corelight.com Open in urlscan Pro
199.60.103.106 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://links-cnv.com/e414adf9baff7af4c641ec19a96482bff21a732df702433a37ebff906cafd677/42c6d7ff427eb14f58ad687d2c80217...
Effective URL:
https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomwar...
Submission: On May 16 via manual (May 16th 2024, 10:34:01 am UTC) from US — Scanned from DE

Summary HTTP 88 Redirects Behaviour Indicators

Summary

This website contacted 42 IPs in 4 countries across 35 domains to perform 88 HTTP transactions. The main IP is 199.60.103.106, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is corelight.com.
TLS certificate: Issued by GTS CA 1P5 on March 23rd 2024. Valid for: 3 months.

This is the only time corelight.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.11.219.39 52.11.219.39	16509 (AMAZON-02) (AMAZON-02)
13	199.60.103.106 199.60.103.106	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2606:4700:440... 2606:4700:4400::6812:2844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:8e77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:ac5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.102.106 18.66.102.106	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700:303... 2606:4700:3030::ac43:8b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.32.27.54 13.32.27.54	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700::68... 2606:4700::6813:afbc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6cfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	23.65.124.106 23.65.124.106	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:710... 2a02:26f0:7100::1720:ef19	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	34.107.254.219 34.107.254.219	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6810:752b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2b1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
2	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1 1	216.58.206.66 216.58.206.66	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	34.117.110.211 34.117.110.211	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:210... 2a02:26f0:2100::58dd:c512	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:225... 2600:9000:225e:7000:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:2ae3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:225e:d400:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
88	42

1 52.11.219.39 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-11-219-39.us-west-2.compute.amazonaws.com

links-cnv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 199.60.103.106 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

corelight.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2844 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8e77 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ac5b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-106.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3030::ac43:8b77 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-54.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6813:afbc (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6cfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.65.124.106 (Hyderabad, India)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-65-124-106.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::1720:ef19 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.254.219 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 219.254.107.34.bc.googleusercontent.com

www.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:752b (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2b1f (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c04::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.110.211 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 211.110.117.34.bc.googleusercontent.com

t.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.46 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:2100::58dd:c512 (Munich, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:7000:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

corelight.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2ae3 (United States)

ASN13335 (CLOUDFLARENET, US)

metadata-static-files.sfo2.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:d400:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

corelight.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	corelight.com corelight.com	493 KB
9	6sc.co j.6sc.co — Cisco Umbrella Rank: 5787 c.6sc.co — Cisco Umbrella Rank: 8716 ipv6.6sc.co — Cisco Umbrella Rank: 5928 b.6sc.co — Cisco Umbrella Rank: 3876	21 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 338 www.linkedin.com — Cisco Umbrella Rank: 619 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	3 KB
5	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 3095	1 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	269 KB
5	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5794 js.hubspot.com — Cisco Umbrella Rank: 4098 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4060 track.hubspot.com — Cisco Umbrella Rank: 2393	28 KB
5	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4333 forms-na1.hsforms.com — Cisco Umbrella Rank: 6937 perf-na1.hsforms.com — Cisco Umbrella Rank: 4386	5 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2189	25 KB
4	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1866 ka-f.fontawesome.com — Cisco Umbrella Rank: 4530	24 KB
3	google.de www.google.de — Cisco Umbrella Rank: 7810	237 B
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9185	727 B
2	insent.ai corelight.widget.insent.ai	23 KB
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 89	405 B
2	influ2.com www.influ2.com — Cisco Umbrella Rank: 47438 t.influ2.com — Cisco Umbrella Rank: 45302	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 183	71 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	21 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4572 forms.hscollectedforms.net — Cisco Umbrella Rank: 4722	26 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 742 script.hotjar.com — Cisco Umbrella Rank: 988	60 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	217 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 380 fonts.googleapis.com — Cisco Umbrella Rank: 33	32 KB
1	digitaloceanspaces.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 89012	2 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 482	701 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	271 B
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 126	20 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 882	395 B
1	t.co t.co — Cisco Umbrella Rank: 717	377 B
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 7754	1 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4715	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 801	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 803	17 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2225	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3146	4 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5709	6 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6801	155 KB
1	links-cnv.com 1 redirects links-cnv.com	361 B
88	35

	Domain	Requested by
13	corelight.com	corelight.com
5	b.6sc.co
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	www.google.com	js.hsforms.net corelight.com www.gstatic.com
4	js.hs-banner.com	corelight.com js.hs-banner.com
3	www.google.de	corelight.com
3	www.gstatic.com	www.googletagmanager.com www.gstatic.com www.google.com
3	forms.hsforms.com	js.hsforms.net corelight.com
3	ka-f.fontawesome.com	kit.fontawesome.com
2	epsilon.6sense.com	j.6sc.co
2	track.hubspot.com
2	corelight.widget.insent.ai	corelight.com corelight.widget.insent.ai
2	fonts.gstatic.com	fonts.googleapis.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	connect.facebook.net	corelight.com connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	www.googletagmanager.com	corelight.com www.googletagmanager.com
1	metadata-static-files.sfo2.cdn.digitaloceanspaces.com	corelight.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	t.influ2.com	www.influ2.com
1	fonts.googleapis.com	js.hs-banner.com
1	perf-na1.hsforms.com	corelight.com
1	www.facebook.com	corelight.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	www.googleadservices.com	1 redirects
1	region1.analytics.google.com	www.googletagmanager.com
1	analytics.twitter.com	corelight.com
1	t.co	corelight.com
1	px4.ads.linkedin.com	corelight.com
1	www.linkedin.com	1 redirects
1	forms-na1.hsforms.com	corelight.com
1	tracking.g2crowd.com	corelight.com
1	ws.zoominfo.com	corelight.com
1	www.influ2.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	js.hubspot.com	corelight.com
1	js.hs-analytics.net	corelight.com
1	js.hsadspixel.net	corelight.com
1	js.hscollectedforms.net	corelight.com
1	app.hubspot.com	corelight.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	corelight.com
1	static.hsappstatic.net	corelight.com
1	js.hsforms.net	corelight.com
1	ajax.googleapis.com	corelight.com
1	kit.fontawesome.com	corelight.com
1	links-cnv.com	1 redirects
88	52

This site contains no links.

Subject Issuer	Validity	Valid
corelight.com GTS CA 1P5	`2024-03-23` - `2024-06-21`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-04` - `2025-01-03`	a year	crt.sh
upload.video.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
hsforms.net GTS CA 1P5	`2024-04-15` - `2024-07-14`	3 months	crt.sh
hsappstatic.net E1	`2024-05-08` - `2024-08-06`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M03	`2024-02-07` - `2025-03-08`	a year	crt.sh
ka-f.fontawesome.com GTS CA 1P5	`2024-05-03` - `2024-08-01`	3 months	crt.sh
hsforms.com GTS CA 1P5	`2024-04-17` - `2024-07-16`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hscollectedforms.net E1	`2024-03-29` - `2024-06-27`	3 months	crt.sh
hsadspixel.net E1	`2024-04-16` - `2024-07-15`	3 months	crt.sh
hs-banner.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
hs-analytics.net GTS CA 1P5	`2024-04-13` - `2024-07-12`	3 months	crt.sh
6sc.co R3	`2024-04-09` - `2024-07-08`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
*.gstatic.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-02-23` - `2024-05-23`	3 months	crt.sh
influ2.com GTS CA 1D4	`2024-03-28` - `2024-06-26`	3 months	crt.sh
zoominfo.com E1	`2024-04-19` - `2024-07-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-24` - `2024-07-23`	a year	crt.sh
*.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-07` - `2025-01-06`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.google.de WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
t.influ2.com R3	`2024-03-18` - `2024-06-16`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.widget.insent.ai Amazon RSA 2048 M03	`2024-01-30` - `2025-02-27`	a year	crt.sh
*.sfo2.cdn.digitaloceanspaces.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-20` - `2025-05-07`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Frame ID: C55FE59E9D77324AB3CD89B1F8DDEC60
Requests: 84 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9jb3JlbGlnaHQuY29tOjQ0Mw..&hl=en&v=vjbW55W42X033PfTdVf6Ft4q&size=invisible&badge=inline&cb=hxrvatafsr0q
Frame ID: 7DB91780B7FC4D368DCA013A66DA139F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=vjbW55W42X033PfTdVf6Ft4q&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: F90A71624810CE1E13090E1C86C56F94
Requests: 1 HTTP requests in this frame

Frame: https://corelight.widget.insent.ai/?project_key=ifR9qnekVxidCVXYhrNb&blog_url=corelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&event_listener=2qY9rIEFrZaFtF6&marketo_cookies=[]&hubspot_cookies=[]&pardot_cookies=[]&eloqua_cookies=[]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: 1DC67DA79E4525A3F2C6EC9CFE60A683
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Open NDR and Close the Case - Ransomware

Page URL History Show full URLs

https://links-cnv.com/e414adf9baff7af4c641ec19a96482bff21a732df702433a37ebff906cafd677/42c6d7ff427... HTTP 302
https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campai... Page URL

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

88
Requests

98 %
HTTPS

67 %
IPv6

35
Domains

52
Subdomains

42
IPs

4
Countries

1546 kB
Transfer

3753 kB
Size

36
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://links-cnv.com/e414adf9baff7af4c641ec19a96482bff21a732df702433a37ebff906cafd677/42c6d7ff427eb14f58ad687d2c80217fbd443ee269203de0034cf3cd98ab7235?dest_url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp HTTP 302
https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1715855634931&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1715855634931&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D292564%26time%3D1715855634931%26url%3Dhttps%253A%252F%252Fcorelight.com%252Fcp%252Fopen-ndr%252Fransomware%253Futm_source%253Dconversica%2526utm_medium%253Dre-engage%2526utm_campaign%253Dopenndr-ransomware-lp%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1715855634931&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1715855634931&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&cookiesTest=true&liSync=true&e_ipv6=AQJ5zi8hbAzaqQAAAY-A9zhLTYDkMHXbs8B1IFl9EMXwM_TcPzfj67Viem5rPiVyGak07jzsRCyWTPkTdDu7xG8TI1OFEg

Request Chain 52

https://www.googleadservices.com/pagead/conversion/880638848/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham&npa=1&ct_eid=2 HTTP 302
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham

88 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request ransomware Show response
corelight.com/cp/open-ndr/
Redirect Chain

https://links-cnv.com/e414adf9baff7af4c641ec19a96482bff21a732df702433a37ebff906cafd677/42c6d7ff427eb14f58ad687d2c80217fbd443ee269203de0034cf3cd98ab7235?dest_url=https%3A%2F%2Fcorelight.com%2Fcp%2Fo...
https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

50 KB
14 KB

321ms
130ms

Document
text/html

199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

39a0eae14ec778c0afbe0b6c7c6e93d9799052e841dee405b84ba84b887c6bad

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 884ab64ceba03a7f-FRA
content-encoding: br
content-security-policy: frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 16 May 2024 10:33:53 GMT
edge-cache-tag: CT-143091527220,P-8645105,E-143099371161,E-77969195071,E-77972429906,PGS-ALL,SW-0
etag: W/"404d63d572debbdfe4844b0bd3bd69f0"
last-modified: Wed, 15 May 2024 17:01:42 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F8ATla1UbT9zypxw3SzWFn5BGfqcejaVFCyewcckVWMtEIdXuHD%2FvGjhXUk9jScv57Y3adUFIpqWpIcLyUouJ7LzvMtqcOzcwkP8XOpHeIo1CA6udefG68C7lG1pqpU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-frame-options: sameorigin
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: REVALIDATED
x-hs-content-campaign-id: efe73bfb-9f43-46ab-af35-39aad3e2a2c5
x-hs-content-id: 143091527220
x-hs-hub-id: 8645105
x-hs-prerendered: Wed, 15 May 2024 17:01:42 GMT
x-xss-protection: 1

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: application/json
date: Thu, 16 May 2024 10:33:53 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
x-amz-apigw-id: X3AarGQvPHcEGxA=
x-amzn-requestid: 02a6c7bc-10ab-4973-b04a-86284c1c4570
x-amzn-trace-id: Root=1-6645e110-5d3f6c927ae63b1e504c15b6;Parent=4aa09d90e558af80;Sampled=0;lineage=eb39ed6a:0

GET
H2 200 child.min.css
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77969195071/1715704220441/Corelight_MojoFlex/ 140 KB
22 KB 88ms
86ms Stylesheet
text/css 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77969195071/1715704220441/Corelight_MojoFlex/child.min.css

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1a0027741fcc868e67c86f2e4f68401e081a79cfc2d171a0f7039ceb2daca48

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2629
x-amz-request-id: 8KTWKCF77723GXHY
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a118a05803e52f24672eb967fbe959ee"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1715704221728
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 16 May 2024 10:33:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 49f5D7jvYW7IQwHktD.l2hMsTF44iR80
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 489cdfaa-9d59-4873-a25f-f743f4410384
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 188
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3ZFk246SYiCowxTf38ziUdamiW66OYo/8Mqa++wIR1ZbGPbAps4qWNFOnAWgyz46Vy7Ft0Ep8XVo1HunXpn36iVWA3+U/fgwy+FXc7xDUFI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 489cdfaa-9d59-4873-a25f-f743f4410384
last-modified: Tue, 14 May 2024 16:30:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kdft4tZhnWVgk3r1QzCW4zmV7hGyxfPaGnoV4qTbP6RNVClbdE%2F2Xt3dXqJgOZbs%2FjmdsOI6xV8QwWhm4va51ZLtyYV96CzEXayIH%2Bv6BuNvbD5KNfD9bp841%2F1Vs1A%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 884ab64dbcc43a7f-FRA
timing-allow-origin: corelight.com
x-amz-cf-id: hBjTMPa129m6VqFOb-8yhY9vMT64fZVsDs_wYEeclxKwFQL7oQ7acQ==

GET
H2 200 87f7e1e107.js Show response
kit.fontawesome.com/ 12 KB
5 KB 386ms
228ms Script
text/javascript 2606:4700:4400::6812:2844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kit.fontawesome.com/87f7e1e107.js
Requested by: Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40fd3bd4b40c69854df6b31303a10ee0ae928df767f9d790532608b22dd12077

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:53 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
content-type: text/javascript
cache-control: max-age=60, public, stale-while-revalidate=30
cf-ray: 884ab64efb7e9be8-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: F8mjU8dBCESOX-0B-rBh

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 452ms
298ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 14:18:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 245716
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 May 2025 14:18:37 GMT

GET
H2 200 black-hat-logo.svg
corelight.com/hubfs/images/black-hat-2023/ 4 KB
2 KB 96ms
95ms Image
image/svg+xml 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/images/black-hat-2023/black-hat-logo.svg

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

658003edfddcde4ab589d70705d31ff4c6b50ab08e11c401c0f83debc633428c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-128462512042,FD-128463393801,P-8645105,FLS-ALL
age: 645538
x-amz-request-id: APHWFF26DTREBH38
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128462512042,FD-128463393801,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"56c33f1cd005c0d3ad83bbff8497c1b8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691184346898
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 16 May 2024 10:33:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 d8006f736d3dc32a20a91813f2f50fa2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: dXNDSQro44I156sKKbdacEfbo8t61blk
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-128462512042,FD-128463393801,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: sI5kNtiIinocPFIyiXUtmoi9Aj+HmTw8nF0d/k26VIRoOB0dfgODBHkxZp8Bg3v+PvnZoGnTbmE=
last-modified: Fri, 04 Aug 2023 21:25:47 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q0lxsQMCqgogPzxnKqjeR4VRgrIy%2FDcdXVk%2Bz72EHv0qbsuxm6idukbvHYv86i3bHHw9wVSKuDKX8%2Fi02FIHn2FoSNrTGVmHU%2FK0RkSNVnbru3haYZJXspqFz9eDckM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 884ab64dccde3a7f-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: y6b5nqUH53CtUuCmSxRF0_69mxNwYZrcqGT2u0c88Rb4r3jJjr9EWA==

GET
H2 200 pin.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 2 KB
3 KB 95ms
94ms Image
image/webp 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/images/open-ndr-and-close-the-case/pin.png

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

39e62d96f2cff8ca6014af56c4144294da8b2151675e4c1b006a3d90f330d073

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-144310530681,FD-143097031219,P-8645105,FLS-ALL
age: 639208
x-amz-request-id: GWS0XZDK2Q3QB5B9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-144310530681,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="pin.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "3b806865da4842a0a8dac42494e66103"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1699369313065
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 16 May 2024 10:33:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 f2a51982e289d888963f4f93b48c5f22.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: uo.06FUeDiWa6pcAKRwzpp5lkXr4pPnK
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=3106
x-cache: RefreshHit from cloudfront
cache-tag: F-144310530681,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 1778
x-amz-id-2: LufolR2Mub24fAyZsbA76XAJ4kqxHS4T4Cttq904V5ifp4+Kmue6KOGlWEgxnM8mhrCvBz05vNdm4E2koK/M6H+8sDJ+F6pg
last-modified: Tue, 07 Nov 2023 15:01:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9fsNadKO4xioOoV5fKrGymzxbyO%2FDyikWiyYSDU66Fj07KeUa5qAUHsVIaGilSAi3BSXNvdUjTZp5%2BSQR6nwXLVJ6llcil1PzkWMSVt0L4ZgW%2FT7c7F2I6mpl7Kcjck%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884ab64dcce13a7f-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: RUjj4VoJ71gZCn642mZpIk6P4D-emuowwZqtx3bTL2BPD7zdMrPCMg==

GET
H2 200 polaroid-1.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 99 KB
100 KB 116ms
115ms Image
image/webp 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/images/open-ndr-and-close-the-case/polaroid-1.png

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a98878804c27bf5999b7a1c8f94f8213d6e3334103f56ad3898f5257c208ba72

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-149672377362,FD-143097031219,P-8645105,FLS-ALL
age: 7007
x-amz-request-id: NHASDVC6PA0QW3WA
x-amz-server-side-encryption: AES256
edge-cache-tag: F-149672377362,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="polaroid-1.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "c5429ea6bedb5e89802cc668f8dcebaf"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702433648845
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 16 May 2024 10:33:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 f59e52adbf3a58a76dec03547cb4b34c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Lwknzp2J1jokcK4kxCtRKDYQYMv1lPkv
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=159485
x-cache: RefreshHit from cloudfront
cache-tag: F-149672377362,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 100924
x-amz-id-2: Pg0FdBxZGHX57OAEzhcDQQ3N6XC+kaqdHYSlVVWfmBzkzFIWc+sUodAJ87aHc3a2CFK20lp9tdw=
last-modified: Wed, 13 Dec 2023 02:14:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fHbIqzk9ChDa6uWzQOMS7Z2Bvg91VcxY%2FzTFUFspAtPCURt4GVRCuV7n5oqRALCWrsOGPpKYxZGnAMosjwrIYEoufRnv6eHAu0kY%2BIBraf%2B97HC4%2BBwVMdaanSS0r0Q%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884ab64e8dda3a7f-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: PjfNufp4IC7YqRStohy6cLd44z_8QdwccQOw1jNHKs1eC77sOxD0MQ==

GET
H2 200 polaroid-2.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 125 KB
126 KB 212ms
212ms Image
image/webp 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/images/open-ndr-and-close-the-case/polaroid-2.png

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef404a48ea95162f5b17ad0cf9e7753fcccd0b6bf212f038828e6c00ca5b7a37

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-149674463901,FD-143097031219,P-8645105,FLS-ALL
age: 639208
x-amz-request-id: WGG365YJ8EA2RGD6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-149674463901,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="polaroid-2.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "03c96e79743625e742af0c83eb13c93c"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702433648931
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 16 May 2024 10:33:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 d8006f736d3dc32a20a91813f2f50fa2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: SXzALp.KX5q.5O9JBEUUauuFFmvgM9_f
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=197470
x-cache: RefreshHit from cloudfront
cache-tag: F-149674463901,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 127602
x-amz-id-2: fMSRBT50+XwTiv9GUOa7F62RdzN7WyU/Q88qEpLhQyRscviGSWveV5VOI4dT8OwuaryswB69nKc=
last-modified: Wed, 13 Dec 2023 02:14:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Av1q%2Fxg4b0m82Zd1eusooy0V78YJuf0vvD9iVsRu2Kvo0GZ%2Bsp2tBMoZzFyHRWCJRBchUTIAjwUzaQ5d7g2TS9FPsVg5WsBlrNGoTE3a1%2FWHkUtdQ%2FWdT3lK8dwSjEs%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884ab64e8ddd3a7f-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: n5X5VkRuHWfAmym1dkIftFTJeX-VMGjTQJC6ueLjuhd1o1LgRyxtqg==

GET
H3 200 polaroid-3.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 102 KB
103 KB 178ms
177ms Image
image/webp 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/images/open-ndr-and-close-the-case/polaroid-3.png

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7e49c705159248f6fedb87cda9ab8e04c582d6630060e63311d4444b0fc3876

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-149667297664,FD-143097031219,P-8645105,FLS-ALL
age: 600114
x-amz-request-id: 0W5AZT7DH62FHZDR
x-amz-server-side-encryption: AES256
edge-cache-tag: F-149667297664,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="polaroid-3.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "6eacb6bfbc0a48fb3c827757ce5dba10"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702433648972
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 16 May 2024 10:33:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 c11768c6b1b5ff333d5fbf47fdd112fe.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: T1.zopivmAb5Tmab0h9tGU1zk4UNjW2U
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=176654
x-cache: RefreshHit from cloudfront
cache-tag: F-149667297664,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 104288
x-amz-id-2: dlGnyS4yekuQS5jFHeSaHab6whW52GSiw2moaS/S1WwURNeRikXDgfxfEfZp/nq+FItx0gQjP1g=
last-modified: Wed, 13 Dec 2023 02:14:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ver1OIgpbHFr4QDrNexNJfuRVRDKBiRoWqMti1QiccLIxurNj7qOw1oQYMMYlS2fuspBS%2BbNuYeMYRYkCnUvcur6i%2BMQsDMGlWh2GM8lNZ5xkyf4kKBgdvgy%2FOZBZjE%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884ab6515afaa01d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: mCjyRf7TLMpym82d1ytO96tswfealQLOBTfqeoJtVVH_Zak6znQHNg==

GET
H3 200 v2.js Show response
js.hsforms.net/forms/embed/ 482 KB
155 KB 223ms
123ms Script
application/javascript 2606:4700::6812:8e77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:8e77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 250
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=884ab0374c14bbb9-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b0047a8901d8ed9f81db3dcb5982114e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5064/bundles/project-v2.js
date: Thu, 16 May 2024 10:33:54 GMT
x-amz-version-id: 4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 2b4a8bff-33c5-4f48-8551-cc715fe56ce3
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2b4a8bff-33c5-4f48-8551-cc715fe56ce3
last-modified: Wed, 03 Apr 2024 11:15:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n1dzuv5NHDgpXkW%2BkX1q968R%2F4sR5NxQtEJjfw4UDbtAv0Laq9XzmUhzg%2FByRs8f88BcsAneCBU1Vm%2BOdo5SQ6K80fdM43FKYtQadwDAS2LKhXAcZ5%2B74001Co%2B97Pz4uYwvfnqeCO9tSWMr"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-tk5t7
cf-ray: 884ab650daf6360f-FRA
x-amz-cf-id: GEI6p3R12xYcPqZN1TG_vHFXIIAzHA-BADl6Btm74355q9svrK5YWQ==

GET
H3 200 ebook.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 110 KB
112 KB 122ms
120ms Image
image/webp 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/images/open-ndr-and-close-the-case/ebook.png

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c89ba9c066996b1ea0cb8ba448fe57fff8648344b49b0125ea915df3751990aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-149681681693,FD-143097031219,P-8645105,FLS-ALL
age: 91643
x-amz-request-id: 3A5X75ATQD0DM9MS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-149681681693,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="ebook.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "faa3003c34f62c03ad6c74ab2ac3d84a"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702433648982
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 16 May 2024 10:33:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 e7901684d85170d527aec3a64956def6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: s3nj5U8cVgj_kt4tUjDLaFPepLnbbG6O
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=266294
x-cache: Miss from cloudfront
cache-tag: F-149681681693,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 113092
x-amz-id-2: XyyNOjtwBwBhWsghzcy6/hTl6EHRKTohpGZv2dCfSKzgcaCZO4fbl/tWZvHMnTGxbRL2DMVrhl4=
last-modified: Wed, 13 Dec 2023 02:14:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7r0l2J6uyvEtRS7Kgg26iIB41%2B3umUMej0GraPJxCRVomMV64bUoxdJWkWNkLvMx33AuwXHa7f5LKy2iBPM4tLHU9puydqMuR3cObQebq7cmpASJO2ErtmFDjGxwGl4%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884ab6515afda01d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: CO_GFCVHzA348otxUeESk_iV1QTDRias35G8YkDiYfGkcCDPDzKGMg==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.840/ 13 KB
6 KB 289ms
129ms Script
application/javascript 2606:4700::6811:ac5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.840/embed.js

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ac5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
x-amz-version-id: e_mEpsTIjne7IZWFj8MkYDmouI7jSgMC
via: 1.1 a2ce61e5ddc66736c9e2bfb6581fa2da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 1437647
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 Apr 2024 16:01:41 GMT
server: cloudflare
etag: W/"3a4474324e070674ecd017b9d44b9c99"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qgs%2Bo%2BzLjTohp6jRh0r3DM%2BWJcBmMVhdPGK1XGA2IRlTNP9ZTWhbVwdusU1KuD6FrgXAZxpRDzRq0xzMR00z5A8eeMrUsL31JQ5XnLB53S6IBDSruxS%2B%2FL2BhVZUPUcJhxKWZ7MFYh5Yu3oQ9TuM24lzz3I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 884ab65258fd1d9a-FRA
x-amz-cf-id: uPbLZkmjrnCQRcy_jlXxA53kIIcKlWFGGfQZ_1GaMR0TsSieN4Mxjg==
expires: Fri, 16 May 2025 10:33:54 GMT

GET
H3 200 child.min.js Show response
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77972429906/1715792287284/Corelight_MojoFlex/ 6 KB
3 KB 187ms
186ms Script
application/javascript 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77972429906/1715792287284/Corelight_MojoFlex/child.min.js

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0eb63044ce5c966668eb42c2fa9d5fef3a4ecd8e1db15f47768aa1026ab435cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: Q00XXJYM46X3JG77
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d3572119fa9732b000149bb4af801fbe"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1715792287512
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 16 May 2024 10:33:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c4bbd97f5be908e33f403c3794f629a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: X.gJX3RvNswMAq.Ec_xuPodtRGLz6Qj3
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: c249e26a-ddcd-4442-a15d-8caa71af8074
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 210
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Kw+pIemfAwHfpbMKCe0RzOuXfFjerIU6Zaa6FFiSXc1vlL7nppLyMmVxehmx16PqYqVBYei1kDgFs3TomZgMqA==
x-evy-trace-route-configuration: listener_https/all
x-request-id: c249e26a-ddcd-4442-a15d-8caa71af8074
last-modified: Wed, 15 May 2024 16:58:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGEwqb34ZwaGu3rrH1M%2BidZ1mnG0kztp0gkzLBG1yjRDNWn3KmC7oFrJ%2F5mZfH59CBsmeBAJFN0%2BFRwg0UTUwvPjE7LDUpy%2BC7bc6yEKEufPM9tVc4xa%2BIp4ZXu%2BLmM%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
cf-ray: 884ab65069a2a01d-FRA
timing-allow-origin: corelight.com
x-amz-cf-id: Um3ZZsAKZPACGt35fQEY_M9eGLQ3NXc-Z96G8w7_R2oG76ToULwB_A==

GET
H3 200 8645105.js Show response
corelight.com/hs/scriptloader/ 2 KB
1 KB 463ms
462ms Script
application/javascript 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/scriptloader/8645105.js

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a343a1f1ca54074f2fb17308f986a00e7505c9bf84d328291e9c04edb96f91d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9076e565-2995-4f52-8b6b-fa56a44223dc
content-encoding: br
x-envoy-upstream-service-time: 10
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9076e565-2995-4f52-8b6b-fa56a44223dc
last-modified: Thu, 16 May 2024 10:18:28 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://corelight.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-q6gqp
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BqecuP3bOAn%2FsOqepoigS7j61ef5dXzmcUewGKUhdI48%2BkQhEMZuXVtsjtmvaw968kmKT6V9yrPvFAZFlJsjE0PcXuoF%2BTDzKlO6tBg6JfDG8XR5rvFOHAfLjCZyRmQ%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 884ab6515b02a01d-FRA
expires: Thu, 16 May 2024 10:35:24 GMT

GET
H3 200 index.js Show response
corelight.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/ 12 KB
5 KB 116ms
114ms Script
application/javascript 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 4904415
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: 1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 15:59:57 GMT
server: cloudflare
etag: W/"5885ac5129ee80f8b7e1e228e142587d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i4bg7MCYnEMnrHNSVIsYg1JlBJz38JVkgImpHhPM1u3gIMwmOmigZ7T6IN4YlZoBFcj9zyeFhqlg39I4MIrtOn7hgTfNPu4lshLF4can%2Bip%2BX%2BKn%2BfKATzp%2FCP9g%2FdY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 884ab6515b06a01d-FRA
x-amz-cf-id: LBGxxkuxmXbhcFaI-NR3fKwzXfE0BgYFZAIA9oCaZx8Z6HSTKhi43g==
expires: Fri, 16 May 2025 10:33:54 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 334 KB
111 KB 272ms
111ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bf44fbc6ecec87d3f829255317ff5f58fc9aeaa84086afa4d990edd33c28fcd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113610
x-xss-protection: 0
last-modified: Thu, 16 May 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 May 2024 10:33:54 GMT

GET
H2 200 hotjar-875805.js Show response
static.hotjar.com/c/ 12 KB
5 KB 278ms
134ms Script
application/javascript 18.66.102.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-875805.js?sv=6

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-106.fra56.r.cloudfront.net

Software

Resource Hash

bc26cf29b87a5ddd1972b20c509528a1614d604c1bbbbbbbbe43c7f557f87028

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/c9eb5e2b2b180aefabde27e4bad2045b
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: 9PzwurhDPOuTIi1sWpSOYkrIsXnaQJf8vedsCI_BTEYLWMQ30DS_Rw==

GET
H3 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 59 KB
13 KB 201ms
73ms Fetch
text/css 2606:4700:3030::ac43:8b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=87f7e1e107
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/87f7e1e107.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
content-encoding: gzip
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 4692984
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pw8KeuZoT8B7%2Bzb6wikgrm9N%2F0CrlAh2aGrwBq41xUwft6Wh%2Fl6NvPRbI3Gx8Ci2k0fah1KCf%2FrGZrTdMMwS6%2BY2yOEyBBBlRbbzp0eMghQGEQgJlExhSR7pqhk9cZFQ0GfnI3GOItPg82NUKF9wNoIE4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 884ab650fb393a60-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: E1P0EkaAIEOVsweGV1rKKdT-aEEZSoC2FmOShPPudCY8kVoZ4L5aSA==

GET
H3 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 26 KB
5 KB 196ms
68ms Fetch
text/css 2606:4700:3030::ac43:8b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=87f7e1e107
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/87f7e1e107.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
content-encoding: gzip
via: 1.1 3d58896f901dbeed449603f5d2b4d9f0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 3567816
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E6FJd8lbfTiUdzzN61WFPQaPR2TWmpdYJwt44y28EHFIqmVicaeQFBJkE0ggakdZz1TsVf4UFG54grp66pAu%2B55MTzqbbRFKPd7y18%2BnAVEikfHx5ESlRvvyrUk5brYi23LcbO1pNesSNZQtL8rdOoXCSg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 884ab650fb353a60-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: nSJ4vyhJ98tz18pFBdZf_w090LSvulzh5-23Go5TTzeS1M1atiFKjA==

GET
H3 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 3 KB
1 KB 197ms
69ms Fetch
text/css 2606:4700:3030::ac43:8b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=87f7e1e107
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/87f7e1e107.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
content-encoding: gzip
via: 1.1 6c7a5d26be7fb35284e54d321f16b6f6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
age: 4692984
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kFDiS2CGONX6F5UyPJF4y9hn7Rbi4vPT4VVdZPh167bHryw5uFrAqYALoIxOo1xo7VtzhjjdbcsZzVsUyShws8kDawLezRyo%2Bd7JlmfMUdNtLnBA0uyfY9Hf4su4vsZTutSCmSdTaw5jwf07vVPXnN9T6A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 884ab650fb333a60-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: msEXf7kX08i4AjS9beWIY_mFhyV4gWV84b1-dxEBjo64-xNnrIlDrQ==

GET
H2 200 pin.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 2 KB
0 1ms
0ms Image
image/webp 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://corelight.com/hubfs/images/open-ndr-and-close-the-case/pin.png

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

39e62d96f2cff8ca6014af56c4144294da8b2151675e4c1b006a3d90f330d073

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-144310530681,FD-143097031219,P-8645105,FLS-ALL
age: 639208
x-amz-request-id: GWS0XZDK2Q3QB5B9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-144310530681,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="pin.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "3b806865da4842a0a8dac42494e66103"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1699369313065
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 16 May 2024 10:33:53 GMT
via: 1.1 f2a51982e289d888963f4f93b48c5f22.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: uo.06FUeDiWa6pcAKRwzpp5lkXr4pPnK
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=3106
x-cache: RefreshHit from cloudfront
cache-tag: F-144310530681,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 1778
x-amz-id-2: LufolR2Mub24fAyZsbA76XAJ4kqxHS4T4Cttq904V5ifp4+Kmue6KOGlWEgxnM8mhrCvBz05vNdm4E2koK/M6H+8sDJ+F6pg
last-modified: Tue, 07 Nov 2023 15:01:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9fsNadKO4xioOoV5fKrGymzxbyO%2FDyikWiyYSDU66Fj07KeUa5qAUHsVIaGilSAi3BSXNvdUjTZp5%2BSQR6nwXLVJ6llcil1PzkWMSVt0L4ZgW%2FT7c7F2I6mpl7Kcjck%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884ab64dcce13a7f-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: RUjj4VoJ71gZCn642mZpIk6P4D-emuowwZqtx3bTL2BPD7zdMrPCMg==

GET
H2 200 modules.e5979922753cf3b8b069.js Show response
script.hotjar.com/ 222 KB
55 KB 510ms
94ms Script
application/javascript 13.32.27.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.e5979922753cf3b8b069.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-875805.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-54.fra56.r.cloudfront.net

Software

Resource Hash

0c9367da8b34432f76a9ff9f347fc20129239f9a6b137bed9a830d02f501e89e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 13:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 2e4a0520ad8fe16707823b20e9441e08.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 161808
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55998
last-modified: Tue, 14 May 2024 13:36:29 GMT
etag: "dabac5cc8e90131b43632bc82895bb8e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: bF8FzNna69LghKtnQnSbJyEA3jngCu7nRrmHA6TjBEwtdv5YqnQHmQ==

GET
H3 200 json Show response
forms.hsforms.com/embed/v3/form/8645105/0c43253e-22fa-4d22-b87b-bbd4b51379f5/ 9 KB
3 KB 366ms
282ms XHR
application/json 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/8645105/0c43253e-22fa-4d22-b87b-bbd4b51379f5/json?hs_static_app=forms-embed&hs_static_app_version=1.5064&X-HubSpot-Static-App-Info=forms-embed-1.5064

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfdf6d18abfa1df83cde3f748330c2890301dd061c32675bdcb6fb038005227b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Thu, 16 May 2024 10:33:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: dcd661a4-2fd9-4f80-b558-bc7bd3215ac3
x-envoy-upstream-service-time: 27
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: dcd661a4-2fd9-4f80-b558-bc7bd3215ac3
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://corelight.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 884ab6545a165d39-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-fl6gb

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 397ms
235ms XHR
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=8645105

Requested by

Host: corelight.com
URL: https://corelight.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5ca57140-0f14-47fd-a0e5-a1a8e3567282
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=884ab6550af69f2d&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 5ca57140-0f14-47fd-a0e5-a1a8e3567282
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://corelight.com
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-sc4vs
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 884ab6550af69f2d-FRA

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 1003ms
226ms Script
application/javascript 2606:4700::6810:6cfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6cfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
x-amz-version-id: WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: a9cd29bc-16f9-4682-8137-96d28e51b87c
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=884ab6597ed80414-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a9cd29bc-16f9-4682-8137-96d28e51b87c
last-modified: Wed, 15 May 2024 14:34:44 UTC
server: cloudflare
etag: W/"7d377a186677c174f204d466b8fa5fdb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-zjnrr
cf-ray: 884ab6597ed80414-FRA
x-amz-cf-id: fd4feVNvO7xV8GnGeUhfQ5s2hXaQE62rICoZk5RmUO-CxC5XsiKcWw==
x-hs-target-asset: collected-forms-embed-js/static-1.503/bundles/project.js

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 947ms
148ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef61f745ab49ef3bbdb192b7f791f9d645caa5f89817f099470397b13e742ea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
x-amz-version-id: mFY3j4a3uPqa1nxwSjuH9WwSOlmw5rRi
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 528
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.557/bundles/pixels-release.js&cfRay=884aa973ddbb91e9-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 44f47223-838c-43f2-91b2-06226ca0e218
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 5
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 44f47223-838c-43f2-91b2-06226ca0e218
last-modified: Mon, 13 May 2024 14:08:11 UTC
server: cloudflare
etag: W/"c43db96a42a0426e882c9ce0209630a5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: MISS
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-mgch5
cf-ray: 884ab659abadbbe5-FRA
x-amz-cf-id: A6HeWFIYxZCKlx9tHAzBWaqIB19S8nQ2kcWgJTVoVei0qPDqYfvRYA==
x-hs-target-asset: adsscriptloaderstatic/static-1.557/bundles/pixels-release.js

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/8645105/ 76 KB
25 KB 1206ms
407ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/8645105/banner.js
Requested by: Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c065a69b2574e568921a51c6e9378820d9640d1f2b09961b99540ef2af05e1b3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
x-amz-version-id: vrJkCHOPbDxmSp5n7ZWjTCTkMGyCsmoe
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 5EYFRN30FXW1ASTK
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 4615ba8d-991e-4c0a-b7ae-ecf3239dd9f4
x-envoy-upstream-service-time: 19
x-amz-id-2: 6wOoW4W7Apo4iRUwg114lnKK/FnwAJTWhJnT4TjKWtVQGmFJrY7mGuReaIw/JGOS8+xfO2mmpYA=
x-evy-trace-listener: listener_https
x-request-id: 4615ba8d-991e-4c0a-b7ae-ecf3239dd9f4
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 15 Apr 2024 15:16:14 GMT
server: cloudflare
etag: W/"5bb2eccf91afba9ea15995cf90dec21d"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://corelight.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-fp48c
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 884ab659afa6bbce-FRA
expires: Thu, 16 May 2024 10:38:55 GMT

GET
H2 200 8645105.js Show response
js.hs-analytics.net/analytics/1715855400000/ 67 KB
21 KB 1064ms
266ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1715855400000/8645105.js
Requested by: Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 802d6c8bcc4f4034264b5a56c314adbe4aa038bc553115c4b58a9188af497247

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: GWN4P7F9BP8HEPGY
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: da01d073-fe43-45cd-a91e-273e8850c593
x-envoy-upstream-service-time: 33
x-amz-id-2: OTm3Cvl0o0+T/huM6+gfa1q6usGaslJuxZY5eSdTmVCGcQW9kuFmyd1QZHL8Ri46iVNHqOcuWe8/I+WmjIMTCmEBdjB92atSr4h5dnYLgR8=
x-evy-trace-listener: listener_https
x-request-id: da01d073-fe43-45cd-a91e-273e8850c593
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 24 Apr 2024 18:30:55 GMT
server: cloudflare
etag: W/"4aabbfc115a19ff5efd245848b7b4099"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-gnznr
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 884ab659ae4f3669-FRA
expires: Thu, 16 May 2024 10:38:55 GMT

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 82 KB
25 KB 1031ms
235ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf6683ec2fb825072bc67ba2b4831425951dc365245d5334ca6f2150f50e1590

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1122/bundles/project.js&cfRay=884ab65989bd68fb-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"fa60ef0d372e46facb8180b2d901ba81"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.1122/bundles/project.js
date: Thu, 16 May 2024 10:33:55 GMT
x-amz-version-id: TKnbzs9HpFoaV4UGBsfs5UANej3HQBO9
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 73e80a99-101c-41e5-b2bd-db2c9c258b7d
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-evy-trace-route-configuration: listener_https/all
x-request-id: 73e80a99-101c-41e5-b2bd-db2c9c258b7d
last-modified: Tue, 14 May 2024 11:26:52 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jXFxxbMEQpvGB%2BuoFD8jkQCoWmwLp1Kxgv%2BN%2BFSMHJNK0mWclyhXyQsRtfQT0K37teiuTTTxNqt4vUe5Ry1QWh1YayZ9avWdrRYA6jb6dOsUobzq8WZYLBrUXUZc7phwWwn7ty6cQ%2FXCJRDq"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-lw8xd
cf-ray: 884ab65989bd68fb-FRA
x-amz-cf-id: 9dCNJu27q9JpiRS3P4HQsNTZRyAoskvBA047EorXc0rUpQfqTuwu2A==

GET
H2 200 33c784e7-4393-41da-aeec-41573dd7de87.js Show response
j.6sc.co/j/ 4 KB
2 KB 3616ms
1560ms Script
application/javascript 23.65.124.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/33c784e7-4393-41da-aeec-41573dd7de87.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.65.124.106 Hyderabad, India, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-65-124-106.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2aa4cad08cfb1709571cef69bbc567f0ad1f7ed6493054a0e8c370b6820afea1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: L7CnBffRvnniVROlOlph3rFOEGQEIfLn
content-encoding: gzip
date: Thu, 16 May 2024 10:33:58 GMT
x-amz-cf-pop: HYD57-P5
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 1451
pragma: no-cache
last-modified: Thu, 21 Mar 2024 21:21:00 GMT
server: AmazonS3
etag: "cd1c533c0bed7058ef640f979dfa0df0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: EjBR_qDqPplqZ872Gv1vSFwgWXe34KN0yfpFnLyUW4RBOiOi0NZ-jw==
expires: Thu, 16 May 2024 10:33:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 326 KB
105 KB 411ms
411ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MGJ29KWT26&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4fc577def8dac449c09c78ea7b47bb94f4005b9b04e4d8b80616d3f807636773

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107860
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 May 2024 10:33:54 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 253ms
75ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 May 2024 09:41:03 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 3171
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 16 May 2024 11:41:03 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
17 KB 267ms
68ms Script
application/javascript 2a02:26f0:7100::1720:ef19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::1720:ef19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=82274
accept-ranges: bytes
content-length: 16683

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 272ms
73ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:54 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220159-FRA

GET
H2 200 loader.js Show response
www.gstatic.com/wcm/ 6 KB
3 KB 257ms
77ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/wcm/loader.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

670f77f11cb4c747f5de1affa5b53687cf7a20d1eaf99b0ef5c9c60858aefa55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1413
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2133
x-xss-protection: 0
last-modified: Wed, 20 Mar 2024 23:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 May 2024 11:10:22 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 218 KB
59 KB 246ms
75ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 16 May 2024 10:33:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57845
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=72, rtx=0, c=12, mss=1326, tbw=2774, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: twoNZTXaCN2Srjg/B0FRu3M+bLFhHHr+f8ocWls84L16fhwcsV72i7BS7XojQFatOiF3QCe06muR5vISOQV8gw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracker Show response
www.influ2.com/ 5 KB
2 KB 368ms
190ms Script
application/javascript 34.107.254.219
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.influ2.com/tracker?clid=606b80d4-7186-42d4-b152-ea6d82d8fb61

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.254.219 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

219.254.107.34.bc.googleusercontent.com

Software

Resource Hash

67d5fc9cc92c6027543c3ea95b1f82c4f159c98215967d3681af33da95cab1fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubdomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 May 2024 10:33:55 GMT
via: 1.1 google
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H3 200 63bc49c2df7944a70685d2a6 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 530ms
423ms Script
text/javascript 2606:4700::6810:752b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/63bc49c2df7944a70685d2a6

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

91df7651d09d058e1b39f30f00a053dc9dc7e738d16f4d3aded1af5860d829bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 884ab6576a4f2c5d-FRA

GET
H2 200 2971.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 430ms
215ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/2971.js?p=https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp&e=

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: bc2df343-af9b-498a-ad5e-b4d2ade7ae17
x-runtime: 0.003289
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 884ab6595eb81e45-FRA

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
886 B 304ms
216ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: aeb1317d-ea8e-475b-ae77-8221d7853736
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: aeb1317d-ea8e-475b-ae77-8221d7853736
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nr4kt
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 884ab656edf45d9d-FRA

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1020 B 219ms
88ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_767db04b_e38f_4229_acb7_c486ed87b0f4&render=explicit&hl=en

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7403512ae48208783c41af183f5da7b4a8d86f0e6e2b0051f0f8b466043b5241

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Thu, 16 May 2024 10:33:55 GMT

GET
DATA 200
OK truncated
/ 461 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e892b2c7f1547822bed16792439e413eb1e7cdd9752dba0c1a63d6d71229587

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
574 B 248ms
192ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 96fa1081-06d4-490e-8539-aedc3c976436
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 96fa1081-06d4-490e-8539-aedc3c976436
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-jbmqh
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 884ab6597c5491ea-FRA

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
208 B 77ms
76ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=504206472&t=pageview&_s=1&dl=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&ul=de-de&de=UTF-8&dt=Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAGK~&jid=951738019&gjid=2063337912&cid=680451344.1715855635&tid=UA-86222136-1&_gid=1968995115.1715855635&_r=1&_slc=1&gtm=45He45f0n81PVV5SJDv78906126za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=1767603689

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://corelight.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1715855634931&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_ca...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1715855634931&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_ca...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D292564%26time%3D1715855634931%26url%3Dhttps%253A%252F%252Fcorelight.com%252Fcp%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1715855634931&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_ca...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1715855634931&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_c...

0
267 B

683ms
266ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1715855634931&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&cookiesTest=true&liSync=true&e_ipv6=AQJ5zi8hbAzaqQAAAY-A9zhLTYDkMHXbs8B1IFl9EMXwM_TcPzfj67Viem5rPiVyGak07jzsRCyWTPkTdDu7xG8TI1OFEg
Requested by: Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Thu, 16 May 2024 10:33:57 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 8B8F440BB3044487B2015F96986032DE Ref B: DUS30EDGE0417 Ref C: 2024-05-16T10:33:57Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYYj8W9ziCp4SRdGBiQww==

Redirect headers

date: Thu, 16 May 2024 10:33:56 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 11E0698763F64A10A8B4A3D711A0DB26 Ref B: FRAEDGE1309 Ref C: 2024-05-16T10:33:56Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1715855634931&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&cookiesTest=true&liSync=true&e_ipv6=AQJ5zi8hbAzaqQAAAY-A9zhLTYDkMHXbs8B1IFl9EMXwM_TcPzfj67Viem5rPiVyGak07jzsRCyWTPkTdDu7xG8TI1OFEg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYYj8WzziC7VTqlPKZOSA==

GET
H2 200 adsct
t.co/i/ 43 B
377 B 425ms
242ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=895f6d94-65af-48f4-a7d9-502766547296&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=be2e25bd-9fee-4362-8555-5f914ad33721&tw_document_href=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nz8zc&type=javascript&version=2.3.30

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 169
date: Thu, 16 May 2024 10:33:55 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 8675008d2bf54d06
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: aefa4452eefd2b86df59b2a2ded81b884f0cedab433adfd3e7dbefc0b33c0f4a
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
395 B 454ms
277ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=895f6d94-65af-48f4-a7d9-502766547296&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=be2e25bd-9fee-4362-8555-5f914ad33721&tw_document_href=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nz8zc&type=javascript&version=2.3.30

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 188
date: Thu, 16 May 2024 10:33:55 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 84a2ca1a5f4fa031
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: cfcfe7b3ffd3f5c0f53c1b99cdca9dcb719705789b77d01ac284fc85b06f77d0
content-length: 43

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
348 B 433ms
88ms XHR
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-86222136-1&cid=680451344.1715855635&jid=951738019&gjid=2063337912&_gid=1968995115.1715855635&npa=1&_u=YEBAAEAAAAAAACAGK~&z=1765766486

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 16 May 2024 10:33:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://corelight.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
253 B 270ms
74ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-MGJ29KWT26&gtm=45je45f0v895714547z878906126za200&_p=1715855633612&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=680451344.1715855635&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1715855635&sct=1&seg=0&dl=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&dt=Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware&en=page_view&_fv=1&_ss=1&tfd=2914
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MGJ29KWT26&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://corelight.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 141ms
141ms Ping
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-MGJ29KWT26&cid=680451344.1715855635&gtm=45je45f0v895714547z878906126za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MGJ29KWT26&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://corelight.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 164ms
97ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-MGJ29KWT26&cid=680451344.1715855635&gtm=45je45f0v895714547z878906126za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=323161576

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 call-tracking_9.js Show response
www.gstatic.com/call-tracking/ 62 KB
21 KB 176ms
175ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/call-tracking/call-tracking_9.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d8f8fd6de0b42e3acc7b2f3005c599e9f54d21355c3d6850a5c13daca10d5ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 14:04:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 160190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20777
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 22:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-telephony"
vary: Accept-Encoding
report-to: {"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 May 2025 14:04:05 GMT

GET
H2 200 471244410413852 Show response
connect.facebook.net/signals/config/ 56 KB
12 KB 301ms
298ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/471244410413852?v=2.9.156&r=stable&domain=corelight.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

de57e2c8d6d8fa56a263070d17589acb782bf1244fede1022dd9ee9744294e44

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 16 May 2024 10:33:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=59, rtx=0, c=48, mss=1326, tbw=63339, tp=-1, tpl=-1, uplat=133, ullat=0
pragma: public
x-fb-debug: 2RyMFPRl61Xg2yqWkFECK2YA0xBqWp340MizrEfRvCmNY6/Q3ZYDjtAJ6RtWRww7h/MR06yktputnoYdorFLVg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

wcm Show response
www.google.de/pagead/attribution/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/880638848/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham&npa=1&ct_eid=2
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham

80 B
111 B

122ms
81ms

XHR
application/json

2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: null
content-type: application/json; charset=UTF-8
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87
x-xss-protection: 0

Redirect headers

date: Thu, 16 May 2024 10:33:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=sypham
access-control-allow-origin: https://corelight.com
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 85ms
83ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-86222136-1&cid=680451344.1715855635&jid=951738019&npa=1&_u=YEBAAEAAAAAAACAGK~&z=587148642

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 166ms
101ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-86222136-1&cid=680451344.1715855635&jid=951738019&npa=1&_u=YEBAAEAAAAAAACAGK~&z=587148642

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/ 502 KB
200 KB 196ms
85ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_767db04b_e38f_4229_acb7_c486ed87b0f4&render=explicit&hl=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 08:21:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7947
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 204445
x-xss-protection: 0
last-modified: Sun, 05 May 2024 20:00:16 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 May 2025 08:21:28 GMT

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 135 B
449 B 190ms
180ms XHR
application/json 2606:4700::6810:6cfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=8645105&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6cfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6505c4e892a55c1279deb8357fbc9882d36d34b90c488100e808883eb72d5f88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a7eae831-e331-4d96-b504-164f45ddf087
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a7eae831-e331-4d96-b504-164f45ddf087
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://corelight.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-vdptk
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 884ab65af8aa0414-FRA

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 433 B
1 KB 214ms
212ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=8645105&currentUrl=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&contentId=143091527220

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c6e0935c-532b-4dfa-8975-268d9bf934ab
content-encoding: br
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c6e0935c-532b-4dfa-8975-268d9bf934ab
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://corelight.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XhFp2V5bZdiuYJZmQ2QG8OZHsl5BNbJ7c61JG5jrjXL0OFjBWipKgvO%2B5y%2FLGQOXUew%2F1%2FysWI%2F8RWPUufZYlHE3oCoNasGrmxSSefIRvKHDbVwtPXlyXpkJUBeziyaJAbZYUFBynkTpBDOl%2Ba8RT4dHtk0P0e%2BErRI%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 884ab65b1b6568fb-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-fl6gb

GET
H2 200 /
www.facebook.com/tr/ 0
271 B 211ms
67ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=471244410413852&ev=PageView&dl=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&rl=&if=false&ts=1715855635672&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.1.1715855635671.1428075408&ler=empty&cdl=API_unavailable&it=1715855635341&coo=false&rqm=GET

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: GOOD; q=0.7, rtt=54, rtx=0, c=10, mss=1326, tbw=2765, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 16 May 2024 10:33:55 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 2 B
146 B 235ms
82ms Fetch
text/plain 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8645105/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:56 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=1500
cf-ray: 884ab65cef083828-FRA
content-length: 2

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
537 B 189ms
189ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4e46edb1-d81f-47d4-8cd5-10f6a4cf5548
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4e46edb1-d81f-47d4-8cd5-10f6a4cf5548
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-md7fl
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 884ab65c1cb25d9d-FRA

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
580 B 186ms
185ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 53aeb18e-810f-4ac6-8484-8cffc7761931
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 53aeb18e-810f-4ac6-8484-8cffc7761931
last-modified: Thu, 16 May 2024 10:33:56 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-rbtjd
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 884ab65c681291ea-FRA

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 7DB9 0
0 263ms
121ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9jb3JlbGlnaHQuY29tOjQ0Mw..&hl=en&v=vjbW55W42X033PfTdVf6Ft4q&size=invisible&badge=inline&cb=hxrvatafsr0q

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-11a27OQmWztY9wMWykWktw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-11a27OQmWztY9wMWykWktw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 May 2024 10:33:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 149ms
149ms Preflight
application/octet-stream 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://corelight.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://corelight.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 884ab65d6fa23828-FRA
content-length: 0
content-type: application/octet-stream
date: Thu, 16 May 2024 10:33:56 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-2r68v
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 5f265f68-d30d-488d-a8e5-f68e7202d83d
x-request-id: 5f265f68-d30d-488d-a8e5-f68e7202d83d

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
868 B 537ms
44ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8645105/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 May 2024 10:33:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 May 2024 09:47:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 May 2024 10:33:56 GMT

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 213ms
213ms Fetch 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8645105/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 16 May 2024 10:33:56 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-hubspot-correlation-id: 4b31c57f-8841-489b-9d26-78f01e50a0fa
x-envoy-upstream-service-time: 23
x-evy-trace-route-configuration: listener_http/all, listener_https/all
x-evy-trace-listener: listener_http, listener_https
x-request-id: 4b31c57f-8841-489b-9d26-78f01e50a0fa
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host: all, all
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-5f998ff6dc-9x7rc, iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-gnznr
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin: https://corelight.com
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 884ab65e88ea3828-FRA

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 455ms
267ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 14:11:11 GMT
x-content-type-options: nosniff
age: 159765
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 May 2025 14:11:11 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 391ms
203ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://corelight.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 07:44:48 GMT
x-content-type-options: nosniff
age: 182948
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 May 2025 07:44:48 GMT

GET
H3 200 bframe
www.google.com/recaptcha/enterprise/ Frame F90A 0
0 65ms
64ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=vjbW55W42X033PfTdVf6Ft4q&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Q2Az1y6rIEI2hOaxsxpJ5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Q2Az1y6rIEI2hOaxsxpJ5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 May 2024 10:33:57 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
260 B 452ms
450ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:57 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: ECA24794BF064BBA805671BEAD0BDD24 Ref B: FRAEDGE1309 Ref C: 2024-05-16T10:33:57Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://corelight.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYYj8XFLGWHu36VbsQcoA==

GET
H2 200 6si.min.js Show response
j.6sc.co/ 66 KB
18 KB 255ms
255ms Script
application/javascript 23.65.124.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/33c784e7-4393-41da-aeec-41573dd7de87.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.65.124.106 Hyderabad, India, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-65-124-106.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 May 2024 06:01:25 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "663c66b5-106b3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 18038
expires: Thu, 16 May 2024 10:33:58 GMT

GET
H2 200 / Show response
t.influ2.com/u/ 63 B
342 B 380ms
215ms Fetch
text/plain 34.117.110.211
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.influ2.com/u/?cb=1715855638210
Requested by: Host: www.influ2.com
URL: https://www.influ2.com/tracker?clid=606b80d4-7186-42d4-b152-ea6d82d8fb61
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.110.211 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 211.110.117.34.bc.googleusercontent.com
Software: nginx/1.25.5 /
Resource Hash: 8e2750cd5099736b31e4da862400cd4ddefb11c99e0fd581206dba771225a06b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:58 GMT
via: 1.1 google
server: nginx/1.25.5
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://corelight.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
701 B 244ms
55ms XHR
application/json 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:58 GMT
an-x-request-uuid: 77a2b148-a251-4cc9-a058-601b7583c9ea
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://corelight.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.215.133; 217.114.215.133; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
192 B 254ms
246ms XHR
text/html 23.65.124.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.65.124.106 Hyderabad, India, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-65-124-106.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:58 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://corelight.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
339 B 332ms
84ms XHR
text/html 2a02:26f0:2100::58dd:c512
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:2100::58dd:c512 Munich, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5e9bccc3fa8d4bcf7a048e8a0fd012e3e7a19f8bd2075db23f86f688bb9b3da1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:58 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://corelight.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:1010:3:1011:2d7c:1044:e5e5
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715855638722_1490928910_306918866_21_799_64_146_219";dur=1
content-length: 36
expires: Thu, 16 May 2024 10:33:58 GMT

GET
H2 200 insent Show response
corelight.widget.insent.ai/ 80 KB
23 KB 255ms
49ms Script
binary/octet-stream 2600:9000:225e:7000:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://corelight.widget.insent.ai/insent
Requested by: Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:7000:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: Do3I7W1ZAWXrXjTz8nc5rLMLlRnTeriu
content-encoding: gzip
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
date: Thu, 16 May 2024 01:44:43 GMT
last-modified: Wed, 18 Oct 2023 08:56:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 31760
etag: "6c640d0008fb2a23a0ff942202f8657c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: binary/octet-stream
content-length: 23142
x-amz-cf-id: C1wrMPSDqNV_XAl-D3hSrEyuBctFWmvedu0pY2ym9f0HCSWU4_ScWA==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
612 B 195ms
194ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=143091527220&ct=standard-page&ccu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware&cpi=143091527220&lpi=143091527220&lvi=143091527220&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&t=Open+NDR+and+Close+the+Case+-+Ransomware&cts=1715855638585&rv=1&vi=d807d3e4b0868344adbab93eb5f3821b&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2e47bb93-215e-4453-8fbb-25cc07877de3
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2e47bb93-215e-4453-8fbb-25cc07877de3
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LSwuybEtR9IpEb3ooCJbPFY2H2DdJXFLPJOmAwwgyNkS9tEZcdI92llUFDGhk6zLcXC35vy3zgKEwehRa%2BaqKNUDFmincmkPgkiKbZ4iKr0IxJp1sEY2jcGL2vuRxOz%2B4pTXt8FWcfFJNX%2BNd71U"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-c67ms
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 884ab66d8e4f9f2d-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
438 B 203ms
202ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=0c43253e-22fa-4d22-b87b-bbd4b51379f5&fci=767db04b-e38f-4229-acb7-c486ed87b0f4&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=8645105&pi=143091527220&ct=standard-page&ccu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware&cpi=143091527220&lpi=143091527220&lvi=143091527220&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&t=Open+NDR+and+Close+the+Case+-+Ransomware&cts=1715855638587&rv=1&vi=d807d3e4b0868344adbab93eb5f3821b&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d77b8bee-9add-4ff1-9148-b6c0f88293c0
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d77b8bee-9add-4ff1-9148-b6c0f88293c0
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sTExJU3gVJopqrdColn8Mg4ZbyVUFSIhKFPDGojYjTxsDRd9jqwulm8G2%2B3SM81RXJIq6Aotu15HYUjgWkblfyC94NM0DzR8tdEdMohg9Y5C95503Q%2BhWkl88%2BcLaA%2F6pygnSulHjGI1YUir78jS"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-xnssc
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 884ab66dae6e9f2d-FRA
x-robots-tag: none

GET
H2 200 lp.js Show response
metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/ 6 KB
2 KB 239ms
60ms Script
application/x-javascript 2606:4700:4400::6812:2ae3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js

Requested by

Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2ae3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 10:33:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: tx0000017fcbf6bc503f379-0065ef2edd-54a620eb-sfo2a
age: 68400
x-envoy-upstream-healthchecked-cluster
last-modified: Thu, 22 Sep 2022 17:10:43 GMT
server: cloudflare
etag: W/"9a8767fa98da937fb02cdbbc52a101bb"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/x-javascript
x-do-cdn-uuid: 80b6018b-293e-4962-9bc8-48075e637d03
x-rgw-object-type: Normal
cache-control: max-age=604800
cf-ray: 884ab66e7f1137d1-FRA

GET
H3 200 ig-icon-corelight-favicon-96x96.png
corelight.com/hubfs/ 612 B
2 KB 201ms
201ms Other
image/webp 199.60.103.106
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://corelight.com/hubfs/ig-icon-corelight-favicon-96x96.png

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.106 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1caf7396ae952c33d52b9eeee6417f38af0daadf70bacbe43a18f3b27a268e5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68918519435,FD-67675262977,P-8645105,FLS-ALL
age: 250620
x-amz-request-id: 885EDDQY8CY0P3QG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68918519435,FD-67675262977,P-8645105,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="ig-icon-corelight-favicon-96x96.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "524c1f68c5bd490a5cd34585a3b54349"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1647625472405
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 16 May 2024 10:33:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 f59e52adbf3a58a76dec03547cb4b34c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Pyq.HqZ2M1EvwhMnZSiI.k5EcIHt8JX3
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1298
x-cache: RefreshHit from cloudfront
cache-tag: F-68918519435,FD-67675262977,P-8645105,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 612
x-amz-id-2: 0ORv/MmVG2MMGOKvXKCtRlGzRHM8gM7Nxw5+Q2pK+3/hbgqsY4o0qvwULb4eYVsYRlaSHzPH4Vg=
last-modified: Tue, 21 Mar 2023 15:14:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SxAfekKzuP45eDYOqqUt%2FCCjy223GcK9HQyHVIbBWVk%2BduHJuRWdOyr72xbaTt7%2Fd91Lu399S5Rizj6Cym213Utn2%2FyqhP6g20Pxtgf1wYAwLZJBK8lekzaxzkePY5I%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884ab66dbd3aa01d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: ZyLnA7C1GIzL3vRhr5bsN7bF47q4Nc37dOXCyN2UpFGLGGJSBJKZbQ==

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 769 B
727 B 169ms
54ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 810fa2a3b55e453ecd985550d03ec94f57c492a7052f8f271e58110e8dd720eb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Token 9ff21f9713e91318ec2c279ceb7110eeb77aabe5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-6s-CustomID: WebTag 33c784e7-4393-41da-aeec-41573dd7de87
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
sec-ch-ua-platform: "Win32"

Response headers

x-trace-id: 1129227415153976758
date: Thu, 16 May 2024 10:33:59 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://corelight.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 408

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 172ms
76ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://corelight.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://corelight.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Thu, 16 May 2024 10:33:58 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 5135358056220414623

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 445ms
430ms Image
image/gif 23.65.124.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=6e97a7bd-9522-49a4-8c42-3c045a1b4b65&session=d70a856f-be58-4018-8319-dfa1cabe34c0&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&pageViewId=487d06a1-5a41-423b-86d7-6c92ebcccae1&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.65.124.106 Hyderabad, India, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-65-124-106.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:59 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 16 May 2024 10:33:59 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 696ms
683ms Image
image/gif 23.65.124.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=6e97a7bd-9522-49a4-8c42-3c045a1b4b65&session=d70a856f-be58-4018-8319-dfa1cabe34c0&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e13725f521f4b7b8b185e2f10ffe13a5%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%229ff21f9713e91318ec2c279ceb7110eeb77aabe5%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%2233c784e7-4393-41da-aeec-41573dd7de87%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&pageViewId=487d06a1-5a41-423b-86d7-6c92ebcccae1&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.65.124.106 Hyderabad, India, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-65-124-106.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:59 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 16 May 2024 10:33:59 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
260 B 600ms
600ms Image
image/gif 23.65.124.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=6e97a7bd-9522-49a4-8c42-3c045a1b4b65&session=d70a856f-be58-4018-8319-dfa1cabe34c0&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A1010%3A3%3A1011%3A2d7c%3A1044%3Ae5e5%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&pageViewId=487d06a1-5a41-423b-86d7-6c92ebcccae1&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.65.124.106 Hyderabad, India, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-65-124-106.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:59 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 16 May 2024 10:33:59 GMT

GET
H2 200 /
corelight.widget.insent.ai/ Frame 1DC6 0
0 227ms
87ms Document
text/html 2600:9000:225e:d400:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://corelight.widget.insent.ai/?project_key=ifR9qnekVxidCVXYhrNb&blog_url=corelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&event_listener=2qY9rIEFrZaFtF6&marketo_cookies=[]&hubspot_cookies=[]&pardot_cookies=[]&eloqua_cookies=[]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by: Host: corelight.widget.insent.ai
URL: https://corelight.widget.insent.ai/insent
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:d400:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 14999420
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Fri, 24 Nov 2023 20:03:40 GMT
etag: W/"cea936b357d0fefbe67f396ac27ecc71"
last-modified: Wed, 18 Oct 2023 08:56:50 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 ba67e20db38657ee5cb05d05b3da9d70.cloudfront.net (CloudFront)
x-amz-cf-id: oS0UR53M4ZwyTp5ZVz91r8d8VB0hfwAUPm83EC7w_-KzUiti4xJwGA==
x-amz-cf-pop: FRA60-P4
x-amz-version-id: wf2lJ.cKt7e1wlMSlpAOAV_K1ZPwVE5q
x-cache: Error from cloudfront

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
260 B 475ms
474ms Image
image/gif 23.65.124.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=6e97a7bd-9522-49a4-8c42-3c045a1b4b65&session=d70a856f-be58-4018-8319-dfa1cabe34c0&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2016%20May%202024%2010%3A33%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2016%20May%202024%2010%3A33%3A58%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&pageViewId=487d06a1-5a41-423b-86d7-6c92ebcccae1&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.65.124.106 Hyderabad, India, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-65-124-106.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:33:59 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 16 May 2024 10:33:59 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 448ms
447ms Image
image/gif 23.65.124.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=6e97a7bd-9522-49a4-8c42-3c045a1b4b65&session=d70a856f-be58-4018-8319-dfa1cabe34c0&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2016%20May%202024%2010%3A34%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2016%20May%202024%2010%3A33%3A59%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_source%3Dconversica%26utm_medium%3Dre-engage%26utm_campaign%3Dopenndr-ransomware-lp&pageViewId=487d06a1-5a41-423b-86d7-6c92ebcccae1&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.65.124.106 Hyderabad, India, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-65-124-106.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 16 May 2024 10:34:00 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 16 May 2024 10:34:00 GMT

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

36 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-21 00:56:47	Name: _GRECAPTCHA Value: 09AFmZ3eD1otBzziCwU8KSz0-9aLgFAXYylrUAWDhM1UVvhg0W0tZN_XQrFzLRNNGdJyzwheKAiItZV4_ASXO3s7M
.corelight.com/	1970-01-20 20:37:37	Name: __cf_bm Value: 0fOu99PXYyM7.acDQa.n3E.qTh7fOciK3OhwHh1VqLw-1715855633-1.0.1.1-JZMnsoXxOX4WEmzGnh3xMcNX_hTRoFvFs1SPwOQBwFR_6o9wLdVtAoa.vxlSvRI4FBWvYyKEJb3c3BDBPeysMQ
.corelight.com/	1969-12-31 23:59:59	Name: __cfruid Value: dcb584cf23ae7a87761a571e1926de8c4adbc88e-1715855633
.hsforms.net/	1970-01-20 20:37:37	Name: __cf_bm Value: .qcVb_cNxXNSTSz8czMOh6b5BCNXlOmDljYW4NGNGw8-1715855634-1.0.1.1-uHs6ofCou.pN0z.rHKI5KOw0d9sdV.vkbtrIl3ISx0XMK3J2IYXGQv1x0y2BlhN1qIqD3WN36VnMJWRhceWyDg
.corelight.com/	1970-01-20 22:47:11	Name: _gcl_au Value: 1.1.127191456.1715855635
.hubspot.com/	1970-01-20 20:37:37	Name: __cf_bm Value: KgaImQh9rNUt2_q72wuhqWTiFYpAkKzDsypOIy0DaSs-1715855634-1.0.1.1-lrYR1bq_XLdu8PTOyTFFatflMgBOZ8UidsSojr3gH4WB20Vry7xUGI6Hai.j27gTxoxhwT0ihnACMMl79xUvsA
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 51Ka6nOLXnBmbYkFZa98tM73CNyD7Dqh.6UtQ8n1P0o-1715855634865-0.0.1.1-604800000
.corelight.com/	1970-01-20 20:39:02	Name: _gid Value: GA1.2.1968995115.1715855635
corelight.com/	1970-01-20 20:37:37	Name: _ga-ss Value: 1\|UA-86222136-1\|
.corelight.com/	1970-01-20 20:37:35	Name: _gat_UA-86222136-1 Value: 1
.corelight.com/	1970-01-21 05:23:11	Name: _hjSessionUser_875805 Value: eyJpZCI6IjRlNDhkM2Y5LTY5NDAtNTA1Yi05MGQzLWE3OGU5MDhiYjQzZCIsImNyZWF0ZWQiOjE3MTU4NTU2MzQ5NzUsImV4aXN0aW5nIjp0cnVlfQ==
.corelight.com/	1970-01-20 20:37:37	Name: _hjSession_875805 Value: eyJpZCI6IjJhNmE4ZmIzLWJlMzktNDQxNC1iMGRhLWVlNzM2OGUxZWEzMyIsImMiOjE3MTU4NTU2MzQ5NzcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.corelight.com/	1970-01-21 06:13:35	Name: _ga Value: GA1.1.680451344.1715855635
.hsforms.com/	1970-01-20 20:37:37	Name: __cf_bm Value: C5dHHH_O0VSLb8NBtYNZIRae8acguC3RqXMKwqbxuJk-1715855635-1.0.1.1-DlQHwIlFC_qmBZpQj6JrpKtu91hifclOzzeN0viEotYkmreuPcDM4Z8kkkE5uIWdGGBW3wkZy6w_YesWBhtTyw
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: xBKHV1bFMgaV_C5T78LArPNzAtjMtO9zCR1RYAKwy1Q-1715855635149-0.0.1.1-604800000
.ws.zoominfo.com/	1970-01-21 05:23:11	Name: visitorId Value: 88c4c7c3763c982590d7aef2be441f9df05424aa0b5be3dbe81c57be6733f2cd
.zoominfo.com/	1970-01-20 20:37:37	Name: __cf_bm Value: hYVvzrXp9Nqyz81G5CZzfO0xwnx4DvkCIUi8jNPfn.k-1715855635-1.0.1.1-C0xD.GYn7sE7acO5Q81LzzqF_mQhvzVOvAqUbLeEGLltkxhNzccoAexrELDDvLuhtCfZeL3edfhPzAQPbr_W2g
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: ZNdYLptf47kCrvlU3gf77G0cETB3fnXqjdVkQm5cwzE-1715855635455-0.0.1.1-604800000
tracking.g2crowd.com/	1970-01-20 20:57:45	Name: _session_id Value: 9c4fe4ed0f792cdb2cf8399f7660e30b
.g2crowd.com/	1970-01-20 20:37:37	Name: __cf_bm Value: rrFZEMwh.Xm_6DJxzAjiK8A.YQbBMN.ajKCJgThFgl0-1715855635-1.0.1.1-fRoPRca00fv2v_EKWdDNb.XYgOJ1KRqtwrrb_FiEFTSGhhHZy8Xa6rscTu6Cp8JOhqwDuhi12WhfNZ4AoYBjMA
.corelight.com/	1970-01-20 22:47:11	Name: _fbp Value: fb.1.1715855635671.1428075408
.t.co/	1970-01-21 06:13:35	Name: muc_ads Value: 63b2c2b2-89e0-4ce2-a978-63458de3e1ed
.twitter.com/	1970-01-21 06:13:35	Name: personalization_id Value: "v1_QjdbEDvs5BBZbTBhCs2Q7Q=="
.linkedin.com/	1970-01-20 22:47:11	Name: li_sugr Value: 05036f08-da98-414d-840e-3ea036dc8320
.linkedin.com/	1970-01-21 05:23:11	Name: bcookie Value: "v=2&f40324e5-eccf-4d35-863c-240f14fe424c"
.linkedin.com/	1970-01-20 20:39:02	Name: lidc Value: "b=TGST03:s=T:r=T:a=T:p=T:g=3241:u=1:x=1:i=1715855635:t=1715942035:v=2:sig=AQGIQOzbHxNCOgbAa4FBVfQqXN4xveq6"
.linkedin.com/	1970-01-20 21:20:47	Name: UserMatchHistory Value: AQKtSuzI4eGFwQAAAY-A9zaX5dF06ZvVf4SvEcpkLKumRYd5u2ArNUYx2wvlrqFNxKpibJY-RRoZMA
.linkedin.com/	1970-01-20 21:20:47	Name: AnalyticsSyncHistory Value: AQK0d_HEfrtiEAAAAY-A9zaXbgreCJIMlPj7q6l84L0ATf5s3aWmonj2oRN1DfUipdJ_hj5P1l2b2tX4TikLvw
.www.linkedin.com/	1970-01-21 05:23:11	Name: bscookie Value: "v=1&20240516103356a9765f38-f7f6-41b8-8eb8-bf1a7d9716daAQHuA0xwUm1oIawvcs0Kx2k_BVTYPGDw"
.linkedin.com/	1970-01-21 00:56:47	Name: li_gc Value: MTswOzE3MTU4NTU2MzY7MjswMjGMIDpP4gLdWMsxMicFfmae80IK4ff/GbxjBkXsMIfLeg==
.influ2.com/	1970-01-21 05:23:11	Name: R Value: 734884a317cad685885bdb6f
corelight.com/	1970-01-21 06:13:35	Name: _gd_visitor Value: 6e97a7bd-9522-49a4-8c42-3c045a1b4b65
corelight.com/	1970-01-20 20:37:50	Name: _gd_session Value: d70a856f-be58-4018-8319-dfa1cabe34c0
.adnxs.com/	1970-01-21 06:13:35	Name: receive-cookie-deprecation Value: 1
corelight.com/	1970-01-20 20:47:40	Name: _an_uid Value: 0
.corelight.com/	1970-01-21 06:13:35	Name: _ga_MGJ29KWT26 Value: GS1.1.1715855635.1.0.1715855639.56.0.0

62 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
rendering	error	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp(Line 378) Message: Error: <svg> attribute viewBox: Expected number, "0 0 100% 2000px".
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/471244410413852?v=2.9.156&r=stable&domain=corelight.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 97) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://corelight.com/cp/open-ndr/ransomware?utm_source=conversica&utm_medium=re-engage&utm_campaign=openndr-ransomware-lp Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
c.6sc.co
connect.facebook.net
corelight.com
corelight.widget.insent.ai
cta-service-cms2.hubspot.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsforms.net
js.hubspot.com
ka-f.fontawesome.com
kit.fontawesome.com
links-cnv.com
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
t.co
t.influ2.com
track.hubspot.com
tracking.g2crowd.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.influ2.com
www.linkedin.com
104.244.42.131
104.244.42.69
13.107.42.14
13.32.27.54
146.75.120.157
18.66.102.106
185.89.210.46
199.60.103.106
2001:4860:4802:34::36
216.58.206.66
23.65.124.106
2600:9000:225e:7000:f:7ae2:7780:93a1
2600:9000:225e:d400:f:7ae2:7780:93a1
2606:4700:3030::ac43:8b77
2606:4700:4400::6812:22e5
2606:4700:4400::6812:2844
2606:4700:4400::6812:2ae3
2606:4700:4400::6812:2b1f
2606:4700::6810:6cfe
2606:4700::6810:752b
2606:4700::6810:7674
2606:4700::6811:80ac
2606:4700::6811:ac5b
2606:4700::6811:afc9
2606:4700::6812:8e77
2606:4700::6813:afbc
2620:1ec:21::14
2a00:1450:4001:808::2003
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:813::200a
2a00:1450:4001:830::2004
2a00:1450:4001:831::2003
2a00:1450:4001:831::2008
2a00:1450:400c:c04::9c
2a02:26f0:2100::58dd:c512
2a02:26f0:7100::1720:ef19
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
34.107.254.219
34.117.110.211
52.11.219.39
76.223.9.105
0c9367da8b34432f76a9ff9f347fc20129239f9a6b137bed9a830d02f501e89e
0eb63044ce5c966668eb42c2fa9d5fef3a4ecd8e1db15f47768aa1026ab435cc
10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25
2a343a1f1ca54074f2fb17308f986a00e7505c9bf84d328291e9c04edb96f91d
2aa4cad08cfb1709571cef69bbc567f0ad1f7ed6493054a0e8c370b6820afea1
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
39a0eae14ec778c0afbe0b6c7c6e93d9799052e841dee405b84ba84b887c6bad
39e62d96f2cff8ca6014af56c4144294da8b2151675e4c1b006a3d90f330d073
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
40fd3bd4b40c69854df6b31303a10ee0ae928df767f9d790532608b22dd12077
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4fc577def8dac449c09c78ea7b47bb94f4005b9b04e4d8b80616d3f807636773
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
5e9bccc3fa8d4bcf7a048e8a0fd012e3e7a19f8bd2075db23f86f688bb9b3da1
6505c4e892a55c1279deb8357fbc9882d36d34b90c488100e808883eb72d5f88
658003edfddcde4ab589d70705d31ff4c6b50ab08e11c401c0f83debc633428c
670f77f11cb4c747f5de1affa5b53687cf7a20d1eaf99b0ef5c9c60858aefa55
67d5fc9cc92c6027543c3ea95b1f82c4f159c98215967d3681af33da95cab1fc
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d8f8fd6de0b42e3acc7b2f3005c599e9f54d21355c3d6850a5c13daca10d5ad
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
7403512ae48208783c41af183f5da7b4a8d86f0e6e2b0051f0f8b466043b5241
7e892b2c7f1547822bed16792439e413eb1e7cdd9752dba0c1a63d6d71229587
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
802d6c8bcc4f4034264b5a56c314adbe4aa038bc553115c4b58a9188af497247
810fa2a3b55e453ecd985550d03ec94f57c492a7052f8f271e58110e8dd720eb
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9
8e2750cd5099736b31e4da862400cd4ddefb11c99e0fd581206dba771225a06b
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
91df7651d09d058e1b39f30f00a053dc9dc7e738d16f4d3aded1af5860d829bf
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4
9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1
a98878804c27bf5999b7a1c8f94f8213d6e3334103f56ad3898f5257c208ba72
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1
bc26cf29b87a5ddd1972b20c509528a1614d604c1bbbbbbbbe43c7f557f87028
bf44fbc6ecec87d3f829255317ff5f58fc9aeaa84086afa4d990edd33c28fcd2
c065a69b2574e568921a51c6e9378820d9640d1f2b09961b99540ef2af05e1b3
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8
c1caf7396ae952c33d52b9eeee6417f38af0daadf70bacbe43a18f3b27a268e5
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c89ba9c066996b1ea0cb8ba448fe57fff8648344b49b0125ea915df3751990aa
cf6683ec2fb825072bc67ba2b4831425951dc365245d5334ca6f2150f50e1590
cfdf6d18abfa1df83cde3f748330c2890301dd061c32675bdcb6fb038005227b
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de57e2c8d6d8fa56a263070d17589acb782bf1244fede1022dd9ee9744294e44
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7e49c705159248f6fedb87cda9ab8e04c582d6630060e63311d4444b0fc3876
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef404a48ea95162f5b17ad0cf9e7753fcccd0b6bf212f038828e6c00ca5b7a37
ef61f745ab49ef3bbdb192b7f791f9d645caa5f89817f099470397b13e742ea8
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
f1a0027741fcc868e67c86f2e4f68401e081a79cfc2d171a0f7039ceb2daca48
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

corelight.com Open in urlscan Pro 199.60.103.106 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

88 Requests

98 %HTTPS

67 %IPv6

35 Domains

52 Subdomains

42 IPs

4 Countries

1546 kBTransfer

3753 kBSize

36 Cookies

0 Outgoing links

Page URL History

Redirected requests

88 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

corelight.com Open in urlscan Pro
199.60.103.106 Public Scan

Screenshot
Live screenshot

Full Image

88
Requests

98 %
HTTPS

67 %
IPv6

35
Domains

52
Subdomains

42
IPs

4
Countries

1546 kB
Transfer

3753 kB
Size

36
Cookies

88 HTTP transactions
1 data transactions