labs.cyble.com Open in urlscan Pro
2606:2c40::c73c:671e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://labs.cyble.com/q3-2023-ransomware-report
Submission: On October 16 via api (October 16th 2023, 2:10:14 am UTC) from TR — Scanned from DE

Summary HTTP 55 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 15 IPs in 2 countries across 11 domains to perform 55 HTTP transactions. The main IP is 2606:2c40::c73c:671e, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is labs.cyble.com.
TLS certificate: Issued by GTS CA 1P5 on September 16th 2023. Valid for: 3 months.

This is the only time labs.cyble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	2606:2c40::c7... 2606:2c40::c73c:671e	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	2606:4700::68... 2606:4700::6810:6ed1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:e05d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:c07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:b07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:4fba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7c0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:faa8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:eff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
55	15

14 2606:2c40::c73c:671e (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

labs.cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:6ed1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:e05d (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:c07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:b07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4fba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7c0c (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:faa8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eff9 (United States)

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	gstatic.com www.gstatic.com fonts.gstatic.com	679 KB
14	cyble.com labs.cyble.com	417 KB
7	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 6214 js.hubspot.com — Cisco Umbrella Rank: 7018 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 6556 track.hubspot.com — Cisco Umbrella Rank: 2658 forms.hubspot.com — Cisco Umbrella Rank: 5406	27 KB
6	google.com www.google.com — Cisco Umbrella Rank: 2	113 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2528	199 KB
3	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4956 forms-na1.hsforms.com — Cisco Umbrella Rank: 7966 perf-na1.hsforms.com — Cisco Umbrella Rank: 7501	3 KB
3	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 9766	7 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5287	22 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5142	86 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2519	21 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 6516	6 KB
55	11

	Domain	Requested by
14	labs.cyble.com	labs.cyble.com js.usemessages.com
9	www.gstatic.com	www.google.com www.gstatic.com
6	www.google.com	labs.cyble.com www.gstatic.com www.google.com
5	fonts.gstatic.com	www.google.com labs.cyble.com
4	js.hs-banner.com	labs.cyble.com js.hs-banner.com
3	track.hubspot.com
3	cdn2.hubspot.net	labs.cyble.com
1	forms.hubspot.com	js.hsleadflows.net
1	perf-na1.hsforms.com	labs.cyble.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	js.usemessages.com	labs.cyble.com
1	js.hsleadflows.net	labs.cyble.com
1	js.hubspot.com	labs.cyble.com
1	js.hs-analytics.net	labs.cyble.com
1	forms-na1.hsforms.com	labs.cyble.com
1	forms.hsforms.com	labs.cyble.com
1	app.hubspot.com	labs.cyble.com
1	static.hsappstatic.net	labs.cyble.com
55	18

This site contains links to these domains. Also see Links.

Domain
cyble.com
getodin.com
thecyberexpress.com
blog.cyble.com
resources.cyble.com
partnernetwork.cyble.com
partnercentral.cyble.com
issuu.com
www.facebook.com
www.linkedin.com
www.twitter.com

Subject Issuer	Validity	Valid
labs.cyble.com GTS CA 1P5	`2023-09-16` - `2023-12-15`	3 months	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-18` - `2024-05-17`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://labs.cyble.com/q3-2023-ransomware-report
Frame ID: DFAC2021EC2F951F1782E29CFC205DE6
Requests: 36 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9sYWJzLmN5YmxlLmNvbTo0NDM.&hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&size=invisible&badge=inline&cb=n8hpe3jjy2f0
Frame ID: 5285AC498A94DBA3EE271BD8C86F5341
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: E326538EC8E19507F8B8623A9C828162
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cyble Q3 Ransomware Threat Landscape Report 2023Follow us on FacebookFollow us on LinkedInFollow us on TwitterShare

Detected technologies

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Page Statistics

55
Requests

100 %
HTTPS

100 %
IPv6

11
Domains

18
Subdomains

15
IPs

2
Countries

1581 kB
Transfer

3636 kB
Size

4
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://cyble.com/?hsLang=en
Title: Home

Search URL Search Domain Scan URL

URL: https://cyble.com/products/cyble-vision?hsLang=en
Title: Cyble Vision

Search URL Search Domain Scan URL

URL: https://getodin.com/
Title: Cyble Odin(beta)

Search URL Search Domain Scan URL

URL: https://cyble.com/products/amibreached?hsLang=en
Title: AmIBreached

Search URL Search Domain Scan URL

URL: https://cyble.com/products/cyble-hawk?hsLang=en
Title: Cyble Hawk (LEA, Govt.)

Search URL Search Domain Scan URL

URL: https://thecyberexpress.com/
Title: The Cyber Express

Search URL Search Domain Scan URL

URL: https://cyble.com/solutions/dark-web-monitoring?hsLang=en
Title: Darkweb & Deepweb

Search URL Search Domain Scan URL

URL: https://cyble.com/solutions/attack-surface-management?hsLang=en
Title: Attack Surface Management

Search URL Search Domain Scan URL

URL: https://cyble.com/solutions/brand-protection?hsLang=en
Title: Brand Intelligence

Search URL Search Domain Scan URL

URL: https://cyble.com/solutions/cyber-threat-intelligence?hsLang=en
Title: Cyber Threat Intelligence

Search URL Search Domain Scan URL

URL: https://cyble.com/solutions/cve-vulnerability-management?hsLang=en
Title: Vulnerability Management

Search URL Search Domain Scan URL

URL: https://cyble.com/solutions/takedown-services?hsLang=en
Title: Takedown & Disruption

Search URL Search Domain Scan URL

URL: https://blog.cyble.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://cyble.com/resources/case-studies?hsLang=en
Title: Case Studies

Search URL Search Domain Scan URL

URL: https://cyble.com/resources/research-reports?hsLang=en
Title: Research Reports

Search URL Search Domain Scan URL

URL: https://cyble.com/resources/whitepapers?hsLang=en
Title: Whitepapers

Search URL Search Domain Scan URL

URL: https://cyble.com/resources/sama-compliance?hsLang=en
Title: SAMA Compliance

Search URL Search Domain Scan URL

URL: https://resources.cyble.com/
Title: Guides and Tips

Search URL Search Domain Scan URL

URL: https://partnernetwork.cyble.com/
Title: Partner Program Overview

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/login
Title: Existing Partner Login

Search URL Search Domain Scan URL

URL: https://cyble.com/partner-apply?hsLang=en
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://cyble.com/request-demo?hsLang=en
Title: REQUEST A DEMO

Search URL Search Domain Scan URL

URL: https://issuu.com/thecyberexpressbycyble/docs/q3-2023_ransomware_report_preview
Title: Preview

Search URL Search Domain Scan URL

URL: https://www.facebook.com/
Title: Follow us on Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/
Title: Follow us on LinkedIn

Search URL Search Domain Scan URL

URL: https://www.twitter.com/
Title: Follow us on Twitter

Search URL Search Domain Scan URL

URL: https://cyble.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

55 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request q3-2023-ransomware-report Show response
labs.cyble.com/ 53 KB
12 KB 142ms
67ms Document
text/html 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

52b87b6fd4619f19ff032c87c5cdee4e570259b6a08eae03ccb025f519ac1c38

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 816cc384cd2865ce-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 16 Oct 2023 02:10:08 GMT
edge-cache-tag: CT-137764383561,P-21289959,CW-100868428434,PGS-ALL,SW-0,GC-100375887270,GC-79460441944,TS-79811457458
etag: W/"13544266efa36706706bd94056b706a2"
last-modified: Sat, 14 Oct 2023 01:22:32 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2eWO%2By9WdsGmSu2tbBFYJLJkO8cfgpHk9SaC1xs2LE1sbQ7VJtycpuQniBEe21P0D%2F5924mGAPml4C%2FRML9MuQyNNVEQa%2FjvjB5myf77FkV6f5wo37JnGpakseyvrpslJPcoJ0%2Bw0RhIy6RA"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-campaign-id: daefd824-13a2-4efc-bc10-7bea5ccd4a2e
x-hs-content-id: 137764383561
x-hs-https-only: worker
x-hs-hub-id: 21289959
x-hs-prerendered: Sat, 14 Oct 2023 01:22:32 GMT

GET
H2 200 index.js Show response
labs.cyble.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 35ms
33ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 5cb605e8100138acccc04f094724133e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 8463102
x-amz-cf-pop: CDG52-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2BKInTJgcrbENtk%2BzjYxD4iDo03JuGa4Wn%2Fcpx%2BGfVgNtx2QdvMDTDRyhN%2FxKhVXbAi4BBcskKL9kAanDiFBugCzpKaXVCItyNBTphd0Anc7ILg6wJ2AxBoYzRLylw01D%2Fgyi5bHtAwd193X"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 816cc3853d4c65ce-FRA
x-amz-cf-id: 1HpAFXqvL-enGli7aFtbEYFS9QYd6YvOX2Rnrw2xQ2piSsJZzYKgAg==
expires: Tue, 15 Oct 2024 02:10:08 GMT

GET
H2 200 project.js Show response
labs.cyble.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 36ms
35ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 808945
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BGQmpo0zHUK9BVNN7NiWHiyKC9ekYCMKDR6yNVBtz81f6GhbE1036c3Eo0MGOzA9wmcmUP8MFm5BsTxExortQ6ZIpOAd0UMlemSAMA%2BGx01f6ckmEdf0l8YTL9c8R4pdHmMFKJHLXIMd2Z%2Fi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 816cc3853d4d65ce-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Tue, 15 Oct 2024 02:10:08 GMT

GET
H2 200 v2.js Show response
labs.cyble.com/_hcms/forms/ 563 KB
186 KB 35ms
35ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

279817a125934c4629aa278564e64fca0dcb0fdc45f38739e38c9cab297d2a92

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 18
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3938/bundles/project-v2.js&cfRay=816cc313825765c1-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"df4d197f9648d27915af7ec01a018b73"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3938/bundles/project-v2.js
date: Mon, 16 Oct 2023 02:10:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c77abdf1c625c25627fe2a24e660a34.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: pLPYW3H2ND7V2jGLhGJ4mCejj6Xammwx
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 39c15b46-f6c9-4048-a6f3-16f77d4c6ee0
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 39c15b46-f6c9-4048-a6f3-16f77d4c6ee0
last-modified: Thu, 12 Oct 2023 03:05:49 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zltQwZKhWS1U3K7a375BifivUJ3G9TLVS9ANrUyDDz%2Bj4TPrAtfSuR4yTQ4hQMBW3Qaoxx%2FwggRLw10YWrqRVCpwSNV33zYFUWFKayxLOuKvn50fsybjMUkg19jIqEVD4AEDvYMWDbJp3KXw"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-bnhh6
cf-ray: 816cc3853d4e65ce-FRA
x-amz-cf-id: ypOESXYyfF9RVt9Fp-a7lHByS8kS5k_707IKS3Cc75Wr4h6A1622gg==

GET
H2 200 main.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1697222635041/hubspot/session/css/ 16 KB
4 KB 61ms
24ms Stylesheet
text/css 2606:4700::6810:6ed1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1697222635041/hubspot/session/css/main.min.css
Requested by: Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6ed1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48e96257807abd6337cae06f2c9d920eb5845610fc80b63f578299abbef87193

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-encoding: br
age: 199315
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"6d4bc52d462932903e37dabcdfb33b48"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1697222635889
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 16 Oct 2023 02:10:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 3ba5046b-fa07-4349-815b-6baa0de96772
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 151
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3ba5046b-fa07-4349-815b-6baa0de96772
last-modified: Fri, 13 Oct 2023 18:43:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c56YaI%2BNNJvHXWlW6N8cgL3VIKZI5D2aPhlO9p%2BQEdo1i4KDpy7jxuZyk7JG6z9YBxX88n65RIU2c3QFDOFtT6Ro4ulpGTdFHTCfdi6KaqJ0FCTDqSr0FGwr2P0yqPD8m6OS%2BgvV5EDY6sJKMtE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 816cc3857c613642-FRA

GET
H2 200 module_100868428434_CYB-headerModule.min.css
labs.cyble.com/hs-fs/hub/21289959/hub_generated/module_assets/100868428434/1688985642259/ 5 KB
2 KB 137ms
136ms Stylesheet
text/css 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/hs-fs/hub/21289959/hub_generated/module_assets/100868428434/1688985642259/module_100868428434_CYB-headerModule.min.css

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc5265b338a0b399b621fd1f88944205240e2e88eab29bf686fffc4b4716f9d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 2584XTXTCS4QDT8T
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"f894e71507b3f878f2015f0f94351002"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1688985642259
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 16 Oct 2023 02:10:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 d2e1e0faea045dae6d3b3de4549846ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Ak2EEI2TiSiS_WVoDk66mVfUNEipgFLO
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: d9a85a8c-e0e3-461d-9afd-19e054f2b664
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 139
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 5llhrLLcRo3zIiEE6R6JcPdr638G/LfKfvhtDqCu+ctAFz2a6u5YC8DOIqR1LEA3PwRzzevuaQM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: d9a85a8c-e0e3-461d-9afd-19e054f2b664
last-modified: Mon, 10 Jul 2023 10:40:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qB8VR%2FKJUv3lFNsks9zjH8NkGhsGpy0m1V%2BUXXG%2BxwWCQ3JeTE%2B%2FT16Jb5Yx4Cl0vFy0dRbbMDy1IWsowY5Qv%2F1T5BtshwUQiQ9c9pHv7TkPe%2B0gerYOQgI%2FOX5K%2FUyBzWSEl38lCZbYMSO8"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-fhfns
access-control-allow-credentials: false
cf-ray: 816cc3853d4f65ce-FRA
x-amz-cf-id: xc8pQIlrF_6eU8R0_RNNW08gG5Cl3pp2BVbxTq4WIKtRJb3Lj5es8A==

GET
H2 200 module_-25202478153_Social_follow.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-25202478153/1697222648177/ 459 B
1 KB 59ms
23ms Stylesheet
text/css 2606:4700::6810:6ed1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-25202478153/1697222648177/module_-25202478153_Social_follow.min.css
Requested by: Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6ed1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db4e4967787fc6c9881f25d2ba38ae05efb92c04cc9b5398434f6ff8d0d1cbb0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-encoding: br
age: 198522
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"cf49039ec9fd99bef19ea0c926c9328e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1697222648177
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 16 Oct 2023 02:10:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 637ec804-f572-48ee-8a70-add44736a456
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 178
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 637ec804-f572-48ee-8a70-add44736a456
last-modified: Fri, 13 Oct 2023 18:44:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G9CFAQn7OryfeOnEHoSO8McHjYR5OGwiYqClAjl7RC7w54evjGADWMAl9wXUjffVIm8q%2BhQ8Fpm9Gqofx0olWJU7bXnrTpDFdgvamYmgeUIneq4H48FIHcWfrOSdAUlnK09xM%2B4%2FB9xaCgh5hBs%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 816cc3857c633642-FRA

GET
H2 200 menu-bar.png
labs.cyble.com/hubfs/ 1004 B
2 KB 39ms
38ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.cyble.com/hubfs/menu-bar.png

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9288feaa511ecdf49dcc958a3452852f73bc8d24016f21ee627aa0db8efffdc8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-107185494103,P-21289959,FLS-ALL
age: 317415
x-amz-request-id: BQYT8Q4X9ESTHG1H
x-amz-server-side-encryption: AES256
edge-cache-tag: F-107185494103,P-21289959,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="menu-bar.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "20d4c97b1ae3020e8f0a48f31dbc9ba1"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1679307832377
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 16 Oct 2023 02:10:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 4a95385e61c9df8f5f8de6338a3fe59a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: UUIj9BS7p6BQFwtP.huO_YYWu7Oz6uYW
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2681
x-cache: Miss from cloudfront
cache-tag: F-107185494103,P-21289959,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 1004
x-amz-id-2: HvK2fmvwxf0b3uRJOappwcQCI6HccJa/GGo/SSS9TcvnZdqtBxEsyQsCkQCyTq068Ub7FZaoUKk=
last-modified: Mon, 20 Mar 2023 10:23:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0aRzjfiZ1%2FdN0asIO0mErrPq4qNtt0LP%2FxM7QNa%2BoNBiTSiWulMeZnUVwibXvzOCbuAMP8IdO2f4FltF8%2FI5SqXJhR4yfZA8XIwdyRRHyOfUTgO%2BVxi6MlL61lKsc6g73mmw%2BGZWCS5IGdGV"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 816cc3853d5065ce-FRA
x-amz-cf-id: 0ejAf8n-rfU4B57-9-ASmTMZwsAYtQviAzlf3K-jXj4Fj__UCZ_nTw==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 36ms
17ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:08 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 3a3c1dcacd115187f53f40028ae4bd24.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P2
age: 388614
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l4SmLbWRSR1u8qftsi4c%2BtLVhRwVYeXRC1%2B75MRkFfG3obhguURs4aWED4JvL8X6ZA6jJB6KYZp8MM3G1VhV%2BbuFlW2M8nCknb46Lubu7DoTJYv2gG6XHBGEMDxxNcuCWavEk%2BlQcHSABzPqW9vuLKBiEis%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 816cc385c8215b62-FRA
x-amz-cf-id: Ed7ZRu4tO-VeXAZz6WACFIM7vle7A2PQoVVBfoI-sl9Mb2i-jr7nTw==
expires: Tue, 15 Oct 2024 02:10:08 GMT

GET
H2 200 main.min.js Show response
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1697222646703/hubspot/session/js/ 1 KB
1 KB 61ms
26ms Script
application/javascript 2606:4700::6810:6ed1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1697222646703/hubspot/session/js/main.min.js
Requested by: Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6ed1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c9fb70781e2fd3a1cbea04dbb74ad75cea3cd1f84d8e360aaa034ff948ef61e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-encoding: br
age: 199315
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"2f3f978c20cdf6b716aed3e498d3fc62"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1697222646845
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 16 Oct 2023 02:10:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 4bfe5fb7-24cc-4783-ad26-78aff9745fa7
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 153
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4bfe5fb7-24cc-4783-ad26-78aff9745fa7
last-modified: Fri, 13 Oct 2023 18:44:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DzEnsgyWuirAVzViLSaLs0WxC0lJyG4LsH7jHpmQQlmExC4BVI%2FdIa1SEH7mQ%2F8xr7LEyzRqQz6QDij%2FQPGBAeb2FfV3LTvFernRMQjkvYVn3S4pl93NPnpyEfSAkPdk%2FZnlqox7HhrXgso2UCk%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray: 816cc3857c653642-FRA

GET
H3 200 21289959.js Show response
labs.cyble.com/hs/scriptloader/ 2 KB
1 KB 423ms
423ms Script
application/javascript 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/hs/scriptloader/21289959.js

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3176c28d27fa4adfaf692b81dcb9ee4edcac59ce1a9566fb7d42d69256aca50f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:09 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0a27f38a-f13b-4164-831d-90fffbfbc637
content-encoding: br
x-envoy-upstream-service-time: 9
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0a27f38a-f13b-4164-831d-90fffbfbc637
last-modified: Mon, 16 Oct 2023 02:08:34 GMT
server: cloudflare
x-trace: 2BF2A7673E75585795CDE1C40F34603ACF19F1F179000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://labs.cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5b5c96c966-fjg5s
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d4e2x%2FTiN1nSijDqF7gEUK4CPbcN4Hnb%2FOnbm5MFMuKuinKMeOtBGE4BmpuKRLvsG9RWw1r1ItAOiS0FzTZvriMKr1v58Ov1UlVxYDLPFGX33nFF3VHhTK5rLY9BdolxCFMxIPtvlnuCB2Ez"}],"group":"cf-nel","max_age":604800}
cf-ray: 816cc385e8663632-FRA
expires: Mon, 16 Oct 2023 02:11:09 GMT

GET
H3 200 bg-image.jpg
labs.cyble.com/hubfs/ 86 KB
87 KB 33ms
33ms Image
image/jpeg 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.cyble.com/hubfs/bg-image.jpg

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

091e161ccb19a452f85a48c09dec8f0cabe44af562941e7772cd940938025f93

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-139804765706,P-21289959,FLS-ALL
age: 68648
x-amz-request-id: XDZ0PWAVPPVX5TRS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-139804765706,P-21289959,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "735e695b8423f123c62a107b24e7d31e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1697082055022
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 16 Oct 2023 02:10:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 099a327961f82798658bf21aa210d4a0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: DTd21tYbASfepELdpjH8db9tJeaMcw_d
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: degrade=85, origSize=133466, status=webp_bigger
x-cache: Miss from cloudfront
cache-tag: F-139804765706,P-21289959,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 87588
x-amz-id-2: GG/i/YnKjSdfqZHN4GG1oXCfbKrzjsmPhpfVPRmbJ1cxij8f0WNbHC2q3sD/Qxi9qFtn3UhXZ80=
last-modified: Thu, 12 Oct 2023 03:40:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ACgSO9V7nwt%2FavuZCXjrMee5QYUPMf6C7hXa6UN17ZC9VR9rty7em9d8dh5AgxqM%2FlbRG%2FynOAqJwpN%2Fmv0SvPwC9R02khqMMyQZlHlrlT6STB3TlPrY6rAK8ZvIptrDySHSnJy6SK1Qnc3z"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 816cc386488e3632-FRA
x-amz-cf-id: GafjNBD6BGEHLZ3tFlib0l8UB0qqMQPAuNuUxRqpKm65Ndvvn1arAQ==

GET
H3 200 900.woff2
labs.cyble.com/_hcms/googlefonts/Nunito_Sans/ 35 KB
36 KB 902ms
901ms Font
font/woff2 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/_hcms/googlefonts/Nunito_Sans/900.woff2

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

636c8043c0ceea00700ae11bc14d6b1412a8a619d6de6f52d8290254085297d5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://labs.cyble.com/q3-2023-ransomware-report
Origin: https://labs.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

expires: Mon, 30 Oct 2023 02:10:09 GMT
date: Mon, 16 Oct 2023 02:10:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: FRA56-P7
x-amz-request-id: XDGE8224TC6A7FTH
x-amz-server-side-encryption: AES256
x-amz-version-id: vBJl2Ogdk0cdY1bslrPiXkoocmYgPe0h
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 36096
x-amz-id-2: +TkWj115HFIR5pc7AosKSQvemBpnnHnAhMqDiV/BqyGYp2rpK9mZtQk7ta6FkMa5UHK4SHYK+X0=
last-modified: Tue, 12 Sep 2023 21:22:56 GMT
server: cloudflare
etag: "02a7863d3c0ba6efd0b130c3a42f80ef"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fs%2BKE5uT2w4UVeoFiyym695LZc5%2FvM%2FkmhSCY%2BTkpjkx%2BinPgfdBs3LgR%2FjftWKheqiLJHjWCkhQlQ85zess47b9sL%2Bc2lxjeUpjd9DWTl%2BN8JdVsEZgF8xO%2BoPtPFeDUvvg4OrdI%2Ffjoa8q"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 816cc38648913632-FRA
x-amz-cf-id: 3lpmasy9bf-SinCVvPaNiz61oBK0ycKdlzmUdNJRgVDi_2obxc445w==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 800.woff2
labs.cyble.com/_hcms/googlefonts/Nunito_Sans/ 35 KB
36 KB 874ms
873ms Font
font/woff2 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/_hcms/googlefonts/Nunito_Sans/800.woff2

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fdf62b7a40e52d0bc3228ae48f26ee3c6da5fc94c46f4e1ff26c68422c44347

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://labs.cyble.com/q3-2023-ransomware-report
Origin: https://labs.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

expires: Mon, 30 Oct 2023 02:10:09 GMT
date: Mon, 16 Oct 2023 02:10:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 ca339b9e98820e424be1609317fd0314.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: FRA56-P7
x-amz-request-id: YACGZXDP970DVSSZ
x-amz-server-side-encryption: AES256
x-amz-version-id: mobmwledOPkeAkMxxvT4lDEsovPvW4Rf
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 35888
x-amz-id-2: Xv/I745exqSGR5N2s8tMkjIzkd4ZfugGChlV6/0ERnQrqQDnYIweVMaohZNEGHAPVv8JN3CbDCk=
last-modified: Tue, 12 Sep 2023 21:22:50 GMT
server: cloudflare
etag: "b24f5136c9157df7aebc8fa3c1589efd"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YpKZD6J4O1RTvgZPFgXxYUVQT8y3NE0UBmD9q4teSHY1InVyBB4w8zaOjNLPhhCg0SpnrBjXOkPBdNzemueltbG8k1wpqDAkvaEjGgvIpZlteRPnEgIeWxLz%2FMUpbS5rWBHtiQGWy2p4Skz9"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 816cc38648923632-FRA
x-amz-cf-id: CAHi83f7ZdI-_jLD47N47eVrBTGXcPZdPes0knh9ZrHUOmh4B5VKqA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 regular.woff2
labs.cyble.com/_hcms/googlefonts/Nunito_Sans/ 35 KB
36 KB 838ms
838ms Font
font/woff2 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/_hcms/googlefonts/Nunito_Sans/regular.woff2

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

30c9d985f1c79c6540bb8fc727e4bbd4ab87b8bcb4a19da59dd9c15db2bf00d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://labs.cyble.com/q3-2023-ransomware-report
Origin: https://labs.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

expires: Mon, 30 Oct 2023 02:10:09 GMT
date: Mon, 16 Oct 2023 02:10:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 099a327961f82798658bf21aa210d4a0.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: FRA56-P7
x-amz-request-id: X1HHAE4CBHB3H9HA
x-amz-server-side-encryption: AES256
x-amz-version-id: kavfBS1Y0UuyaUfkpYMDRF3Ino.M2lq0
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 35636
x-amz-id-2: +VN9p0jwgfPI+GLRE8u3d7zN98mPl6ITk7KXyEsF2ho0tH8FCW9yXZJig1b4EqsWuCKGhjm53a8=
last-modified: Tue, 12 Sep 2023 21:22:58 GMT
server: cloudflare
etag: "f334ad016f38ad7436ed757c63e83cbd"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QAp6fuhYXDwn4ub6hQDDksWHbVGc9ZDkUl2XSEc5pA8ZGPY3Vn%2B6F%2F%2FLrJTifh%2BhPi3X7OizeGjrTt4BQDNhHoHdzTT1g6Gd72CHxY6G4I25R09QtlBOYsfj1AJyXOYsaonSXCRAL%2BDmzVzv"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 816cc38648933632-FRA
x-amz-cf-id: agIJNW-qdJaUb55X5QJkeXk4BSWlhzZVMosN6jx5p7-ioOh61AdDKw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 cyble-black-logo.png
labs.cyble.com/hubfs/ 3 KB
4 KB 45ms
44ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.cyble.com/hubfs/cyble-black-logo.png

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a930e15514e09df85ea324c56f2a08ef3b1790be6b2bbf521b7d8d05fa0c8abe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-82853552823,P-21289959,FLS-ALL
age: 68649
x-amz-request-id: C0N63MRXPKGB6ZKX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-82853552823,P-21289959,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="cyble-black-logo.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "e0297631574467339d79e2d64eabf380"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1661321993748
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 16 Oct 2023 02:10:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 9b7b71910b45e646f6476bbd270127a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2OJGpxdJjyYqTFQBsFZV1JnAgOImzIOO
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=3755
x-cache: Miss from cloudfront
cache-tag: F-82853552823,P-21289959,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2920
x-amz-id-2: h9mNI7+SeAHTy7x5vMJYZwxXU6QobzO0zmmQKhOTzZ9xJlqtgrw7Jy6A3WCYwxfak8YWHz7Eqew=
last-modified: Wed, 24 Aug 2022 06:19:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OR8CjBX2GU%2FZGomXREKifPaEQTefodPi%2FLXqJ6pGgFVpomIiabG%2BFeguvqAW3o77I5DKA3j4VsSTnArGYBD3PEMeAZkmQUFR8TRH9vrEyGBk3MOOwyALjlTWf2UslvMwRqUyXAWrV5VrPwc8"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 816cc386589b3632-FRA
x-amz-cf-id: TiUWKbjeT-OnuzP7nnypMEo926xCFmrEcRWQoojgmWwpGbu-Ttcy7g==

GET
H3 200 json Show response
labs.cyble.com/_hcms/forms/embed/v3/form/21289959/3c19e9f5-611b-4b92-96fb-9aa6384667d8/ 42 KB
8 KB 156ms
155ms XHR
application/json 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/_hcms/forms/embed/v3/form/21289959/3c19e9f5-611b-4b92-96fb-9aa6384667d8/json?hs_static_app=forms-embed&hs_static_app_version=1.3938&X-HubSpot-Static-App-Info=forms-embed-1.3938

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ba46eb870e16985dda3029683155bed470a7300e9f2ca4b813f55a39af7a93d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://labs.cyble.com/q3-2023-ransomware-report
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 16 Oct 2023 02:10:09 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 990cd544-cbe6-41f9-976d-565c992b71cc
content-encoding: br
x-envoy-upstream-service-time: 23
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 990cd544-cbe6-41f9-976d-565c992b71cc
server: cloudflare
x-trace: 2B1ED771E9BFC6F8D04FEFD20FBF68B4FCE43203F2000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-rwf2n
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FSH5JyzTJr25%2BrabImEcxztF7%2Fg%2BUcCa%2FOosBXD3u6B2U3PWVL2GQFSGNSQFxBHr7ydOIBFspZv9ppmsOkMquYMPFw84u3c%2Bg5l3RiGhLADNbKSjmsTEFlSSSV0Z7SQN7aEgwFW1zYmDu6ai"}],"group":"cf-nel","max_age":604800}
cf-ray: 816cc38658a33632-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
979 B 482ms
446ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=21289959&callback=jsonpHandler

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ec169221-be5d-4f4e-b9cb-c501fa0d3374
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=816cc386a93f2be0&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: ec169221-be5d-4f4e-b9cb-c501fa0d3374
server: cloudflare
x-trace: 2B89DF45BD57A941D2FEA10C22407BDAB560865F39000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-g8f86
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 816cc386a93f2be0-FRA

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1015 B 150ms
131ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Mon, 16 Oct 2023 02:10:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: e10379e3-8d1b-42b5-89d0-a2cdda9e416f
x-envoy-upstream-service-time: 4
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e10379e3-8d1b-42b5-89d0-a2cdda9e416f
Server: cloudflare
X-Trace: 2BAC9A7EB96681A6B323A4771AE3EA6CA901AD851B000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-jt4pd
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 816cc3878cd6918f-FRA

GET
H2 200 enterprise.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 97ms
62ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_2b09e260_d92a_43cd_a91f_fc6623b534e9&render=explicit&hl=en

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4b905dc591514852cf26e00d0e25d1e9e7497a72e9e632899aa5f51f1104c817

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 16 Oct 2023 02:10:09 GMT

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1015 B 153ms
119ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Mon, 16 Oct 2023 02:10:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 06cc849e-98eb-4138-a036-e0b364695113
x-envoy-upstream-service-time: 5
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 06cc849e-98eb-4138-a036-e0b364695113
Server: cloudflare
X-Trace: 2BE2E049755E2FF810A4A6AA08C6329F5FCF590931000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-jt4pd
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 816cc387dd522c5b-FRA

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/ 460 KB
184 KB 62ms
13ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_2b09e260_d92a_43cd_a91f_fc6623b534e9&render=explicit&hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c662a9036d1fd054a03bd683564761866f27663c4607aaa2b1ff417d17c512f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.cyble.com/q3-2023-ransomware-report
Origin: https://labs.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sun, 15 Oct 2023 10:27:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56586
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187844
x-xss-protection: 0
last-modified: Mon, 09 Oct 2023 02:01:40 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 14 Oct 2024 10:27:03 GMT

GET
H2 200 21289959.js Show response
js.hs-analytics.net/analytics/1697422200000/ 66 KB
21 KB 206ms
185ms Script
text/javascript 2606:4700::6810:4fba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1697422200000/21289959.js
Requested by: Host: labs.cyble.com
URL: https://labs.cyble.com/hs/scriptloader/21289959.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4fba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81ca4e463dd4fdddc4c6472a1268e8a0b667ea8486185a3881a9feef60955de2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:09 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 8K8AZFM16Y6NB55C
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: e5bea31e-16a6-41c3-9d7d-5ebcadd5ebd9
x-envoy-upstream-service-time: 70
x-amz-id-2: jOrwSy49dyZqm48h/+G6z/AHu159JOTnhG2zbxnL4jHiE1sl727HaJGvRf4U9VEBgZtE2zcphExP5Xv86mYaZQ==
x-evy-trace-listener: listener_https
x-request-id: e5bea31e-16a6-41c3-9d7d-5ebcadd5ebd9
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 12 Oct 2023 15:43:15 GMT
server: cloudflare
etag: W/"2d34d59f26046c98a2041f267a2209cf"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-jgkmt
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 816cc388bdb22bd9-FRA
expires: Mon, 16 Oct 2023 02:15:09 GMT

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 75 KB
23 KB 141ms
121ms Script
application/javascript 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/hs/scriptloader/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acabd35f2b1e9987602b0dd006d22beaaf59d64d55aa0b1182953f605b4aedca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.cyble.com/q3-2023-ransomware-report
Origin: https://labs.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.603/bundles/project.js&cfRay=816cc388b8b2698f-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"05df44f442894aeff6db4cae78774575"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.603/bundles/project.js
date: Mon, 16 Oct 2023 02:10:09 GMT
x-amz-version-id: CUHT59SEc6aYYLtp23JCKXXA_T1K86mL
via: 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 08fc47a6-f62e-4c85-b3b8-30a4fc26e29d
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 10
x-evy-trace-route-configuration: listener_https/all
x-request-id: 08fc47a6-f62e-4c85-b3b8-30a4fc26e29d
last-modified: Thu, 12 Oct 2023 02:04:49 UTC
server: cloudflare
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TRgeWqSDIFtBuW79t5%2BxeUc2N7Xiw%2FeZPW7lLth%2Fb8uA1og%2F2hItj%2FrGmeShxkDFN%2BGNecI%2FBzMp5xTPpX2f7kbuX57ZqamkGdxkWvXWKimPlsGvggcUojTTEIgSupDh%2B5i8cIwDbld5ovCB"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-mqbv2
cf-ray: 816cc388b8b2698f-FRA
x-amz-cf-id: GmLLAP2pBvRNRkMqwJ3V5ZOYHqn5scVbX3cR3BHsUCKwiKZ-q1pKxg==

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 540 KB
86 KB 165ms
142ms Script
application/javascript 2606:4700::6812:7c0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/hs/scriptloader/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7c0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.cyble.com/q3-2023-ransomware-report
Origin: https://labs.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js&cfRay=816cc388bce42c37-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b41828c438dcec976b93ddee1edebd6d"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js
date: Mon, 16 Oct 2023 02:10:09 GMT
x-amz-version-id: w9qtR_oGTBab1H9Wt5L5qiHDqxRKIaLE
via: 1.1 c13d71f8919c23db6bbd1c08a4dfb350.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: MISS
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: b0822de3-ef4b-4750-bf4c-b14f105e39bf
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 10
x-evy-trace-route-configuration: listener_https/all
x-request-id: b0822de3-ef4b-4750-bf4c-b14f105e39bf
last-modified: Mon, 04 Sep 2023 12:55:59 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-hgw6b
cf-ray: 816cc388bce42c37-FRA
x-amz-cf-id: fNYFSP3XEu8DZC5ER0FiUDvxSXGYAWDR0EWPHDN84iKTLZcn1juPrA==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/21289959/ 67 KB
20 KB 406ms
384ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/21289959/banner.js
Requested by: Host: labs.cyble.com
URL: https://labs.cyble.com/hs/scriptloader/21289959.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc992ac697275fb26c1638c176cee54c1aebae3ee2be24974ed0d6ec73ce34f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:09 GMT
x-amz-version-id: DQiemF3tmvdiDI8Q4FbXc4Is0Sk.lRpy
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 37K862RYEKH0WG71
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 29de5530-6ed9-4e76-a3c4-6191bbbfdbe0
x-envoy-upstream-service-time: 24
x-amz-id-2: R2N+gD1oOZecnj/6+7v+VU4zbMgGCA0HvCUkS7kBvdExC5EjueksKTvvXMAt57CW/CBd7yJyLN0=
x-evy-trace-listener: listener_https
x-request-id: 29de5530-6ed9-4e76-a3c4-6191bbbfdbe0
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 26 Sep 2023 21:58:23 GMT
server: cloudflare
etag: W/"41a0fc192fcdeba78bb36b60f0a347cd"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-c5f7fd779-p9pnv
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 816cc388b91f68f5-FRA
expires: Mon, 16 Oct 2023 02:15:09 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 76 KB
22 KB 56ms
18ms Script
application/javascript 2606:4700::6811:faa8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/hs/scriptloader/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:faa8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10e7b81bac41ad0da1d3f4a3498669f984e84db9d54eedf10e8e7d5b059c5d08

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:09 GMT
x-amz-version-id: q7mMdyrgJRb2V1PNW0MT.lJmDYHWhi5r
via: 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 407
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.14392/bundles/project.js&cfRay=816cb99928c15d51-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: b165e1b9-4a06-44af-ab50-136527cd0fd0
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b165e1b9-4a06-44af-ab50-136527cd0fd0
last-modified: Tue, 10 Oct 2023 02:47:57 UTC
server: cloudflare
etag: W/"8150bb6bff68cbcd9e5f8f6c23b586ae"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-pbkzz
cf-ray: 816cc388da9e65d2-FRA
x-amz-cf-id: aTMIWE2eXd4PipE7P8lOx-ES4WjJbqO82M2V80Bhz6ztKE2uSD6nAw==
x-hs-target-asset: conversations-embed/static-1.14392/bundles/project.js

GET
H2 200 anchor Show response
www.google.com/recaptcha/enterprise/ Frame 5285 58 KB
33 KB 77ms
76ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9sYWJzLmN5YmxlLmNvbTo0NDM.&hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&size=invisible&badge=inline&cb=n8hpe3jjy2f0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9b8cc7a3be00801716e333a188422a1b08c3178ec64e4de4f5aaa745173032ea

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KPolvIzWrwMXazyU3KzppA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.cyble.com/q3-2023-ransomware-report
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-KPolvIzWrwMXazyU3KzppA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 16 Oct 2023 02:10:09 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 widget Show response
labs.cyble.com/_hcms/livechat/ 283 B
1 KB 144ms
143ms XHR
application/json 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.cyble.com/_hcms/livechat/widget?portalId=21289959&conversations-embed=static-1.14392&mobile=false&messagesUtk=ac23ae712b7b46688c833f8dfa8daf3b&traceId=ac23ae712b7b46688c833f8dfa8daf3b

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3402edd9107ba5aed1b20484445e2858e636db2a83fd13483239b0d82a6a610

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.cyble.com/q3-2023-ransomware-report
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:09 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5b7f9c23-4d1e-4118-b1d4-97d313433d19
x-envoy-upstream-service-time: 10
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5b7f9c23-4d1e-4118-b1d4-97d313433d19
server: cloudflare
x-trace: 2B2022B7FD4DF050128866E2D9BA67EE135300F542000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5b5c96c966-2w6d7
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ug8BhcUvokh%2FydXnNlEbBnyy81O%2FXTf0%2BqnP9OFYIqtbKaRpk9E18ixpDHYbc7ILNNs2LwzzuIIBVAT0zSmiWxJFq4Z24HRboXFzBSpbkp6fPqaKULXP5WOCPAsAn3tuDIrO%2FMd6DzQmflrS"}],"group":"cf-nel","max_age":604800}
cf-ray: 816cc3891a293632-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 207 B
971 B 127ms
126ms Fetch
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21289959&currentUrl=https%3A%2F%2Flabs.cyble.com%2Fq3-2023-ransomware-report&contentId=137764383561

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e1f5dae1f231a3e6c42993418f2c2b7670e62db5b3ffee9afe0afa6657504f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2304514a-1e59-40de-8602-1361e0e5ee6d
content-encoding: br
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2304514a-1e59-40de-8602-1361e0e5ee6d
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://labs.cyble.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nuhbj%2BOsv2sBCxyjgh7BrrAhhfmdXxbwXOALmMBmeL6REaL4wuVS5mGZyikDpQU2XzYrWCRbg4d06RPg0AX0DhByYBmK8iCW88IaiZcdZ2fM%2FwBMWzzJ4qvrGN6SaFHu9tcidbjuC350KFWHPLneigVs9gvR3mGrKKM%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 816cc3898908698f-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-97dlb

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/ Frame 5285 55 KB
24 KB 44ms
14ms Stylesheet
text/css 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9sYWJzLmN5YmxlLmNvbTo0NDM.&hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&size=invisible&badge=inline&cb=n8hpe3jjy2f0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sun, 15 Oct 2023 21:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17470
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 09 Oct 2023 02:01:40 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 14 Oct 2024 21:18:59 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/ Frame 5285 460 KB
183 KB 48ms
22ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c662a9036d1fd054a03bd683564761866f27663c4607aaa2b1ff417d17c512f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sun, 15 Oct 2023 10:27:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56586
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187844
x-xss-protection: 0
last-modified: Mon, 09 Oct 2023 02:01:40 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 14 Oct 2024 10:27:03 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 5285 2 KB
2 KB 15ms
15ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 00:18:29 GMT
x-content-type-options: nosniff
age: 265900
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Fri, 20 Oct 2023 00:18:29 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 5285 15 KB
15 KB 54ms
16ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sat, 14 Oct 2023 06:47:09 GMT
x-content-type-options: nosniff
age: 156180
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 13 Oct 2024 06:47:09 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 5285 15 KB
16 KB 50ms
13ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 21:26:35 GMT
x-content-type-options: nosniff
age: 276214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Oct 2024 21:26:35 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/enterprise/ Frame 5285 102 B
135 B 24ms
23ms Other
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

145bf25d7a0b98497c1dbfa062c7ec9a2f329f19854545fc9390634f5788a3ae

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9sYWJzLmN5YmxlLmNvbTo0NDM.&hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&size=invisible&badge=inline&cb=n8hpe3jjy2f0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 16 Oct 2023 02:10:09 GMT

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 145ms
126ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Mon, 16 Oct 2023 02:10:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: dbc1744f-d7cf-4a30-9c0b-7a686f07fbdd
x-envoy-upstream-service-time: 8
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: dbc1744f-d7cf-4a30-9c0b-7a686f07fbdd
Last-Modified: Mon, 16 Oct 2023 02:10:09 GMT
Server: cloudflare
X-Trace: 2B49C1787289E65D594EC6E9C202A7545E3C36D651000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-tj9jf
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 816cc38aadb7362f-FRA

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 124ms
107ms Preflight
application/octet-stream 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://labs.cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://labs.cyble.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 816cc38b8d612c23-FRA
content-length: 0
content-type: application/octet-stream
date: Mon, 16 Oct 2023 02:10:09 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-8ghtd
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: e49ea4d6-91d6-48cb-88e0-716e83989dde
x-request-id: e49ea4d6-91d6-48cb-88e0-716e83989dde

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 141ms
141ms Fetch 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/21289959/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.cyble.com/q3-2023-ransomware-report
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 16 Oct 2023 02:10:10 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-hubspot-correlation-id: 3ebbaa49-505c-4fe3-bd1e-f12f1f582c64
x-envoy-upstream-service-time: 40
x-evy-trace-route-configuration: listener_http/all, listener_https/all
x-evy-trace-listener: listener_http, listener_https
x-request-id: 3ebbaa49-505c-4fe3-bd1e-f12f1f582c64
server: cloudflare
x-trace: 2B2D54F5A37E40D78417C1A98D64D7E77389074253000000000000000000
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host: all, all
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-874b7f86f-pdcdj, iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-8ghtd
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin: https://labs.cyble.com
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 816cc38c3db82c23-FRA

GET
H3 200 bframe Show response
www.google.com/recaptcha/enterprise/ Frame E326 7 KB
1 KB 25ms
24ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7cb252695a392e79e1f9722fbd062706d812b5ef0fe8aefeee0112304e5db60a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uWPhimWs7UoMFXJ8468eJg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.cyble.com/q3-2023-ransomware-report
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-uWPhimWs7UoMFXJ8468eJg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 16 Oct 2023 02:10:09 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 Lato-Regular.woff2
js.hs-banner.com/v2/fonts/Lato/ 178 KB
179 KB 620ms
616ms Font
binary/octet-stream 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/fonts/Lato/Lato-Regular.woff2
Requested by: Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 983b0caf336e8542214fc17019a4fc5e0360864b92806ca14d55c1fc1c2c5a0f

Request headers

Referer: https://labs.cyble.com/
Origin: https://labs.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:10 GMT
x-amz-version-id: 19GiAjtnZtKA4vYvvfjxgs0SOFKRH2df
cf-cache-status: MISS
x-amz-request-id: T4HRNZG654T6Y4F2
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 9ebfba2d-2c26-4436-82b0-e9f479951fc3
x-envoy-upstream-service-time: 35
content-length: 182708
x-amz-id-2: izipdzKjC7MJJ24yXPDBJIYyskaFoRoitIUZlExzeaT+CVBQcEMnlp1FGQQo0tsDARW47Zkaw6g=
x-evy-trace-listener: listener_https
x-request-id: 9ebfba2d-2c26-4436-82b0-e9f479951fc3
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 12 Sep 2022 19:35:55 GMT
server: cloudflare
etag: "bd03a2cc277bbbc338d464e679fe9942"
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: binary/octet-stream
access-control-allow-origin: https://labs.cyble.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
access-control-allow-credentials: true
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 816cc38b8d5f2c23-FRA
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-mlgh4

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/ Frame E326 55 KB
24 KB 14ms
13ms Stylesheet
text/css 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sun, 15 Oct 2023 21:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17470
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 09 Oct 2023 02:01:40 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 14 Oct 2024 21:18:59 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/ Frame E326 460 KB
183 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c662a9036d1fd054a03bd683564761866f27663c4607aaa2b1ff417d17c512f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sun, 15 Oct 2023 10:27:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56586
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187844
x-xss-protection: 0
last-modified: Mon, 09 Oct 2023 02:01:40 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 14 Oct 2024 10:27:03 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/enterprise/ Frame E326 40 KB
24 KB 82ms
82ms XHR
application/json 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ce530453093e197c1ec155a6e40152b70bc716b6c2c35505148b51217bb5e9eb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Mon, 16 Oct 2023 02:10:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 16 Oct 2023 02:10:10 GMT

GET
H3 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame E326 600 B
624 B 14ms
13ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sat, 14 Oct 2023 09:41:47 GMT
x-content-type-options: nosniff
age: 145703
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sat, 21 Oct 2023 09:41:47 GMT

GET
H3 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame E326 530 B
554 B 14ms
13ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 15:22:46 GMT
x-content-type-options: nosniff
age: 211644
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 530
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Fri, 20 Oct 2023 15:22:46 GMT

GET
H3 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame E326 665 B
689 B 15ms
14ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 03:43:50 GMT
x-content-type-options: nosniff
age: 253580
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 665
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Fri, 20 Oct 2023 03:43:50 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E326 15 KB
15 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sat, 14 Oct 2023 06:47:09 GMT
x-content-type-options: nosniff
age: 156181
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 13 Oct 2024 06:47:09 GMT

GET
H2 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E326 15 KB
15 KB 20ms
19ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 03:38:03 GMT
x-content-type-options: nosniff
age: 253927
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15340
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Oct 2024 03:38:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E326 15 KB
15 KB 16ms
16ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 21:26:35 GMT
x-content-type-options: nosniff
age: 276215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Oct 2024 21:26:35 GMT

GET
H3 200 payload
www.google.com/recaptcha/enterprise/ Frame E326 53 KB
53 KB 25ms
24ms Image
image/jpeg 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/recaptcha/enterprise/payload?p=06AFcWeA4Zgg_FtcfjgsWOz1q8YBF21IuPAwePwxv2vfogBLdqdWxM22pd4GElWILMACPd12D8-dxUrEOZSdgtKyt3aoxwSC1iHTN7x-Assze1PecvGeZVoqe6HcoOUvwDRHyqeizKEVOG1EWXM_R4Q_OPoXjipUXcuHigLar2YrGoJb4D_Hle44GlKOMmiNyUfZDs1ZzpVJdsE8GW065ksGOhn9Ti6bGf9g&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: labs.cyble.com
URL: https://labs.cyble.com/q3-2023-ransomware-report

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

69f3319f4ee38f0c85556b3ee930c091bc362d605836a9c1cced990619cef473

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=MydHw_zggsxIJuhSbyOmPv5R&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:10 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=30
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 16 Oct 2023 02:10:10 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
612 B 130ms
129ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=21289959&pi=137764383561&ct=landing-page&ccu=https%3A%2F%2Flabs.cyble.com%2Fq3-2023-ransomware-report&cpi=137764383561&lpi=137764383561&lvi=137764383561&lvc=en&pu=https%3A%2F%2Flabs.cyble.com%2Fq3-2023-ransomware-report&t=Cyble+Q3+Ransomware+Threat+Landscape+Report+2023&cts=1697422210569&rv=1&vi=07b6d7ea8d05f547ff92e3e674fbfc8b&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d4617955-6252-42bb-ad5c-9a41284ef506
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d4617955-6252-42bb-ad5c-9a41284ef506
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPLcRy%2FOIKYJ5PE%2Bt4EEfQuLPGFgV6%2BM49Yy4FFGtEd8cRBdMVedCWpA%2B8JiZV6ohL2DgJbdN8zS2tqjlgUyL%2F40UUFYlantHW2QbMmQ3PQjLYtoyoqrpZPZcOKJQAl6WilFi%2BJ8xBf6lR1naFpg"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-674b9fb979-h8hcb
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 816cc3901e932be0-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
435 B 135ms
135ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=3c19e9f5-611b-4b92-96fb-9aa6384667d8&fci=2b09e260-d92a-43cd-a91f-fc6623b534e9&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=21289959&pi=137764383561&ct=landing-page&ccu=https%3A%2F%2Flabs.cyble.com%2Fq3-2023-ransomware-report&cpi=137764383561&lpi=137764383561&lvi=137764383561&lvc=en&pu=https%3A%2F%2Flabs.cyble.com%2Fq3-2023-ransomware-report&t=Cyble+Q3+Ransomware+Threat+Landscape+Report+2023&cts=1697422210570&rv=1&vi=07b6d7ea8d05f547ff92e3e674fbfc8b&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3a7e6f1f-25c3-4fb8-aa66-461ed0d4721e
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3a7e6f1f-25c3-4fb8-aa66-461ed0d4721e
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MkvcHNp5mMOvKBMFsl1go1M%2BShQwWmUE9a3baXNUFsFNu%2BIXwJbgxz5lzgojOfTAb%2Bg3Jamy4PxefChxIlVssFGgt2R2Jeb4k3mHiimp1gyseLwqOD9AULO6A4dqFd1QJpQg5MF9EHkUd3QKpKW4"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-674b9fb979-k752d
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 816cc3902ea42be0-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
437 B 402ms
401ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=3c19e9f5-611b-4b92-96fb-9aa6384667d8&fci=2b09e260-d92a-43cd-a91f-fc6623b534e9&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3857904254&v=1.1&a=21289959&pi=137764383561&ct=landing-page&ccu=https%3A%2F%2Flabs.cyble.com%2Fq3-2023-ransomware-report&cpi=137764383561&lpi=137764383561&lvi=137764383561&lvc=en&pu=https%3A%2F%2Flabs.cyble.com%2Fq3-2023-ransomware-report&t=Cyble+Q3+Ransomware+Threat+Landscape+Report+2023&cts=1697422210570&rv=1&vi=07b6d7ea8d05f547ff92e3e674fbfc8b&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 512badb6-0cff-4763-b1a9-2f319f1fb7b7
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 13
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 512badb6-0cff-4763-b1a9-2f319f1fb7b7
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EgExsCqo2QhdG1ZNs2j7Y2d9mREBba722WvJmuE%2BI%2Fs%2FvFS9d4sWhg7SFnKUjvBq31NbdpqU6vUPk8POgXdmYAnRC59mIBECYmRXFsRmEoE9L9bWaSwzgeNPKp7eBqenjKjtZZx8i9NFwbyzucpO"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-674b9fb979-mxv56
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 816cc3902ea62be0-FRA
x-robots-tag: none

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
819 B 138ms
138ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&contentId=137764383561&currentUrl=https%3A%2F%2Flabs.cyble.com%2Fq3-2023-ransomware-report

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7d2a8d45e28a863080d43fee38aeca9a68b88ef8d8ec04b76237035fb34da97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://labs.cyble.com/q3-2023-ransomware-report
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 02:10:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1c874475-bfe8-4250-93be-28ccfec33ebd
content-encoding: br
x-envoy-upstream-service-time: 23
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1c874475-bfe8-4250-93be-28ccfec33ebd
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://labs.cyble.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6SVEdycdWBC1aOVZblEZCpJdcYzL1iH%2Bo2AsKsVTzalHs3cf1YqqFMbwYXOG%2BNMpuIIO%2F62mCwartuGClWbhwZ%2F5tryYH2%2B5uHZ6e7ONnHUlWCJWt7PvtEH6dnBiqgYfkovqBz9QN%2BDg5OFySNU"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 816cc3903bec698f-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-4qqf5

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 19:49:34	Name: _GRECAPTCHA Value: 09AMccBYRx02B0MfWOpwuq4h_0_r7FmjHIS9hiEs3sDdTAEKDP1UJ32kESem5crUrQl_VvoWuQ5KD-FUFwhIX0jQM
.labs.cyble.com/	1970-01-20 15:30:24	Name: __cf_bm Value: KLkN5IRN8XzZRM_K3C5z8rSBojswMGQ.8vpq8RH9vsA-1697422208-0-AfTO4Jxbq91spXhZwwKyqCUlzag9+SdK23LMp5UpQfPJqsPQJBRCNahukBk62EhYhMUYsgPU8vyq+/+avsa3Vlo=
.labs.cyble.com/	1969-12-31 23:59:59	Name: __cfruid Value: 30392a11aace94b2221f23257750b854d5e5b766-1697422208
.hubspot.com/	1970-01-20 15:30:24	Name: __cf_bm Value: GYaTJrd5E8Ek91BJpOuaPRabTRVT6PAcNE.4EXJrcqo-1697422209-0-ATIMDZ5EuRyhAotUrFRGYj+FVYzVpITu5YyYpU7HufvH/kpmpJfhf4w+5U6j/0Et9JcXjkHL+gUyb1KFdUQnJBc=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.hubspot.com
cdn2.hubspot.net
cta-service-cms2.hubspot.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hsforms.com
forms.hubspot.com
js.hs-analytics.net
js.hs-banner.com
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
labs.cyble.com
perf-na1.hsforms.com
static.hsappstatic.net
track.hubspot.com
www.google.com
www.gstatic.com
2606:2c40::c73c:671e
2606:4700:4400::6812:22e5
2606:4700::6810:4fba
2606:4700::6810:6ed1
2606:4700::6810:e05d
2606:4700::6811:eff9
2606:4700::6811:faa8
2606:4700::6812:7c0c
2606:4700::6812:b07d
2606:4700::6812:c07d
2606:4700::6813:9a53
2606:4700::6813:9b53
2a00:1450:4001:80f::2003
2a00:1450:4001:82a::2004
2a00:1450:4001:82f::2003
091e161ccb19a452f85a48c09dec8f0cabe44af562941e7772cd940938025f93
10e7b81bac41ad0da1d3f4a3498669f984e84db9d54eedf10e8e7d5b059c5d08
145bf25d7a0b98497c1dbfa062c7ec9a2f329f19854545fc9390634f5788a3ae
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
279817a125934c4629aa278564e64fca0dcb0fdc45f38739e38c9cab297d2a92
2ba46eb870e16985dda3029683155bed470a7300e9f2ca4b813f55a39af7a93d
2fdf62b7a40e52d0bc3228ae48f26ee3c6da5fc94c46f4e1ff26c68422c44347
30c9d985f1c79c6540bb8fc727e4bbd4ab87b8bcb4a19da59dd9c15db2bf00d0
3176c28d27fa4adfaf692b81dcb9ee4edcac59ce1a9566fb7d42d69256aca50f
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
48e96257807abd6337cae06f2c9d920eb5845610fc80b63f578299abbef87193
4b905dc591514852cf26e00d0e25d1e9e7497a72e9e632899aa5f51f1104c817
4e1f5dae1f231a3e6c42993418f2c2b7670e62db5b3ffee9afe0afa6657504f5
52b87b6fd4619f19ff032c87c5cdee4e570259b6a08eae03ccb025f519ac1c38
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5c9fb70781e2fd3a1cbea04dbb74ad75cea3cd1f84d8e360aaa034ff948ef61e
636c8043c0ceea00700ae11bc14d6b1412a8a619d6de6f52d8290254085297d5
69f3319f4ee38f0c85556b3ee930c091bc362d605836a9c1cced990619cef473
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
7cb252695a392e79e1f9722fbd062706d812b5ef0fe8aefeee0112304e5db60a
81ca4e463dd4fdddc4c6472a1268e8a0b667ea8486185a3881a9feef60955de2
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
9288feaa511ecdf49dcc958a3452852f73bc8d24016f21ee627aa0db8efffdc8
983b0caf336e8542214fc17019a4fc5e0360864b92806ca14d55c1fc1c2c5a0f
9b8cc7a3be00801716e333a188422a1b08c3178ec64e4de4f5aaa745173032ea
a3402edd9107ba5aed1b20484445e2858e636db2a83fd13483239b0d82a6a610
a930e15514e09df85ea324c56f2a08ef3b1790be6b2bbf521b7d8d05fa0c8abe
acabd35f2b1e9987602b0dd006d22beaaf59d64d55aa0b1182953f605b4aedca
b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e
b7d2a8d45e28a863080d43fee38aeca9a68b88ef8d8ec04b76237035fb34da97
bc992ac697275fb26c1638c176cee54c1aebae3ee2be24974ed0d6ec73ce34f2
c662a9036d1fd054a03bd683564761866f27663c4607aaa2b1ff417d17c512f1
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
ce530453093e197c1ec155a6e40152b70bc716b6c2c35505148b51217bb5e9eb
db4e4967787fc6c9881f25d2ba38ae05efb92c04cc9b5398434f6ff8d0d1cbb0
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc5265b338a0b399b621fd1f88944205240e2e88eab29bf686fffc4b4716f9d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

labs.cyble.com Open in urlscan Pro 2606:2c40::c73c:671e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

55 Requests

100 %HTTPS

100 %IPv6

11 Domains

18 Subdomains

15 IPs

2 Countries

1581 kBTransfer

3636 kBSize

4 Cookies

27 Outgoing links

Redirected requests

55 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

labs.cyble.com Open in urlscan Pro
2606:2c40::c73c:671e Public Scan

Screenshot
Live screenshot

Full Image

55
Requests

100 %
HTTPS

100 %
IPv6

11
Domains

18
Subdomains

15
IPs

2
Countries

1581 kB
Transfer

3636 kB
Size

4
Cookies

55 HTTP transactions
0 data transactions