Submitted URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans...
Effective URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans...
Submission: On May 17 via api from US — Scanned from DE

Summary

This website contacted 41 IPs in 4 countries across 36 domains to perform 230 HTTP transactions. The main IP is 104.89.40.185, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.trendmicro.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on July 15th 2021. Valid for: a year.
This is the only time www.trendmicro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 20 104.89.40.185 16625 (AKAMAI-AS)
7 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
22 184.30.24.194 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 184.30.24.121 16625 (AKAMAI-AS)
2 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 35.201.125.192 15169 (GOOGLE)
2 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 34.102.193.142 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 34 2600:9000:224... 16509 (AMAZON-02)
2 2 35.201.70.94 15169 (GOOGLE)
2 216.58.212.162 15169 (GOOGLE)
1 104.17.70.206 13335 (CLOUDFLAR...)
1 54.76.218.20 16509 (AMAZON-02)
1 2a03:2880:f01... 32934 (FACEBOOK)
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2 208.68.39.149 14061 (DIGITALOC...)
1 199.232.188.157 54113 (FASTLY)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 54.230.99.86 16509 (AMAZON-02)
64 143.204.215.88 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
1 104.111.234.67 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
7 104.92.74.202 16625 (AKAMAI-AS)
1 35.190.5.192 15169 (GOOGLE)
1 206.19.49.24 17225 (ATT-CERFN...)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.197 13414 (TWITTER)
1 37.252.172.37 29990 (ASN-APPNEX)
1 34.111.78.58 15169 (GOOGLE)
2 52.57.195.65 16509 (AMAZON-02)
2 161.35.15.77 14061 (DIGITALOC...)
1 1 92.123.225.34 20940 (AKAMAI-ASN1)
1 92.123.225.42 20940 (AKAMAI-ASN1)
1 1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
4 34.193.113.164 14618 (AMAZON-AES)
2 50.16.7.188 14618 (AMAZON-AES)
230 41
Apex Domain
Subdomains
Transfer
64 driftt.com
js.driftt.com — Cisco Umbrella Rank: 5324
752 KB
38 bc0a.com
cdn.bc0a.com — Cisco Umbrella Rank: 14319
ixfd1-api.bc0a.com — Cisco Umbrella Rank: 28120
marvel-b1-cdn.bc0a.com — Cisco Umbrella Rank: 22812
marvel-processor.bc0a.com — Cisco Umbrella Rank: 51051
547 KB
22 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1026
58 KB
21 trendmicro.com
www.trendmicro.com
resources.trendmicro.com
422 KB
7 6sc.co
j.6sc.co — Cisco Umbrella Rank: 7782
c.6sc.co — Cisco Umbrella Rank: 11738
b.6sc.co — Cisco Umbrella Rank: 5389
13 KB
7 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 501
145 KB
6 drift.com
metrics.api.drift.com — Cisco Umbrella Rank: 5725
bootstrap.api.drift.com — Cisco Umbrella Rank: 6045
501 B
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
22 KB
4 akamaihd.net
trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 1946
rldsnbs4ppqseyud3u4a-pfjxgj-c6070b523-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 1941
fibg5ighdmaaakqce3ydkaaaa5rihxjy-pfjxgj-4e90fc2d0-clienttons-s.akamaihd.net
1 KB
4 acsbapp.com
acsbapp.com — Cisco Umbrella Rank: 4912
cdn.acsbapp.com — Cisco Umbrella Rank: 5265
164 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 12992
408 B
2 b0e8.com
cdn.b0e8.com — Cisco Umbrella Rank: 10571
a1.b0e8.com — Cisco Umbrella Rank: 10971
22 KB
2 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 13915
apt.techtarget.com — Cisco Umbrella Rank: 19549
2 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 110
16 KB
2 gstatic.com
fonts.gstatic.com
91 KB
2 onetrust.io
cookies-data.onetrust.io — Cisco Umbrella Rank: 4103
86 B
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1303
c.go-mpulse.net — Cisco Umbrella Rank: 549
51 KB
2 cludo.com
customer.cludo.com — Cisco Umbrella Rank: 14346
60 KB
1 akstat.io
684dd331.akstat.io — Cisco Umbrella Rank: 56494
204 B
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 424
706 B
1 t.co
t.co — Cisco Umbrella Rank: 495
337 B
1 google.de
www.google.de — Cisco Umbrella Rank: 5483
548 B
1 google.com
www.google.com — Cisco Umbrella Rank: 7
1 KB
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 44
1 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
69 KB
1 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3700
1 KB
1 idio.co
js.idio.co — Cisco Umbrella Rank: 42389
5 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 638
14 KB
1 acsbap.com
acsbap.com — Cisco Umbrella Rank: 12566
552 B
1 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 146
27 KB
1 xg4ken.com
resources.xg4ken.com — Cisco Umbrella Rank: 4829
4 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 824
456 B
1 addthis.com
s7.addthis.com — Cisco Umbrella Rank: 1493
114 KB
1 youtube.com
www.youtube.com — Cisco Umbrella Rank: 91
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
1 KB
0 twitter.com Failed
analytics.twitter.com Failed
230 36
Domain Requested by
64 js.driftt.com tags.tiqcdn.com
js.driftt.com
34 marvel-b1-cdn.bc0a.com 2 redirects www.trendmicro.com
22 tags.tiqcdn.com www.trendmicro.com
tags.tiqcdn.com
20 www.trendmicro.com 3 redirects www.trendmicro.com
7 cdn.cookielaw.org www.trendmicro.com
cdn.cookielaw.org
5 b.6sc.co www.trendmicro.com
5 www.google-analytics.com cdn.cookielaw.org
www.google-analytics.com
www.googletagmanager.com
4 metrics.api.drift.com js.driftt.com
2 bootstrap.api.drift.com js.driftt.com
2 cdn.acsbapp.com acsbap.com
2 epsilon.6sense.com s.go-mpulse.net
2 acsbapp.com 1 redirects www.trendmicro.com
2 www.googleadservices.com tags.tiqcdn.com
www.googleadservices.com
2 marvel-processor.bc0a.com 2 redirects
2 fonts.gstatic.com fonts.googleapis.com
2 cookies-data.onetrust.io cdn.cookielaw.org
2 customer.cludo.com www.trendmicro.com
1 684dd331.akstat.io s.go-mpulse.net
1 fibg5ighdmaaakqce3ydkaaaa5rihxjy-pfjxgj-4e90fc2d0-clienttons-s.akamaihd.net
1 trial-eum-clienttons-s.akamaihd.net 1 redirects
1 rldsnbs4ppqseyud3u4a-pfjxgj-c6070b523-clientnsv4-s.akamaihd.net
1 trial-eum-clientnsv4-s.akamaihd.net 1 redirects
1 a1.b0e8.com www.trendmicro.com
1 c.6sc.co s.go-mpulse.net
1 secure.adnxs.com s.go-mpulse.net
1 t.co www.trendmicro.com
1 www.google.de www.trendmicro.com
1 www.google.com 1 redirects
1 googleads.g.doubleclick.net 1 redirects
1 c.go-mpulse.net s.go-mpulse.net
1 apt.techtarget.com www.trendmicro.com
1 cdn.b0e8.com cdn.cookielaw.org
1 j.6sc.co cdn.cookielaw.org
1 www.googletagmanager.com cdn.cookielaw.org
1 munchkin.marketo.net cdn.cookielaw.org
1 js.idio.co tags.tiqcdn.com
1 trk.techtarget.com tags.tiqcdn.com
1 static.ads-twitter.com tags.tiqcdn.com
1 acsbap.com 1 redirects
1 connect.facebook.net tags.tiqcdn.com
1 resources.xg4ken.com tags.tiqcdn.com
1 resources.trendmicro.com tags.tiqcdn.com
1 ixfd1-api.bc0a.com cdn.bc0a.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 cdn.bc0a.com tags.tiqcdn.com
1 s.go-mpulse.net www.trendmicro.com
1 s7.addthis.com www.trendmicro.com
1 www.youtube.com www.trendmicro.com
1 fonts.googleapis.com www.trendmicro.com
0 analytics.twitter.com Failed www.trendmicro.com
230 50
Subject Issuer Validity Valid
www.trendmicro.com
Entrust Certification Authority - L1M
2021-07-15 -
2022-08-13
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2022-05-01 -
2023-05-01
a year crt.sh
upload.video.google.com
GTS CA 1C3
2022-05-04 -
2022-07-27
3 months crt.sh
*.cludo.com
AlphaSSL CA - SHA256 - G2
2022-05-04 -
2023-06-05
a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA
2022-02-27 -
2023-02-28
a year crt.sh
*.google.com
GTS CA 1C3
2022-04-25 -
2022-07-18
3 months crt.sh
odc-addthis-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2022-02-27 -
2023-02-28
a year crt.sh
akstat.io
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-04-15 -
2023-04-19
a year crt.sh
cdn.bc0a.com
GTS CA 1D4
2022-05-10 -
2022-08-08
3 months crt.sh
onetrust.io
Cloudflare Inc ECC CA-3
2022-05-04 -
2023-05-04
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2022-01-12 -
2023-01-12
a year crt.sh
ixfd-api.bc0a.com
GTS CA 1D4
2022-05-10 -
2022-08-08
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-04-25 -
2022-07-18
3 months crt.sh
marvel-cdn.bc0a.com
Amazon
2022-03-11 -
2023-04-09
a year crt.sh
www.googleadservices.com
GTS CA 1C3
2022-04-25 -
2022-07-18
3 months crt.sh
resources.trendmicro.com
Cloudflare Inc ECC CA-3
2021-06-24 -
2022-06-23
a year crt.sh
*.xg4ken.com
Go Daddy Secure Certificate Authority - G2
2021-09-17 -
2022-10-19
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-02-23 -
2022-05-24
3 months crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2021-07-21 -
2022-07-26
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-08-25 -
2022-08-24
a year crt.sh
idio.co
R3
2022-04-01 -
2022-06-30
3 months crt.sh
drift.com
Amazon
2021-09-08 -
2022-10-07
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-04-25 -
2022-07-18
3 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2022-02-06 -
2023-02-07
a year crt.sh
*.6sc.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-08 -
2023-03-11
a year crt.sh
cdn.b0e8.com
GTS CA 1D4
2022-05-14 -
2022-08-12
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2022-04-25 -
2022-07-18
3 months crt.sh
*.techtarget.com
Sectigo RSA Domain Validation Secure Server CA
2021-10-13 -
2022-11-12
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2022-02-11 -
2023-03-14
a year crt.sh
b0e8.com
GTS CA 1D4
2022-05-15 -
2022-08-13
3 months crt.sh
*.6sense.com
Amazon
2021-06-30 -
2022-07-29
a year crt.sh
*.acsbapp.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2021-09-23 -
2022-10-05
a year crt.sh

This page contains 4 frames:

Primary Page: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Frame ID: 716B635321AFEF7EAA1C0DF5657822D3
Requests: 156 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
Frame ID: B543F2BC6D1C4726A9DF5F5F96CDFC2A
Requests: 4 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
Frame ID: 9827AA178264102A45C6F81C5D4E395E
Requests: 33 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
Frame ID: 7435C35DCDA472AF389009E534D39BA2
Requests: 33 HTTP requests in this frame

Screenshot

Page Title

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

Page URL History Show full URLs

  1. https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disa... HTTP 302
    http://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disa... HTTP 301
    https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disa... HTTP 301
    https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disa... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc\.clientlibs/

Overall confidence: 100%
Detected patterns
  • addthis\.com/js/

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

230
Requests

83 %
HTTPS

43 %
IPv6

36
Domains

50
Subdomains

41
IPs

4
Countries

2603 kB
Transfer

7206 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html]. HTTP 302
    http://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell/ HTTP 301
    https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell/ HTTP 301
    https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61
  • https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/nav-cyber-risk-index.jpg HTTP 302
  • https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000017219&url=https://www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/nav-cyber-risk-index.jpg HTTP 307
  • https://www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/nav-cyber-risk-index.jpg
Request Chain 122
  • https://acsbap.com/apps/app/assets/js/acsb.js HTTP 301
  • https://acsbapp.com/apps/app/assets/js/acsb.js HTTP 301
  • https://acsbapp.com/apps/app/dist/js/app.js
Request Chain 141
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=1406565525&cv=9&fst=1652809015555&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&tiba=AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=N92DYtyEJIqIlgSvzYzwCw&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/1015287688/?random=1406565525&cv=9&fst=1652809015555&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&tiba=AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=N92DYtyEJIqIlgSvzYzwCw&random=330322526&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/1015287688/?random=1406565525&cv=9&fst=1652809015555&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&tiba=AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=N92DYtyEJIqIlgSvzYzwCw&random=330322526&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Request Chain 143
  • https://marvel-b1-cdn.bc0a.com/f00000000017219/t.co/i/adsct?type=javascript&version=2.3.9&p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=672b86c6-b1da-48c1-81d9-28aea3084b17&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html HTTP 302
  • https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000017219&url=https://t.co/i/adsct?type=javascript&version=2.3.9&p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=672b86c6-b1da-48c1-81d9-28aea3084b17&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html HTTP 307
  • https://t.co/i/adsct?type=javascript&version=2.3.9&p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=672b86c6-b1da-48c1-81d9-28aea3084b17&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Request Chain 204
  • https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pfjxgjwck HTTP 302
  • https://rldsnbs4ppqseyud3u4a-pfjxgj-c6070b523-clientnsv4-s.akamaihd.net/eum/results.txt
Request Chain 205
  • https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pfjxgjwck HTTP 302
  • https://fibg5ighdmaaakqce3ydkaaaa5rihxjy-pfjxgj-4e90fc2d0-clienttons-s.akamaihd.net/eum/results.txt

230 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
www.trendmicro.com/en_us/research/22/e/
Redirect Chain
  • https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html].
  • http://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell/
  • https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell/
  • https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
113 KB
21 KB
Document
General
Full URL
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
6424ca9a544e8b00cc8a4d9da7c338e63ffcab1ddaee8e7b78a8f88cea81bcf2
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
21453
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
content-type
text/html;charset=utf-8
date
Tue, 17 May 2022 17:36:54 GMT
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-prod-a-01
Yes
x-prod-n-02
Yes
x-xss-protection
1;mode=block

Redirect headers

content-length
162
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
content-type
text/html
date
Tue, 17 May 2022 17:36:54 GMT
location
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
server
nginx
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-prod-n-02
Yes
x-xss-protection
1;mode=block
OtAutoBlock.js
cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/
26 KB
6 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/OtAutoBlock.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9b43aa5cfd8cf2ca5a112086673538658a3f850d2553adf67cbee4fbd3cc782
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
7mWy6rIzulLyrbsRpGr7+g==
age
12280
vary
Accept-Encoding
content-length
5801
x-ms-lease-status
unlocked
last-modified
Wed, 11 May 2022 18:06:16 GMT
server
cloudflare
etag
0x8DA3378F17193AD
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
e0eadeed-401e-0073-7479-65a825000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
70ce1e37fed19125-FRA
expires
Tue, 17 May 2022 21:36:55 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
20 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
+q2Bd0SvXowDeesSOf+0yw==
age
6612
vary
Accept-Encoding
content-length
6782
x-ms-lease-status
unlocked
last-modified
Fri, 13 May 2022 12:13:28 GMT
server
cloudflare
etag
0x8DA34D9FD30D37D
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
461614fa-001e-005d-4ad7-6628e2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
70ce1e37fed49125-FRA
jquery.min.js
www.trendmicro.com/etc.clientlibs/clientlibs/granite/
111 KB
38 KB
Script
General
Full URL
https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery.min.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1b973667ceb759e49f2982721f36e4d20a2f8b5dce8c47ccf3039d6ab748143e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
x-prod-a-01
Yes
last-modified
Tue, 04 May 2021 00:44:02 GMT
server
nginx
date
Tue, 17 May 2022 17:36:55 GMT
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
x-content-type-options
nosniff
x-prod-n-02
Yes
vary
Accept-Encoding
content-length
38507
x-xss-protection
1;mode=block
utils.min.js
www.trendmicro.com/etc.clientlibs/clientlibs/granite/
10 KB
4 KB
Script
General
Full URL
https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/utils.min.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
799cb15a25ed2fa78bdba496d1afbc68f033a3a5dd9ead12f4eaac4e0a93236d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
x-prod-a-01
Yes
last-modified
Fri, 21 Jun 2019 19:39:05 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Tue, 17 May 2022 17:36:55 GMT
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
x-content-type-options
nosniff
x-prod-n-01
Yes
content-length
3706
x-xss-protection
1;mode=block
css
fonts.googleapis.com/
13 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e602a4f8fe5ba414f958cc64699496646bfdf133342a1fc9b0bf8996bb1e7697
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 17 May 2022 17:36:55 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 17 May 2022 17:36:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 17 May 2022 17:36:55 GMT
cludo-search.min.css
customer.cludo.com/css/296/1798/
16 KB
3 KB
Stylesheet
General
Full URL
https://customer.cludo.com/css/296/1798/cludo-search.min.css
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
676e66eeb5e721df2e68029d518067cece19d56d7e0b4a1c9a2e3c449a232bca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 21 Apr 2022 10:55:26 GMT
server
cloudflare
age
24307
etag
W/"0238c4e6e55d81:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=300
cf-ray
70ce1e380b969a2a-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-lb
2
clientlib-trendresearch.min.css
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/
265 KB
37 KB
Stylesheet
General
Full URL
https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
5f854bc968a63063adf474e13c31e5e091dda932db53a274780ecb4c00eb7509
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
x-prod-a-01
Yes
last-modified
Thu, 24 Mar 2022 17:08:51 GMT
server
nginx
date
Tue, 17 May 2022 17:36:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/css;charset=utf-8
x-content-type-options
nosniff
x-prod-n-02
Yes
vary
Accept-Encoding
content-length
37650
x-xss-protection
1;mode=block
utag.sync.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
24a7db1b4dfc0023b3b0fa4a4c4295ebb90fdde150de69e001a4018bf1621236

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Thu, 21 Apr 2022 17:43:05 GMT
server
AkamaiNetStorage
etag
"6a5e5182191ec501abfd1f4c99f39aa1:1650562985.739635"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
966
expires
Tue, 17 May 2022 17:41:55 GMT
logo-desktop.png
www.trendmicro.com/content/dam/trendmicro/global/en/global/logo/
13 KB
13 KB
Image
General
Full URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/global/logo/logo-desktop.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e071be5dfd0660da71a9572d8726495c1ff99ac18f2f3ced3325941c2ec9a39d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-prod-a-01
Yes
last-modified
Tue, 17 May 2022 13:33:06 GMT
server
nginx
etag
W/"3321-5df352e490b75"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=275
date
Tue, 17 May 2022 17:36:55 GMT
x-content-type-options
nosniff
x-prod-n-02
Yes
accept-ranges
bytes
content-length
13089
x-xss-protection
1;mode=block
expires
Tue, 17 May 2022 17:41:30 GMT
nav-cyber-risk-index.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/
27 KB
27 KB
Image
General
Full URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/nav-cyber-risk-index.jpg
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
336ed2f40837f4d988e5f5e348ab7861b11ab0c760254e3eacd37aff33b66a81
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-prod-a-01
Yes
last-modified
Tue, 17 May 2022 13:40:50 GMT
server
nginx
etag
"6ad8-5df3549f3d78c"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=1334
date
Tue, 17 May 2022 17:36:55 GMT
x-content-type-options
nosniff
x-prod-n-02
Yes
accept-ranges
bytes
content-length
27352
x-xss-protection
1;mode=block
expires
Tue, 17 May 2022 17:59:09 GMT
search-script.js
customer.cludo.com/scripts/bundles/
302 KB
57 KB
Script
General
Full URL
https://customer.cludo.com/scripts/bundles/search-script.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1b98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
381def908eeaea4c52e1e4593e903bf4484df1c8668b794c28f0088675b084bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 13 May 2022 09:24:54 GMT
server
cloudflare
age
96
etag
W/"037e94dab66d81:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=300
cf-ray
70ce1e385c569a2a-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-lb
2
share-more.svg
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/
648 B
912 B
Image
General
Full URL
https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/share-more.svg
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
179eb991060face02477e0406b1a413ac50ec26fe9f397e07e4ee95f7e6a5298
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-prod-a-01
Yes
last-modified
Thu, 23 Apr 2020 17:32:22 GMT
server
nginx
date
Tue, 17 May 2022 17:36:55 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=466
x-content-type-options
nosniff
x-prod-n-02
Yes
content-length
648
x-xss-protection
1;mode=block
expires
Tue, 17 May 2022 17:44:41 GMT
printer.svg
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/
409 B
673 B
Image
General
Full URL
https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/printer.svg
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1b154bfaea92a935726ed4a450101dc646a86588cfa0f066cae2050130124569
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-prod-a-01
Yes
last-modified
Thu, 23 Apr 2020 17:32:22 GMT
server
nginx
date
Tue, 17 May 2022 17:36:55 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=581
x-content-type-options
nosniff
x-prod-n-01
Yes
content-length
409
x-xss-protection
1;mode=block
expires
Tue, 17 May 2022 17:46:36 GMT
Figure-1-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure2-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure3-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure4-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure5-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure6-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure7-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure8-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

figure-9-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure10-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure11-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure12-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure13-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure14-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure15-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure16-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure17-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure18-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure19-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

figure-20-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

figure-21-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure22-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure23-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure24-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure25-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure26-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure27-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure28-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure29-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure30-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

Figure31-avoslocker-disables-defense-solutions-scans-for-log4shell.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
0
0

sly.min.js
www.trendmicro.com/content/dam/trendmicro/global/core-library/
18 KB
7 KB
Script
General
Full URL
https://www.trendmicro.com/content/dam/trendmicro/global/core-library/sly.min.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e8dc09e4ddc3c326ef6341498e7e8e70af3a848713429b909be53c947b43da10
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
x-prod-a-01
Yes
x-prod-n-01
Yes
content-length
7185
x-xss-protection
1;mode=block
last-modified
Tue, 17 May 2022 13:36:06 GMT
server
nginx
date
Tue, 17 May 2022 17:36:55 GMT
x-frame-options
SAMEORIGIN
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=212
etag
"48de-5df3539053b6f"
accept-ranges
bytes
x-content-type-options
nosniff
expires
Tue, 17 May 2022 17:40:27 GMT
jwplayer.js
www.trendmicro.com/content/dam/trendmicro/global/core-library/
81 KB
26 KB
Script
General
Full URL
https://www.trendmicro.com/content/dam/trendmicro/global/core-library/jwplayer.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3dc5d7f667c6a793c6a56b96afffa81664350fdb10c7544112ea9057e563dc6f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
x-prod-a-01
Yes
x-prod-n-01
Yes
content-length
26353
x-xss-protection
1;mode=block
last-modified
Tue, 17 May 2022 13:33:56 GMT
server
nginx
date
Tue, 17 May 2022 17:36:55 GMT
x-frame-options
SAMEORIGIN
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=479
etag
W/"1457a-5df35314719c5"
accept-ranges
bytes
x-content-type-options
nosniff
expires
Tue, 17 May 2022 17:44:54 GMT
iframe_api
www.youtube.com/
980 B
2 KB
Script
General
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400f:80d::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9a0de96edd269b462677718d11e8f5f9548eb683ae07234e891e8e03ba1aeadd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
critical-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
server
ESF
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Tue, 17 May 2022 17:36:55 GMT
clientlib-trendresearch.min.js
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/
391 KB
116 KB
Script
General
Full URL
https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2c1c1a0f0752fcbf95c5de7cb34a90ec274e72ad9dbd25cf05c89e1d05d37133
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
x-prod-a-01
Yes
last-modified
Thu, 24 Mar 2022 17:08:51 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Tue, 17 May 2022 17:36:55 GMT
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
x-content-type-options
nosniff
x-prod-n-01
Yes
content-length
118054
x-xss-protection
1;mode=block
addthis_widget.js
s7.addthis.com/js/300/
353 KB
114 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-121.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
"5f971164-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
cache-control
public, max-age=600
date
Tue, 17 May 2022 17:36:55 GMT
x-host
s7.addthis.com
content-length
116419
821060e3-3f9c-4a2f-8613-8e0db4841f79.json
cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/
4 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/821060e3-3f9c-4a2f-8613-8e0db4841f79.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c44bd059b9c622135be58769922c683d91de4f38676110fd00850bcc2935f44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sSaSrWCLuhJ22ZvRvYoUZA==
age
11606
vary
Accept-Encoding
content-length
1609
x-ms-lease-status
unlocked
last-modified
Wed, 11 May 2022 18:06:16 GMT
server
cloudflare
etag
0x8DA3378F14E3260
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
72afcb60-101e-00c1-4080-65535f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
70ce1e383bbb6937-FRA
expires
Tue, 17 May 2022 21:36:55 GMT
TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
s.go-mpulse.net/boomerang/ Frame B543
205 KB
49 KB
Script
General
Full URL
https://s.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:1700:38a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
br
last-modified
Tue, 12 Apr 2022 00:27:55 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
timing-allow-origin
*
content-length
50393
autopilot_sdk.js
cdn.bc0a.com/autopilot/f00000000017219/
45 KB
16 KB
Script
General
Full URL
https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.125.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
192.125.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
16a82f9d8888d0159e73c5cb69d6aa12c00d1e43280afd005b394c8cef670908

Request headers

Referer
https://www.trendmicro.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-goog-meta-marvel_enabled
true
content-encoding
gzip
age
512
x-guploader-uploadid
ADPycdvavZmeFoAoQyDeBMWcGNL_WTTdjBtyg2vXRe7LCLOvFCc4qcgKYlaEsXy0YS4OFiC_6QBcS7b9bBz0WK70Zni_9Q
x-goog-meta-sdk_canonical_host
x-goog-meta-sdk_whitelist
x-goog-stored-content-encoding
gzip
x-goog-meta-publishingdate
2021-09-15 23:32:39
x-goog-meta-sdk_canonical_protocol
etag
"f457036f35e0577554f93d8a52c1cfb9"
vary
Accept-Encoding
x-goog-generation
1631748759512601
content-language
en
access-control-allow-origin
*
x-goog-meta-custom
true
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-meta-spa
false
expires
Tue, 17 May 2022 18:28:23 GMT
x-goog-meta-sdk_version
1.5.1
date
Tue, 17 May 2022 17:28:23 GMT
x-goog-meta-sdk_account_id
f00000000017219
x-goog-meta-sdk_request_parameters_case_sensitive
false
x-goog-meta-marvel_config_consistency_custom
{"data-url":"dataservice.tmok.tm/tc.png","data-customerid":"f00000000017219"}
x-goog-storage-class
MULTI_REGIONAL
x-goog-meta-marvel_customer_id
x-goog-metageneration
3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15470
x-goog-meta-content_only
false
x-goog-meta-sdk_log_level
2
last-modified
Wed, 15 Sep 2021 23:32:39 GMT
server
UploadServer
x-goog-hash
crc32c=Jb2FaA==, md5=9FcDbzXgV3VU+T2KUsHPuQ==
x-goog-stored-content-length
15470
accept-ranges
bytes
content-type
application/javascript
x-goog-meta-marvel_test_mode
false
x-goog-meta-disable_debug_elements
false
domaingroupcheck
cookies-data.onetrust.io/bannersdk/v1/ Frame
0
0
Preflight
General
Full URL
https://cookies-data.onetrust.io/bannersdk/v1/domaingroupcheck
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:20c0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
domainid,location,url
Access-Control-Request-Method
GET
Origin
https://www.trendmicro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-headers
domainId, url, location, Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With
access-control-allow-methods
GET, HEAD, OPTIONS
access-control-allow-origin
*
cf-ray
70ce1e387b14929f-FRA
content-length
0
content-type
application/json
date
Tue, 17 May 2022 17:36:55 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Accept-Encoding
domaingroupcheck
cookies-data.onetrust.io/bannersdk/v1/
17 B
86 B
XHR
General
Full URL
https://cookies-data.onetrust.io/bannersdk/v1/domaingroupcheck
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:20c0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1aabe1212b2f9cb8f6a547454bd4e5f4773485e3e001b327e501ba3e0e77cc7

Request headers

location
cdn.cookielaw.org
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Referer
https://www.trendmicro.com/
url
www.trendmicro.com
accept-language
de-DE,de;q=0.9
domainId
821060e3-3f9c-4a2f-8613-8e0db4841f79

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
70ce1e389b44929f-FRA
access-control-allow-headers
Content-Type
content-length
17
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
182 B
456 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6afee29defad466d4261ffa3473a90050d6202d9270147a8ea95b49dcde213c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.trendmicro.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
70ce1e387f7b9b76-FRA
access-control-allow-headers
Content-Type
0992020505
ixfd1-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000017219/
8 KB
2 KB
XHR
General
Full URL
https://ixfd1-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000017219/0992020505?client=js_sdk&client_version=1.5.1&orig_url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&base_url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F101.0.4951.64%20Safari%2F537.36
Requested by
Host: cdn.bc0a.com
URL: https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.193.142 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
142.193.102.34.bc.googleusercontent.com
Software
bws/1.0 /
Resource Hash
d172f2ebf38a578b105a8f3679bd3d73ec09e4388da4413526314df191623397

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-be-pop
BRU-1-302
date
Tue, 17 May 2022 17:36:46 GMT
content-encoding
br
server
bws/1.0
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
utag.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
100 KB
21 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
ee487f97a13438156cf6885082826dfc307d525cdffbe831ace62b1657749b2b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Thu, 21 Apr 2022 17:43:05 GMT
server
AkamaiNetStorage
etag
"d599369823f48b5f109b1cda964f51f0:1650562985.436735"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
21099
expires
Tue, 17 May 2022 17:41:55 GMT
icomoon.ttf
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/
24 KB
14 KB
Font
General
Full URL
https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/icomoon.ttf
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
bc6e1ea2c2ddcb591413f7bd88178f4563bd3dbbb5726fa86ad11777f99d5bf4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Origin
https://www.trendmicro.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
x-prod-a-01
Yes
last-modified
Thu, 09 Dec 2021 18:07:24 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Tue, 17 May 2022 17:36:55 GMT
vary
Accept-Encoding
content-type
application/x-font-ttf
cache-control
public, max-age=750
x-content-type-options
nosniff
x-prod-n-01
Yes
content-length
14370
x-xss-protection
1;mode=block
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v29/
44 KB
44 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.trendmicro.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 12:16:38 GMT
x-content-type-options
nosniff
age
105617
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44800
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:25:14 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 16 May 2023 12:16:38 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.34.0/
348 KB
83 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e88dafe889a514ea8b9b07747f53d08b66a473b7caa78645b4aa2167563651e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ywzctmjVIapkx83Pz3a+AQ==
age
129
vary
Accept-Encoding
content-length
84671
x-ms-lease-status
unlocked
last-modified
Tue, 17 May 2022 16:31:35 GMT
server
cloudflare
etag
0x8DA3822B5C4CCF6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d89fe3b5-901e-0071-140d-6aaadf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
70ce1e38b9179125-FRA
logo-desktop.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/global/logo/
5 KB
6 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/global/logo/logo-desktop.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
efbc707369cbd580ebffa0ed1817ed1b96f03619eb1493f8e631735abc8e76a9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
hdcOBxe33mrcHvAl.WGp5zXvLxpIZI.5
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
etag
"52561d918e54912574b9ed5bb5993edb"
age
53444
x-cache
Hit from cloudfront
x-amz-request-id
K13H0MBQ3KXZEG13
x-amz-id-2
JU63wA2QJNQNZOC5zDSECt0LaCfBhxVYFnBvicxKfY6gPTKu1S2u8qQC8P/A/NO3egYfTNPF0WY=
accept-ranges
bytes
last-modified
Fri, 28 Jan 2022 19:12:56 GMT
server
AmazonS3
date
Tue, 17 May 2022 02:46:12 GMT
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
content-length
5310
x-amz-cf-id
WoxfPbz8mUphqPW0MV-FcoQTrNNY_XwrgloYNYcDT4MXpt1I9-6BtQ==
nav-cyber-risk-index.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/
Redirect Chain
  • https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/nav-cyber-risk-index.jpg
  • https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000017219&url=https://www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/nav-cyber-risk-index.jpg
  • https://www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/nav-cyber-risk-index.jpg
27 KB
27 KB
Image
General
Full URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/nav-cyber-risk-index.jpg
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
336ed2f40837f4d988e5f5e348ab7861b11ab0c760254e3eacd37aff33b66a81
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-prod-a-01
Yes
last-modified
Tue, 17 May 2022 13:40:50 GMT
server
nginx
etag
"6ad8-5df3549f3d78c"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=1334
date
Tue, 17 May 2022 17:36:55 GMT
x-content-type-options
nosniff
x-prod-n-02
Yes
accept-ranges
bytes
content-length
27352
x-xss-protection
1;mode=block
expires
Tue, 17 May 2022 17:59:09 GMT

Redirect headers

pragma
no-cache
date
Tue, 17 May 2022 17:36:55 GMT
via
1.1 google
x-content-type-options
nosniff
location
https://www.trendmicro.com/content/dam/trendmicro/global/en/global/images/navigation/nav-cyber-risk-index.jpg
x-frame-options
DENY
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
0
422ea8eb-ab70-4ffb-9bf3-5a841254edba-3.woff
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/interstate/
72 KB
72 KB
Font
General
Full URL
https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/fonts/interstate/422ea8eb-ab70-4ffb-9bf3-5a841254edba-3.woff
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f64a06f7949a0dabe65e7683ade627d29301122d68a4bc3239b161ec00697e66
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css
Origin
https://www.trendmicro.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-prod-a-01
Yes
last-modified
Thu, 23 Apr 2020 17:32:22 GMT
server
nginx
date
Tue, 17 May 2022 17:36:55 GMT
x-frame-options
SAMEORIGIN
content-type
application/x-font-woff
cache-control
public, max-age=870
x-content-type-options
nosniff
x-prod-n-02
Yes
content-length
73259
x-xss-protection
1;mode=block
Figure-1-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
85 KB
86 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure-1-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5c94095fd76e13f4fe343b735d15045ae56e1e40167d6afbe25bf5973076f44d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 19:23:22 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
age
80014
x-cache
Hit from cloudfront
x-amz-request-id
7PKC44PQ33AKYT6H
x-amz-id-2
sKRtPelkafLckNrdBwaTRCrBhlKI6uToVay1rvF/QNrWTDVe2tN/5RFT28oLf5C7mvE6HkSFRIs=
accept-ranges
bytes
last-modified
Mon, 02 May 2022 13:18:07 GMT
server
AmazonS3
etag
"f8c7989d0f1cbc5646f87692afce19a1"
x-amz-version-id
LuHD2InPrr1d_ycKM32BYBZZzo6enSkA
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
content-length
86970
content-type
image/webp
x-amz-cf-id
XnGqRO_YhzkKfvhLdh5QfHT27bMPHNEF2-JHPAK8mFLz71SMziNXqQ==
Figure2-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
7 KB
7 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure2-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d1fba918e37563f4ad2cb50bff584965a7d84f02dbe0dd930be27bdec48f51a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M1RJZG5KKNP668
x-cache
Miss from cloudfront
content-length
6938
x-amz-id-2
OAristZlFEWb5JbLS8Gb8tErKbrQZB8g2aW7OewSSQx2GjcjlkNFPu7aiGZtAZ2wu2itg/96+1k=
last-modified
Mon, 02 May 2022 13:18:06 GMT
server
AmazonS3
etag
"f60a4f2a7b0f9c4fe6efb8e4f0ae22aa"
x-amz-version-id
I63cHOV2pViS9G2hjfM15JEMcIVV9JX.
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
7uw98W54w_6uuiRS5G_b6fdEg6EruHYO3wQ7igDfS0QNJ3ROuWEmrA==
Figure3-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
8 KB
9 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure3-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
84bab882b986eedb68f99e33e8429d8cec0c78817da8ba4ea4d454025250446d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M28K360KEKK23J
x-cache
Miss from cloudfront
content-length
8274
x-amz-id-2
IBySd+PufAtnWT4MDK0COUXGJHOXTRsCrrz6303/Dw5awLUOt802TyODuigTxek7Wet1pi7ntDE=
last-modified
Mon, 02 May 2022 13:18:04 GMT
server
AmazonS3
etag
"289c5de6a66d7511056f0c67c88f18ac"
x-amz-version-id
skJYPp2.dC_cMgIPor.N.7luxQ2Zuv3j
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
pZ2yCBU8dFDyTqd_8KS84m5n_B92JyPvRejxXf6H7v4tiVe3whByFw==
Figure4-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
7 KB
7 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure4-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
833f3c82c0484b4a926c2ebc1156e24a30ef4223a20208afa38dbfd0785e0342

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27MANFG134GBEBXD
x-cache
Miss from cloudfront
content-length
7012
x-amz-id-2
nli3WuiLcKla+PUerUEf4wfTPuJsQ/pfyQ31hfQVGH5v/fl+KCRsxhMHIfmKOPsdvYkvVJgWNGc=
last-modified
Mon, 02 May 2022 13:18:06 GMT
server
AmazonS3
etag
"c641332ec02d272df340daaa975b48f2"
x-amz-version-id
5kGlDcDuBwe.lJSPvPif3Q38E36MGDI8
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
QoRO7G67ONFUAlgD26wRqTmY8y2VHlFRGxBZ6aHS_KLhazsG9sDIog==
Figure5-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
5 KB
6 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure5-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
75ac0d33de613b45241ae0be4f487b41386e43312b9d365cacb41c2575fa8d7e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M8ATPDKW01MGAC
x-cache
Miss from cloudfront
content-length
5310
x-amz-id-2
GIAs+mmWX+TnwW4amgWUPrdZbIEFDiwy7BkU+fSI1Iokl0cxRj7pkhAuH5Ly4oZCYLykCeYving=
last-modified
Mon, 02 May 2022 13:18:05 GMT
server
AmazonS3
etag
"c64dce8a79786402f1faa2ecd01dd9ed"
x-amz-version-id
qrIEE1Fc_qW9r1r.eQPb8iCrS2.OuSpz
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
s4z_DttK9Pk7TWRfZrmsyvvNLLUArYVs6ghTwmkZbh-TBR2EkOdBhQ==
Figure6-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
7 KB
7 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure6-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31ab53af235b1fc6d33b6fdce0913358ecd89b34b88071f277b301260bd28c33

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M24NZXDW37D5YQ
x-cache
Miss from cloudfront
content-length
6706
x-amz-id-2
rV2MKsS3a7mw5GorJhqGYo+P2TCdjJ5kqqC69WVONDwAGhMS8VB4VFm7eNYUi01qeTiI/RkUCUg=
last-modified
Mon, 02 May 2022 13:18:06 GMT
server
AmazonS3
etag
"da269b404c7119ea6e1c7e876e1659eb"
x-amz-version-id
8LoVh55ZSr8D0.b9gkxahr53cRTW8Hg_
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
dI6VMs6tIMyF4F5SDDaV0DgiuxD5KhdvRcQxwELsnw1hKGj188aVng==
Figure7-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
4 KB
4 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure7-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0d3a9d1c0ca68316826d7db0343fba08ae3891a28a873620d50c489e7da6c734

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27MCRTKGTPST8WWW
x-cache
Miss from cloudfront
content-length
3622
x-amz-id-2
rm8QCcG7pEb9zxLWn1Z1msHyrxUJfuvlYqrmvcVCu0G2QNitg0ImDhbgv1uYoRj/TwIR1BX+d9o=
last-modified
Mon, 02 May 2022 13:18:05 GMT
server
AmazonS3
etag
"2e9b70a6a325073a7b418c3a0bb959a3"
x-amz-version-id
vGzba0TtbQQFZs.2J2xtvDZzpWOEvyE1
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
IvzRLqekMuLHJmGquDSccIm40wHAp8T3cl8izbtNJIAIwYy4uEEzYg==
Figure8-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
3 KB
3 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure8-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7306309fb7304b01a0e44b7357329014c55aa5e8ba96f1309df3f652f6aab652

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
Mfmz28DrDzkdTLW3JVDNqumCJ9LBA_0A
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
etag
"fa264858a069965f4fddcdc63c1a94dc"
x-amz-request-id
1NEDTXDK481D0BRW
x-cache
RefreshHit from cloudfront
content-length
2906
x-amz-id-2
9O/9FmZ3/Zd+yzNu6Qmltfcz97utaMytPQCm4rgSaeEjJw2SMSSPXpKobiyyMV3hFfd4ztUrnOc=
last-modified
Mon, 02 May 2022 13:18:08 GMT
server
AmazonS3
date
Tue, 17 May 2022 17:36:56 GMT
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
x-amz-cf-id
zMdWIzgh3V0a2t52WuMMI6zuSYso76PE6imsWdqC9_riMDBEyg5iuw==
figure-9-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
62 KB
62 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/figure-9-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2709b884c0c205a25e1bdcf0d180e43d8fb600336d8ae962c470c8f80b382db3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 15:23:18 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
age
8018
x-cache
Hit from cloudfront
x-amz-request-id
KHTH5V2Q53XG5BRT
x-amz-id-2
lZ3MTTJOXY227zqNXBEfxKHo7aGRw3w1aIBOltc90O9ppi3PDYGz+xikw9Xw8ZqD+5gGAi/ZFkM=
accept-ranges
bytes
last-modified
Mon, 02 May 2022 13:18:10 GMT
server
AmazonS3
etag
"72a2464d275c080904f011d81ca1267c"
x-amz-version-id
HWmUUAUNhoZry3LYMVxpfJ7XnIbjsG9e
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
content-length
63160
content-type
image/webp
x-amz-cf-id
lclavQcdnVN-A9dha0ZA54BD3UKEXuU5rroC4bWnt4fEJC3ZThzUmw==
Figure10-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
9 KB
9 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure10-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ad9b693cdc2dec100238d2210c792461e45fdbfc75ec099519bd7bc754cc4140

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M6BREH9HYWRRRD
x-cache
Miss from cloudfront
content-length
8808
x-amz-id-2
MSrGCLTdFkEsjID2KHFXTONKf+I43qeX56hRXTmdohWrFD1a0sY1I6llt4l/LxM/Zo3h+ZDj+zA=
last-modified
Mon, 02 May 2022 13:18:08 GMT
server
AmazonS3
etag
"41d171c3dbc9ad5f636db2aa5789d0ec"
x-amz-version-id
hQZaAjZ1KFS9xw3902A9VsY9xA_dzZAq
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
3uxTDcL6q_6vCvJlg-Lyh80NT8UgMKhBL6C0fIXo6eED6tdw6rhEng==
Figure11-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
7 KB
8 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure11-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f5f36fb1c1f5e8748d88ea4783f6c3bc573bc50e2ca6414135a640ec236df528

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M57BDYQ9T11E8A
x-cache
Miss from cloudfront
content-length
7355
x-amz-id-2
j53JcQoGN6A+8EJUiZAVDDgOtYdMaPAgiAbyg9m+RJ9cyGyQQyTqgDrITYjKcgBON7Cj/Izk+qU=
last-modified
Mon, 02 May 2022 13:18:09 GMT
server
AmazonS3
etag
"ad21e2411cfbb0ed9b09072d1990b275"
x-amz-version-id
RQ1yf8g4xucA7EbWFwCrQQUSPxl1poJy
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
Sw_HSKA9ZnQO6dxZ0VRsuXiuEvQ_nsCAYEhsk6Sj3ef62_TOGXT3KQ==
Figure12-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
14 KB
14 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure12-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e71bb7f7b94cbd36eab565182c1030f5dc6c3fc0dc2d9d5fc72108b40e51896c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M3NB6R9CDTMMWG
x-cache
Miss from cloudfront
content-length
14250
x-amz-id-2
OMQltTQ6JKCG9no3Bl6NXfETnHVH3MO4cQ5RJtiBxmHjWKF6mkKJP9B9oNNgTu84vzrr7i89DNQ=
last-modified
Mon, 02 May 2022 13:18:08 GMT
server
AmazonS3
etag
"658d583c76af699c6fc82c9060c2f7da"
x-amz-version-id
LRn_.eCF2pErEtsrkNYYbhSpOBu11P5J
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
YD1RAkQDDqa6AmBaSsurgy28bsgQmR81TnVlZdt0vS-fATPhFc6gZw==
Figure13-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
17 KB
17 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure13-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3ed0351dbb268827b6fe050d8b9257d7967f80962e244db30650e6592e6ba81a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 15:23:12 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
age
8023
x-cache
Hit from cloudfront
x-amz-request-id
HR36HW805RJTKCXF
x-amz-id-2
//t7fEBrWwXdCjj5YzcPK4mI/+JzhlskBK2Oy2s3/zT9smon/J4J4z5UPvgKkY9omrIm8oNTSv0=
accept-ranges
bytes
last-modified
Mon, 02 May 2022 13:18:09 GMT
server
AmazonS3
etag
"34b562f8ca3d67094a6b67ca4e9ee5a5"
x-amz-version-id
jT7jXxs_KAmpMoKI11f5grpMSrnY_M_0
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
content-length
16950
content-type
image/webp
x-amz-cf-id
1BoUCNIcohTtYijuNc-ZJ-KjnW5sgB45Uz_rL43GGAHiWtSelx9Uqg==
Figure14-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
5 KB
5 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure14-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fc718d80cc57d7e3d2ac4bb0ab2368735e548fb3534787ebd42764968b66bc02

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
oT2BawRASpzaYiqZXcEjrFOurjtnaYEo
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
etag
"81ee8ceb58cc3963f944b5a92c1e4dfc"
x-amz-request-id
S4H3413VP67HPN30
x-cache
RefreshHit from cloudfront
content-length
4822
x-amz-id-2
nhwBv0YEM2t+J6MaSJrONUL/D1wb3Y+nvztYjUxxBup7dKvPMWucumL/SnCJsJnLcp2x13r0SLo=
last-modified
Mon, 02 May 2022 13:18:10 GMT
server
AmazonS3
date
Tue, 17 May 2022 17:36:56 GMT
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
x-amz-cf-id
wva2_cYrI4UuOgGoOYmsNOO-PHLh8ce0lBW3kw0tu1IKsyxPD5FJlA==
Figure15-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
13 KB
14 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure15-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b9a56d279a225d5a87cb4a66aafab9de833be2ea9277772191e1759c163b0b4a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M5GSXFKYJRRNSC
x-cache
Miss from cloudfront
content-length
13668
x-amz-id-2
n0JnQ/vbHBlfDXZdQB8vx7iXxq4KoMeQqnVYjwO3DoomuIMcT0l0YcJe9uTWGv31IeMxXgSsv8M=
last-modified
Mon, 02 May 2022 13:18:10 GMT
server
AmazonS3
etag
"a560efdd9103c79a404aa609f1551519"
x-amz-version-id
iKicud3JottPLxvDtQgpw9jNhxtQidlt
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
dJr8DBzFDUcbVEY0znhLAfdt2OhvttGNsAZ70-sikC8h8zIVw7a1tA==
Figure16-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
30 KB
30 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure16-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e0007aae2555969e975b44eddefe74770e307ae40ec51e44f61e7724a90974b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
1mrm0HnNlI4pR0JfsQWxclHaF9WdsvVs
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
etag
"004fe7212c29a244dee1c2b78a8db382"
x-amz-request-id
S4H5EA4FFZ2112JH
x-cache
RefreshHit from cloudfront
content-length
30348
x-amz-id-2
s3k7YSlIXD0Te/pKNhxQzVFFnSahbaieP5+uWpBvPObdNk/VFedC4QdI7O6OJPsRA1Mj1jhQMuk=
last-modified
Mon, 02 May 2022 13:18:11 GMT
server
AmazonS3
date
Tue, 17 May 2022 17:36:56 GMT
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
x-amz-cf-id
sMeNCe8hcsscq4Q0ykj2IdNlT4xxSyyeGkR46_hZib_FD3hJSDesOA==
Figure17-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
2 KB
3 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure17-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cc51d8ea358ab6ac8215ad459bbe451b56d609a5895f1f0c8bb462a32398ca61

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M1Q9GRFAXNSZB4
x-cache
Miss from cloudfront
content-length
2262
x-amz-id-2
Av6qJNIv8ySp1ByQooD2B2YTIQRnpy3TwsSLFb6kumPfsoRJWJEy+w/Y1Y9UfDLTdm4CYqVdCwA=
last-modified
Mon, 02 May 2022 13:18:11 GMT
server
AmazonS3
etag
"523b776e0a697d3669e90719dbfbc13c"
x-amz-version-id
SbN1S0EcwBMOw81H7Vo1bO6xY9OT693R
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
3hgz2bOL1p3eFuLX8QL2beQx17T82cTtDo2armsXALBxKswTo2DPCQ==
Figure18-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
3 KB
4 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure18-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9481651df8eacae12fadb78b8adaf9f224a738b5d9a40393ac46ef0ee05ce4e1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M0XPXYMHRFBBGV
x-cache
Miss from cloudfront
content-length
3461
x-amz-id-2
gD2mTirNvHw8mfOLamv2fMMN/9pP0EKk/BFz1nJ/pnXuPiSh8X4O3KfxffxSqroD4fafp6VsQno=
last-modified
Mon, 02 May 2022 13:18:11 GMT
server
AmazonS3
etag
"37b7ffcd9457ad1d0212c23ca46511e6"
x-amz-version-id
9o7fqFBustLFm2PpKqcrSTjOGjLd5UM2
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
kYcx5hKhfPgMjUoyC6MlbG6Yk13ijFFJnYxv8GsrK1WLbhV-a0SKTQ==
Figure19-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
11 KB
12 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure19-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dce46443b836343c9f063d7e849065ab53ee0bbccca74e9edfae4344934e6a0e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27MAQ27TSRRQ4SGP
x-cache
Miss from cloudfront
content-length
11610
x-amz-id-2
PWJBnyl7tz/2uL21tY0vIcZQXuQPI+ZzNC0Mnv6gZEC7gugPKMzdfy3qPVKW421xOHBcAX2UlsA=
last-modified
Mon, 02 May 2022 13:18:12 GMT
server
AmazonS3
etag
"9d25830139fd60dcdb6a3139df01f783"
x-amz-version-id
6iNTewLn09EwxSW31HyZZ7nCGb0JCJ09
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
gJdLJcAUPK9zFQIeWF-aokK92zm7pk_M6hf4fxFf_I-dTDzomaLn3g==
figure-20-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
44 KB
44 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/figure-20-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
234338686ea974036530489f9f53b3fbe08cbd51662265c65e9c731572eb705d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 06:41:28 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
age
39328
x-cache
Hit from cloudfront
x-amz-request-id
701B8RECEXJ37VR1
x-amz-id-2
VN4fHZRXE80d+SH0BjHEO/KZimfqmn6/XFusZ7GLZZ8ia5Mf2kDexViNboP05uV2Efzaj1b42AE=
accept-ranges
bytes
last-modified
Mon, 02 May 2022 13:18:14 GMT
server
AmazonS3
etag
"c96a4dd9f4def6ff5204df5f1d539292"
x-amz-version-id
4WLZS3GH93o_TlyHMn9W38Vze5RusyKL
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
content-length
44854
content-type
image/webp
x-amz-cf-id
JwUN11s3n69mPZ4iWH-Pk3-kTXwhlAS5h7IGEpIcEkws3GeTCP8s5A==
figure-21-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
38 KB
38 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/figure-21-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b101744439ce88b024c30f5b868081648049aa654dd37866864d328536330f4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 15:23:18 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
age
8018
x-cache
Hit from cloudfront
x-amz-request-id
KHTT74HXBHBT3VRS
x-amz-id-2
HCznDJCRXJNmWrvLoKwQG7nqopdyMldyoei38A5NoWcH7O7Mo7bkKxtPN51PjuqMcmFkjTNIcIU=
accept-ranges
bytes
last-modified
Mon, 02 May 2022 13:18:12 GMT
server
AmazonS3
etag
"f1ab35036a4c26e9b28ecf5f76273afc"
x-amz-version-id
gqbwQM2PYdNPEsRhsOm6RTu4z26lEslW
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
content-length
38546
content-type
image/webp
x-amz-cf-id
B4kvE6ryOenSyV7JZSICguVL8Zm00XOMJIXIW2SNS-5n4dWjmjsZSg==
Figure22-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
10 KB
10 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure22-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
47eb0f45d439e1f14e6f35c8f0fa5ecf0fededd78a3284efa0e2c295a8493402

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27MCNGEEYAX2V3BV
x-cache
Miss from cloudfront
content-length
10214
x-amz-id-2
6gDQaO7XP9ERqScfrQcdqOp/n3VF16Pd03qlK1s6J1ehjByYKiSu5mHB93CTQ3MhzDMM/faHqRs=
last-modified
Mon, 02 May 2022 13:18:13 GMT
server
AmazonS3
etag
"8aefa45f4c71879eb012dded050daf8b"
x-amz-version-id
Og9DFKXMmcQlTeXeGJIY4EMpI3jVHzab
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
8n-NujLKioAz5J_DIXYFUcTC1AQ9XrzvEm1ZAMYfep4gUkX8W7auLA==
Figure23-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
13 KB
13 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure23-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f20b52b9b6de708bd2a281e6e70cdc3001e872188a5089bc77afe3215e9ba014

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M2BF8P4T0NXV45
x-cache
Miss from cloudfront
content-length
13286
x-amz-id-2
0Lsjifvzs1JeBMzFuUwDMzdQEdYKLyA6xX6K0U+xo37IMr8UHc+KWctoNFBKo/Z4+/C+tJC7kGM=
last-modified
Mon, 02 May 2022 13:18:12 GMT
server
AmazonS3
etag
"f60107b7044b066853660e9d58d657ce"
x-amz-version-id
2UUgBUdSx.LBdDsRE3Y4xRlsIFeVc3Jy
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
EcjI0zeLya0tufwBMustlf753jqcjDkunagiBXFxdzd0ylexEuWIww==
Figure24-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
4 KB
5 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure24-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b99fec499a872d64ef21dce0bd4192797c652b87ce3c4d0187be51b01df433c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M3JAMFZ3RC0TNX
x-cache
Miss from cloudfront
content-length
4244
x-amz-id-2
NcfeA+CBcp3lFJzMVNIVQTacd58Lf0NsMykJvtWJNp2RMrkEcgHIZHSvmq64ZUFcDsd7ULdcgSw=
last-modified
Mon, 02 May 2022 13:18:13 GMT
server
AmazonS3
etag
"44414c2e6144aad7c9d4d9e1ec18eb1b"
x-amz-version-id
WXiNaQPoGjZ05HuxNTOi9ZYgPj.xQB2P
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
1Lcw2sOPkJSOBzrjrQhGgHxcTIgDeVztr8YUMr1kVPv-CMsubRYFXw==
Figure25-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
14 KB
15 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure25-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
04ab8b77ad0c11db4977e9a53c8cc675e401674ed8b716a08d5fb5774b748b4c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 15:23:13 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
age
8023
x-cache
Hit from cloudfront
x-amz-request-id
WQ7EFSPW1R9EYSRG
x-amz-id-2
H3iG71iQbObl8XA52LGQdHCfGpP9cZU4GzDgARBDO7NpvykNwwHHvofdXHjKU4zBo39iHztl5eA=
accept-ranges
bytes
last-modified
Mon, 02 May 2022 13:18:14 GMT
server
AmazonS3
etag
"6ab23d2b5c1d0e1c8d26e68d56891c58"
x-amz-version-id
DhmpjjCCct3LEYd2uwnEF772xkYzCOdy
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
content-length
14532
content-type
image/webp
x-amz-cf-id
IIdMQqMZLiWFsLrTnSa4ueQKPxOmo0_0ETbED58Vzcrq-_lj0ACv3g==
Figure26-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
8 KB
8 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure26-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
30b8653df6d640e31faf518ebd3807ead412761b52ac9a05a46b0f55c913f56a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M8G2S3AB5RJNWG
x-cache
Miss from cloudfront
content-length
7954
x-amz-id-2
UoWACuKQzgfWkA8d+ZMAr1R1QRES6992hYYKTwWtAAjO5XEWxaiFpYBVLGdWmwkMUZ2LmubcJDs=
last-modified
Mon, 02 May 2022 13:18:14 GMT
server
AmazonS3
etag
"508fa1fdbd7859a74fe12c10f715b52a"
x-amz-version-id
bQa5vzplIYRqfIf9I.l9J8VQepKzD4Cy
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
YcTYseZkpDL32cLB_XFyBlRNKqFxPjUPgkTkA2PQ3PVShKoaRAxd6A==
Figure27-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
47 KB
47 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure27-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3b7641710519998da1bbb44ecaf16819b0947cd77e97b326c92cfc82a0eaf092

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M4959YS2V4BZDN
x-cache
Miss from cloudfront
content-length
47746
x-amz-id-2
n+S3+dIny/ayAP2TkRDV4d+PAadzAb+VfYWzs2GuSt8UOz5htxZLMwu+J2MHPTbN4zu6PSjR+e4=
last-modified
Mon, 02 May 2022 13:18:15 GMT
server
AmazonS3
etag
"ceabfa55cb1277290b0cd6bd0a94e1f2"
x-amz-version-id
NFpfwwwmdv.r5_QEo7DqsbpZx_xI7jJ.
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
5PYrXcUfGLEIx5DWZwcN3i2qo7VMvqbVaTJkCSDW69_QmaEcTl0ueQ==
Figure28-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
3 KB
3 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure28-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d0b1027e10009b698038c65b6c8e12e52d45207395cfdeb8ff1ef547b3c11b7d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 19:23:33 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
age
80002
x-cache
Hit from cloudfront
x-amz-request-id
9WB4X6AVNPCAR9X4
x-amz-id-2
rX5XdtBz8J6D9zw40nwN7vClTzEpw/H/Y2Fp4nAhCEakMdu61yiTTBFrSJXgqJnQl8+QbglS8Uk=
accept-ranges
bytes
last-modified
Mon, 02 May 2022 13:18:15 GMT
server
AmazonS3
etag
"241e7b8fc32e99ef74c58f7e1e45beb7"
x-amz-version-id
s8jEbgRwjLQmaRI_mCDRke1S3jBNUKbU
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
content-length
2748
content-type
image/webp
x-amz-cf-id
QaVUzDdirtVCfk-1oQdgpb33GPv2ukcVnhxHUZ3J4Y2HkxPbhr-c8Q==
Figure29-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
8 KB
8 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure29-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e88e5478a51ff612e84ee6e07bd733ab1e4ba03a6ddbe121fc5460931b511bab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M0TSH9QB9NYCJM
x-cache
Miss from cloudfront
content-length
7766
x-amz-id-2
6G86K2u7XNbvt7JKiQsQHlr5szpx2JsJjhb/v27QclgVK/SphPdTUkilRcbL1BRVTfOcdt2z2WE=
last-modified
Mon, 02 May 2022 13:18:17 GMT
server
AmazonS3
etag
"42cb58a07552b80039789ab0b6be3629"
x-amz-version-id
ERHQ4R2j13txT.lDMorGCZxNdohfIyrV
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
2HFVO4V1AQ1xeCb7k43xL7AQXJ2MCoDGPaii5KkrIO7c0O0pUVJdmw==
Figure30-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
17 KB
18 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure30-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d775e8cc15bdd68487a2b1a59efafe138a1f752e5ac2b41084dfcf7c758d4021

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M5K4Y68BBKT3FY
x-cache
Miss from cloudfront
content-length
17570
x-amz-id-2
uzBV5p1cTfPrfoYccznVjdFmAP0h2kytzAIsSn/g8lG1x17pKEmPp3d/W0ap/Dk1nuacvJRdqio=
last-modified
Mon, 02 May 2022 13:18:17 GMT
server
AmazonS3
etag
"2f14f7ea2f5ab358727c58b27525b8fd"
x-amz-version-id
dx7ndH6C8AtnM.A_nNYF0NrYPWnZ4sdw
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
9Kn-SK7MwUU7K36RoSP5AJuMXieqvNbL0k8jSHo71-Knht6JYz0rMw==
Figure31-avoslocker-disables-defense-solutions-scans-for-log4shell.png
marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/
4 KB
4 KB
Image
General
Full URL
https://marvel-b1-cdn.bc0a.com/f00000000017219/www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure31-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:7000:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
af47338502658bcc8d2fb17b1b0fa44d3d3afa8cb96ab1c383e73f35f23effdc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
x-amz-request-id
27M4KF56MHHWRHRC
x-cache
Miss from cloudfront
content-length
4088
x-amz-id-2
ATIy3wqPgvfst88jqz/kWN/ORCN4ik+02YkMd7DsGEKfq9h6QPRevAejqhyi9Ss/Ix+OnOKFHlY=
last-modified
Mon, 02 May 2022 13:18:16 GMT
server
AmazonS3
etag
"6f50a3c33c810434d3ea980e8930b97b"
x-amz-version-id
Upti87nKg7KtDFFivp_35ZlWxenOVaLf
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-type
image/webp
x-amz-cf-id
gRIholkQmPLIyekTDQltLc054d9nTiJfcjjPRRARUz53O9eQwRGRtA==
utag.69.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.69.js?utv=ut4.48.202006041752
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e687349ef50927f263497a200ed021ebaa6d13850a8b9a0a19de3d2260729d69

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:14 GMT
server
AkamaiNetStorage
etag
"5a5fb4e9111a2b14d5b5876eb2258fd7:1632240614.594178"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1005
expires
Wed, 01 Jun 2022 17:36:55 GMT
memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v29/
47 KB
47 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v29/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c0b68ea789d4bc6705f42dd6c44eb38306b965df01f9409eb4a941370e3b158
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.trendmicro.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 10:35:09 GMT
x-content-type-options
nosniff
age
111706
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47924
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:25:51 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 16 May 2023 10:35:09 GMT
dict.en_us.json
www.trendmicro.com/libs/cq/i18n/
13 KB
14 KB
XHR
General
Full URL
https://www.trendmicro.com/libs/cq/i18n/dict.en_us.json
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/clientlibs/granite/utils.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
54b8c08ed2e64a537c5d8ec6efc880484e1b753a49da11b584103a62a5debf1f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-prod-a-01
Yes
server
nginx
etag
"def5866d2a6bd1b5e1123ce5b1a6217e"
x-frame-options
SAMEORIGIN
content-type
application/json;charset=utf-8
cache-control
public, max-age=702
date
Tue, 17 May 2022 17:36:55 GMT
x-content-type-options
nosniff
x-prod-n-02
Yes
content-length
13552
x-xss-protection
1;mode=block
utag.138.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.138.js?utv=ut4.48.202010201643
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
62e37140e90c20b8021e84f22588bff6f0789e2ac60bd107b21017d0acd41b51

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:11 GMT
server
AkamaiNetStorage
etag
"fe1348f92b91321140f39aae7ca068de:1632240611.865646"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1008
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.81.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
24 KB
6 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.81.js?utv=ut4.48.202106161605
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
7004945db892cd6f93ded26d3f944f0b15355d1363a6bc0b9fa906d2e34cb4ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:18 GMT
server
AkamaiNetStorage
etag
"c790e21a570649215b7deaeae97139c8:1632240618.345665"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
5882
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.29.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
4 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.29.js?utv=ut4.48.201510262117
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
b8a34dec51d1542d219b92e8425cae1fcd3f55c26f8d9cb67d2a9e7c2e79543d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:11 GMT
server
AkamaiNetStorage
etag
"df2edd1ac891eacf5b6ba635cc9a59eb:1632240611.664523"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1706
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.18.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.18.js?utv=ut4.48.201510262117
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
8f37c9815fbb866d0417ebe23f74ccbf507ea03f969260f576cfd4bbd9da2a28

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:12 GMT
server
AkamaiNetStorage
etag
"c184aaf7bc67f12bab7821647c2a3235:1632240612.296587"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1024
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.22.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.22.js?utv=ut4.48.201510262117
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d90e0559dfab1d9ad441137a378eb4ab5a53e4b5103d0293dc558197bfb93bd2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:19 GMT
server
AkamaiNetStorage
etag
"5b1c9d86c6089e24314a2b9fa0b97913:1632240619.494572"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1229
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.9.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
3 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.9.js?utv=ut4.48.201510262117
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e348f721442e051780e0a89843aaad43dbe518d051cad5ce5b6816397a8fc773

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:21 GMT
server
AkamaiNetStorage
etag
"aa9516dc0bc8d1f409640e8bce32c4d4:1632240621.08215"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1392
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.43.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.43.js?utv=ut4.48.201510262117
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c7a2cccb0b1fc37d2a9e142f920f5c9e640d12a262eb181abab41e81cd12be61

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:16 GMT
server
AkamaiNetStorage
etag
"ddd833e52fd9dadb9f3f123c1c3899f7:1632240616.251282"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
924
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.75.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
3 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.75.js?utv=ut4.48.201608171750
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
3ee9ec06bbfa8bb6e040e6edc9718c1905b557f3e9e988398b70d378096d02f8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:17 GMT
server
AkamaiNetStorage
etag
"d30dc4298bf51cb89a8006ff7c576208:1632240617.067512"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1454
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.79.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
1 KB
1011 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.79.js?utv=ut4.48.201906262142
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
8a2ddfc3ec0269c7c979608073574c3eadec9932afc4a660dc0af4a1e6ce2e3b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:17 GMT
server
AkamaiNetStorage
etag
"e3edb58cc720a93d9d13440ce0dfa4dc:1632240617.258721"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
782
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.115.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
10 KB
3 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.115.js?utv=ut4.48.202109201636
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
0e1a25f94e38ff616b88e4917d4ed2ee83bfdddd4358f92a82e7d87a09ff9b2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:16 GMT
server
AkamaiNetStorage
etag
"8a244bdc8d96727c0cd96abe81761b34:1632240616.040797"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
3245
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.99.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
10 KB
3 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.99.js?utv=ut4.48.201709111706
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a1019d01046c662a58fa0b369f4f6f67428e15d6501de94b1d4b3a3b8925d54f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:15 GMT
server
AkamaiNetStorage
etag
"dca3384138b255c3c0a60afe6d75194b:1632240615.256807"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2503
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.117.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.117.js?utv=ut4.48.202109291943
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
6cf98f8e68625661d1727e1c02fb5bfb8583f865f8834518b4723873dfbe9722

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:22 GMT
server
AkamaiNetStorage
etag
"56e0bd0a021d82315367abad98387f41:1632240622.162245"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
974
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.124.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.124.js?utv=ut4.48.202009171637
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c67a98460c2dbd3d301997c6b0cda7919f33d554f8b084f14f3759012299e148

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:14 GMT
server
AkamaiNetStorage
etag
"6f7b1fa653e43c64c2821de2bfefb8d6:1632240614.821376"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1216
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.127.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.127.js?utv=ut4.48.201905291644
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cff36a8c3e27d13c9df7ce018399b3b59c5bb70de2b59bb38ba6daaf6aef5ac0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:18 GMT
server
AkamaiNetStorage
etag
"88edc44ec40b8a9fd70c73388cc23538:1632240618.574449"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
970
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.144.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.144.js?utv=ut4.48.202101191804
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
455995299358961f1a9ade799587a2e03c86f1c2177f885742a03706b7e0c94a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:23 GMT
server
AkamaiNetStorage
etag
"8c835bba0a472164830a5312363c5013:1632240623.134748"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
870
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.145.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
4 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.145.js?utv=ut4.48.202108241956
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
f795b85773aeeb4d69eb8d36e82f9106344b4a5edf011f9cb22eb4d4e146f3e1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:15 GMT
server
AkamaiNetStorage
etag
"d1220ca3cd0299455402f6faf7c5e8e8:1632240615.012675"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1778
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.151.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.151.js?utv=ut4.48.202109071517
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
bd701a68dddee2555a381f41190b0b2137d435b7e8a79af86d520425633c7f46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 16:10:11 GMT
server
AkamaiNetStorage
etag
"a75cf0ef4ef7b4ebf26c805084a1ccc2:1632240611.460542"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1067
expires
Wed, 01 Jun 2022 17:36:55 GMT
utag.171.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/
13 KB
4 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.171.js?utv=ut4.48.202203161827
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9a9b32b9a635111a54aa24bd29d8e0b65b406777e1e69f310584b02357857738

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Wed, 16 Mar 2022 18:27:45 GMT
server
AkamaiNetStorage
etag
"5f465c0d368080806396d5a0459c1077:1647455265.289734"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
3677
expires
Wed, 01 Jun 2022 17:36:55 GMT
avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.disruptor.html
www.trendmicro.com/en_us/research/22/e/
0
418 B
XHR
General
Full URL
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.disruptor.html
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
x-prod-a-01
Yes
server
nginx
date
Tue, 17 May 2022 17:36:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
x-xss-protection
1;mode=block
x-prod-n-01
Yes
x-content-type-options
nosniff
avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.notifications.html
www.trendmicro.com/en_us/research/22/e/
3 KB
1 KB
XHR
General
Full URL
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.notifications.html
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.40.185 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-40-185.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
361d7d41c8e84fcee782759289f331928b07fc48207ca55997e9af9517dd1901
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-prod-n-02
Yes
content-encoding
gzip
x-prod-a-01
Yes
server
nginx
date
Tue, 17 May 2022 17:36:55 GMT
x-frame-options
SAMEORIGIN
content-type
text/html;charset=utf-8
x-xss-protection
1;mode=block
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
vary
Accept-Encoding
content-length
706
x-content-type-options
nosniff
en.json
cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/241ca2a9-f5a7-4b39-9481-69784d1c195e/
218 KB
39 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/241ca2a9-f5a7-4b39-9481-69784d1c195e/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
adeaebb429d938d9796d62c756b3846dee391cd6735875b9740366b2e12a5cc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
RKzLrqncn7iWJtAuc6FZ5w==
age
3781
vary
Accept-Encoding
content-length
39363
x-ms-lease-status
unlocked
last-modified
Wed, 11 May 2022 18:06:23 GMT
server
cloudflare
etag
0x8DA3378F563BCA7
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
816b9cb7-201e-0063-427c-659ec3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
70ce1e3a48316937-FRA
expires
Tue, 17 May 2022 21:36:55 GMT
conversion_async.js
www.googleadservices.com/pagead/
39 KB
15 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.9.js?utv=ut4.48.201510262117
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
89ba0d4f6cf9500041778760fea24e37c6de04955c6a62b5435c64b600423749
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14865
x-xss-protection
0
server
cafe
etag
2710672821686371805
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 17 May 2022 17:36:55 GMT
revenuepulse-lib-v3.js
resources.trendmicro.com/rs/945-CXD-062/images/
2 KB
1 KB
Script
General
Full URL
https://resources.trendmicro.com/rs/945-CXD-062/images/revenuepulse-lib-v3.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8366292b6413e815888abbc34c7800df0b1d8101bff22e1f3ca1f34170a73b3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
23
content-length
695
last-modified
Sat, 07 May 2022 01:46:31 GMT
server
cloudflare
etag
"4c1b57-6f3-5de6224f3797b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=60
accept-ranges
bytes
cf-ray
70ce1e3d6ab99124-FRA
expires
Tue, 17 May 2022 17:37:55 GMT
ktag.js
resources.xg4ken.com/js/v2/
9 KB
4 KB
Script
General
Full URL
https://resources.xg4ken.com/js/v2/ktag.js?tid=KT-N3AA7-3EB
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.117.js?utv=ut4.48.202109291943
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.218.20 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-218-20.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e1aa0fe1a680395d90617094d538a7e0172deeee8cc51cd0dde3be8d717af5a6
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Wed, 27 Apr 2022 11:27:25 GMT
server
nginx
etag
"6269289d-dd8"
content-type
text/plain
cache-control
max-age=86400, public
content-length
3544
x-xss-protection
1; mode=block
expires
Wed, 18 May 2022 17:36:55 GMT
fbevents.js
connect.facebook.net/en_US/
99 KB
27 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26310
x-xss-protection
0
pragma
public
x-fb-debug
wmYzs8Ao4m+6BQKF976CbG0PH1At2jXZ7ZREuMgNwWvIHFya8RtRbjukJsPRmM5O6AZMsveC5KyQ9TAzvX2hzg==
x-fb-trip-id
686109401
x-frame-options
DENY
date
Tue, 17 May 2022 17:36:55 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
app.js
acsbapp.com/apps/app/dist/js/
Redirect Chain
  • https://acsbap.com/apps/app/assets/js/acsb.js
  • https://acsbapp.com/apps/app/assets/js/acsb.js
  • https://acsbapp.com/apps/app/dist/js/app.js
424 KB
139 KB
Script
General
Full URL
https://acsbapp.com/apps/app/dist/js/app.js
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Server
208.68.39.149 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
cdn100.acsbapp.com
Software
/
Resource Hash
15da98235971411ce63a1d461968a996d49e3dee32c3bbee4a31626cdcc4bec6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
br
last-modified
Thu, 05 May 2022 11:42:29 GMT
etag
"6a11d-6273b825-f9d12a6c99646944;br"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=432000 public
accept-ranges
bytes
access-control-allow-headers
*
content-length
141580
expires
Wed, 18 May 2022 17:36:55 GMT

Redirect headers

location
https://acsbapp.com/apps/app/dist/js/app.js
date
Tue, 17 May 2022 17:36:55 GMT
content-length
707
content-type
text/html
uwt.js
static.ads-twitter.com/
43 KB
14 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.99.js?utv=ut4.48.201709111706
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f500e38f31cccd6e39a843d0332dd1129b1bca5aadebcd9f233063e8d3d0f482

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
last-modified
Wed, 11 May 2022 18:57:33 GMT
etag
"a887c9733d6ae5f9cfe844d49227fe99+gzip+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
13673
x-served-by
cache-iad-kjyo7100141-IAD, cache-muc13981-MUC
tracking.js
trk.techtarget.com/
2 KB
1 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.127.js?utv=ut4.48.201905291644
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:91d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 15 Oct 2021 14:31:37 GMT
server
cloudflare
age
270
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
expires
Tue, 17 May 2022 17:42:25 GMT
cache-control
max-age=1200
cf-ray
70ce1e3abd79926b-FRA
cf-bgj
minify
3083.js
js.idio.co/
24 KB
5 KB
Script
General
Full URL
https://js.idio.co/3083.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.144.js?utv=ut4.48.202101191804
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.99.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-99-86.arn1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5b386cc78b14e3d6583aba456c266517293ecd2f3ee4196f43e30fec4043d8f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 01:07:06 GMT
content-encoding
gzip
last-modified
Fri, 11 Feb 2022 12:47:12 GMT
server
AmazonS3
age
59390
etag
W/"fb3b8c825422d37775f0fe5b7e92720f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 9ee3245d13c492e7e4abb0f2de012802.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
ARN1-C1
x-amz-cf-id
NnCvLvgagNGgABTVr7lSfMaiBXd_uXNlGOrZL9uJUrnSRmd_qT9XEw==
sv2uuh4gw3ms.js
js.driftt.com/include/1652809200000/
230 KB
66 KB
Script
General
Full URL
https://js.driftt.com/include/1652809200000/sv2uuh4gw3ms.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.151.js?utv=ut4.48.202109071517
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
57f5c12aae7837fe9654a5447be4db479308e8fee78ae675d1ef419ef4a8ae21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
6FpALZFTluftnADIjnK7vmhj6qkKKZtK
content-encoding
gzip
etag
W/"cc457c644a8affd3de9c3932eed2543a"
x-amz-cf-pop
FRA53-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 16 May 2022 20:09:35 GMT
server
nginx
date
Tue, 17 May 2022 17:36:55 GMT
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
xyfJ0RVhF9K2EtTxPkXjoZ8smXP6-fwh5zZ1h8BcbH2IabQ5gLRRLQ==
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
202 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=trendmicro/nabucms/202204211742&cb=1652809015452
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.24.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-194.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Tue, 17 May 2022 17:46:55 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/6.34.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.34.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ae30f6f2162279a812bf9e00efd0c985e20e76efece9444125b410f3a6822a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
e9t+XAucPzqMmpjFA11lKw==
age
111
vary
Accept-Encoding
content-length
2959
x-ms-lease-status
unlocked
last-modified
Tue, 17 May 2022 16:31:25 GMT
server
cloudflare
etag
0x8DA3822AFD03491
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
ee22fbf2-701e-00f8-6913-6a13fb000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
70ce1e3ab90a6937-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.34.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.34.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74c39b5ec5a61c19ff20d81c0418fabd61d6deb6ac0c967da28761d6b895ff7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
/wtHD+oYY7dZRzCx50GZrQ==
age
11299
vary
Accept-Encoding
x-ms-lease-status
unlocked
last-modified
Fri, 13 May 2022 12:13:38 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
66bb7007-301e-0033-68ca-6681cb000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
70ce1e3ab90c6937-FRA
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
129
date
Tue, 17 May 2022 17:34:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 17 May 2022 19:34:46 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:55 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
js
www.googletagmanager.com/gtag/
190 KB
69 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-4502MK3B94
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f3622e6babdedbb1cbb22903f1dbd7e376709d44c376afffe988b114300388c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69967
x-xss-protection
0
expires
Tue, 17 May 2022 17:36:55 GMT
6si.min.js
j.6sc.co/
27 KB
9 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:55 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
8575
Pragma
no-cache
Last-Modified
Thu, 07 Oct 2021 17:17:43 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"615f2bb7-6a5f"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Cache-Control
private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Tue, 17 May 2022 17:36:55 GMT
conv_v3.js
cdn.b0e8.com/
67 KB
22 KB
Script
General
Full URL
https://cdn.b0e8.com/conv_v3.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.34.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.5.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
192.5.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
960d1f95f71be9bc4c13e06c200762c60cdc944d3289687f9d9faa6cf7b17506

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:18:42 GMT
content-encoding
gzip
age
1093
x-guploader-uploadid
ADPycdu6NbQtTiCNUPlsXK6t32tcxCsVSian45E1M8g9hS0sykjkYDrsMeHIt3kQV6bs8yYO7yl9hcCax5L3XRytyKj6UFQYORhJ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21573
last-modified
Wed, 23 Mar 2022 23:53:55 GMT
server
UploadServer
etag
"0acedbfc86d9cc291bf807c3fe3ea666"
vary
Accept-Encoding
x-goog-hash
crc32c=lWvUnQ==, md5=Cs7b/IbZzCkb+AfD/j6mZg==
content-language
en
access-control-allow-origin
*
x-goog-generation
1648079635204763
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
21573
accept-ranges
bytes
content-type
application/javascript
expires
Tue, 17 May 2022 18:18:42 GMT
truncated
/
817 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
www.googleadservices.com/pagead/conversion/1015287688/
2 KB
1 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/1015287688/?random=1652809015555&cv=9&fst=1652809015555&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&tiba=AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
1a84612f3827f375b5594a13eb73e0b929d93bfdb58846aaf51274cd175cc6fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1231
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activity.gif
apt.techtarget.com/activity/
43 B
324 B
Image
General
Full URL
https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=1279657&version=2.1.1&ref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&r=1652809015563
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:55 GMT
Last-Modified
Tue, 26 Mar 2019 18:30:29 GMT
Server
Apache/2.4.6 (CentOS)
ETag
"2b-5850384029cff"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=25
Content-Length
43
ec.js
www.google-analytics.com/plugins/ua/
3 KB
1 KB
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 16:45:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
3088
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1129
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 12:48:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 17 May 2022 17:45:27 GMT
linkid.js
www.google-analytics.com/plugins/ua/
2 KB
884 B
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:15:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1292
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 17 May 2022 18:15:23 GMT
config.json
c.go-mpulse.net/api/ Frame B543
2 KB
1 KB
XHR
General
Full URL
https://c.go-mpulse.net/api/config.json?key=TU3LW-WPX5W-YK52N-GNWRK-Z5B9X&d=www.trendmicro.com&t=5509363&v=1.720.0&if=&sl=0&si=eabe20b6-b31c-4315-a883-4e89aa6f8b3e-rc1fli&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:7100:59a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6c87718d800ffdf81c2bb2d5522a33873a97bf98bd613c770740497520070672

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:55 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
1015
/
www.google.de/pagead/1p-conversion/1015287688/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=1406565525&cv=9&fst=1652809015555&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTy...
  • https://www.google.com/pagead/1p-conversion/1015287688/?random=1406565525&cv=9&fst=1652809015555&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1...
  • https://www.google.de/pagead/1p-conversion/1015287688/?random=1406565525&cv=9&fst=1652809015555&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=16...
42 B
548 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/1015287688/?random=1406565525&cv=9&fst=1652809015555&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&tiba=AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=N92DYtyEJIqIlgSvzYzwCw&random=330322526&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 May 2022 17:36:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 17 May 2022 17:36:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/1015287688/?random=1406565525&cv=9&fst=1652809015555&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&tiba=AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=N92DYtyEJIqIlgSvzYzwCw&random=330322526&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
analytics.twitter.com/i/
0
0

adsct
t.co/i/
Redirect Chain
  • https://marvel-b1-cdn.bc0a.com/f00000000017219/t.co/i/adsct?type=javascript&version=2.3.9&p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sal...
  • https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000017219&url=https://t.co/i/adsct?type=javascript&version=2.3.9&p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22page...
  • https://t.co/i/adsct?type=javascript&version=2.3.9&p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=...
43 B
337 B
Image
General
Full URL
https://t.co/i/adsct?type=javascript&version=2.3.9&p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=672b86c6-b1da-48c1-81d9-28aea3084b17&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-response-time
105
date
Tue, 17 May 2022 17:36:55 GMT
server
tsa_o
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
7dd33a00f4be310816cf136a3998c26ce1ad194448803afdc0f54000ccd52b86
content-length
43

Redirect headers

pragma
no-cache
date
Tue, 17 May 2022 17:36:55 GMT
via
1.1 google
x-content-type-options
nosniff
location
https://t.co/i/adsct?type=javascript&version=2.3.9&p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=672b86c6-b1da-48c1-81d9-28aea3084b17&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
x-frame-options
DENY
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
0
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=810231626&t=pageview&cu=&_s=1&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&ul=en-us&de=UTF-8&dt=AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBACAIrBAAAAC~&cid=640718912.1652809016&tid=UA-44592531-1&_gid=859671026.1652809016&_slc=1&cd15=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&cd2=Christoper%20Ordonez%7CThreats%20Analyst%2CAlvin%20Nieto%7CThreats%20Analyst&cd3=2022-05-02&z=133168459
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trendmicro.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 17 May 2022 17:36:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.trendmicro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/g/
0
17 B
Ping
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-4502MK3B94&gtm=2oe5g0&_p=810231626&_z=ccd.tfB&cid=640718912.1652809016&gdid=dYmQxMT&ul=en-us&sr=1600x1200&_s=1&sid=1652809015&sct=1&seg=0&dl=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&dt=AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4502MK3B94
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 May 2022 17:36:55 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.trendmicro.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
getuidj
secure.adnxs.com/
11 B
706 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 17 May 2022 17:36:55 GMT
X-Proxy-Origin
138.199.38.134; 138.199.38.134; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
2c1effd0-89a3-44ab-9c2d-04a336d8bfd2
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.trendmicro.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
11
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/
47 B
374 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a54a1e7e0930473183e072646507449351cb7658ab7c598ab22365f015c690a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:55 GMT
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.trendmicro.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
47
brightedge3.php
a1.b0e8.com/
35 B
226 B
Image
General
Full URL
https://a1.b0e8.com/brightedge3.php?id=f00000000017219&p_id=ARJNRAJA28N4RAPP66RJR8LRAAAAAAAAAH&bf=2d44afda590c9017234292a6b232b6fc&url=https%3A//www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&ref=&bn=1&bv=3.44&title=AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell&metadesc=We%20found%20an%20AvosLocker%20ransomware%20variant%20using%20a%20legitimate%20anti-virus%20component%20to%20disable%20detection%20and%20blocking%20solutions.&metakeywords=malware%2Cexploits%20%26%20vulnerabilities%2Ccyber%20threats%2Capt%20%26%20targeted%20attacks%2Ccompliance%20%26%20risks%2Cendpoints%2Cransomware%2Cnetwork%2Carticles%2C%20news%2C%20reports&s_id=ARJNRAJA28N4RALR8JPJR8LRAAAAAAAAAH
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.78.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.78.111.34.bc.googleusercontent.com
Software
bws/1.0 /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-be-pop
BRU-1-301
date
Tue, 17 May 2022 17:36:55 GMT
via
1.1 google
last-modified
Wed, 23 Jun 2021 22:46:15 GMT
server
bws/1.0
etag
"60d3b9b7-23"
content-type
image/gif
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=null&session=8f1c73ee-e477-4e7c-85d9-831b9f358763&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2017%20May%202022%2017%3A36%3A55%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20found%20an%20AvosLocker%20ransomware%20variant%20using%20a%20legitimate%20anti-virus%20component%20to%20disable%20detection%20and%20blocking%20solutions.%22%2C%22keywords%22%3A%22malware%2Cexploits%20%26%20vulnerabilities%2Ccyber%20threats%2Capt%20%26%20targeted%20attacks%2Ccompliance%20%26%20risks%2Cendpoints%2Cransomware%2Cnetwork%2Carticles%2C%20news%2C%20reports%22%2C%22title%22%3A%22AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&pageViewId=2dae60c9-24da-41f9-8e61-8056f06a84c1&an_uid=0
Requested by
Host: www.trendmicro.com
URL: https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:56 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Tue, 05 Oct 2021 22:17:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"615ccf10-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
details
epsilon.6sense.com/v3/company/
423 B
408 B
XHR
General
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.195.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-195-65.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e99a52151c294c42df9ab0df1048d2403af8d1cf94817c26c706c8d75d002743

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Referer
https://www.trendmicro.com/
accept-language
de-DE,de;q=0.9
Authorization
Token f0978075a275d14104571cd0b3e9919c9748869b
EpsilonCookie
0f58655f1f65000037dd83628102000088010000

Response headers

date
Tue, 17 May 2022 17:36:55 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.trendmicro.com
access-control-allow-credentials
true
content-length
221
details
epsilon.6sense.com/v3/company/ Frame
0
0
Preflight
General
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.195.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-195-65.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,epsiloncookie
Access-Control-Request-Method
GET
Origin
https://www.trendmicro.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,epsiloncookie
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.trendmicro.com
access-control-max-age
1800
date
Tue, 17 May 2022 17:36:55 GMT
server
nginx
config.json
cdn.acsbapp.com/cache/app/trendmicro.com/
159 B
346 B
Fetch
General
Full URL
https://cdn.acsbapp.com/cache/app/trendmicro.com/config.json
Requested by
Host: acsbap.com
URL: https://acsbap.com/apps/app/assets/js/acsb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
161.35.15.77 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
cdn101.acsbapp.com
Software
/
Resource Hash
7686b1766f60675f5a9bb3f2ac37e75c88a039948d1d53241ae78fa07c5eb25e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
last-modified
Tue, 17 May 2022 17:35:04 GMT
etag
"9f-6283dcc8-465fc3c42a5b1e43;;;"
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=432000 public
accept-ranges
bytes
access-control-allow-headers
*
content-length
159
expires
Wed, 18 May 2022 17:36:56 GMT
core
js.driftt.com/ Frame 9827
2 KB
1 KB
Document
General
Full URL
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1652809200000/sv2uuh4gw3ms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
1b3fe1e721f971be41856594e07a90e892c8716b7af722559b313cacbe26e111
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.trendmicro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 17 May 2022 17:36:56 GMT
etag
W/"fc9c44f62a16a752d8b851a94f02e6d2"
last-modified
Mon, 16 May 2022 20:09:19 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
x-amz-cf-id
gQbZWjwY4kDLzKnVjcR1k2RM39lPwRUCoDGngzg15TI2J0VNBGu2Mg==
x-amz-cf-pop
FRA53-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
YwQXeMR0TdIsL8NodPZlTKFisALJQNw1
x-cache
RefreshHit from cloudfront
chat
js.driftt.com/core/ Frame 7435
2 KB
1 KB
Document
General
Full URL
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1652809200000/sv2uuh4gw3ms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
1b3fe1e721f971be41856594e07a90e892c8716b7af722559b313cacbe26e111
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.trendmicro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 17 May 2022 17:36:56 GMT
etag
W/"fc9c44f62a16a752d8b851a94f02e6d2"
last-modified
Mon, 16 May 2022 20:09:19 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
x-amz-cf-id
7ewq66xQETYfeGGT6Iexd8RAPdxn41aqAzUkuxko97UhkCIgd79bnw==
x-amz-cf-pop
FRA53-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
YwQXeMR0TdIsL8NodPZlTKFisALJQNw1
x-cache
RefreshHit from cloudfront
runtime~main.035b379b.js
js.driftt.com/core/assets/js/ Frame 7435
6 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
d483fa6020ed31b1b28e7f802348eb5b77869ee52256fc0b5029213ff3930352
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 20:09:18 GMT
content-encoding
gzip
age
77258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 16 May 2022 19:47:30 GMT
server
nginx
etag
W/"75f60918b13aa525e4a0fca0d8178003"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
CsQ7AdX.gXjkVGQlM6bUk2RfRo55ryxd
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ulJbGRJcYtRrXbO1OH3mRTOxgGpnLNlZDvivJzb2suuv64f2z6su1A==
5.b4ccdd57.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
58 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/5.b4ccdd57.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
9d8f8c89a5f7c90adc5196d1c10fe3e8c46d16cb8d24de13ade83de53183027d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sat, 23 Apr 2022 00:23:24 GMT
content-encoding
gzip
age
2135612
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 22 Apr 2022 20:24:56 GMT
server
nginx
etag
W/"bf2b7dc96b40587d388df8918a276f1d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
maOqxpaNnzt0tyNj0PV8pU.OmUMXI5V_
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
UJBD6SEmvnVK8mp7ILaRQJS3SbQQ7vTiDL7uWYnLT3yEMX2TWRF-kQ==
main~493df0b3.f87598de.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
6 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/main~493df0b3.f87598de.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
27d551863c56b976030ee49aa3f4823994dce3d3cb6ac79b75de43bdd55fd254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 22:35:25 GMT
content-encoding
gzip
age
1882891
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 25 Apr 2022 20:45:37 GMT
server
nginx
etag
W/"368eb1f8172917da20cc4a3a2072e54e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
84CKzKc.TpxebrV5l5OX4K68ovNqMWN7
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
MiAHX93Um8GZhed7Fqw0-MJCikBpIateIYRX29RACdXzIGMtGmf7mQ==
runtime~main.035b379b.js
js.driftt.com/core/assets/js/ Frame 9827
6 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
d483fa6020ed31b1b28e7f802348eb5b77869ee52256fc0b5029213ff3930352
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 20:09:18 GMT
content-encoding
gzip
age
77258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 16 May 2022 19:47:30 GMT
server
nginx
etag
W/"75f60918b13aa525e4a0fca0d8178003"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
CsQ7AdX.gXjkVGQlM6bUk2RfRo55ryxd
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
GcDmJ64Zdja9RiR1e6UH0AW_4M3lzX7oy0mH2mGNYQGSv1a364iQQw==
5.b4ccdd57.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
58 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/5.b4ccdd57.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
9d8f8c89a5f7c90adc5196d1c10fe3e8c46d16cb8d24de13ade83de53183027d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sat, 23 Apr 2022 00:23:24 GMT
content-encoding
gzip
age
2135612
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 22 Apr 2022 20:24:56 GMT
server
nginx
etag
W/"bf2b7dc96b40587d388df8918a276f1d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
maOqxpaNnzt0tyNj0PV8pU.OmUMXI5V_
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
aNlzzcSu7Q_reO7rCqC2_yWj8imxmamZfvfFEmq0wruVjHQZtICjIA==
main~493df0b3.f87598de.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
6 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/main~493df0b3.f87598de.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
27d551863c56b976030ee49aa3f4823994dce3d3cb6ac79b75de43bdd55fd254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin
https://js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 22:35:25 GMT
content-encoding
gzip
age
1882891
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 25 Apr 2022 20:45:37 GMT
server
nginx
etag
W/"368eb1f8172917da20cc4a3a2072e54e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
84CKzKc.TpxebrV5l5OX4K68ovNqMWN7
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
gtByIoEBv1hGPfyR30Uxi2Pm96LcFBbAyoxO8041GODe12sB-566NQ==
44.36014458.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
47 KB
14 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/44.36014458.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
73aefc68f91234a52983d4c0a8037888d05af3f62d6e9b97993ebc4cb5791cbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 22:49:34 GMT
content-encoding
gzip
age
3178042
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 08 Apr 2022 15:57:16 GMT
server
nginx
etag
W/"f3141bda9ba639e2d01218d7e7cd8311"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
B5nQx62kfGixFNs6i7158XuE6Q0q4UA8
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
qddKv5QBpg0ZVTL8D7WCmMxJDAQeXFnXAitrulFiVDOX6kQsvM4d2Q==
19.c2c4ec2d.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
44 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/19.c2c4ec2d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
24caab840126c1089470704d65dcbb1dadc8ace5328b28de54b297e482ac3c3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 22:35:26 GMT
content-encoding
gzip
age
1882890
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 25 Apr 2022 20:45:35 GMT
server
nginx
etag
W/"ca27a219f5babe50f6eb7c982fa61d4a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
GP6AWJ95Oeeek71gysVMlYSExP067DB1
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
fGwsc4Xey9YF-6X4yHU8TtcWAzMM4-n2CRqa8GKp3fCU8QEMD5HOpQ==
37.dc112dfd.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
25 KB
8 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/37.dc112dfd.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
9cd7629d2e66537eb15542646bfd16cd461aaf18592c35f19ce7d67ada586635
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 02:06:54 GMT
content-encoding
gzip
age
3684602
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 04 Apr 2022 18:54:20 GMT
server
nginx
etag
W/"391f6f28819c5b154653979d5154c888"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
vKbfuupFATroRl3aNDGfs3ThogQLzb9z
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
eccs8s6p7SfhDjyYGspRmS2Ht2BwGCmbnaXsnrdhVVCHEpYimD_eyw==
16.10d76686.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
16 KB
5 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/16.10d76686.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
1cbf80f7d71564dc48af2c5d6bb5d15fc2aec0d541101c5eedf84bad1b908cab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 04 Jan 2022 15:53:42 GMT
content-encoding
gzip
age
11497394
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 04 Jan 2022 15:08:17 GMT
server
nginx
etag
W/"c16e855d0a26bf91ae3cc32cdbfa3ad6"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
mzB2ul0u_48ftIGEd6phwcoTfextzATL
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
UKXD9iS4N2f4okzatIGkVEHocfKLX6OqDiIr3WTLQK-Lua4P0BNOHA==
21.8ac5d777.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
72 KB
22 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/21.8ac5d777.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
4038a666dfd5af607a0374ad6e934cf1007e78da69329dbc341eaf757bb38beb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 02:06:54 GMT
content-encoding
gzip
age
3684602
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 04 Apr 2022 18:54:19 GMT
server
nginx
etag
W/"c39414a669b98ba4a25856ccdc1c1c1b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
Ilpiiyhlyh6s3iuNf.37uZlW5ugPpx91
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
t2SpYFEmE29xc9vN-tuT1HO3pVoA6MtdcoZFIAaNopcgZRTKwAYxPw==
34.801d3c89.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
16 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/34.801d3c89.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e41e2b5c9df3073d6f7da0080ad2f3eca4994ab372d2f65fa76b14f8868663ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:36 GMT
server
nginx
etag
W/"fa218b0849860dbc5ceda153316c9c38"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
lKdT83hFk6oc4yzwjkCPtmRufEzn_1y9
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
vqEKZAwH1s1ToM0PUXZR-lOVyFFkXwkIo6F9K4Uj22gd3OmjrBXNWw==
23.16e779ff.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
59 KB
19 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/23.16e779ff.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
882447805fc1c7805ad98684a4698c4b3ae5e8932261c609f7cdd0834275d72c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 13:25:10 GMT
content-encoding
gzip
age
2779906
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 14 Apr 2022 14:51:25 GMT
server
nginx
etag
W/"ef4446c0fdb98929baf632c38e8cd226"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
6QFFV552d_qyZ9pcsgZNY8fkBisjodK4
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
As9TQTDMA08m0y-Ivv-ChHdIDIa6rbjcbJGqiI4mSAc8IxaCmC7yIw==
11.8d62d6c4.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
91 KB
28 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/11.8d62d6c4.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
1cf451d2d8d425375505bd10c5540e8e5cce3cbbd5932be038285d8b6a650e63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:35 GMT
server
nginx
etag
W/"8199a8634768214fc6204b18351f842d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
IO06C9jhzvCi9VImuydD04sGtIPTZ6T.
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
j7wgo6Fl-ldWkyP-TRtO2GshQgF5s3FN9qIsfJymQUG1aX7BxYCCPA==
10.b73b895d.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
23 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/10.b73b895d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
494a73882e211c16a50493069a632e339e15d32fd8519f22766a0a0e235f7d01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Thu, 12 May 2022 17:56:16 GMT
content-encoding
gzip
age
430840
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 12 May 2022 17:28:59 GMT
server
nginx
etag
W/"5c6cb58ced9f55b696578307366a68ac"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
42s0ZS8AeOMe_PH.Rce3w4xkhbhmKcpn
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
lV4II1uPQufJJxUGAkCAj94zbUPzzYaiqvmvMM1PQVlRcMQOyfVHOw==
14.2a01ddd6.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
62 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/14.2a01ddd6.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ef593584d9432b51ed1cec6f58f844bfa6f81ef0fe27fd9404e400e1346fa09b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 04 Jan 2022 15:53:41 GMT
content-encoding
gzip
age
11497395
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 04 Jan 2022 15:08:17 GMT
server
nginx
etag
W/"6f457384188c98017d8d27281f3df6ad"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
KpoEpDmO7G9TLWLfSTzA1dytLAyREIfM
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Yu_HkTbhofJib8iqgueJtPhy5tjo9SzyeLl0Ek3t5eRnPdRSPDzzpA==
42.85bf5aa5.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
105 KB
34 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/42.85bf5aa5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
b70c36674f1298febe27d175904d872013535e9b0e20136b5dd86bb51c2729e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 22:49:34 GMT
content-encoding
gzip
age
3178042
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 08 Apr 2022 15:57:16 GMT
server
nginx
etag
W/"8c7c0bf11a78a30db0b2b7f63660c3d1"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
mxBFWZx1wZ1xN.1nj_wZKtLvuDeu4lk_
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
DGNURbq1iLyLjI2DC1VfPyeUXXmBLqD8SvJPxuNAcwveio0x5C-dUQ==
35.0810b4b3.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
12 KB
4 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/35.0810b4b3.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
05c1b18ed199fea9af5168c7769dff2cd69f02706fa2568ab2e305be8dfb9c52
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 22:12:26 GMT
content-encoding
gzip
age
3698670
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 04 Apr 2022 18:54:20 GMT
server
nginx
etag
W/"4a61646db5420cc31cb60b9287d9f544"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
0Zui0kJ5MSbHpImulx8UM9hDRN0gPHQk
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
4ZlWmHx8s0kFQSbNIJ3Urty5rVW59ZUniKXcD5JAu2mT7G5VA_KUCw==
26.81342ce1.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
12 KB
5 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/26.81342ce1.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
652cfd16c30cffe323376752f023f8f9738af74b807bda8e929ecba78d9ed19d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 13:25:10 GMT
content-encoding
gzip
age
2779906
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 14 Apr 2022 14:51:25 GMT
server
nginx
etag
W/"fb3937eee6b2751c3fc0c91dce12c2ca"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
Kb9jiolYAspdT0T2FEuoVylYgxdOCuEs
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
B3Rk7Rdjgh-u4uZCSH7y_WJvfO0NGZKTVwYqE_8OHGegVuO6XZxqdw==
17.6c3c965c.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
17 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/17.6c3c965c.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
a5ad436c025c2a03ccc5672aed9469ac98d22b73df5b1d20ed2adb46c0c4daf9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:35 GMT
server
nginx
etag
W/"b0b166b8ed88c90ea3dc07661d0dcff4"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
LWJpAD4koanQpas2CvP_O0Iecv_OphXN
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
s5DPx7-hVePCTuT3dyK28Ll6lF29ZyXDbj4ZbdfZbN3zBzxPuzSOOQ==
8.5b0bb1c3.chunk.css
js.driftt.com/core/assets/css/ Frame 7435
11 KB
3 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/8.5b0bb1c3.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
02840352581026aad3291a8357da6876c93b0e6d8aec9532bbc1a42f82bca1c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:33 GMT
server
nginx
etag
W/"e3c43c4a3d2f4cee45cccdb6e438af66"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
8ZsEKgx7NBbOWsOo7y482B7LIK3_mShC
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
6toNbfQb9VgjWj6a5O4jYvP4nwwagPFTcnSzjsclsJKAG_XOSf0BLw==
8.d527d835.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
70 KB
22 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/8.d527d835.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
6af70a38aeebb329d90b82f1cf7e7d26adea6be00bae67fab4de1b4ba48cdc86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 20:09:18 GMT
content-encoding
gzip
age
77258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 16 May 2022 19:47:29 GMT
server
nginx
etag
W/"0659b5834d7de2cccc4b944a9ff23a90"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
76g5KvzSnOo7zs_NCOzxlv11EC.hooUT
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
lLKRLPV_qUVt5ri2nE5vNxoMx9jvGSTN-sfabX45SPxNkjAdsuNnJg==
15.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 7435
24 B
667 B
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/15.22abfce0.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 04 Jan 2022 15:53:41 GMT
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
age
11497395
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
24
last-modified
Tue, 04 Jan 2022 15:08:15 GMT
server
nginx
etag
"0c5dad92482d9a7c7c253510f5082465"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
bzo2zbrJexGHlTPaLulG8N5yfdXT7FR0
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
aTo1S04IylDhRrPh4DrtRjIIIpCyVCqtdBR68zBbWEy0ighBQ6Kqsw==
15.d80e9ab8.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
77 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/15.d80e9ab8.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
a767019f29af6cb1eee12ce45d7b755c6336344f744b2f83efa2ea10e334f1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 20:09:18 GMT
content-encoding
gzip
age
77258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 16 May 2022 19:47:27 GMT
server
nginx
etag
W/"bb434873d63cf5adfa57c51611e3443f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
jO5lI0fLoE5TgyfCT0nMkl_zFss4mv9f
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
W-ZUNdEp74oH8LnvqIL8NTmmGVaQQ9tW1cSKGeVWqZkExYQaqr2qew==
22.13fdabc3.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
47 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/22.13fdabc3.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
d10de3fa77038ffbc8d3c702b2760986ef33bc817a1c01726b57accbcabb2253
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 09 May 2022 17:04:37 GMT
content-encoding
gzip
age
693139
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 09 May 2022 16:51:07 GMT
server
nginx
etag
W/"745229819b5a669f49ac8212ab5d79ea"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
e116.WcXJkaASIlNuoj94MNXIuu5fx0A
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
w3ilTTU3TOW4GaS6nFgD6bNz4PxgWzUbp7IS-VuNSlv0hyIj-lF-Bg==
13.8cbee884.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
40 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/13.8cbee884.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ad1317842f4b59211f1cbadc0cbff8fc8c3ec9f087b72bb71f486941d233d876
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 20:09:18 GMT
content-encoding
gzip
age
77258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 16 May 2022 19:47:27 GMT
server
nginx
etag
W/"434f76c5a5ae5aeed376440292d06354"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
ibTgyV2YotvG2U76M_tGKtnP4j4LJbXK
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
XO6J94Xg8Fnpq7TRt75ktNqPNcF3hgj6BUbizVmRbvYUPe9TdFlycw==
44.36014458.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
47 KB
14 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/44.36014458.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
73aefc68f91234a52983d4c0a8037888d05af3f62d6e9b97993ebc4cb5791cbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 22:49:34 GMT
content-encoding
gzip
age
3178042
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 08 Apr 2022 15:57:16 GMT
server
nginx
etag
W/"f3141bda9ba639e2d01218d7e7cd8311"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
B5nQx62kfGixFNs6i7158XuE6Q0q4UA8
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
vfYBaSwEyGTUNJfjWECbyo5Z5NHMZrA1KoI-HnHEryAfNbnGm_nGWw==
19.c2c4ec2d.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
44 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/19.c2c4ec2d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
24caab840126c1089470704d65dcbb1dadc8ace5328b28de54b297e482ac3c3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 22:35:26 GMT
content-encoding
gzip
age
1882890
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 25 Apr 2022 20:45:35 GMT
server
nginx
etag
W/"ca27a219f5babe50f6eb7c982fa61d4a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
GP6AWJ95Oeeek71gysVMlYSExP067DB1
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
1_TsrsemYCZIw9ZW-XK60VVV5Ns5joTKMweHopd7Cc3urzPOz1NgXw==
37.dc112dfd.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
25 KB
8 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/37.dc112dfd.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
9cd7629d2e66537eb15542646bfd16cd461aaf18592c35f19ce7d67ada586635
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 02:06:54 GMT
content-encoding
gzip
age
3684602
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 04 Apr 2022 18:54:20 GMT
server
nginx
etag
W/"391f6f28819c5b154653979d5154c888"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
vKbfuupFATroRl3aNDGfs3ThogQLzb9z
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Gu-uM7oqqJns9foZG15fkck9CCrkqH2mz4D9_K6DJEWhfBW35y-Ieg==
16.10d76686.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
16 KB
5 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/16.10d76686.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
1cbf80f7d71564dc48af2c5d6bb5d15fc2aec0d541101c5eedf84bad1b908cab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 04 Jan 2022 15:53:42 GMT
content-encoding
gzip
age
11497394
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 04 Jan 2022 15:08:17 GMT
server
nginx
etag
W/"c16e855d0a26bf91ae3cc32cdbfa3ad6"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
mzB2ul0u_48ftIGEd6phwcoTfextzATL
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Rx43bcbK9oLd7B5fhxC3pyE1zj7XfjwmaF-10aQWkrrmL2nzjm5kTA==
21.8ac5d777.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
72 KB
22 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/21.8ac5d777.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
4038a666dfd5af607a0374ad6e934cf1007e78da69329dbc341eaf757bb38beb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 02:06:54 GMT
content-encoding
gzip
age
3684602
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 04 Apr 2022 18:54:19 GMT
server
nginx
etag
W/"c39414a669b98ba4a25856ccdc1c1c1b"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
Ilpiiyhlyh6s3iuNf.37uZlW5ugPpx91
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
1Thxm9mWC_9_SsTPyw6SqKKhp3o5tbZvAbCOj4-vGnH8xp9ba0_kkA==
34.801d3c89.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
16 KB
6 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/34.801d3c89.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e41e2b5c9df3073d6f7da0080ad2f3eca4994ab372d2f65fa76b14f8868663ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:36 GMT
server
nginx
etag
W/"fa218b0849860dbc5ceda153316c9c38"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
lKdT83hFk6oc4yzwjkCPtmRufEzn_1y9
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
GAj0iU2eTPUMUBBGiTW3RwzFmKXhpxsLwRKL2EqD0evNNshyXP61Bw==
23.16e779ff.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
59 KB
19 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/23.16e779ff.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
882447805fc1c7805ad98684a4698c4b3ae5e8932261c609f7cdd0834275d72c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 13:25:10 GMT
content-encoding
gzip
age
2779906
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 14 Apr 2022 14:51:25 GMT
server
nginx
etag
W/"ef4446c0fdb98929baf632c38e8cd226"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
6QFFV552d_qyZ9pcsgZNY8fkBisjodK4
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
2fEGffFukJzwTP7wQRMEb7eKkRLj5tJh9HQbrGLEb44wbOsYvKQQxg==
11.8d62d6c4.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
91 KB
28 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/11.8d62d6c4.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
1cf451d2d8d425375505bd10c5540e8e5cce3cbbd5932be038285d8b6a650e63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:35 GMT
server
nginx
etag
W/"8199a8634768214fc6204b18351f842d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
IO06C9jhzvCi9VImuydD04sGtIPTZ6T.
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
wCuaLzOvtgG--uHGVPPJSo_8c5Tx6rC9WPfc0ZrqaPmfLEjDhY0U7A==
10.b73b895d.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
23 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/10.b73b895d.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
494a73882e211c16a50493069a632e339e15d32fd8519f22766a0a0e235f7d01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Thu, 12 May 2022 17:56:16 GMT
content-encoding
gzip
age
430840
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 12 May 2022 17:28:59 GMT
server
nginx
etag
W/"5c6cb58ced9f55b696578307366a68ac"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
42s0ZS8AeOMe_PH.Rce3w4xkhbhmKcpn
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
UnTkxr5RhP0m9eAaotu36t3XQkyoi_e7Ave5VOCKMZqpMw98w8Qssw==
14.2a01ddd6.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
62 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/14.2a01ddd6.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ef593584d9432b51ed1cec6f58f844bfa6f81ef0fe27fd9404e400e1346fa09b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 04 Jan 2022 15:53:41 GMT
content-encoding
gzip
age
11497395
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 04 Jan 2022 15:08:17 GMT
server
nginx
etag
W/"6f457384188c98017d8d27281f3df6ad"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
KpoEpDmO7G9TLWLfSTzA1dytLAyREIfM
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
kGy6EZMz_2b7nYmqX2QSeicU0r92fIAc9grysk7MO-drcv24R34P6A==
42.85bf5aa5.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
105 KB
34 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/42.85bf5aa5.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
b70c36674f1298febe27d175904d872013535e9b0e20136b5dd86bb51c2729e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 22:49:34 GMT
content-encoding
gzip
age
3178042
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 08 Apr 2022 15:57:16 GMT
server
nginx
etag
W/"8c7c0bf11a78a30db0b2b7f63660c3d1"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
mxBFWZx1wZ1xN.1nj_wZKtLvuDeu4lk_
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
D8C49ahhVgTlIHhEJoJmv6kcCF_qhstDhukgR5oFQ6iV3IaGOwHp9Q==
35.0810b4b3.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
12 KB
4 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/35.0810b4b3.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
05c1b18ed199fea9af5168c7769dff2cd69f02706fa2568ab2e305be8dfb9c52
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 22:12:26 GMT
content-encoding
gzip
age
3698670
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 04 Apr 2022 18:54:20 GMT
server
nginx
etag
W/"4a61646db5420cc31cb60b9287d9f544"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
0Zui0kJ5MSbHpImulx8UM9hDRN0gPHQk
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
xsCiyVtVMlNr8cvFwwjylIJsIqKpug1B-nTGifBqBh9eaWHcsjiqIQ==
26.81342ce1.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
12 KB
5 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/26.81342ce1.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
652cfd16c30cffe323376752f023f8f9738af74b807bda8e929ecba78d9ed19d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 13:25:10 GMT
content-encoding
gzip
age
2779906
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 14 Apr 2022 14:51:25 GMT
server
nginx
etag
W/"fb3937eee6b2751c3fc0c91dce12c2ca"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
Kb9jiolYAspdT0T2FEuoVylYgxdOCuEs
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
EZ7LllkAA6LilURdz2_z6XDKK7a-RPq1qB557claaC2P6ovVcxVAPQ==
17.6c3c965c.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
17 KB
7 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/17.6c3c965c.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
a5ad436c025c2a03ccc5672aed9469ac98d22b73df5b1d20ed2adb46c0c4daf9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:35 GMT
server
nginx
etag
W/"b0b166b8ed88c90ea3dc07661d0dcff4"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
LWJpAD4koanQpas2CvP_O0Iecv_OphXN
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
uLM6wUfCmZ8IO_ODyGG1Z4wU5A5L1NL3ejL46opNhutMRdqdjrGv9Q==
8.5b0bb1c3.chunk.css
js.driftt.com/core/assets/css/ Frame 9827
11 KB
3 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/8.5b0bb1c3.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
02840352581026aad3291a8357da6876c93b0e6d8aec9532bbc1a42f82bca1c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:33 GMT
server
nginx
etag
W/"e3c43c4a3d2f4cee45cccdb6e438af66"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
8ZsEKgx7NBbOWsOo7y482B7LIK3_mShC
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
JENIJj-Ccm48nOi9W5BnVw_suLkUQnpchqWUnzOIKRxoLjlvfCjmGQ==
8.d527d835.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
70 KB
22 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/8.d527d835.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
6af70a38aeebb329d90b82f1cf7e7d26adea6be00bae67fab4de1b4ba48cdc86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 20:09:18 GMT
content-encoding
gzip
age
77258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 16 May 2022 19:47:29 GMT
server
nginx
etag
W/"0659b5834d7de2cccc4b944a9ff23a90"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
76g5KvzSnOo7zs_NCOzxlv11EC.hooUT
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
0LC5bnCMq1s_Dw--5qguuq-hK-MyiSr-qG2h2eYDum3ci910A53yDw==
15.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 9827
24 B
668 B
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/15.22abfce0.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 04 Jan 2022 15:53:41 GMT
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
age
11497395
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
24
last-modified
Tue, 04 Jan 2022 15:08:15 GMT
server
nginx
etag
"0c5dad92482d9a7c7c253510f5082465"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
bzo2zbrJexGHlTPaLulG8N5yfdXT7FR0
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
qHDfqr9IRkyprgGwDbhGYY-O4uSUAfABWAPJ7qJ9QVxp4bCF3aE5qA==
15.d80e9ab8.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
77 KB
20 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/15.d80e9ab8.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
a767019f29af6cb1eee12ce45d7b755c6336344f744b2f83efa2ea10e334f1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 20:09:18 GMT
content-encoding
gzip
age
77258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 16 May 2022 19:47:27 GMT
server
nginx
etag
W/"bb434873d63cf5adfa57c51611e3443f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
jO5lI0fLoE5TgyfCT0nMkl_zFss4mv9f
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
shiMx133UrS3t0jTPj-tpcTXrOvCATfBFabY_NV-CdGYKzqCISL4nw==
22.13fdabc3.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
47 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/22.13fdabc3.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
d10de3fa77038ffbc8d3c702b2760986ef33bc817a1c01726b57accbcabb2253
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 09 May 2022 17:04:37 GMT
content-encoding
gzip
age
693139
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 09 May 2022 16:51:07 GMT
server
nginx
etag
W/"745229819b5a669f49ac8212ab5d79ea"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
e116.WcXJkaASIlNuoj94MNXIuu5fx0A
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
3MrmbcdWgJIGJRfKMbL2J77aOLnfEIo_hRwYg7kryPi5J3m4wsP46Q==
13.8cbee884.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
40 KB
13 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/13.8cbee884.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ad1317842f4b59211f1cbadc0cbff8fc8c3ec9f087b72bb71f486941d233d876
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 20:09:18 GMT
content-encoding
gzip
age
77258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 16 May 2022 19:47:27 GMT
server
nginx
etag
W/"434f76c5a5ae5aeed376440292d06354"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
ibTgyV2YotvG2U76M_tGKtnP4j4LJbXK
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Ip0BKeqyY8HEnJnAMbqjzpd0kHq3HHOaMCEjVIJ27W1SEbGxuxgREg==
en.build.json
cdn.acsbapp.com/cache/app/
234 KB
25 KB
Fetch
General
Full URL
https://cdn.acsbapp.com/cache/app/en.build.json
Requested by
Host: acsbap.com
URL: https://acsbap.com/apps/app/assets/js/acsb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
161.35.15.77 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
cdn101.acsbapp.com
Software
/
Resource Hash
1a015ea7b0c1fda23358797533ef24519bd6b7bd644e1092813e3f7fc4f0745c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:36:56 GMT
content-encoding
br
last-modified
Thu, 05 May 2022 11:43:03 GMT
etag
"3a8e4-6273b847-35025fdcb141191f;br"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=432000 public
accept-ranges
bytes
access-control-allow-headers
*
content-length
25465
expires
Wed, 18 May 2022 17:36:56 GMT
32.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 7435
3 KB
1 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/32.11d2b6a7.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 22:12:26 GMT
content-encoding
gzip
age
3698670
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 04 Apr 2022 18:54:17 GMT
server
nginx
etag
W/"87532c4db85f1429fa6d759bc3332f36"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
o4YHS2mkjmPJ8FYb.psnWR.Z9AgjdeMR
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
nd-8862TvdF_jdZ6fJWVRgqUCL7PXlxvFGuqXLzMR9bWy7gorcGNdQ==
32.28be7b35.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
3 KB
2 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/32.28be7b35.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
566639f88e650ada50f7f5a70d52efdd262905b7114ddffd26893b7727493a7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 14 Mar 2022 01:21:23 GMT
content-encoding
gzip
age
5588132
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Wed, 09 Mar 2022 19:39:00 GMT
server
nginx
etag
W/"853d736e05b299b857e10b6ab17f3c36"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
nKLZ1eCZgJyATnvQHZL81PT0kMSSnbMT
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Gg7y6L2LD3Cc54bGE90zVlSrG4B09A02Kzv4sLCYGOBvk-GuKtBmmA==
results.txt
rldsnbs4ppqseyud3u4a-pfjxgj-c6070b523-clientnsv4-s.akamaihd.net/eum/ Frame B543
Redirect Chain
  • https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pfjxgjwck
  • https://rldsnbs4ppqseyud3u4a-pfjxgj-c6070b523-clientnsv4-s.akamaihd.net/eum/results.txt
8 B
312 B
XHR
General
Full URL
https://rldsnbs4ppqseyud3u4a-pfjxgj-c6070b523-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol
HTTP/1.1
Server
92.123.225.42 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-225-42.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:56 GMT
Last-Modified
Wed, 08 May 2013 07:51:12 GMT
Server
AkamaiNetStorage
ETag
"402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type
text/plain
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8

Redirect headers

Location
https://rldsnbs4ppqseyud3u4a-pfjxgj-c6070b523-clientnsv4-s.akamaihd.net/eum/results.txt
Date
Tue, 17 May 2022 17:36:56 GMT
Server
AkamaiGHost
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
results.txt
fibg5ighdmaaakqce3ydkaaaa5rihxjy-pfjxgj-4e90fc2d0-clienttons-s.akamaihd.net/eum/ Frame B543
Redirect Chain
  • https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pfjxgjwck
  • https://fibg5ighdmaaakqce3ydkaaaa5rihxjy-pfjxgj-4e90fc2d0-clienttons-s.akamaihd.net/eum/results.txt
8 B
312 B
XHR
General
Full URL
https://fibg5ighdmaaakqce3ydkaaaa5rihxjy-pfjxgj-4e90fc2d0-clienttons-s.akamaihd.net/eum/results.txt
Protocol
HTTP/1.1
Server
2a02:26f0:3500:7::17d8:4dcd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:56 GMT
Last-Modified
Wed, 08 May 2013 07:51:12 GMT
Server
AkamaiNetStorage
ETag
"402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type
text/plain
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8

Redirect headers

Location
https://fibg5ighdmaaakqce3ydkaaaa5rihxjy-pfjxgj-4e90fc2d0-clienttons-s.akamaihd.net/eum/results.txt
Date
Tue, 17 May 2022 17:36:56 GMT
Server
AkamaiGHost
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
0.0b2ebd4a.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
9 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:34 GMT
server
nginx
etag
W/"c5efcdc9e465604f32cf24af10fd6c13"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
f0vFdvUsVaxkS7BUVekCPez6OhG1f.hd
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
d5uHPRBF2CzYZUQvMsJ8teYABnYUFiZi4E7lAdszOa_Hw12_jklhnA==
24.81d46fe7.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
33 KB
10 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/24.81d46fe7.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
e7e2024764e94bff400b354a7cb714ab75f1b9fd4b3fb09de18dca2d6c2e56a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 22:12:26 GMT
content-encoding
gzip
age
3698670
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 04 Apr 2022 18:54:19 GMT
server
nginx
etag
W/"4f751bc7b45f18c1d343a3081fe2509f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
dJ6wMYR.EkVgKolqllYLjIlhrPfZzaVa
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
88drn1ePnVie3S40W7JZxrUSbcfFdwIAb75tf0GVwyceNzyBx4lzTA==
25.c667535c.chunk.css
js.driftt.com/core/assets/css/ Frame 9827
8 KB
2 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/25.c667535c.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
8b7be87db71855fe47b30e1a60953e25a0e6a832e4ff3fefa682cf74d9e66cf0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:33 GMT
server
nginx
etag
W/"5d56f3a89744b768e05433ac1e2f7935"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
Yw4dEFczUjGKvjvS8RVZki_SV8inukYJ
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
aIsnci2a9NFkrz3Qo7XYGuzGDppzOmyFECmWdGMeHU2KZou4T9Vsbg==
25.17da01e8.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
12 KB
5 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/25.17da01e8.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
f12e00e6750c744bb34c0b007ef96948e24c6dcf77a34c78c0c4f1263c81ebdd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 04 May 2022 19:13:20 GMT
content-encoding
gzip
age
1117416
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Wed, 04 May 2022 18:28:30 GMT
server
nginx
etag
W/"d395884071f100b30a64f9bd39a2f10f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
04iRp8gDacN_nR2237idSokHftX5jSZO
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
heqOy2zBDU1kDve2eZXyhvGDDd3wKMjtuC8temgGiLv5AeNPrTc4LQ==
18.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 9827
365 B
1010 B
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/18.c695453b.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 22:35:26 GMT
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
age
1882890
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
365
last-modified
Mon, 25 Apr 2022 20:45:33 GMT
server
nginx
etag
"06b2963b029c0824382815165bfea73e"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
INpCxNwVuEZyaHsPMHYFFM25.8PEoUU5
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
0Hz3loNxdKz1gxCrNujDZjHnjBV0g_ZEY-BkSWv8iGFpS7wG44copA==
18.cd0ebfb4.chunk.js
js.driftt.com/core/assets/js/ Frame 9827
85 KB
24 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/18.cd0ebfb4.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
c863079728d4d01d2c854f3ddeaf1a2fe922318794d6355abd457c1a36038975
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core?embedId=sv2uuh4gw3ms&region=US&forceShow=false&skipCampaigns=false&sessionId=907f6a53-291d-4ff1-8e06-f9c229a9fb49&sessionStarted=1652809016.34&campaignRefreshToken=c96b730c-4feb-4364-ae0c-516371efa4aa&hideController=false&pageLoadStartTime=1652809014996&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 16 May 2022 20:09:19 GMT
content-encoding
gzip
age
77257
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Mon, 16 May 2022 19:47:28 GMT
server
nginx
etag
W/"fbe12f904ce473e339eef5aa67bb03f8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
aVIN3WRU3B9ZjgTLrj6Hp_pTX0OxobOY
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
4uHWxNr9IEFsIMkzaO6K9E1TaNtbYaMMiqGVudCJa6UacajLG4JWPw==
0.0b2ebd4a.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
9 KB
3 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354370
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:34 GMT
server
nginx
etag
W/"c5efcdc9e465604f32cf24af10fd6c13"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
f0vFdvUsVaxkS7BUVekCPez6OhG1f.hd
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
AWWPwqkNsX_OzLM6Y3WC1SPUc6jDujkomHPsVNSE3-DAL2NArgjgvg==
2.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 7435
7 KB
2 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/2.07aa08a5.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354369
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:33 GMT
server
nginx
etag
W/"189aeffd571884559dababa22c66d75a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
eJJ8iIcGQeeOyHqQZhPH9NjVmZe46DWE
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
PW4HL8w7uWbbC0eyJJW13yQyPvGMNpd5CLDLb5zBQPyp9764Ef1VBw==
2.90bfb041.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
54 KB
16 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/2.90bfb041.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
088e1ef91a320f014eecd7495cedfa7fee5e167cadaf55545ce137f4ff749ba8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 01 Apr 2022 23:30:53 GMT
content-encoding
gzip
age
3953163
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 01 Apr 2022 18:31:22 GMT
server
nginx
etag
W/"dc43e7dd478d83a9091a7335b8beb11d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
kk3GS24HgDEmPXUslSsjyTbGLAUWg7zo
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
y4WjTzSf-4Ho1L4Z0SgwlhsBEdoUmENuiR857Glan1Ju9wvuxTx2YA==
1.e5dfd51a.chunk.css
js.driftt.com/core/assets/css/ Frame 7435
43 KB
7 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/1.e5dfd51a.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
731633bd497e93880bccb08fa09fa7fc7630372c7622dffea00c19aa2cdc49d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 02 May 2022 15:02:23 GMT
content-encoding
gzip
age
1305273
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 28 Apr 2022 15:26:46 GMT
server
nginx
etag
W/"2c40725f3e291f40133c5dd42e2d2809"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
NDVBsNLgITAyanG2chz6_hhZC25SbNrt
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
c7sXRXtitIzX5d7E8liPNLxqLNhNaFJPkMZ2hyjyaYVgSycrDX9yBw==
1.54ef8971.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
73 KB
25 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/1.54ef8971.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
edfefb99d1f823b0e2a77e287838f09a4f58d66a03b8cd45e7b89e66a559c273
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 03 May 2022 01:40:33 GMT
content-encoding
gzip
age
1266983
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Thu, 28 Apr 2022 15:26:48 GMT
server
nginx
etag
W/"fa95a4990482cbf524fce7417407d635"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
MUetTSA50g5scqGJvskHJOBOhhoXowjS
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
6u1uhVHx_JH1Jz3SxkqTLXDZ9pG2S251hbPzzJwfbB9hB_sSlTbXDA==
30.52060f2d.chunk.css
js.driftt.com/core/assets/css/ Frame 7435
12 KB
3 KB
Stylesheet
General
Full URL
https://js.driftt.com/core/assets/css/30.52060f2d.chunk.css
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
643284a0eca0e88605a52952545149695d41d4a6f057d897bedf92a24e32c573
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Mon, 28 Mar 2022 08:04:06 GMT
content-encoding
gzip
age
4354369
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 20:18:33 GMT
server
nginx
etag
W/"b63021470083bdc161ef4dda2e4912c3"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
pHw9X_j3lnHYAPELEWozrhov_rOIKMZh
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
text/css
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
__mKBX2IMNkUTr2ntgQPpOfXsNOAyeb_BVKnCtopXePZOJICamOwyA==
30.304d4bf2.chunk.js
js.driftt.com/core/assets/js/ Frame 7435
11 KB
5 KB
Script
General
Full URL
https://js.driftt.com/core/assets/js/30.304d4bf2.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.035b379b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-88.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
79c254652bb96247b5470d8d7d30bdef4ae96a7e61743ac4ef6b423502cd8c51
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1652809014996
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sat, 23 Apr 2022 00:24:16 GMT
content-encoding
gzip
age
2135560
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Fri, 22 Apr 2022 20:24:56 GMT
server
nginx
etag
W/"38d96c6ccd18212a914f55851e7dea75"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
x-amz-version-id
5o6MQ3v_.7q0AsWy2TK91wFPE_LrjtFi
via
1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
DW301qUoo_TbwTRr-NaGFjO447j49GahSNRgojtbP8Dxd9qOpcXgNg==
v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame
0
0
Preflight
General
Full URL
https://metrics.api.drift.com/monitoring/metrics/widget/init/v2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Tue, 17 May 2022 17:36:56 GMT
requestid
drift60c0f63473b804bb0039bf7c8c2
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 9827
25 B
146 B
XHR
General
Full URL
https://metrics.api.drift.com/monitoring/metrics/widget/init/v2
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.36014458.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
Authorization
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 17 May 2022 17:36:57 GMT
server
istio-envoy
requestid
5e4743dc259ea2e7
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-max-age
1209600
access-control-allow-credentials
true
x-envoy-upstream-service-time
17
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 9827
147 B
267 B
XHR
General
Full URL
https://bootstrap.api.drift.com/widget_bootstrap/ping
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.36014458.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-7-188.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
b39285ce33200092589f84c61276b3d9df61189abbd60240fe2deb386c87b852
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 17 May 2022 17:36:57 GMT
server
istio-envoy
requestid
21f590e8fae0071e
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-max-age
1209600
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
147
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
ping
bootstrap.api.drift.com/widget_bootstrap/ Frame
0
0
Preflight
General
Full URL
https://bootstrap.api.drift.com/widget_bootstrap/ping
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-7-188.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Tue, 17 May 2022 17:36:56 GMT
requestid
drift846d66f4b5f8bc90c68892c4c43
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
/
684dd331.akstat.io/
0
204 B
Ping
General
Full URL
https://684dd331.akstat.io/
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/TU3LW-WPX5W-YK52N-GNWRK-Z5B9X
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:1700:38a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.trendmicro.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 17 May 2022 17:36:56 GMT
content-type
image/gif
access-control-allow-origin
https://www.trendmicro.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
x-xss-protection
0
expires
Tue, 17 May 2022 17:36:56 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=0f58655f1f65000037dd83628102000088010000&session=8f1c73ee-e477-4e7c-85d9-831b9f358763&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2017%20May%202022%2017%3A36%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2017%20May%202022%2017%3A36%3A55%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20found%20an%20AvosLocker%20ransomware%20variant%20using%20a%20legitimate%20anti-virus%20component%20to%20disable%20detection%20and%20blocking%20solutions.%22%2C%22keywords%22%3A%22malware%2Cexploits%20%26%20vulnerabilities%2Ccyber%20threats%2Capt%20%26%20targeted%20attacks%2Ccompliance%20%26%20risks%2Cendpoints%2Cransomware%2Cnetwork%2Carticles%2C%20news%2C%20reports%22%2C%22title%22%3A%22AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&pageViewId=2dae60c9-24da-41f9-8e61-8056f06a84c1&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:57 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=0f58655f1f65000037dd83628102000088010000&session=8f1c73ee-e477-4e7c-85d9-831b9f358763&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2017%20May%202022%2017%3A36%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2017%20May%202022%2017%3A36%3A56%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20found%20an%20AvosLocker%20ransomware%20variant%20using%20a%20legitimate%20anti-virus%20component%20to%20disable%20detection%20and%20blocking%20solutions.%22%2C%22keywords%22%3A%22malware%2Cexploits%20%26%20vulnerabilities%2Ccyber%20threats%2Capt%20%26%20targeted%20attacks%2Ccompliance%20%26%20risks%2Cendpoints%2Cransomware%2Cnetwork%2Carticles%2C%20news%2C%20reports%22%2C%22title%22%3A%22AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&pageViewId=2dae60c9-24da-41f9-8e61-8056f06a84c1&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:58 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Tue, 05 Oct 2021 22:17:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"615ccf10-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 9827
25 B
88 B
XHR
General
Full URL
https://metrics.api.drift.com/monitoring/metrics/event2/bulk
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/44.36014458.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://js.driftt.com/
Authorization
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 17 May 2022 17:36:58 GMT
server
istio-envoy
requestid
d68390a127bd1b43
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-max-age
1209600
access-control-allow-credentials
true
x-envoy-upstream-service-time
26
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame
0
0
Preflight
General
Full URL
https://metrics.api.drift.com/monitoring/metrics/event2/bulk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Tue, 17 May 2022 17:36:58 GMT
requestid
drift4be69164cf3ad789132f6b762e6
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=0f58655f1f65000037dd83628102000088010000&session=8f1c73ee-e477-4e7c-85d9-831b9f358763&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2017%20May%202022%2017%3A36%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2017%20May%202022%2017%3A36%3A57%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20found%20an%20AvosLocker%20ransomware%20variant%20using%20a%20legitimate%20anti-virus%20component%20to%20disable%20detection%20and%20blocking%20solutions.%22%2C%22keywords%22%3A%22malware%2Cexploits%20%26%20vulnerabilities%2Ccyber%20threats%2Capt%20%26%20targeted%20attacks%2Ccompliance%20%26%20risks%2Cendpoints%2Cransomware%2Cnetwork%2Carticles%2C%20news%2C%20reports%22%2C%22title%22%3A%22AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&pageViewId=2dae60c9-24da-41f9-8e61-8056f06a84c1&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:36:59 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
774 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=810eb8f4ed8abcee5cd1e233263d8d3f&svisitor=0f58655f1f65000037dd83628102000088010000&session=8f1c73ee-e477-4e7c-85d9-831b9f358763&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2017%20May%202022%2017%3A36%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2017%20May%202022%2017%3A36%3A58%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20found%20an%20AvosLocker%20ransomware%20variant%20using%20a%20legitimate%20anti-virus%20component%20to%20disable%20detection%20and%20blocking%20solutions.%22%2C%22keywords%22%3A%22malware%2Cexploits%20%26%20vulnerabilities%2Ccyber%20threats%2Capt%20%26%20targeted%20attacks%2Ccompliance%20%26%20risks%2Cendpoints%2Cransomware%2Cnetwork%2Carticles%2C%20news%2C%20reports%22%2C%22title%22%3A%22AvosLocker%20Ransomware%20Variant%20Abuses%20Driver%20File%20to%20Disable%20Anti-Virus%2C%20Scans%20for%20Log4shell%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&pageViewId=2dae60c9-24da-41f9-8e61-8056f06a84c1&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.trendmicro.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Tue, 17 May 2022 17:37:00 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure-1-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure2-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure3-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure4-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure5-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure6-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure7-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure8-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/figure-9-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure10-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure11-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure12-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure13-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure14-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure15-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure16-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure17-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure18-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure19-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/figure-20-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/figure-21-avoslocker-disables-defense-solutions-scans-for-log4shell.jpg
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure22-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure23-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure24-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure25-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure26-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure27-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure28-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure29-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure30-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
www.trendmicro.com
URL
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell/Figure31-avoslocker-disables-defense-solutions-scans-for-log4shell.png
Domain
analytics.twitter.com
URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.9&p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=672b86c6-b1da-48c1-81d9-28aea3084b17&tw_document_href=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html

Verdicts & Comments Add Verdict or Comment

238 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| OneTrustStub function| OptanonWrapper object| BOOMR number| BOOMR_lstart function| $ function| jQuery object| matched object| browser object| Granite object| maxy_pathnames number| settings_timer number| _vwo_settings_timer object| _vwo_code object| BOOMR_mq object| BEJSSDKObserver function| jsElementReady object| BEJSSDK object| BEIXF object| utag_data string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| base64 function| Cludo object| CludoSearch string| cludo_language function| Sly object| utag_err boolean| utag_condload string| pathString object| path undefined| anchorsArr undefined| anchor undefined| href undefined| len undefined| linkName function| id object| mileStones object| ytapi object| scriptref undefined| playerCheckInterval object| utag object| _gaq object| pageTracker function| setMileStones function| _tealium_old_error boolean| __tealium_twc_switch object| teal object| utag_cfg_ovrd undefined| iframe_container string| iframe_url object| players function| onYouTubeIframeAPIReady object| start function| onPlayerReady function| onPlayerStateChange function| webpackJsonpjwplayer function| jwplayer function| hasClass function| addClass function| removeClass function| closest function| debounce function| getStringDifference function| dropDecimal function| getPriceWithCommas function| allArrayElementsEqual function| isMobileDevice function| isLandscapeMode function| isIE function| isIE10orOlder function| superscriptSpecialSymbols function| matchSectionHeights object| TrendResearch object| articleFolioObject object| disruptorPanel object| folioMessage number| globalBodyScroll function| toggleFilterListNav function| hideSearchBar function| setFocus object| searchButton object| utilityAlerts object| filterListObject object| accordion function| getCheckedCheckboxesFor function| bindDocumentClickEvent function| matchJWHeight object| overview function| jumpScroll object| promotionalContent object| savedArticles object| readingTimeCall object| alertsCookie function| isArticleComponentEmpty object| favoritedArticlesCookie function| Hammer function| Sifter object| MicroPlugin function| Selectize function| UAParser object| Handlebars object| researchUtilityMenu object| bsModal object| CludoSearchInstances object| $navSticky object| _qevents string| _bizo_data_partner_id object| addthis_config function| ktag function| fbq function| _fbq function| twq object| techtargetic object| _6si function| drift undefined| driftt string| gtagRename function| gtag string| GoogleAnalyticsObject function| ga object| Optanon object| OneTrust function| GooglemKTybQhCsO function| google_trackConversion object| google_tag_data object| GooglebQhCsO object| gaplugins object| gaGlobal object| gaData object| Ktag_Constants object| Ktag_Toggles object| Ktag_Amp_Helpers object| Ktag_Helpers object| Ktag_Functions function| setup function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin function| deferUntil function| DateFormat function| speificTag function| descriptionSentenceLimter function| homepageWidget1 function| homepageWidget2 function| stickyScrolling function| detailPageWidget function| flyinBar string| templateHomepage boolean| idioSet object| _ipc object| _iaq object| regeneratorRuntime object| twttr number| BOOMR_configt object| _bmrEvents function| initializeFPJSLibrary function| detectIE object| _bright3 function| beLinkBlockCallback boolean| ie_version undefined| style undefined| select object| scriptTag string| org_id object| betrack object| showLogs string| domain object| domainPath object| timeout string| sessionTmeout boolean| bf_e_org object| bf_e_org_list number| bf_i object| bf object| goal object| goalvalue number| maximum_custom_variables number| maximum_custom_metrics object| customdimension_value object| custommetric_value number| maximum_conversions object| conversion_count_value object| conversion_value_value boolean| disableTrack object| deferCallback object| useCustomLinkBlockStyles object| showLinkBlock object| JSON3 function| isSameSiteNoneCompatible function| shouldSendSameSiteNone number| c_begin function| Fingerprint2 object| google_tag_manager object| 3eiXJRXgVuLsYGH9303q object| _driftFrames object| __post_robot_10_0_16__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ string| __DRIFT_BRANCH__ boolean| drift_invoked string| cookie_str number| s_expire string| cookie_set_string number| c_end boolean| _storagePopulated number| c_start function| _toConsumableArray function| _nonIterableSpread function| _iterableToArray function| _0x164f function| _arrayWithoutHoles function| _createForOfIteratorHelper function| _0x24f2 function| _unsupportedIterableToArray function| _arrayLikeToArray object| AJS object| AccessiBe object| acsb object| acsbJS object| EJSEventListeners object| drift_event_listeners string| drift_display_mode string| drift_campaign_refresh number| drift_page_view_started number| drift_session_started string| drift_session_id number| BOOMR_onload object| whichUl function| EJSCustomEvent

21 Cookies

Domain/Path Name / Value
www.trendmicro.com/ Name: trendMicroVisitorContextIsBusiness
Value: true
.trendmicro.com/ Name: utag_main
Value: v_id:0180d3181fc9000330ceae83ae1703073008a06b00b08$_sn:1$_se:1$_ss:1$_st:1652810815242$ses_id:1652809015242%3Bexp-session$_pn:1%3Bexp-session
.trendmicro.com/ Name: _c1Ref
Value: /en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
.youtube.com/ Name: YSC
Value: BmCbAUF1Pt0
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: Ugfk_nUz-v4
.techtarget.com/ Name: __cf_bm
Value: zzlI4zWaSMIO8jVxAaJvUS1ulpSdbgHoUrZkzJYD_9I-1652809015-0-AQ86qC8l83yqfPZuW+BZ3S0T97Ph47VUY5qq4IGL4vZWmg/c2I0Gar2kvhIArnRcjYbym1lf2i/9wWJGDnqz0+0=
.trendmicro.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Tue+May+17+2022+17%3A36%3A55+GMT%2B0000+(GMT)&version=6.34.0&hosts=&consentId=1b0c7dae-59d1-4fe0-aaa3-fedc45d29098&interactionCount=0&landingPath=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F22%2Fe%2Favoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A0%2CC0004%3A0
.trendmicro.com/ Name: _gid
Value: GA1.2.859671026.1652809016
.6sc.co/ Name: 6suuid
Value: 0f58655f1f65000037dd83628102000088010000
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.trendmicro.com/ Name: _ga_4502MK3B94
Value: GS1.1.1652809015.1.0.1652809015.0
.trendmicro.com/ Name: _ga
Value: GA1.1.640718912.1652809016
.trendmicro.com/ Name: BE_CLA3
Value: p_id%3DARJNRAJA28N4RAPP66RJR8LRAAAAAAAAAH%26bf%3D2d44afda590c9017234292a6b232b6fc%26bn%3D1%26bv%3D3.44%26s_expire%3D1652895415910%26s_id%3DARJNRAJA28N4RALR8JPJR8LRAAAAAAAAAH
www.trendmicro.com/ Name: _an_uid
Value: 0
www.trendmicro.com/ Name: _gd_visitor
Value: da0657dd-569a-4a11-8729-ea4c8a19beae
www.trendmicro.com/ Name: _gd_session
Value: 8f1c73ee-e477-4e7c-85d9-831b9f358763
www.trendmicro.com/ Name: _gd_svisitor
Value: 0f58655f1f65000037dd83628102000088010000
.resources.trendmicro.com/ Name: __cf_bm
Value: ZAIuiEfX2G..oVx6QHFzaftnP.vhCza4P5z3PrBVe4s-1652809015-0-AWJbXMWUeLXf0jknYGSaIFi+xL0/JkIClzUD8ABc7QrJLnKeL74ixL+QImOyw9ObO+dQDE6XlwoIBjWx41/rrxU=
.t.co/ Name: muc_ads
Value: 365c54ea-12ce-44c3-bac3-03475b76df8c
www.trendmicro.com/ Name: drift_campaign_refresh
Value: c96b730c-4feb-4364-ae0c-516371efa4aa
.trendmicro.com/ Name: RT
Value: "z=1&dm=trendmicro.com&si=94cb0e9b-6ad3-402a-a612-03c01d06e675&ss=l3aft90z&sl=1&tt=20a&bcn=%2F%2F684dd331.akstat.io%2F&ld=20g"

2 Console Messages

Source Level URL
Text
javascript warning URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.bc0a.com/autopilot/f00000000017219/autopilot_sdk.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

684dd331.akstat.io
a1.b0e8.com
acsbap.com
acsbapp.com
analytics.twitter.com
apt.techtarget.com
b.6sc.co
bootstrap.api.drift.com
c.6sc.co
c.go-mpulse.net
cdn.acsbapp.com
cdn.b0e8.com
cdn.bc0a.com
cdn.cookielaw.org
connect.facebook.net
cookies-data.onetrust.io
customer.cludo.com
epsilon.6sense.com
fibg5ighdmaaakqce3ydkaaaa5rihxjy-pfjxgj-4e90fc2d0-clienttons-s.akamaihd.net
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ixfd1-api.bc0a.com
j.6sc.co
js.driftt.com
js.idio.co
marvel-b1-cdn.bc0a.com
marvel-processor.bc0a.com
metrics.api.drift.com
munchkin.marketo.net
resources.trendmicro.com
resources.xg4ken.com
rldsnbs4ppqseyud3u4a-pfjxgj-c6070b523-clientnsv4-s.akamaihd.net
s.go-mpulse.net
s7.addthis.com
secure.adnxs.com
static.ads-twitter.com
t.co
tags.tiqcdn.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
trk.techtarget.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.trendmicro.com
www.youtube.com
analytics.twitter.com
www.trendmicro.com
104.111.234.67
104.17.70.206
104.244.42.197
104.89.40.185
104.92.74.202
143.204.215.88
161.35.15.77
184.30.24.121
184.30.24.194
199.232.188.157
206.19.49.24
208.68.39.149
216.58.212.162
2600:9000:224a:7000:0:f267:a5c0:93a1
2606:4700:10::6814:b844
2606:4700:10::ac43:1b98
2606:4700:4400::6812:20c0
2606:4700:4400::ac40:91d9
2606:4700::6810:9540
2a00:1450:4001:801::2004
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::200a
2a00:1450:4001:812::200e
2a00:1450:4001:827::2003
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a00:1450:400f:80d::200e
2a02:26f0:1700:38a::11a6
2a02:26f0:3500:7::17d8:4dc9
2a02:26f0:3500:7::17d8:4dcd
2a02:26f0:7100:59a::11a6
2a03:2880:f01c:8012:face:b00c:0:3
2a06:98c1:3120::a
34.102.193.142
34.111.78.58
34.193.113.164
35.190.5.192
35.201.125.192
35.201.70.94
37.252.172.37
50.16.7.188
52.57.195.65
54.230.99.86
54.76.218.20
92.123.225.34
92.123.225.42
02840352581026aad3291a8357da6876c93b0e6d8aec9532bbc1a42f82bca1c5
03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de
04ab8b77ad0c11db4977e9a53c8cc675e401674ed8b716a08d5fb5774b748b4c
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
05c1b18ed199fea9af5168c7769dff2cd69f02706fa2568ab2e305be8dfb9c52
088e1ef91a320f014eecd7495cedfa7fee5e167cadaf55545ce137f4ff749ba8
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0c44bd059b9c622135be58769922c683d91de4f38676110fd00850bcc2935f44
0d3a9d1c0ca68316826d7db0343fba08ae3891a28a873620d50c489e7da6c734
0e1a25f94e38ff616b88e4917d4ed2ee83bfdddd4358f92a82e7d87a09ff9b2d
15da98235971411ce63a1d461968a996d49e3dee32c3bbee4a31626cdcc4bec6
16a82f9d8888d0159e73c5cb69d6aa12c00d1e43280afd005b394c8cef670908
179eb991060face02477e0406b1a413ac50ec26fe9f397e07e4ee95f7e6a5298
1a015ea7b0c1fda23358797533ef24519bd6b7bd644e1092813e3f7fc4f0745c
1a84612f3827f375b5594a13eb73e0b929d93bfdb58846aaf51274cd175cc6fe
1b154bfaea92a935726ed4a450101dc646a86588cfa0f066cae2050130124569
1b3fe1e721f971be41856594e07a90e892c8716b7af722559b313cacbe26e111
1b973667ceb759e49f2982721f36e4d20a2f8b5dce8c47ccf3039d6ab748143e
1cbf80f7d71564dc48af2c5d6bb5d15fc2aec0d541101c5eedf84bad1b908cab
1cf451d2d8d425375505bd10c5540e8e5cce3cbbd5932be038285d8b6a650e63
234338686ea974036530489f9f53b3fbe08cbd51662265c65e9c731572eb705d
24a7db1b4dfc0023b3b0fa4a4c4295ebb90fdde150de69e001a4018bf1621236
24caab840126c1089470704d65dcbb1dadc8ace5328b28de54b297e482ac3c3f
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
2709b884c0c205a25e1bdcf0d180e43d8fb600336d8ae962c470c8f80b382db3
27d551863c56b976030ee49aa3f4823994dce3d3cb6ac79b75de43bdd55fd254
2c1c1a0f0752fcbf95c5de7cb34a90ec274e72ad9dbd25cf05c89e1d05d37133
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
30b8653df6d640e31faf518ebd3807ead412761b52ac9a05a46b0f55c913f56a
31ab53af235b1fc6d33b6fdce0913358ecd89b34b88071f277b301260bd28c33
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
336ed2f40837f4d988e5f5e348ab7861b11ab0c760254e3eacd37aff33b66a81
361d7d41c8e84fcee782759289f331928b07fc48207ca55997e9af9517dd1901
381def908eeaea4c52e1e4593e903bf4484df1c8668b794c28f0088675b084bb
3b7641710519998da1bbb44ecaf16819b0947cd77e97b326c92cfc82a0eaf092
3c0b68ea789d4bc6705f42dd6c44eb38306b965df01f9409eb4a941370e3b158
3dc5d7f667c6a793c6a56b96afffa81664350fdb10c7544112ea9057e563dc6f
3ed0351dbb268827b6fe050d8b9257d7967f80962e244db30650e6592e6ba81a
3ee9ec06bbfa8bb6e040e6edc9718c1905b557f3e9e988398b70d378096d02f8
4038a666dfd5af607a0374ad6e934cf1007e78da69329dbc341eaf757bb38beb
455995299358961f1a9ade799587a2e03c86f1c2177f885742a03706b7e0c94a
47eb0f45d439e1f14e6f35c8f0fa5ecf0fededd78a3284efa0e2c295a8493402
494a73882e211c16a50493069a632e339e15d32fd8519f22766a0a0e235f7d01
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
54b8c08ed2e64a537c5d8ec6efc880484e1b753a49da11b584103a62a5debf1f
566639f88e650ada50f7f5a70d52efdd262905b7114ddffd26893b7727493a7f
57f5c12aae7837fe9654a5447be4db479308e8fee78ae675d1ef419ef4a8ae21
5b386cc78b14e3d6583aba456c266517293ecd2f3ee4196f43e30fec4043d8f0
5c94095fd76e13f4fe343b735d15045ae56e1e40167d6afbe25bf5973076f44d
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5f854bc968a63063adf474e13c31e5e091dda932db53a274780ecb4c00eb7509
62e37140e90c20b8021e84f22588bff6f0789e2ac60bd107b21017d0acd41b51
6424ca9a544e8b00cc8a4d9da7c338e63ffcab1ddaee8e7b78a8f88cea81bcf2
643284a0eca0e88605a52952545149695d41d4a6f057d897bedf92a24e32c573
652cfd16c30cffe323376752f023f8f9738af74b807bda8e929ecba78d9ed19d
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
676e66eeb5e721df2e68029d518067cece19d56d7e0b4a1c9a2e3c449a232bca
6af70a38aeebb329d90b82f1cf7e7d26adea6be00bae67fab4de1b4ba48cdc86
6afee29defad466d4261ffa3473a90050d6202d9270147a8ea95b49dcde213c3
6b101744439ce88b024c30f5b868081648049aa654dd37866864d328536330f4
6c87718d800ffdf81c2bb2d5522a33873a97bf98bd613c770740497520070672
6cf98f8e68625661d1727e1c02fb5bfb8583f865f8834518b4723873dfbe9722
7004945db892cd6f93ded26d3f944f0b15355d1363a6bc0b9fa906d2e34cb4ea
7306309fb7304b01a0e44b7357329014c55aa5e8ba96f1309df3f652f6aab652
731633bd497e93880bccb08fa09fa7fc7630372c7622dffea00c19aa2cdc49d1
73aefc68f91234a52983d4c0a8037888d05af3f62d6e9b97993ebc4cb5791cbb
74c39b5ec5a61c19ff20d81c0418fabd61d6deb6ac0c967da28761d6b895ff7d
75ac0d33de613b45241ae0be4f487b41386e43312b9d365cacb41c2575fa8d7e
7686b1766f60675f5a9bb3f2ac37e75c88a039948d1d53241ae78fa07c5eb25e
799cb15a25ed2fa78bdba496d1afbc68f033a3a5dd9ead12f4eaac4e0a93236d
79c254652bb96247b5470d8d7d30bdef4ae96a7e61743ac4ef6b423502cd8c51
833f3c82c0484b4a926c2ebc1156e24a30ef4223a20208afa38dbfd0785e0342
84bab882b986eedb68f99e33e8429d8cec0c78817da8ba4ea4d454025250446d
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
882447805fc1c7805ad98684a4698c4b3ae5e8932261c609f7cdd0834275d72c
89ba0d4f6cf9500041778760fea24e37c6de04955c6a62b5435c64b600423749
8a2ddfc3ec0269c7c979608073574c3eadec9932afc4a660dc0af4a1e6ce2e3b
8ae30f6f2162279a812bf9e00efd0c985e20e76efece9444125b410f3a6822a6
8b7be87db71855fe47b30e1a60953e25a0e6a832e4ff3fefa682cf74d9e66cf0
8f37c9815fbb866d0417ebe23f74ccbf507ea03f969260f576cfd4bbd9da2a28
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9481651df8eacae12fadb78b8adaf9f224a738b5d9a40393ac46ef0ee05ce4e1
960d1f95f71be9bc4c13e06c200762c60cdc944d3289687f9d9faa6cf7b17506
9a0de96edd269b462677718d11e8f5f9548eb683ae07234e891e8e03ba1aeadd
9a9b32b9a635111a54aa24bd29d8e0b65b406777e1e69f310584b02357857738
9cd7629d2e66537eb15542646bfd16cd461aaf18592c35f19ce7d67ada586635
9d8f8c89a5f7c90adc5196d1c10fe3e8c46d16cb8d24de13ade83de53183027d
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1019d01046c662a58fa0b369f4f6f67428e15d6501de94b1d4b3a3b8925d54f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a54a1e7e0930473183e072646507449351cb7658ab7c598ab22365f015c690a1
a5ad436c025c2a03ccc5672aed9469ac98d22b73df5b1d20ed2adb46c0c4daf9
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
a767019f29af6cb1eee12ce45d7b755c6336344f744b2f83efa2ea10e334f1bd
a9b43aa5cfd8cf2ca5a112086673538658a3f850d2553adf67cbee4fbd3cc782
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ad1317842f4b59211f1cbadc0cbff8fc8c3ec9f087b72bb71f486941d233d876
ad9b693cdc2dec100238d2210c792461e45fdbfc75ec099519bd7bc754cc4140
adeaebb429d938d9796d62c756b3846dee391cd6735875b9740366b2e12a5cc4
af47338502658bcc8d2fb17b1b0fa44d3d3afa8cb96ab1c383e73f35f23effdc
b39285ce33200092589f84c61276b3d9df61189abbd60240fe2deb386c87b852
b70c36674f1298febe27d175904d872013535e9b0e20136b5dd86bb51c2729e0
b8a34dec51d1542d219b92e8425cae1fcd3f55c26f8d9cb67d2a9e7c2e79543d
b99fec499a872d64ef21dce0bd4192797c652b87ce3c4d0187be51b01df433c0
b9a56d279a225d5a87cb4a66aafab9de833be2ea9277772191e1759c163b0b4a
bc6e1ea2c2ddcb591413f7bd88178f4563bd3dbbb5726fa86ad11777f99d5bf4
bd701a68dddee2555a381f41190b0b2137d435b7e8a79af86d520425633c7f46
c67a98460c2dbd3d301997c6b0cda7919f33d554f8b084f14f3759012299e148
c7a2cccb0b1fc37d2a9e142f920f5c9e640d12a262eb181abab41e81cd12be61
c863079728d4d01d2c854f3ddeaf1a2fe922318794d6355abd457c1a36038975
cc51d8ea358ab6ac8215ad459bbe451b56d609a5895f1f0c8bb462a32398ca61
cff36a8c3e27d13c9df7ce018399b3b59c5bb70de2b59bb38ba6daaf6aef5ac0
d0b1027e10009b698038c65b6c8e12e52d45207395cfdeb8ff1ef547b3c11b7d
d10de3fa77038ffbc8d3c702b2760986ef33bc817a1c01726b57accbcabb2253
d172f2ebf38a578b105a8f3679bd3d73ec09e4388da4413526314df191623397
d1aabe1212b2f9cb8f6a547454bd4e5f4773485e3e001b327e501ba3e0e77cc7
d1fba918e37563f4ad2cb50bff584965a7d84f02dbe0dd930be27bdec48f51a7
d483fa6020ed31b1b28e7f802348eb5b77869ee52256fc0b5029213ff3930352
d775e8cc15bdd68487a2b1a59efafe138a1f752e5ac2b41084dfcf7c758d4021
d8366292b6413e815888abbc34c7800df0b1d8101bff22e1f3ca1f34170a73b3
d90e0559dfab1d9ad441137a378eb4ab5a53e4b5103d0293dc558197bfb93bd2
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dce46443b836343c9f063d7e849065ab53ee0bbccca74e9edfae4344934e6a0e
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
e0007aae2555969e975b44eddefe74770e307ae40ec51e44f61e7724a90974b4
e071be5dfd0660da71a9572d8726495c1ff99ac18f2f3ced3325941c2ec9a39d
e1aa0fe1a680395d90617094d538a7e0172deeee8cc51cd0dde3be8d717af5a6
e348f721442e051780e0a89843aaad43dbe518d051cad5ce5b6816397a8fc773
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e41e2b5c9df3073d6f7da0080ad2f3eca4994ab372d2f65fa76b14f8868663ec
e602a4f8fe5ba414f958cc64699496646bfdf133342a1fc9b0bf8996bb1e7697
e687349ef50927f263497a200ed021ebaa6d13850a8b9a0a19de3d2260729d69
e71bb7f7b94cbd36eab565182c1030f5dc6c3fc0dc2d9d5fc72108b40e51896c
e7e2024764e94bff400b354a7cb714ab75f1b9fd4b3fb09de18dca2d6c2e56a5
e88dafe889a514ea8b9b07747f53d08b66a473b7caa78645b4aa2167563651e7
e88e5478a51ff612e84ee6e07bd733ab1e4ba03a6ddbe121fc5460931b511bab
e8dc09e4ddc3c326ef6341498e7e8e70af3a848713429b909be53c947b43da10
e99a52151c294c42df9ab0df1048d2403af8d1cf94817c26c706c8d75d002743
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
edfefb99d1f823b0e2a77e287838f09a4f58d66a03b8cd45e7b89e66a559c273
ee487f97a13438156cf6885082826dfc307d525cdffbe831ace62b1657749b2b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef593584d9432b51ed1cec6f58f844bfa6f81ef0fe27fd9404e400e1346fa09b
efbc707369cbd580ebffa0ed1817ed1b96f03619eb1493f8e631735abc8e76a9
f12e00e6750c744bb34c0b007ef96948e24c6dcf77a34c78c0c4f1263c81ebdd
f20b52b9b6de708bd2a281e6e70cdc3001e872188a5089bc77afe3215e9ba014
f3622e6babdedbb1cbb22903f1dbd7e376709d44c376afffe988b114300388c6
f500e38f31cccd6e39a843d0332dd1129b1bca5aadebcd9f233063e8d3d0f482
f5f36fb1c1f5e8748d88ea4783f6c3bc573bc50e2ca6414135a640ec236df528
f64a06f7949a0dabe65e7683ade627d29301122d68a4bc3239b161ec00697e66
f795b85773aeeb4d69eb8d36e82f9106344b4a5edf011f9cb22eb4d4e146f3e1
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fc718d80cc57d7e3d2ac4bb0ab2368735e548fb3534787ebd42764968b66bc02