nt_domInteractive=1640&nt_domContentLoadedEventStart=1643&nt_domContentLoadedEventEnd=1650&nt_domComplete=2835&nt_loadEventStart=2835&nt_loadEventEnd=2860&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=1291&first_contentful_paint=1291&resource_size=3617297&resource_transferred=1447978&js_size=619843&js_transferred=177251&resource_cache_percent=0&js_cache_percent=0&last_resource_end=4440 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN (), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers access-control-allow-origin * date Thu, 27 Jul 2023 20:27:51 GMT cache-control no-cache server nginx
GET H2	200	__ptq.gif track.hubspot.com/	45 B 868 B	143ms 142ms	Image image/gif	104.19.154.83
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=cee71856-29e8-471c-8003-80db9e58e8dc&lfi=5011554&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=600004306&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F05%2F10%2Funraveling-akira-ransomware%2F&t=Cyble+%E2%80%94+Unraveling+Akira+Ransomware&cts=1690489675363&vi=bb25542215544747b37dd2540fc3e754&nc=true&u=27441379.bb25542215544747b37dd2540fc3e754.1690489668164.1690489668164.1690489668164.1&b=27441379.1.1690489668164&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.154.83 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 27 Jul 2023 20:27:55 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id b64fe026-8410-479a-9b88-53d9d7b667e6 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 10 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b64fe026-8410-479a-9b88-53d9d7b667e6 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dHRl%2BC888iD8GFyhaP2svsmeV%2FZZMt1WSkZJIUDLKhb1VxCZbfPAz9BSxF%2Bv%2FH1KiM0Em3v1OZcGl7Hs34KZvbDvLmIFRWVUPtP3LVaPtg2ecpzj6LRzOuZoDEnbO1A5mRa%2F"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-8bmqp x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7ed7a0371e4e9253-FRA x-robots-tag none