blog.alertlogic.com Open in urlscan Pro
54.230.93.232 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Submission: On May 13 via api (May 13th 2019, 5:38:55 pm UTC) from CH

Summary HTTP 115 Redirects Links 113 Behaviour Indicators

Summary

This website contacted 47 IPs in 8 countries across 36 domains to perform 115 HTTP transactions. The main IP is 54.230.93.232, located in Seattle, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is blog.alertlogic.com.
TLS certificate: Issued by Amazon on April 3rd 2019. Valid for: a year.

This is the only time blog.alertlogic.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	54.230.93.232 54.230.93.232	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2606:4700::68... 2606:4700::6813:c397	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
9	104.111.217.111 104.111.217.111	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	151.101.64.114 151.101.64.114	54113 (FASTLY) (FASTLY - Fastly)
9	54.230.93.198 54.230.93.198	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	147.75.204.215 147.75.204.215	54825 (PACKET) (PACKET - Packet Host)
1	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
2	2a00:1450:400... 2a00:1450:4001:817::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
6	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 3	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 3	52.49.47.75 52.49.47.75	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	104.16.92.80 104.16.92.80	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	93.184.220.178 93.184.220.178	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
2	172.82.228.19 172.82.228.19	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1	151.101.120.134 151.101.120.134	54113 (FASTLY) (FASTLY - Fastly)
2	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	35.190.5.192 35.190.5.192	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c08::9b	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:81b::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	147.75.83.82 147.75.83.82	54825 (PACKET) (PACKET - Packet Host)
2	151.101.120.157 151.101.120.157	54113 (FASTLY) (FASTLY - Fastly)
1	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.230.93.230 54.230.93.230	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE - Google LLC)
2	184.31.84.223 184.31.84.223	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	34.95.105.148 34.95.105.148	15169 (GOOGLE) (GOOGLE - Google LLC)
2	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER - Twitter Inc.)
4	2606:4700::68... 2606:4700::6810:50a6	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	151.101.0.134 151.101.0.134	54113 (FASTLY) (FASTLY - Fastly)
1	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
5	3.208.35.11 3.208.35.11	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2 3	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
2	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	147.75.80.178 147.75.80.178	54825 (PACKET) (PACKET - Packet Host)
1	192.28.151.250 192.28.151.250	53580 (MARKETO) (MARKETO - MARKETO)
2	209.197.3.15 209.197.3.15	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
8	52.20.5.219 52.20.5.219	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	93.184.220.42 93.184.220.42	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
2	52.54.19.237 52.54.19.237	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	151.101.120.64 151.101.120.64	54113 (FASTLY) (FASTLY - Fastly)
1	52.1.226.55 52.1.226.55	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	52.200.38.55 52.200.38.55	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
115	47

11 54.230.93.232 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-93-232.fra2.r.cloudfront.net

blog.alertlogic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.alertlogic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:c397 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.111.217.111 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-217-111.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.64.114 (United States)

ASN54113 (FASTLY - Fastly, US)

cdn.evgnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 54.230.93.198 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-93-198.fra2.r.cloudfront.net

blog.alertlogic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.204.215 (Chicago, United States)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-22

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.49.47.75 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-49-47-75.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.92.80 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

app-ab01.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 93.184.220.178 (London, United Kingdom)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.82.228.19 (United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.sc.omtrdc.net

alertlogic.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.120.134 (Paris, France)

ASN54113 (FASTLY - Fastly, US)

alert-logic.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.5.192 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 192.5.190.35.bc.googleusercontent.com

cdn.b0e8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9b (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.83.82 (Parsippany, United States)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-29

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.120.157 (Paris, France)

ASN54113 (FASTLY - Fastly, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:296::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.93.230 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-93-230.fra2.r.cloudfront.net

app.cdn.lookbookhq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:59:254c:406:2366:268c (United States) 1 redirects

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s46-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.84.223 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-84-223.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:216:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.105.148 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 148.105.95.34.bc.googleusercontent.com

a.b0e8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.5 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:50a6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.0.134 (United States)

ASN54113 (FASTLY - Fastly, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.208.35.11 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-208-35-11.compute-1.amazonaws.com

alertlogic.evergage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:f500:10:101::b93f:9105 (Ireland) 2 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.3 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.80.178 (Parsippany, United States)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-25

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.151.250 (United States)

ASN53580 (MARKETO - MARKETO, Inc., US)
PTR: monitor-test-ab25.mktoresp.com

023-pwj-200.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.20.5.219 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-20-5-219.compute-1.amazonaws.com

jukebox.lookbookhq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.220.42 (London, United Kingdom)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.54.19.237 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-54-19-237.compute-1.amazonaws.com

alertlogic.evergage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.120.64 (Paris, France)

ASN54113 (FASTLY - Fastly, US)

links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.1.226.55 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-1-226-55.compute-1.amazonaws.com

jukebox.lookbookhq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.200.38.55 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-200-38-55.compute-1.amazonaws.com

resources.alertlogic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	alertlogic.com 1 redirects blog.alertlogic.com www.alertlogic.com resources.alertlogic.com	781 KB
10	lookbookhq.com app.cdn.lookbookhq.com jukebox.lookbookhq.com	191 KB
9	adobedtm.com assets.adobedtm.com	56 KB
7	evergage.com alertlogic.evergage.com	10 KB
6	marketo.com app-ab01.marketo.com	68 KB
6	gstatic.com fonts.gstatic.com	75 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com	2 KB
4	disquscdn.com c.disquscdn.com	209 KB
4	disqus.com alert-logic.disqus.com disqus.com links.services.disqus.com	25 KB
3	twitter.com 1 redirects platform.twitter.com analytics.twitter.com	805 B
3	bizible.com cdn.bizible.com	33 KB
3	demdex.net 1 redirects dpm.demdex.net	2 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	90 KB
3	cloudflare.com cdnjs.cloudflare.com	92 KB
3	googleapis.com ajax.googleapis.com fonts.googleapis.com	9 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com	76 KB
2	t.co t.co	386 B
2	bing.com bat.bing.com	7 KB
2	marketo.net munchkin.marketo.net	5 KB
2	ads-twitter.com static.ads-twitter.com	4 KB
2	google.de www.google.de	220 B
2	google.com 1 redirects www.google.com	290 B
2	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
2	b0e8.com cdn.b0e8.com a.b0e8.com	21 KB
2	youtube.com www.youtube.com	929 B
2	omtrdc.net alertlogic.sc.omtrdc.net	1 KB
2	google-analytics.com 1 redirects www.google-analytics.com	17 KB
1	bizibly.com cdn.bizibly.com	380 B
1	mktoresp.com 023-pwj-200.mktoresp.com	623 B
1	ytimg.com s.ytimg.com	8 KB
1	facebook.com www.facebook.com	250 B
1	facebook.net connect.facebook.net	2 KB
1	googleadservices.com www.googleadservices.com	9 KB
1	licdn.com snap.licdn.com	5 KB
1	twimg.com pbs.twimg.com	2 KB
1	evgnet.com cdn.evgnet.com	121 KB
115	36

	Domain	Requested by
16	blog.alertlogic.com	1 redirects blog.alertlogic.com
9	jukebox.lookbookhq.com	app.cdn.lookbookhq.com blog.alertlogic.com cdn.bizible.com
9	assets.adobedtm.com	blog.alertlogic.com assets.adobedtm.com
7	alertlogic.evergage.com	cdn.evgnet.com cdn.bizible.com
6	app-ab01.marketo.com	assets.adobedtm.com app-ab01.marketo.com
6	fonts.gstatic.com	cdnjs.cloudflare.com blog.alertlogic.com
4	c.disquscdn.com	alert-logic.disqus.com
4	www.alertlogic.com	blog.alertlogic.com
3	px.ads.linkedin.com	2 redirects blog.alertlogic.com
3	cdn.bizible.com	assets.adobedtm.com blog.alertlogic.com cdn.bizible.com
3	dpm.demdex.net	1 redirects blog.alertlogic.com
3	cdnjs.cloudflare.com	blog.alertlogic.com
2	maxcdn.bootstrapcdn.com	app.cdn.lookbookhq.com alert-logic.disqus.com
2	analytics.twitter.com	static.ads-twitter.com
2	disqus.com	alert-logic.disqus.com
2	t.co	blog.alertlogic.com
2	bat.bing.com	assets.adobedtm.com blog.alertlogic.com
2	munchkin.marketo.net	assets.adobedtm.com munchkin.marketo.net
2	static.ads-twitter.com	blog.alertlogic.com
2	www.google.de	blog.alertlogic.com
2	www.google.com	1 redirects blog.alertlogic.com
2	www.youtube.com	blog.alertlogic.com assets.adobedtm.com
2	alertlogic.sc.omtrdc.net	assets.adobedtm.com blog.alertlogic.com
2	www.google-analytics.com	1 redirects blog.alertlogic.com
2	fonts.googleapis.com	blog.alertlogic.com app.cdn.lookbookhq.com
1	resources.alertlogic.com	app.cdn.lookbookhq.com
1	links.services.disqus.com	cdn.bizible.com
1	cdn.bizibly.com	blog.alertlogic.com
1	023-pwj-200.mktoresp.com	munchkin.marketo.net
1	vars.hotjar.com	static.hotjar.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	s.ytimg.com	www.youtube.com
1	www.linkedin.com	1 redirects
1	www.facebook.com	blog.alertlogic.com
1	a.b0e8.com	blog.alertlogic.com
1	connect.facebook.net	assets.adobedtm.com
1	www.googleadservices.com	assets.adobedtm.com
1	platform.twitter.com	1 redirects
1	app.cdn.lookbookhq.com	blog.alertlogic.com
1	snap.licdn.com	blog.alertlogic.com
1	script.hotjar.com	static.hotjar.com
1	stats.g.doubleclick.net	1 redirects
1	cdn.b0e8.com	blog.alertlogic.com
1	alert-logic.disqus.com	blog.alertlogic.com
1	pbs.twimg.com	blog.alertlogic.com
1	static.hotjar.com	blog.alertlogic.com
1	cdn.evgnet.com	blog.alertlogic.com
1	ajax.googleapis.com	blog.alertlogic.com
115	48

This site contains links to these domains. Also see Links.

Domain
www.alertlogic.com
support.alertlogic.com
docs.alertlogic.com
learn.alertlogic.com
console.account.alertlogic.com
partners.alertlogic.com
confluence.atlassian.com
nvd.nist.gov
paper.seebug.org
www.carbonblack.com
github.com
lolbas-project.github.io
www.facebook.com
twitter.com
www.linkedin.com
t.co
facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
www.alertlogic.com Amazon	`2019-04-03` - `2020-05-03`	a year	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-02` - `2019-09-08`	6 months	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-03-04` - `2020-03-11`	a year	crt.sh
cdn.evergage.com COMODO RSA Domain Validation Secure Server CA	`2018-02-15` - `2020-02-15`	2 years	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2019-04-09` - `2019-07-08`	3 months	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2018-11-19` - `2019-11-27`	a year	crt.sh
*.google.com Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
app-ab01.marketo.com CloudFlare Inc ECC CA-2	`2019-02-22` - `2020-02-22`	a year	crt.sh
cdn.bizible.com Go Daddy Secure Certificate Authority - G2	`2019-03-14` - `2021-04-13`	2 years	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2020-04-14`	a year	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2018-03-28` - `2020-04-27`	2 years	crt.sh
*.bc0a.com DigiCert SHA2 Secure Server CA	`2018-12-19` - `2019-12-04`	a year	crt.sh
www.google.de Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2019-04-09` - `2019-07-08`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2018-08-16` - `2019-08-21`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
cdn.lookbookhq.com Amazon	`2019-01-03` - `2020-02-03`	a year	crt.sh
www.googleadservices.com Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-04-22` - `2019-07-21`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 5	`2017-07-20` - `2019-07-10`	2 years	crt.sh
*.b0e8.com DigiCert SHA2 Secure Server CA	`2018-12-19` - `2020-01-03`	a year	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2019-03-07` - `2020-03-07`	a year	crt.sh
ssl565697.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-17` - `2019-09-23`	6 months	crt.sh
evergage.com COMODO RSA Domain Validation Secure Server CA	`2017-11-14` - `2020-03-30`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2017-06-06` - `2019-06-11`	2 years	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-01-28` - `2020-01-28`	a year	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2019-04-09` - `2019-07-08`	3 months	crt.sh
www.google.com Google Internet Authority G3	`2019-04-16` - `2019-07-09`	3 months	crt.sh
*.mktoresp.com GeoTrust RSA CA 2018	`2018-02-05` - `2020-02-05`	2 years	crt.sh
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA	`2018-10-03` - `2019-10-12`	a year	crt.sh
*.lookbookhq.com Amazon	`2019-04-25` - `2020-05-25`	a year	crt.sh
s2.wac.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2019-05-01` - `2020-11-18`	2 years	crt.sh
f.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2018-08-30` - `2020-12-02`	2 years	crt.sh
resources.alertlogic.com DigiCert SHA2 Secure Server CA	`2019-01-30` - `2020-02-04`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Frame ID: 11E600F9B4B39887D90D321A18CC6BEE
Requests: 110 HTTP requests in this frame

Frame: https://www.youtube.com/embed/8ANcX45zYUY
Frame ID: 0C23E499EE19E5940C6F4C91DA86AC47
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=alert-logic&t_i=active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&t_u=https%3A%2F%2Fwww.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&t_d=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&t_t=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&s_o=default
Frame ID: A584F9777ED0C3F53BCAF65141BD90A5
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-90f3a29ef7448451db5af955688970d7.html
Frame ID: CCDCB65DE50F0524966066B5C1A43C14
Requests: 1 HTTP requests in this frame

Frame: https://app-ab01.marketo.com/index.php/form/XDFrame
Frame ID: 6323AE263DB8686CF20A7AA5873F1122
Requests: 1 HTTP requests in this frame

Frame: https://jukebox.lookbookhq.com/cookie-iframe.html
Frame ID: DB6134FC93980C42C14FA49DEBD0FE1E
Requests: 1 HTTP requests in this frame

Frame: https://resources.alertlogic.com/cookie-iframe.html
Frame ID: 0B69919D2B930C2B263F9CDD47554782
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandc... HTTP 301
http://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandc... HTTP 307
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandc... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Disqus (Comment Systems) Expand

Overall confidence: 100%
Detected patterns

env /^DISQUS/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /^\/\/static\.hotjar\.com\/c\/hotjar-/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i
env /^Munchkin$/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
env /^Modernizr$/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\/s[_-]code.*\.js/i
env /^s_(?:account|objectID|code|INST)$/i

VigLink (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

env /^(?:vglnk(?:$|_)|vl_(?:cB|disable)$)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

115
Requests

98 %
HTTPS

39 %
IPv6

36
Domains

48
Subdomains

47
IPs

8
Countries

1922 kB
Transfer

5126 kB
Size

22
Cookies

113 Outgoing links

These are links going to different origins than the main page.

URL: https://www.alertlogic.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/product-overview-and-pricing/
Title: Product & Solutions

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/alert-logic-essentials-coverage/
Title: EssentialsVulnerability & Asset Visibility with Extended Endpoint Protection

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/alert-logic-professional-coverage/
Title: ProfessionalEssentials + Threat Detection & Incident Management

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/alert-logic-enterprise-coverage/
Title: EnterpriseProfessional + WAF & Threat Hunting Analyst

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/product-overview-and-pricing/#mapping
Title: Capabilities MappingAcross Other Alert Logic Offerings

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/threat-detection-response
Title: Threat Detection & Response

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/network-intrusion-detection-system-ids/
Title: Intrusion Detection

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/log-management-software/
Title: Log Management

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/anti-virus-detection-and-analysis/
Title: Anti-Virus Integration

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/asset-discovery-and-visibility/
Title: Asset Discovery

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/dark-web-scanning/
Title: Dark Web Scanning

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/saas-vendor-security/
Title: SaaS Vendor Security

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/security-monitoring/
Title: Security Monitoring

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/security-operations-center/
Title: SOC-as-a-Service

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/network-vulnerability-management/
Title: Vulnerability Management

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/web-application-firewall/
Title: Web Application Firewall

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/webinars/tales-from-the-soc-live-simulated-hack/
Title: Professional Services

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/security-compliance/
Title: Compliance

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/security-compliance/pci-compliance/
Title: PCI Compliance

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/security-compliance/gdpr-compliance/
Title: GDPR Compliance

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/security-compliance/hipaa-compliance/
Title: HIPAA Compliance

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/security-compliance/soc-2-compliance/
Title: SOC2 Compliance

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/data-leak-prevention/
Title: Data Leak Prevention

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/platform/hybrid-cloud-security/
Title: Hybrid Cloud

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/platform/on-premises/
Title: On-Premises

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/platform/cloud/
Title: Public Cloud

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/platform/aws-security/
Title: Amazon Web Services

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/platform/microsoft-azure-security/
Title: Microsoft Azure & Office 365

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/platform/google-cloud-security/
Title: Google Cloud Platform

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/container-security/
Title: Container Security

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/extended-endpoint-protection/
Title: Extended Endpoint Protection

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/
Title: Resources & Events

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/whitepapers/
Title: Whitepapers

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/industry-reports/
Title: Industry Reports

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/videos/
Title: Videos

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/security-checklists/
Title: Security Checklists

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/infographics/
Title: Infographics

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/datasheet/
Title: Datasheets

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/customers/case-studies/
Title: Case Studies

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/industry-reports/2018-critical-watch-report/
Title: Critical Watch Report

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/about-us/events/
Title: Events

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/webinars/
Title: Webinars

Search URL Search Domain Scan URL

URL: https://support.alertlogic.com/
Title: Support

Search URL Search Domain Scan URL

URL: https://docs.alertlogic.com/
Title: Product Documentation

Search URL Search Domain Scan URL

URL: https://support.alertlogic.com/hc/en-us/sections/115001568446-General
Title: Best Practices

Search URL Search Domain Scan URL

URL: https://support.alertlogic.com/hc/en-us/categories/115001241223-Frequently-Asked-Questions
Title: FAQs

Search URL Search Domain Scan URL

URL: https://docs.alertlogic.com/home.htm#release-notes
Title: Release Notes

Search URL Search Domain Scan URL

URL: https://support.alertlogic.com/hc/en-us/community/topics
Title: Community

Search URL Search Domain Scan URL

URL: https://learn.alertlogic.com/
Title: Product Training

Search URL Search Domain Scan URL

URL: https://support.alertlogic.com/hc/en-us/requests/new
Title: Submit Ticket

Search URL Search Domain Scan URL

URL: https://console.account.alertlogic.com/
Title: Product Login

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/partners-overview/
Title: Partners

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/partners/reseller-partner-connect-program/
Title: Reseller Connect Program

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/partners/referral-partner-connect-program/
Title: Referral Connect Program

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/partners/technology-alliance-partner-connect-program/
Title: Technology Alliance Connect Program

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/our-partners/
Title: Find A Partner

Search URL Search Domain Scan URL

URL: https://partners.alertlogic.com/
Title: Partner Resource Center

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/become-a-partner/
Title: Become A Partner

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/about-us/
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/why-alert-logic/overview/
Title: Why Alert Logic

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/about-us/leadership/
Title: Leadership

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/about-us/board-of-directors/
Title: Board of Directors

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/about-us/awards/
Title: Awards

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/about-us/corporate-compliance/
Title: Corporate Compliance

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/about-us/press-releases/
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/about-us/media-coverage/
Title: Media Coverage

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/assets/datasheets/SIEMless_Threat_Management.pdf

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/resources/cwc
Title: Critical Watch Center

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/get-started/
Title: Get Started

Search URL Search Domain Scan URL

URL: https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html
Title: announced a set of critical vulnerabilities

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-3396
Title: CVE-2019-3396

Search URL Search Domain Scan URL

URL: https://paper.seebug.org/886/
Title: available in the public domain

Search URL Search Domain Scan URL

URL: https://www.carbonblack.com/2019/01/24/carbon-black-tau-threatsight-analysis-gandcrab-and-ursnif-campaign/
Title: researched Gandcrab campaigns

Search URL Search Domain Scan URL

URL: https://github.com/EmpireProject/PSInject/blob/master/Invoke-PSInject.ps1%20Invoke-PSInject.ps1%20script
Title: the Empire Project

Search URL Search Domain Scan URL

URL: https://lolbas-project.github.io/lolbas/Binaries/Certutil/
Title: lolbin cerutil

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer/sharer.php?u=http://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&url=http://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/&via=alertlogic

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=http://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/&title=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&summary=Alert%20Logic%20security%20researchers%20share%20details%20of%20active%20exploit%20of%20Confluence%20vulnerability%20being%20used%20to%20spread%20Gandcrab%20ransomware.&source=http://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/terms-of-use/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/privacy-statement/
Title: Alert Logic privacy policy

Search URL Search Domain Scan URL

URL: https://twitter.com/alertlogic
Title: Alert Logic @alertlogic

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=%23ransomware&src=hash
Title: #ransomware

Search URL Search Domain Scan URL

URL: https://t.co/V9J6J329r5%E2%80%A6
Title: https://t.co/V9J6J329r5…

Search URL Search Domain Scan URL

URL: https://t.co/bAMjMG06fg
Title: https://t.co/bAMjMG06fg

Search URL Search Domain Scan URL

URL: https://twitter.com/alertlogic/status/1127962982162542592
Title: 13 May

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?in_reply_to=1127962982162542592
Title: Reply

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/retweet?tweet_id=1127962982162542592
Title: Retweet

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/favorite?tweet_id=1127962982162542592
Title: Like

Search URL Search Domain Scan URL

URL: https://t.co/29cjEkXLKn
Title: https://t.co/29cjEkXLKn

Search URL Search Domain Scan URL

URL: https://twitter.com/techrepublic
Title: @techrepublic

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=%23cloud&src=hash
Title: #cloud

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=%23cloudsecurity&src=hash
Title: #cloudsecurity

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=%23CISOs&src=hash
Title: #CISOs

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=%23CIOs&src=hash
Title: #CIOs

Search URL Search Domain Scan URL

URL: https://twitter.com/alertlogic/status/1127925237184704512
Title: 13 May

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?in_reply_to=1127925237184704512
Title: Reply

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/retweet?tweet_id=1127925237184704512
Title: Retweet

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/favorite?tweet_id=1127925237184704512
Title: Like

Search URL Search Domain Scan URL

URL: https://t.co/gtdgUG0RZk
Title: https://t.co/gtdgUG0RZk

Search URL Search Domain Scan URL

URL: https://twitter.com/TEISS
Title: @TEISS

Search URL Search Domain Scan URL

URL: https://twitter.com/alertlogic/status/1127860327679287296
Title: 13 May

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?in_reply_to=1127860327679287296
Title: Reply

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/retweet?tweet_id=1127860327679287296
Title: Retweet

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/favorite?tweet_id=1127860327679287296
Title: Like

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/platform/cloud-security-services/
Title: Cloud Security

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/solutions/platform/data-center-security/
Title: On-Premises Security

Search URL Search Domain Scan URL

URL: https://support.alertlogic.com/hc/en-us/
Title: Customer Support

Search URL Search Domain Scan URL

URL: https://www.alertlogic.com/customers/case-studies/rent-a-center/
Title: Cost Effective Cloud Security Rent-A-Center's Cloud-First Approach on AWS

Search URL Search Domain Scan URL

URL: http://facebook.com/alertlogic

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/alert-logic

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/AlertLogicTV

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware HTTP 301
http://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/ HTTP 307
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26

https://dpm.demdex.net/id?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557769118104 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557769118104

Request Chain 44

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=116182816&t=pageview&_s=1&dl=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&ul=en-us&de=UTF-8&dt=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=162529026&gjid=1367478205&cid=80364065.1557769119&tid=UA-17359898-1&_gid=233813471.1557769119&_r=1&cd1=%3C%3F%3D%24ip%3B%3F%3E&z=1270262022 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-17359898-1&cid=80364065.1557769119&jid=162529026&_gid=233813471.1557769119&gjid=1367478205&_v=j73&z=1270262022 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=80364065.1557769119&jid=162529026&_v=j73&z=1270262022 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=80364065.1557769119&jid=162529026&_v=j73&z=1270262022&slf_rd=1&random=3049108415

Request Chain 49

https://platform.twitter.com/oct.js HTTP 301
https://static.ads-twitter.com/oct.js

Request Chain 77

https://px.ads.linkedin.com/collect/?time=1557769119485&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&fmt=js&s=1 HTTP 302
https://px.ads.linkedin.com/collect/?time=1557769119485&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&fmt=js&s=1&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1557769119485%26pid%3D8957%26url%3Dhttps%253A%252F%252Fblog.alertlogic.com%252Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%252F%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1557769119485&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&fmt=js&s=1&cookiesTest=true&liSync=true

115 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Redirect Chain

https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware
http://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

97 KB
22 KB

1445ms
1444ms

Document
text/html

54.230.93.232
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.232 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-232.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

a38af8eef7e3901ac7b76cc9fe95b92c22428c407d309ffa7f6985afbf9e33f6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Host: blog.alertlogic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=900
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Date: Mon, 13 May 2019 17:38:36 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
Vary: Accept-Encoding,Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 e7c35757c4581d46396ae4c0a48815ef.cloudfront.net (CloudFront)
X-Amz-Cf-Id: IgKtXyyRhpd4Y5dbrWC0z5Ck4g_c0lTWsp8sgowdm-KaGWArjOjUEw==

Redirect headers

Location: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK pheonix.css
blog.alertlogic.com/assets/css/ 385 KB
77 KB 581ms
580ms Stylesheet
text/css 54.230.93.232
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.alertlogic.com/assets/css/pheonix.css

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.232 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-232.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

606fe67f66cae43dafd22616543240855633eb1e68050d64610b5958fb0747de

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Content-Encoding: gzip
Vary: Accept-Encoding,Accept-Encoding
Transfer-Encoding: chunked
X-Cache: RefreshHit from cloudfront
Date: Sun, 12 May 2019 22:33:42 GMT
Connection: keep-alive
Last-Modified: Tue, 05 Feb 2019 15:46:38 GMT
Server: Apache
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
ETag: "604f7-5812783c568a0"
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Type: text/css
Via: 1.1 e7c35757c4581d46396ae4c0a48815ef.cloudfront.net (CloudFront)
Cache-Control: public, max-age=900
X-Amz-Cf-Id: 4GnzJ3wbTyx__ietvYM099MxVe4b0PlBCnUV4UEmX97OAJyhQhQrgA==

GET
H2 200 jquery-ui.min.css
ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/ 29 KB
7 KB 7ms
5ms Stylesheet
text/css 2a00:1450:4001:821::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/jquery-ui.min.css

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8964f1fe20bd22829aa12283e7e59515e7fc658348810e00c55a4c6c1c368628

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sat, 09 Mar 2019 00:33:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5677493
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 7320
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 08 Mar 2020 00:33:44 GMT

GET
H2 200 modernizr.min.js Show response
cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/ 11 KB
4 KB 17ms
15ms Script
application/javascript 2606:4700::6813:c397
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c397 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:37 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:24:28 GMT
server: cloudflare
etag: W/"5afd4a4c-2b4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 02 May 2020 17:38:37 GMT
cache-control: public, max-age=30672000
cf-ray: 4d666837cacbc2a9-FRA
served-in-seconds: 0.001

GET
H2 200 satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js Show response
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/ 105 KB
34 KB 221ms
69ms Script
application/x-javascript 104.111.217.111
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.217.111 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-217-111.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8221c3f49ef546af3e8c05533a8e5fd532e7c192a8355064fcc93c9b3ce1c4df

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:37 GMT
content-encoding: gzip
last-modified: Thu, 14 Mar 2019 21:49:51 GMT
server: Apache
etag: "2212c755ee5acb4eb2b73f06413306ed:1552600191"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 34848
expires: Mon, 13 May 2019 18:38:37 GMT

GET
H2 200 evergage.min.js Show response
cdn.evgnet.com/beacon/alertlogic/engage/scripts/ 455 KB
121 KB 365ms
193ms Script
application/javascript 151.101.64.114
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.evgnet.com/beacon/alertlogic/engage/scripts/evergage.min.js
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.64.114 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 13a2ec182fe7cd3a00d98057115584fd356265e484b08a3a18cf76ebb2714f36

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: zlbAFfZbvC0hId4be.zN4X3GTjHPwyGX
content-encoding: gzip
age: 0
x-cache: HIT, HIT
status: 200
date: Mon, 13 May 2019 17:38:37 GMT
x-amz-replication-status: COMPLETED
content-length: 123317
x-amz-request-id: FFE0C20FC92F9E1F
x-amz-id-2: qHSkB5koF+Ja0IP93mbAsXPAK/gQDY8RrZpnRMSPtJcNVDLm0yaPssDT6yYkrLGRvbffYb6AGXA=
x-served-by: cache-iad2131-IAD, cache-hhn1521-HHN
x-amz-meta-evergage-sum: a16c06270bb13ded07dba71a3101e9871ee6c57b
last-modified: Sun, 12 May 2019 22:46:57 GMT
server: AmazonS3
x-timer: S1557769118.595292,VS0,VE124
etag: "087f4485ae6b929341d5a5a7259397f2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
x-amz-meta-evergage-beacon-ver: 12
x-cache-hits: 1, 1

GET
H/1.1 200
OK AL_w_tag.png
www.alertlogic.com/assets/img/ 6 KB
7 KB 663ms
540ms Image
image/png 54.230.93.232
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alertlogic.com/assets/img/AL_w_tag.png

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.232 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-232.fra2.r.cloudfront.net

Software

Resource Hash

f3aa62e151c19d02630f97da628b703469b53a5d5a9e8fa46cb111bc86dbfeed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://blog.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Via: 1.1 c1b77f069e81fd54b56ee92a790a3e9b.cloudfront.net (CloudFront)
Last-Modified: Thu May 9 21:36:43 UTC 2019
Server
ETag: "187f-5835817033480"
X-Frame-Options: allow-from https://resources.alertlogic.com https://blog.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=900
Date: Sun, 12 May 2019 08:36:01 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 6271
Accept-Ranges: bytes
X-Amz-Cf-Id: j5344BRYBjriTRtA1ax8SNc-bpE7MTPygzajPhO6GRRonqPmQCVrIA==

GET
H/1.1 200
OK logo-alertlogic-a-bgimg.png
www.alertlogic.com/assets/img/ 4 KB
5 KB 678ms
548ms Image
image/png 54.230.93.232
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alertlogic.com/assets/img/logo-alertlogic-a-bgimg.png

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.232 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-232.fra2.r.cloudfront.net

Software

Resource Hash

347e4c3fa50e6f98a2a10fff78a4c732f09f53c0eb0b08a9df3213494d4ca043

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://blog.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Via: 1.1 a5dd7270846a000392d2981b8c28634f.cloudfront.net (CloudFront)
Last-Modified: Thu May 9 21:36:43 UTC 2019
Server
ETag: "11d8-58358177d4680"
X-Frame-Options: allow-from https://resources.alertlogic.com https://blog.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=900
Date: Sun, 12 May 2019 08:36:01 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 4568
Accept-Ranges: bytes
X-Amz-Cf-Id: 9PXDexsad3QLwxHXrqCMB1NXzbugcf1DlJWIDW1oEkXsyW7Mk0SB3Q==

GET
H/1.1 200
OK 370x270_CWR_GridImage.jpg
www.alertlogic.com/assets/critcal-watch-report/img/ 23 KB
24 KB 734ms
733ms Image
image/jpeg 54.230.93.232
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alertlogic.com/assets/critcal-watch-report/img/370x270_CWR_GridImage.jpg

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.232 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-232.fra2.r.cloudfront.net

Software

Resource Hash

9ef8292dbcde1495ae58d7a796d655b861c97cae627bffb1b8505d5984c7eff9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://blog.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Via: 1.1 a5dd7270846a000392d2981b8c28634f.cloudfront.net (CloudFront)
Last-Modified: Thu May 9 21:36:43 UTC 2019
Server
ETag: "5d8e-583581fc63f40"
X-Frame-Options: allow-from https://resources.alertlogic.com https://blog.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/jpeg
Cache-Control: public, max-age=900
Date: Mon, 13 May 2019 17:38:38 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 23950
Accept-Ranges: bytes
X-Amz-Cf-Id: xWFDQ9-_NSbNo-6dVxP562yfOk2omfs3Msgx8BmTuFGpLmEQOoyzaQ==

GET
H/1.1 200
OK 370x270_SIEMless_Threat_Management_short.jpg
www.alertlogic.com/assets/homepage/img/ 29 KB
30 KB 533ms
532ms Image
image/jpeg 54.230.93.232
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alertlogic.com/assets/homepage/img/370x270_SIEMless_Threat_Management_short.jpg

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.232 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-232.fra2.r.cloudfront.net

Software

Resource Hash

79e4ebe446beb792f757e503371ae1e73ffca487abe6b2d38b228836dd6bbdf7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://blog.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Via: 1.1 c1b77f069e81fd54b56ee92a790a3e9b.cloudfront.net (CloudFront)
Last-Modified: Thu May 2 21:05:57 UTC 2019
Server
ETag: "73b7-583581ea45480"
X-Frame-Options: allow-from https://resources.alertlogic.com https://blog.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/jpeg
Cache-Control: public, max-age=900
Date: Sun, 05 May 2019 00:34:06 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 29623
Accept-Ranges: bytes
X-Amz-Cf-Id: KYaAyrkFxA9D6ngQN0eLxbIBJC0WJdbpjsXr6UfxqjSMSlD-P_52rA==

GET
H/1.1 200
OK GC1.png
blog.alertlogic.com/assets/blogs/img/ 29 KB
30 KB 239ms
234ms Image
image/png 54.230.93.232
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alertlogic.com/assets/blogs/img/GC1.png

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.232 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-232.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

d68bb7b5d396436b422fb7656ef916b888386d70aae9d10118ed07bf37d760e1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 e7c35757c4581d46396ae4c0a48815ef.cloudfront.net (CloudFront)
Last-Modified: Tue, 23 Apr 2019 21:39:23 GMT
Server: Apache
ETag: "7325-587396b180c28"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=900
Date: Mon, 13 May 2019 07:41:11 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 29477
Accept-Ranges: bytes
X-Amz-Cf-Id: Ze-77t1hjDT1bmsv8iotvQ8ogtHdXgJPiBL84ZBNbo_fMaMgzZ7N5w==

GET
H/1.1 200
OK GC2.png
blog.alertlogic.com/assets/blogs/img/ 91 KB
92 KB 469ms
236ms Image
image/png 54.230.93.198
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alertlogic.com/assets/blogs/img/GC2.png

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-198.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

b916baec833d0b279940c3c9dc0197cc8c78f552ef8853c4e51dd16202bca116

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 87de52593927dfce090da0b24ddc3123.cloudfront.net (CloudFront)
Last-Modified: Tue, 23 Apr 2019 21:39:23 GMT
Server: Apache
ETag: "16bc5-587396b157030"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=900
Date: Sun, 05 May 2019 08:11:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 93125
Accept-Ranges: bytes
X-Amz-Cf-Id: khF1_TkA2wWimd30aXahyu1YbeV1riWohh4A422YQGenP3V5SvOo7A==

GET
H/1.1 200
OK GC3.png
blog.alertlogic.com/assets/blogs/img/ 20 KB
20 KB 797ms
545ms Image
image/png 54.230.93.232
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alertlogic.com/assets/blogs/img/GC3.png

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.232 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-232.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

c7e528d4f055f2880561bd856c5d208b563b8a0bf5842b337fd4ca11cf06d7ec

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 e7c35757c4581d46396ae4c0a48815ef.cloudfront.net (CloudFront)
Last-Modified: Tue, 23 Apr 2019 21:39:22 GMT
Server: Apache
ETag: "4e30-587396b11ab58"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=900
Date: Mon, 13 May 2019 07:41:11 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 20016
Accept-Ranges: bytes
X-Amz-Cf-Id: tyYhnyrZVU9gmJbckQtjJj0j07UjKyKhvQFTrHcUCDHWjmICOTRwKw==

GET
H/1.1 200
OK GC4.png
blog.alertlogic.com/assets/blogs/img/ 128 KB
129 KB 868ms
608ms Image
image/png 54.230.93.198
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alertlogic.com/assets/blogs/img/GC4.png

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-198.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

2e4fff8d63f0306c6a9aa0563df042f03446141668b2a81e49418b8a64c3c3f4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 60a935292c9892b0b7f9e56f65af863a.cloudfront.net (CloudFront)
Last-Modified: Tue, 23 Apr 2019 21:39:22 GMT
Server: Apache
ETag: "2014e-587396b0f22e8"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=900
Date: Mon, 13 May 2019 07:41:11 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 131406
Accept-Ranges: bytes
X-Amz-Cf-Id: USPjIWitYwM6h02o-fqe_dOgq179qJAcrgC1lfGnQo9WCPOmhjLGow==

GET
H/1.1 200
OK GC5.png
blog.alertlogic.com/assets/blogs/img/ 38 KB
38 KB 646ms
221ms Image
image/png 54.230.93.198
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alertlogic.com/assets/blogs/img/GC5.png

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-198.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

8bc3251047c963d11d510dc2a97f6a7c6bb5934eec528e5bb786314da2bcb4c0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 7b88ef0d81161ffd0111d52a2de2bd25.cloudfront.net (CloudFront)
Last-Modified: Tue, 23 Apr 2019 21:39:22 GMT
Server: Apache
ETag: "9621-587396b0b3700"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=900
Date: Sun, 05 May 2019 08:11:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 38433
Accept-Ranges: bytes
X-Amz-Cf-Id: xo9wlmRJq7tFnSXgTrdxEbvP2ky_-a5stCo3TvK1Fhe3M_F-mGr2ZQ==

GET
H/1.1 200
OK GC6.png
blog.alertlogic.com/assets/blogs/img/ 8 KB
8 KB 820ms
257ms Image
image/png 54.230.93.198
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alertlogic.com/assets/blogs/img/GC6.png

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-198.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

5cd1b9ee05ab05b7ff10c8169dbdad672013e98c4524127fc0f33f5759d70596

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 87de52593927dfce090da0b24ddc3123.cloudfront.net (CloudFront)
Last-Modified: Tue, 23 Apr 2019 21:39:22 GMT
Server: Apache
ETag: "1e77-587396b087010"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=900
Date: Sun, 05 May 2019 08:11:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 7799
Accept-Ranges: bytes
X-Amz-Cf-Id: gEtzLZp0k0xCsaeY4ggIfJCcr20ee7d9Qj71HV6uNKJmGvLJyV3-8g==

GET
H/1.1 200
OK GC7.png
blog.alertlogic.com/assets/blogs/img/ 28 KB
28 KB 571ms
569ms Image
image/png 54.230.93.198
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alertlogic.com/assets/blogs/img/GC7.png

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-198.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

83a25b6da863419e47e0cd1cc2ccdfbe977341e9df76b5e108a0d77d89172f4d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 7b88ef0d81161ffd0111d52a2de2bd25.cloudfront.net (CloudFront)
Last-Modified: Tue, 23 Apr 2019 21:39:22 GMT
Server: Apache
ETag: "6e6e-587396b062a08"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=900
Date: Mon, 13 May 2019 07:41:11 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 28270
Accept-Ranges: bytes
X-Amz-Cf-Id: ULD-9DfgCcWttFrFWcwU-KCmsKgt1Xommk8IH_NAblE7DLoO7bF2vA==

GET
H2 200 hotjar-228809.js Show response
static.hotjar.com/c/ 8 KB
2 KB 271ms
125ms Script
application/javascript 147.75.204.215
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-228809.js?sv=5

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.204.215 Chicago, United States, ASN54825 (PACKET - Packet Host, Inc., US),

Reverse DNS

pkt-ams-k1-22

Software

openresty /

Resource Hash

a05c99a2b5b008f0964c9e5fbd7c82baebc6d45b54449b5a11a41fa56e176d1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript
section-io-tag: hotjar
age: 0
status: 200
access-control-max-age: 600
section-io-cache: Miss
content-length: 2130
x-cache-hit: 1
server: openresty
x-frame-options: SAMEORIGIN
etag: W/701cf983d41f3e9db6bf8d48fa13c0cb
vary: Accept-Encoding
section-io-origin-status: 304
access-control-allow-origin: *
cache-control: max-age=60
section-io-origin-time-seconds: 0.076
accept-ranges: bytes
section-io-id: 82f6e30e351c1304dda8cd329901b5db

GET
H/1.1 200
OK /
blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/ 0
22 KB 44ms
43ms Other
text/html 54.230.93.232
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.232 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-232.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Purpose: prefetch
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Content-Encoding: gzip
Vary: Accept-Encoding,Accept-Encoding
Server: Apache
Age: 2
Date: Mon, 13 May 2019 17:38:36 GMT
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: Hit from cloudfront
Content-Type: text/html; charset=UTF-8
Via: 1.1 e7c35757c4581d46396ae4c0a48815ef.cloudfront.net (CloudFront)
Cache-Control: public, max-age=900
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Amz-Cf-Id: pI74ILgwh9xPoqBFo5Cns56WcqtUwsHIpmittKCdsCAd8gqM8Uaf0g==

GET
H2 200 A-de5l6H_normal.jpg
pbs.twimg.com/profile_images/836632592292036608/ 2 KB
2 KB 78ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/836632592292036608/A-de5l6H_normal.jpg

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/40EA) /

Resource Hash

e367786278723e60fe5c4692b30f2435c45f305876b06888ba832c27aa145db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:38 GMT
x-content-type-options: nosniff
x-cache: HIT
status: 200
content-length: 1731
x-response-time: 143
surrogate-key: profile_images profile_images/bucket/8 profile_images/836632592292036608
last-modified: Tue, 28 Feb 2017 17:40:08 GMT
server: ECS (fcn/40EA)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d2e150c0c48d12a5ce28c9f593cd0ee7
accept-ranges: bytes

GET
H/1.1 200
OK logo-alertlogic-white.png
blog.alertlogic.com/assets/img/ 3 KB
4 KB 213ms
213ms Image
image/png 54.230.93.198
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.alertlogic.com/assets/img/logo-alertlogic-white.png

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-198.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

d4631de95e8413346dedfde1266d66e35294fbd88f0b675d7637f007a71b01ae

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 ede9297e2bd56d0c4c812154e0ce4da2.cloudfront.net (CloudFront)
Last-Modified: Tue, 29 Mar 2016 17:18:28 GMT
Server: Apache
ETag: "c8f-52f3337c3bfb9"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: image/png
Cache-Control: public, max-age=900
Date: Sun, 12 May 2019 22:33:43 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Length: 3215
Accept-Ranges: bytes
X-Amz-Cf-Id: rhdho-CrLJFImqrUTEjxaOq71V0yZT7N_AFbZEM7Dh-UIPD9ayybMA==

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/ 82 KB
28 KB 15ms
14ms Script
application/javascript 2606:4700::6813:c397
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c397 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:38 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:21:00 GMT
server: cloudflare
etag: W/"5afd497c-1499c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 02 May 2020 17:38:38 GMT
cache-control: public, max-age=30672000
cf-ray: 4d66683c0c5cc2a9-FRA
served-in-seconds: 0.027

GET
H2 200 jquery-ui.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.4/ 235 KB
60 KB 15ms
15ms Script
application/javascript 2606:4700::6813:c397
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c397 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:38 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:21:00 GMT
server: cloudflare
etag: W/"5afd497c-3ab2b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 02 May 2020 17:38:38 GMT
cache-control: public, max-age=30672000
cf-ray: 4d66683c1c8dc2a9-FRA
served-in-seconds: 0.014

GET
H/1.1 200
OK main_2018.js Show response
blog.alertlogic.com/assets/js/ 304 KB
69 KB 230ms
229ms Script
application/javascript 54.230.93.232
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.alertlogic.com/assets/js/main_2018.js

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.232 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-232.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

e97e1647b609849b4d781a2783a73e0d4fde0a1347856167657be0f613db70db

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Content-Encoding: gzip
Vary: Accept-Encoding,Accept-Encoding
Last-Modified: Wed, 14 Nov 2018 18:26:29 GMT
Server: Apache
Date: Sun, 12 May 2019 22:33:43 GMT
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Content-Type: application/javascript
Via: 1.1 e7c35757c4581d46396ae4c0a48815ef.cloudfront.net (CloudFront)
Cache-Control: public, max-age=900
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Amz-Cf-Id: c-ac8LvLuP65Hxgc021oVNX9ChnNL4-DGsQnOd5K53eVALRyyg2g_A==

GET
H2 200 css
fonts.googleapis.com/ 39 KB
2 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:817::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

093e8ad6879175a558add8c94d0074d1b87d10e29f90ad58f45ec8fb26140832

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 13 May 2019 17:38:38 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 13 May 2019 17:38:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Mon, 13 May 2019 17:38:38 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v12/ 13 KB
13 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v12/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin: https://blog.alertlogic.com

Response headers

date: Mon, 25 Mar 2019 20:20:14 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:11:07 GMT
server: sffe
age: 4223904
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13324
x-xss-protection: 1; mode=block
expires: Tue, 24 Mar 2020 20:20:14 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 367
date: Mon, 13 May 2019 17:32:31 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17543
expires: Mon, 13 May 2019 19:32:31 GMT

GET
H/1.1

302
Found

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557769118104
https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557769118104

0
-1 B

243ms
58ms

XHR

52.49.47.75
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557769118104
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.47.75 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-49-47-75.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Location: https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557769118104
X-TID: Vre23njXTjY=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://blog.alertlogic.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Access-Control-Allow-Origin: https://blog.alertlogic.com
X-TID: Vre23njXTjY=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557769118104
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 forms2.min.js Show response
app-ab01.marketo.com/js/forms2/js/ 169 KB
57 KB 307ms
45ms Script
application/x-javascript 104.16.92.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab01.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

26a9c8770bb5e7769425cb053b2be9c8ddfaebcd8cf2b5ae860620a94ff14690

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 13 May 2019 17:38:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 17 Apr 2019 22:21:37 GMT
server: cloudflare
etag: "4e0a56-2a28a-586c14f12de40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=14400
strict-transport-security: max-age=63113904
cf-ray: 4d66683df8d1bf37-AMS
expires: Mon, 13 May 2019 21:38:38 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 197ms
36ms Script
application/x-javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40B4) / ASP.NET
Resource Hash: da7ebd42b410dec8e844022c3445e6367f49b0d68654e4012c05e5cdec6fff4e

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:38 GMT
content-encoding: gzip
last-modified: Sat, 11 May 2019 18:30:48 GMT
server: ECS (fcn/40B4)
x-powered-by: ASP.NET
etag: "17dd4da7278d51:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
accept-ranges: bytes
content-length: 32318

GET
H/1.1 200
OK rd Show response
dpm.demdex.net/id/ 219 B
974 B 69ms
68ms XHR
application/json 52.49.47.75
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557769118104
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.47.75 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-49-47-75.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d2b8a9966a1a907912e3d74509505585eeff1b7f4ef18080caac12d2dbc76957

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v028-0c32d9a92.edge-irl1.demdex.com 5.52.1.20190424113352 5ms
Pragma: no-cache
X-TID: 4vLDp/MLTGU=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://blog.alertlogic.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 219
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK id Show response
alertlogic.sc.omtrdc.net/ 3 B
484 B 244ms
81ms XHR
application/x-javascript 172.82.228.19
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://alertlogic.sc.omtrdc.net/id?d_visid_ver=1.8.0&d_fieldgroup=A&mcorgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&mid=12364503984084849452814299813473721742&ts=1557769118422

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

172.82.228.19 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),

Reverse DNS

*.sc.omtrdc.net

Software

Omniture DC/2.0.0 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Mon, 13 May 2019 17:38:38 GMT
X-Content-Type-Options: nosniff
Server: Omniture DC/2.0.0
xserver: www120
Vary: Origin
X-C: ms-6.6.0
P3P: CP="This is not a P3P policy"
Access-Control-Allow-Origin: https://blog.alertlogic.com
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 3
X-XSS-Protection: 1; mode=block

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v12/ 13 KB
13 KB 17ms
10ms Font
font/woff2 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v12/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

487f2e9da2ff0740755a5ef01dc15a2888b89537795895203a831b13b199d8bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin: https://blog.alertlogic.com

Response headers

date: Mon, 25 Mar 2019 20:20:14 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:11:49 GMT
server: sffe
age: 4223904
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 12976
x-xss-protection: 1; mode=block
expires: Tue, 24 Mar 2020 20:20:14 GMT

GET
H/1.1 200
OK fa-light-300.woff2
blog.alertlogic.com/assets/webfonts/ 65 KB
66 KB 377ms
212ms Font
application/octet-stream 54.230.93.198
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.alertlogic.com/assets/webfonts/fa-light-300.woff2

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-198.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

08c5812dd025af3149b80ecb972803b280476bebb5e9f02416e6f007a04de8b4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/assets/css/pheonix.css
Origin: https://blog.alertlogic.com

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 7b88ef0d81161ffd0111d52a2de2bd25.cloudfront.net (CloudFront)
Last-Modified: Mon, 04 Jun 2018 16:42:51 GMT
Server: Apache
Connection: keep-alive
ETag: "10540-56dd39fe4d922"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Cache-Control: public, max-age=900
Date: Mon, 13 May 2019 07:40:53 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 66880
X-Amz-Cf-Id: ZopZ5o5cYe3_L9ygRfhZ2uc6IN2gtqKF6Hr2U09VKTTWcybRQCbaAQ==

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v15/ 14 KB
14 KB 14ms
9ms Font
font/woff2 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v15/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin: https://blog.alertlogic.com

Response headers

date: Mon, 25 Mar 2019 20:19:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:12:18 GMT
server: sffe
age: 4223939
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14176
x-xss-protection: 1; mode=block
expires: Tue, 24 Mar 2020 20:19:39 GMT

GET
H/1.1 200
OK fa-solid-900.woff2
blog.alertlogic.com/assets/webfonts/ 52 KB
53 KB 697ms
535ms Font
application/octet-stream 54.230.93.198
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.alertlogic.com/assets/webfonts/fa-solid-900.woff2

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-198.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

556213d68f2f3386a34135c07ea432d252682ac7deecc5eb9c9c23a194e83415

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/assets/css/pheonix.css
Origin: https://blog.alertlogic.com

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 ede9297e2bd56d0c4c812154e0ce4da2.cloudfront.net (CloudFront)
Last-Modified: Mon, 04 Jun 2018 16:42:48 GMT
Server: Apache
Connection: keep-alive
ETag: "d158-56dd39fb1a3e9"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Cache-Control: public, max-age=900
Date: Mon, 13 May 2019 07:40:54 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 53592
X-Amz-Cf-Id: 1rXLLoLXGXcpC3Wc32prf4_jqTiBRqgpVT00M1VRkAksDJfwRTwLuw==

GET
H2 200 6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDJB9cme.woff2
fonts.gstatic.com/s/sourcesanspro/v12/ 12 KB
12 KB 13ms
9ms Font
font/woff2 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v12/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDJB9cme.woff2

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7cc2c8a7bd96173ee2a862c122630ab8d45ad0676ad2ad60fc55307763782230

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin: https://blog.alertlogic.com

Response headers

date: Mon, 25 Mar 2019 20:20:14 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:12:23 GMT
server: sffe
age: 4223904
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 12656
x-xss-protection: 1; mode=block
expires: Tue, 24 Mar 2020 20:20:14 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v15/ 14 KB
14 KB 13ms
10ms Font
font/woff2 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v15/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin: https://blog.alertlogic.com

Response headers

date: Mon, 25 Mar 2019 20:19:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:00 GMT
server: sffe
age: 4223939
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14044
x-xss-protection: 1; mode=block
expires: Tue, 24 Mar 2020 20:19:39 GMT

GET
H/1.1 200
OK embed.js Show response
alert-logic.disqus.com/ 64 KB
22 KB 621ms
456ms Script
application/javascript 151.101.120.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://alert-logic.disqus.com/embed.js

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.120.134 Paris, France, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

openresty /

Resource Hash

57ba3a02c8080a32202bf6daf06e30d5adf4b392b249531c6fd7b29fac584cd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 13 May 2019 17:38:39 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 21599

GET
H2 200 getForm Show response
app-ab01.marketo.com/index.php/form/ 5 KB
2 KB 470ms
469ms Script
application/javascript 104.16.92.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab01.marketo.com/index.php/form/getForm?munchkinId=239-ZBX-439&form=2076&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&callback=jQuery112408749160495246147_1557769118469&_=1557769118470

Requested by

Host: app-ab01.marketo.com
URL: https://app-ab01.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

97b605975cae7d3866d5c0ce5088b89d16edd33cc227abfdab5d8fb3afc06ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: application/javascript; charset=utf-8
status: 200
cf-ray: 4d66683f8aadbf37-AMS

GET
H2 200 8ANcX45zYUY
www.youtube.com/embed/ Frame 0C23 0
0 138ms
136ms Document
text/html 2a00:1450:4001:81a::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/8ANcX45zYUY

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/8ANcX45zYUY
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

status: 200
strict-transport-security: max-age=31536000
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
expires: Tue, 27 Apr 1971 19:44:06 EST
x-content-type-options: nosniff
cache-control: no-cache
content-type: text/html; charset=utf-8
date: Mon, 13 May 2019 17:38:38 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: VISITOR_INFO1_LIVE=wgr2ANoJwhU; path=/; domain=.youtube.com; expires=Sat, 09-Nov-2019 17:38:38 GMT; httponly PREF=f1=50000000; path=/; domain=.youtube.com; expires=Sun, 12-Jan-2020 05:31:38 GMT YSC=i_K6FnLn0o0; path=/; domain=.youtube.com; httponly VISITOR_INFO1_LIVE=wgr2ANoJwhU; path=/; domain=.youtube.com; expires=Sat, 09-Nov-2019 17:38:38 GMT; httponly GPS=1; path=/; domain=.youtube.com; expires=Mon, 13-May-2019 18:08:38 GMT
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"

GET
H2 200 conv_v3.js Show response
cdn.b0e8.com/ 65 KB
21 KB 124ms
30ms Script
application/javascript 35.190.5.192
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.b0e8.com/conv_v3.js
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.5.192 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 192.5.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 1cdc48e451e5acc23a10a350583be260114164838184afe59bb497fcf4c1df5a

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:34:18 GMT
content-encoding: gzip
age: 260
status: 200
x-guploader-uploadid: AEnB2UriaE68yzxf-2fG8NJiFshmueNTU7n2BNYeWuufKwaCVCPw9nR_kGiRBfvUlrtbMTVo58w61lxrOxI-4Xosc_EMG9l8xg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 20750
last-modified: Wed, 24 Apr 2019 01:58:58 GMT
server: UploadServer
etag: "88f171057eda66a17a2e12572bedac56"
vary: Accept-Encoding
x-goog-hash: crc32c=DbOzfA==, md5=iPFxBX7aZqF6LhJXK+2sVg==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1556071138720083
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 20750
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 13 May 2019 18:34:18 GMT

GET
H/1.1 200
OK fa-brands-400.woff2
blog.alertlogic.com/assets/webfonts/ 53 KB
54 KB 636ms
590ms Font
application/octet-stream 54.230.93.198
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.alertlogic.com/assets/webfonts/fa-brands-400.woff2

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.230.93.198 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-230-93-198.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

9a840cbc1851e412ca570bde62526c4cbecde684da1c79e9ef8debd83ab15869

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/assets/css/pheonix.css
Origin: https://blog.alertlogic.com

Response headers

Content-Security-Policy: frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via: 1.1 ede9297e2bd56d0c4c812154e0ce4da2.cloudfront.net (CloudFront)
Last-Modified: Mon, 04 Jun 2018 16:42:53 GMT
Server: Apache
Connection: keep-alive
ETag: "d4d0-56dd39ffe6bee"
X-Frame-Options: allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache: RefreshHit from cloudfront
Cache-Control: public, max-age=900
Date: Mon, 13 May 2019 07:40:54 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 54480
X-Amz-Cf-Id: 5DwUY9hMF4s33QFQv_ip3bMHbBlsWhz7xoSMayZBP4bAExWsHlWGOg==

GET
H2 200 TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
fonts.gstatic.com/s/oswald/v17/ 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v17/TK3iWkUHHAIjg752GT8Gl-1PKw.woff2

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c7bdbbdc5796065794e3ffcfdd995fd7a43c618e3a56707e133f72f5ca57cd1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin: https://blog.alertlogic.com

Response headers

date: Wed, 27 Mar 2019 21:02:54 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Mar 2019 20:57:24 GMT
server: sffe
age: 4048544
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9380
x-xss-protection: 1; mode=block
expires: Thu, 26 Mar 2020 21:02:54 GMT

GET
H2 200 getForm Show response
app-ab01.marketo.com/index.php/form/ 23 KB
5 KB 384ms
377ms Script
application/javascript 104.16.92.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab01.marketo.com/index.php/form/getForm?munchkinId=239-ZBX-439&form=5912&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&callback=jQuery112408749160495246147_1557769118471&_=1557769118472

Requested by

Host: app-ab01.marketo.com
URL: https://app-ab01.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8c51ada934b90dacd098c726db56074625d38f2f2451364d3b35c13b1671409

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: application/javascript; charset=utf-8
status: 200
cf-ray: 4d666840dbe8bf37-AMS

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=116182816&t=pageview&_s=1&dl=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandc...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-17359898-1&cid=80364065.1557769119&jid=162529026&_gid=233813471.1557769119&gjid=1367478205&_v=j73&z=1270262022
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=80364065.1557769119&jid=162529026&_v=j73&z=1270262022
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=80364065.1557769119&jid=162529026&_v=j73&z=1270262022&slf_rd=1&random=3049108415

42 B
110 B

23ms
22ms

Image
image/gif

2a00:1450:4001:809::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=80364065.1557769119&jid=162529026&_v=j73&z=1270262022&slf_rd=1&random=3049108415

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 May 2019 17:38:39 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 May 2019 17:38:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=80364065.1557769119&jid=162529026&_v=j73&z=1270262022&slf_rd=1&random=3049108415
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.fe4e24d660b38f9620b9.js Show response
script.hotjar.com/ 421 KB
88 KB 238ms
60ms Script
application/javascript 147.75.83.82
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.fe4e24d660b38f9620b9.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-228809.js?sv=5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.83.82 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),

Reverse DNS

pkt-ams-k1-29

Software

Resource Hash

28239dad3b58e4a8d3c4de1e7af088de5021c50532593d1d945fc8dc40b3804c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 13 May 2019 15:36:32 GMT
access-control-allow-origin: *
etag: W/"9dfb8777fe64c8118c2770cf24865d51"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.024
section-io-origin-status: 200
accept-ranges: bytes
section-io-id: e090d036251ed1d674f0c1cbadc73042
content-length: 89203

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 87ms
85ms Script
application/javascript 151.101.120.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.120.157 Paris, France, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
age: 5452
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-cdg20729-CDG
last-modified: Tue, 23 Jan 2018 19:05:33 GMT
x-timer: S1557769119.149461,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 15 KB
5 KB 18ms
17ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 13 May 2019 17:38:39 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Dec 2018 23:03:30 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=39908
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

GET
H2 200 jukebox.js Show response
app.cdn.lookbookhq.com/production/jukebox/current/ 761 KB
188 KB 167ms
51ms Script
text/javascript 54.230.93.230
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.230.93.230 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-230-93-230.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d7d9d11f05f1629d699d61f50665fea7a3ba83b6ce14bbd47f6c839c581bc2c7

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Wed, 01 May 2019 00:52:51 GMT
server: AmazonS3
age: 48230
date: Mon, 13 May 2019 05:15:24 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
status: 200
x-amz-cf-id: HcWQDqsjPggVnMddKxPGyl_LCVGkVHqPHLEBOfQbS7nTer7d_aSq5w==
via: 1.1 ddd91cf4cd1b9310c0aee8953bc042e2.cloudfront.net (CloudFront)

GET
H2

200

oct.js Show response
static.ads-twitter.com/
Redirect Chain

https://platform.twitter.com/oct.js
https://static.ads-twitter.com/oct.js

5 KB
2 KB

123ms
90ms

Script
application/javascript

151.101.120.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/oct.js
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.120.157 Paris, France, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
age: 8083
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-cdg20729-CDG
last-modified: Tue, 23 Jan 2018 19:05:33 GMT
x-timer: S1557769119.234730,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

Redirect headers

Access-Control-Allow-Origin: *
Date: Mon, 13 May 2019 17:38:39 GMT
Server: ECS (fcn/40FC)
Content-Length: 0
Location: https://static.ads-twitter.com/oct.js
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

GET
H2 200 satellite-574dbcd564746d6b9000b831.js Show response
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/ 1 KB
674 B 94ms
87ms Script
application/x-javascript 104.111.217.111
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-574dbcd564746d6b9000b831.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.217.111 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-217-111.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a71627b229a3d8bc6683b642f9a935697c58fc2814737f28dcc7ad9e1850fa42

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
last-modified: Thu, 14 Mar 2019 21:49:51 GMT
server: Apache
etag: "6557647bb78af336887c92e3e1440ec3:1552600191"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 439
expires: Mon, 13 May 2019 18:38:39 GMT

GET
H2 200 satellite-5755b4f864746d251700cf7d.js Show response
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/ 545 B
571 B 96ms
89ms Script
application/x-javascript 104.111.217.111
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5755b4f864746d251700cf7d.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.217.111 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-217-111.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 22f35f1e580566391809fff946156e10901faac6df9584e8a1427f8d3e6dcc33

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
last-modified: Thu, 14 Mar 2019 21:49:51 GMT
server: Apache
etag: "d29b96d7bd0c0bed29f85bbf8ded0120:1552600191"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 336
expires: Mon, 13 May 2019 18:38:39 GMT

GET
H2 200 satellite-5755b4f864746d251700cf81.js Show response
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/ 1 KB
584 B 78ms
71ms Script
application/x-javascript 104.111.217.111
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5755b4f864746d251700cf81.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.217.111 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-217-111.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 14f3b6819ef43c89752e13e38011994f18bf74ef99c92679243bbc30e3b1ed7e

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
last-modified: Thu, 14 Mar 2019 21:49:51 GMT
server: Apache
etag: "769e63bb320ed7c1a240875e91454d7e:1552600191"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 349
expires: Mon, 13 May 2019 18:38:39 GMT

GET
H2 200 satellite-5786765d64746d0b190000bf.js Show response
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/ 426 B
536 B 95ms
89ms Script
application/x-javascript 104.111.217.111
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5786765d64746d0b190000bf.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.217.111 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-217-111.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0f67efb1a352a2239f06b373e951655b99a8ea6530929247218bcee5f1358cf9

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
last-modified: Thu, 14 Mar 2019 21:49:51 GMT
server: Apache
etag: "7000a775fdb53c89cb61fc42fecbb4bb:1552600191"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 302
expires: Mon, 13 May 2019 18:38:39 GMT

GET
H2 200 satellite-5757183d64746d6333002e60.js Show response
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/ 310 B
433 B 65ms
60ms Script
application/x-javascript 104.111.217.111
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5757183d64746d6333002e60.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.217.111 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-217-111.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c93f3f4d498ca8a69597ebd2d6e07b5f3be531f924c1ee4abe39a0ca6d8bc071

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
last-modified: Thu, 14 Mar 2019 21:49:51 GMT
server: Apache
etag: "5bb5e362378a6dfb1db8af10a2f3bb1b:1552600191"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 198
expires: Mon, 13 May 2019 18:38:39 GMT

GET
H2 200 satellite-57e594e364746d36190149e3.js Show response
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/ 10 KB
3 KB 75ms
70ms Script
application/x-javascript 104.111.217.111
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-57e594e364746d36190149e3.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.217.111 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-217-111.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 6ac7b199f71de2f4ffad267887891a63377843226829fb1a02485668434284af

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
last-modified: Thu, 14 Mar 2019 21:49:51 GMT
server: Apache
etag: "4fba0b45dad31cae33b2ef23c83dfeea:1552600191"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 2635
expires: Mon, 13 May 2019 18:38:39 GMT

GET
H2 200 satellite-5a3c0d6f64746d7c6f00e127.js Show response
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/ 731 B
635 B 68ms
65ms Script
application/x-javascript 104.111.217.111
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5a3c0d6f64746d7c6f00e127.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.217.111 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-217-111.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8c99a2efb42f096f7628d2a67dc7bde4ba3ecd96f1f21a15b7e293135d06ecf8

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
last-modified: Thu, 14 Mar 2019 21:49:51 GMT
server: Apache
etag: "57a6b75fed4083758f42d2aaa9ad8a42:1552600191"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 401
expires: Mon, 13 May 2019 18:38:39 GMT

GET
H2 200 s-code-contents-6ca4ae86ae1c90dcc634066533467ce4cb891326.js Show response
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/ 40 KB
15 KB 111ms
108ms Script
application/x-javascript 104.111.217.111
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/s-code-contents-6ca4ae86ae1c90dcc634066533467ce4cb891326.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.217.111 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-217-111.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e1b14fab01159f43f337ddbf24563382b9099558189106cef967084f9e94ff37

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
last-modified: Thu, 14 Mar 2019 21:49:51 GMT
server: Apache
etag: "a7afa196cb173cd3bc360ab1cc217e16:1552600191"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 15470
expires: Mon, 13 May 2019 18:38:39 GMT

GET
H2 200 forms2.css
app-ab01.marketo.com/js/forms2/css/ 13 KB
3 KB 50ms
50ms Stylesheet
text/css 104.16.92.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab01.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-ab01.marketo.com
URL: https://app-ab01.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=63113904
content-length: 2610
last-modified: Wed, 17 Apr 2019 22:21:37 GMT
server: cloudflare
etag: "4e0a96-33f8-586c14f12de40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4d6668437ee0bf37-AMS
expires: Mon, 13 May 2019 21:38:39 GMT

GET
H2 200 forms2-theme-plain.css
app-ab01.marketo.com/js/forms2/css/ 828 B
331 B 51ms
50ms Stylesheet
text/css 104.16.92.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab01.marketo.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: app-ab01.marketo.com
URL: https://app-ab01.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=63113904
content-length: 246
last-modified: Wed, 17 Apr 2019 22:21:37 GMT
server: cloudflare
etag: "60d52-33c-586c14f12de40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4d6668437ee1bf37-AMS
expires: Mon, 13 May 2019 21:38:39 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 23 KB
9 KB 49ms
48ms Script
text/javascript 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

2c2b83b5a9f188b6f91fdb4db32a68cae12d7c15d62263ebd3e345429dab2ec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 8874
x-xss-protection: 0
server: cafe
etag: 3302323910089655626
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 13 May 2019 17:38:39 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
929 B 25ms
23ms Script
application/javascript 2a00:1450:4001:81a::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

12c0bc0ed4f34ad6251de0db7eb2db8f52cb37191482f98c1e9ac8f78dcfbdac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 EST

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 56ms
53ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5755b4f864746d251700cf81.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 13 May 2019 17:38:39 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Apr 2019 02:53:44 GMT
Server: Apache
ETag: "54520320df20b526337717d6d28181fc:1554432824"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 fbds.js Show response
connect.facebook.net/en_US/ 4 KB
2 KB 9ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbds.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5755b4f864746d251700cf7d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

6d3bddeeb1d2e641dc51c4b085d18ba4b29a4bbd95ed7a3aca1c04a30a304bfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: xfWbcrB/pcvUYBXeFdfb5g==
status: 200
date: Mon, 13 May 2019 17:38:39 GMT
vary: Accept-Encoding
content-length: 2117
x-fb-debug: X0aoKTETzruXeSELApK0/re5uEiy1xDwuucs2TRJmadp1pZs/xGMe447Tfq1eHR4213QeLMMKLiFTy2Pmcp5nw==
x-fb-content-md5: 42f5c2a655c8009d47a19c5c31d622e8
etag: "7f8c2ff8f12c870ec24f9aec1b3e2fb8"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 13 May 2019 17:40:17 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 22 KB
7 KB 54ms
48ms Script
application/javascript 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5786765d64746d0b190000bf.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: 06768ff08a78f24b60973b047561141c4413864fa2d3ac9292fb0b217a81f917

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:38 GMT
content-encoding: gzip
last-modified: Fri, 08 Mar 2019 01:08:18 GMT
x-msedge-ref: Ref A: 3250C536316A45F383B55B691D4674C0 Ref B: VIEEDGE0319 Ref C: 2019-05-13T17:38:39Z
access-control-allow-origin: *
etag: "0ed1a6a4bd5d41:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7002

GET
H/1.1 200
OK s73168344294665
alertlogic.sc.omtrdc.net/b/ss/alogglobalprod/1/JS-1.7.0-D7QN/ 43 B
586 B 77ms
76ms Image
image/gif 172.82.228.19
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alertlogic.sc.omtrdc.net/b/ss/alogglobalprod/1/JS-1.7.0-D7QN/s73168344294665?AQB=1&ndh=1&pf=1&t=13%2F4%2F2019%2017%3A38%3A39%201%200&D=D%3D&mid=12364503984084849452814299813473721742&aamlh=6&ce=UTF-8&pageName=blog%3Aactive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware&g=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&ch=blog%3Aactive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=blog.alertlogic.com&c2=page%3Eview%3Eblog%3Aactive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware&v5=blog%3Aactive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware&v6=blog%3Aactive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware&v9=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&v16=desktop&v17=First%20Visit&v18=12364503984084849452814299813473721742&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

172.82.228.19 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),

Reverse DNS

*.sc.omtrdc.net

Software

Omniture DC /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 13 May 2019 17:38:39 GMT
X-Content-Type-Options: nosniff
X-C: ms-6.6.0
P3P: CP="This is not a P3P policy"
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 14 May 2019 17:38:39 GMT
Server: Omniture DC
xserver: www197
ETag: "3345283710498963456-6906623077569069363"
Vary: *
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Expires: Sun, 12 May 2019 17:38:39 GMT

GET
H2 200 brightedge3.php
a.b0e8.com/ 35 B
154 B 218ms
132ms Image
image/gif 34.95.105.148
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.b0e8.com/brightedge3.php?id=f00000000145487&p_id=66PJRRJ4LLNNRLN8R4PL26N6RAAAAAAAAH&bf=04771c541b3ff8e8ff5601c99c2fbae3&url=https%3A//blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/&ref=&bn=1&bv=3.40&title=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&metadesc=Alert%20Logic%20security%20researchers%20share%20details%20of%20active%20exploit%20of%20Confluence%20vulnerability%20being%20used%20to%20spread%20Gandcrab%20ransomware.&metakeywords=&s_id=66PJRRJ4LLNNR6J66J6L26N6RAAAAAAAAH
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.105.148 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 148.105.95.34.bc.googleusercontent.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
via: 1.1 google
server: Apache/2.2.15 (CentOS)
content-type: image/gif
status: 200
accept-ranges: bytes
alt-svc: clear
content-length: 35

GET
H2 200 adsct
t.co/i/ 43 B
172 B 178ms
173ms Image
image/gif 104.244.42.5
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nw5n7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=0
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 126
pragma: no-cache
last-modified: Mon, 13 May 2019 17:38:39 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b9ff47c60be05b4f57710f9ea5be8985
x-transaction: 00d084fc00cedc34
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 lounge.694ea7181ea49f1ce306dfc00c532f53.css
c.disquscdn.com/next/embed/styles/ 104 KB
19 KB 106ms
48ms Stylesheet
text/css 2606:4700::6810:50a6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.694ea7181ea49f1ce306dfc00c532f53.css

Requested by

Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b73336a70c8e2b73cd8e349c54db26910f6f1c51be47806790252b72587ebf24

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 4d666844c97dc277-FRA
status: 200
vary: Accept-Encoding
content-length: 19687
x-xss-protection: 1; mode=block
last-modified: Tue, 09 Apr 2019 22:19:57 GMT
server: cloudflare
etag: "5cad1a8d-4ce7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Apr 2020 22:26:48 GMT

GET
H2 200 common.bundle.2b6bb3725200b8d992a8cb9c288952d3.js Show response
c.disquscdn.com/next/embed/ 243 KB
81 KB 104ms
47ms Script
application/javascript 2606:4700::6810:50a6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.2b6bb3725200b8d992a8cb9c288952d3.js

Requested by

Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e73035342ef69a696cf2e1ddda0c23b03e39d415307cfed23c75e8899e38f4be

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 4d666844c984c277-FRA
status: 200
vary: Accept-Encoding
content-length: 82964
x-xss-protection: 1; mode=block
last-modified: Fri, 12 Apr 2019 18:37:48 GMT
server: cloudflare
etag: "5cb0dafc-14414"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Apr 2020 19:58:23 GMT

GET
H2 200 lounge.bundle.e04d6946f2fad54035486025e9a4979a.js Show response
c.disquscdn.com/next/embed/ 392 KB
101 KB 95ms
39ms Script
application/javascript 2606:4700::6810:50a6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.e04d6946f2fad54035486025e9a4979a.js

Requested by

Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcc326a932512b85b357a85eff7a4d53ba307b8f98dda12d03e5f093d35f1fc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 4d666844c97fc277-FRA
status: 200
vary: Accept-Encoding
content-length: 103289
x-xss-protection: 1; mode=block
last-modified: Fri, 19 Apr 2019 23:05:14 GMT
server: cloudflare
etag: "5cba542a-19379"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Apr 2020 21:54:29 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ 5 KB
3 KB 158ms
53ms Script
application/javascript 151.101.0.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

44e763c06fc465b461a26b4aea5306f0d6bac8d1e5c1f512e951bf101e935ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 13 May 2019 17:38:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 27
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Length: 2158
X-XSS-Protection: 1; mode=block
Server: nginx
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin: *

GET
H2 200 /
www.facebook.com/tr/ 44 B
250 B 8ms
6ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=722360314547694&ev=PixelInitialized&dl=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&rl=&if=false&ts=1557769119420

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Mon, 13 May 2019 17:38:39 GMT

GET
H2 200 adsct
t.co/i/ 43 B
214 B 165ms
164ms Image
image/gif 104.244.42.5
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuosp&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=0
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 117
pragma: no-cache
last-modified: Mon, 13 May 2019 17:38:39 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b9ff47c60be05b4f57710f9ea5be8985
x-transaction: 0002a67b00a2d68a
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H/1.1 204
No Content pr Show response
alertlogic.evergage.com/ 0
197 B 618ms
143ms XHR
text/plain 3.208.35.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://alertlogic.evergage.com/pr?_r=132340
Requested by: Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/alertlogic/engage/scripts/evergage.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-35-11.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://blog.alertlogic.com
Date: Mon, 13 May 2019 17:38:39 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Timing-Allow-Origin: *

POST
H/1.1 200
OK twreceiver Show response
alertlogic.evergage.com/ 12 KB
2 KB 665ms
159ms XHR
application/json 3.208.35.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://alertlogic.evergage.com/twreceiver?_r=776469
Requested by: Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/alertlogic/engage/scripts/evergage.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-35-11.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: c3f3e368a55924db35a044bebd91f76b72e33a61df8f589ec63c02098ed9a984

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Mon, 13 May 2019 17:38:39 GMT
Content-Encoding: gzip
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://blog.alertlogic.com
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 2251

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
346 B 40ms
40ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=449abc0cc8bd4e8eb6f116c77c3d5394&_biz_s=120297&_biz_l=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&_biz_t=1557769118970&_biz_i=%0A%09%09%20%20%20%20Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware%0A%09%09&_biz_n=0&rnd=606629&cdn_o=a&_biz_z=1557769119478
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A2) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 May 2019 17:38:39 GMT
x-aspnetmvc-version: 4.0
last-modified: Sun, 12 May 2019 01:31:47 GMT
server: ECS (fcn/41A2)
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1557769119485&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2...
https://px.ads.linkedin.com/collect/?time=1557769119485&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1557769119485%26pid%3D8957%26url%3Dhttps%253A%252F%252Fblog.alertlogic.com%252Factive-exploitati...
https://px.ads.linkedin.com/collect/?time=1557769119485&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2...

0
111 B

140ms
128ms

Script
application/javascript

2a05:f500:10:101::b93f:9105
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1557769119485&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&fmt=js&s=1&cookiesTest=true&liSync=true
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:40 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 20
x-li-uuid: j+c8EbxOnhUgLIqGWSsAAA==

Redirect headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-li-pop: prod-efr5
content-length: 20
x-li-uuid: XYIOfsROnhUAqQXJGCsAAA==
pragma: no-cache
server: Play
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect/?time=1557769119485&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
268 B 160ms
159ms Script
application/javascript 104.244.42.3
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nw5n7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/oct.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_f /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 112
pragma: no-cache
last-modified: Mon, 13 May 2019 17:38:39 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 9e75712c49cd892fce8cc7457e0961f1
x-transaction: 00af51a500c55cda
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
216 B 167ms
167ms Script
application/javascript 104.244.42.3
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuosp&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/oct.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_f /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 122
pragma: no-cache
last-modified: Mon, 13 May 2019 17:38:39 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 9e75712c49cd892fce8cc7457e0961f1
x-transaction: 00e439ca00444285
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflTZdOF2/ 21 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflTZdOF2/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7c3eca218afc1869a365fac68fac54b1dd93d0531cc2abe49860d6e3db8983c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 12 May 2019 14:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99176
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 8035
x-xss-protection: 0
last-modified: Fri, 10 May 2019 00:20:22 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Mon, 20 May 2019 14:05:43 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1017341980/ 2 KB
1 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1017341980/?random=1557769119494&cv=9&fst=1557769119494&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&tiba=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

c25470fbe4c62e4969e06dac19ce0a526580e2943ddb4ec3edf5427b42f5fc3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 May 2019 17:38:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 1023
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 179 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34c2659fd8cefa81566bb68fd35fb0e6a2e91d76d0bdc35dbe3ec9f7bd57c833

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/155/ 9 KB
4 KB 60ms
59ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/155/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 13 May 2019 17:38:39 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Nov 2018 03:18:20 GMT
Server: Apache
ETag: "c67dad42946949112916578f78706df8:1543547900"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3923
Expires: Wed, 21 Aug 2019 17:38:39 GMT

GET
H2 204 0
bat.bing.com/action/ 0
117 B 54ms
48ms Image
text/plain 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5284253&Ver=2&mid=b7512c41-9cc0-3810-8bc7-52e47e487f6f&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&p=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&r=&lt=4239&evt=pageLoad&msclkid=N&rn=394013
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 13 May 2019 17:38:39 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 99E376FBD34140EA92C80E82367A02FA Ref B: VIEEDGE0319 Ref C: 2019-05-13T17:38:39Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame A584 0
0 203ms
202ms Document
text/html 151.101.0.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=alert-logic&t_i=active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&t_u=https%3A%2F%2Fwww.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&t_d=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&t_t=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&s_o=default

Requested by

Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Mon, 06 May 2019 20:25:49 GMT
ETag: W/"lounge:view:7376521622.910cf9891beaae71439b4917e8b70fcc.2"
Content-Encoding: gzip
Content-Length: 3219
Date: Mon, 13 May 2019 17:38:39 GMT
Age: 0
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 box-90f3a29ef7448451db5af955688970d7.html
vars.hotjar.com/ Frame CCDC 0
0 249ms
58ms Document
text/html 147.75.80.178
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-90f3a29ef7448451db5af955688970d7.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-228809.js?sv=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.80.178 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS: pkt-ams-k1-25
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-90f3a29ef7448451db5af955688970d7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

status: 200
date: Mon, 13 May 2019 17:38:40 GMT
content-type: text/html
content-length: 967
cache-control: max-age=31536000
last-modified: Tue, 30 Apr 2019 14:57:42 GMT
section-io-origin-status: 200
section-io-origin-time-seconds: 0.024
etag: W/"90f3a29ef7448451db5af955688970d7"
content-encoding: gzip
vary: Accept-Encoding
accept-ranges: bytes
section-io-id: 266c818b354fc71d78a5a394c771f52a

GET
H2 200 BizibleAcct.js Show response
cdn.bizible.com/ 375 B
571 B 171ms
168ms Script
text/javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/BizibleAcct.js?_biz_u=449abc0cc8bd4e8eb6f116c77c3d5394&_biz_h=-1906410348&cdn_o=a&jsVer=4.18.12.07
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7b70f16263b007c197a7f1a50d6a82a617e34b18c865a3ee1ba333a6d06a2347

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:39 GMT
x-aspnetmvc-version: 4.0
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
etag: A5EC7C32
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 375

GET
H2 200 XDFrame
app-ab01.marketo.com/index.php/form/ Frame 6323 0
0 322ms
321ms Document
text/html 104.16.92.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab01.marketo.com/index.php/form/XDFrame

Requested by

Host: app-ab01.marketo.com
URL: https://app-ab01.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: app-ab01.marketo.com
:scheme: https
:path: /index.php/form/XDFrame
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
accept-encoding: gzip, deflate, br
cookie: __cfduid=d1979353d41f84591d9f36be598b364aa1557769118; BIGipServerab01web-nginx-app_https=!7DiuC/UQXAnNRk9ybf/nLIVwOTHiDlxs6G7x7wkMrG1A9YNJSuCF1cY0h4A9DV9N50K/gIk8bVW/kIk=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

status: 200
date: Mon, 13 May 2019 17:38:40 GMT
content-type: text/html; charset=utf-8
content-length: 636
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4d66684669c7bf37-AMS

GET
H2 200 /
www.google.com/pagead/1p-user-list/1017341980/ 42 B
110 B 46ms
39ms Image
image/gif 2a00:1450:4001:81b::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1017341980/?random=1557769119494&cv=9&fst=1557766800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&tiba=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&async=1&fmt=3&cdct=2&is_vtc=1&random=203464721&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 May 2019 17:38:39 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1017341980/ 42 B
110 B 47ms
36ms Image
image/gif 2a00:1450:4001:809::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1017341980/?random=1557769119494&cv=9&fst=1557766800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&tiba=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&async=1&fmt=3&cdct=2&is_vtc=1&random=203464721&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 May 2019 17:38:39 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK visitWebPage Show response
023-pwj-200.mktoresp.com/webevents/ 43 B
623 B 685ms
134ms XHR
image/gif 192.28.151.250
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://023-pwj-200.mktoresp.com/webevents/visitWebPage?_mchNc=1557769119728&_mchCn=&_mchId=023-PWJ-200&_mchTk=_mch-alertlogic.com-1557769119726-69884&_mchHo=blog.alertlogic.com&_mchPo=&_mchRu=%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=

Requested by

Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/155/munchkin.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.151.250 , United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

monitor-test-ab25.mktoresp.com

Software

Apache /

Resource Hash

cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com

Response headers

Pragma: no-cache
Date: Mon, 13 May 2019 17:38:40 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 12:38:40 -0500
Server: Apache
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: Keep-Alive
Content-Type: image/gif
Keep-Alive: timeout=5, max=100
Content-Length: 43
Expires: -1

GET
BLOB 200
OK 83dab788-e1ec-418f-a215-e61fd93f1358
https://blog.alertlogic.com/ 2 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://blog.alertlogic.com/83dab788-e1ec-418f-a215-e61fd93f1358
Requested by: Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e6b64eaf0276ec4ba7ae04f80b5b825f89034a55e1196b200b1edcb06bda958

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Length: 1794
Content-Type: text/css

GET
BLOB 200
OK aa469dfa-d0aa-4d4e-8df7-24359d21c99d
https://blog.alertlogic.com/ 4 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://blog.alertlogic.com/aa469dfa-d0aa-4d4e-8df7-24359d21c99d
Requested by: Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5da6cab971320f684d11532a4dce04c6d30d7b473343fe0c1ae9e6eda1a5c2fc

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Length: 3618
Content-Type: text/css

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/ 28 KB
7 KB 39ms
38ms Stylesheet
text/css 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
Requested by: Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:40 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:35:20 GMT
access-control-allow-origin: *
etag: "1544639720"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 6591

GET
H2 200 css
fonts.googleapis.com/ 4 KB
684 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:817::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700

Requested by

Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

78b37ed8e1576145bcf491de5d2c9db26ed81845fdbb48537f9248912dd92a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 13 May 2019 17:38:40 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 13 May 2019 17:38:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Mon, 13 May 2019 17:38:40 GMT

OPTIONS
H2 200 website_experience Show response
jukebox.lookbookhq.com/api/public/v1/ 0
295 B 410ms
129ms XHR
text/plain 52.20.5.219
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.lookbookhq.com/api/public/v1/website_experience?clientId=LB-36FF9D6D-10460&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F
Requested by: Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.5.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-20-5-219.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: GET
Origin: https://blog.alertlogic.com
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Mon, 13 May 2019 17:38:40 GMT
content-encoding: gzip
access-control-allow-origin: https://blog.alertlogic.com
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: text/plain
status: 200
access-control-expose-headers
access-control-allow-credentials: true
access-control-allow-headers: content-type

GET
H2 200 u
cdn.bizibly.com/ 43 B
380 B 307ms
50ms Image
image/gif 93.184.220.42
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=449abc0cc8bd4e8eb6f116c77c3d5394&_biz_s=120297&_biz_l=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&_biz_t=1557769120092&_biz_i=%0A%09%09%20%20%20%20Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware%0A%09%09&rnd=433532&cdn_o=a&_biz_z=1557769120093
Requested by: Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.42 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40E5) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 May 2019 17:38:40 GMT
x-aspnetmvc-version: 4.0
last-modified: Sat, 11 May 2019 08:17:22 GMT
server: ECS (fcn/40E5)
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/ 69 KB
69 KB 64ms
57ms Font
font/woff2 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff2?v=4.6.1
Requested by: Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
Origin: https://blog.alertlogic.com

Response headers

date: Mon, 13 May 2019 17:38:40 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:36:18 GMT
access-control-allow-origin: *
etag: "1544639778"
vary: Accept-Encoding
x-cache: HIT
content-type: font/woff2
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 70769

POST
H/1.1 200
OK twreceiver Show response
alertlogic.evergage.com/ 9 KB
2 KB 153ms
152ms XHR
application/json 3.208.35.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://alertlogic.evergage.com/twreceiver?_r=124674
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-35-11.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 2c56963d3872741ba26ccb25a7f4a4316a6083324d73d276c59fbca2c4da962e

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Mon, 13 May 2019 17:38:39 GMT
Content-Encoding: gzip
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://blog.alertlogic.com
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 2067

POST
H/1.1 200
OK twreceiver Show response
alertlogic.evergage.com/ 9 KB
2 KB 304ms
153ms XHR
application/json 3.208.35.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://alertlogic.evergage.com/twreceiver?_r=950879
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-35-11.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 4bc28714ca63b3fcb498447844674fdce085f2c7409d608477501dd38cd639e2

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Mon, 13 May 2019 17:38:39 GMT
Content-Encoding: gzip
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://blog.alertlogic.com
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 2067

POST
H/1.1 200
OK twreceiver Show response
alertlogic.evergage.com/ 9 KB
2 KB 450ms
148ms XHR
application/json 3.208.35.11
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://alertlogic.evergage.com/twreceiver?_r=600639
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-208-35-11.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 6f3db9be60255c3cf567cd8ce72278deb86f2bffc714f877ce909855cc3fcf1b

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Mon, 13 May 2019 17:38:40 GMT
Content-Encoding: gzip
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://blog.alertlogic.com
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 2067

GET
H2 200 website_experience Show response
jukebox.lookbookhq.com/api/public/v1/ 816 B
943 B 140ms
139ms XHR
application/json 52.20.5.219
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.lookbookhq.com/api/public/v1/website_experience?clientId=LB-36FF9D6D-10460&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F

Requested by

Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.20.5.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-20-5-219.compute-1.amazonaws.com

Software

Resource Hash

ddf5defcdc201d8b0e28668d2db5b9f0196867d17e11ad9ab839ac818b71945e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.017471
date: Mon, 13 May 2019 17:38:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
etag: W/"ddf5defcdc201d8b0e28668d2db5b9f0"
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.alertlogic.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
vary: Origin
x-request-id: c4893d8a-afbd-4a60-86c1-e866c1563144

POST
H/1.1 204
No Content msreceiver Show response
alertlogic.evergage.com/ 0
197 B 461ms
138ms XHR
text/plain 52.54.19.237
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://alertlogic.evergage.com/msreceiver?_r=731154
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.19.237 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-54-19-237.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://blog.alertlogic.com
Date: Mon, 13 May 2019 17:38:40 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Timing-Allow-Origin: *

GET
H2 200 alfie.f51946af45e0b561c60f768335c9eb79.js Show response
c.disquscdn.com/next/embed/ 19 KB
7 KB 14ms
13ms Script
application/javascript 2606:4700::6810:50a6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js

Requested by

Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 May 2019 17:38:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 4d66684b2af1c277-FRA
status: 200
vary: Accept-Encoding
content-length: 6605
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Oct 2018 22:50:54 GMT
server: cloudflare
cache-control: max-age=31536000, public, immutable, no-transform
etag: "5bb547ce-19cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
fastly-debug-digest: baac760ca1e6f62ea6380d62d4f07b5dfbb97755c19df0448623d4ede950e2e4
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Oct 2019 00:14:16 GMT

GET
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 224 B
853 B 241ms
83ms XHR
text/javascript 151.101.120.64
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&subId=5241753&v=1&jsonp=vglnk_jsonp_15577691205320
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.120.64 Paris, France, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: f8df5f0a57926e718bf3201eefa6b8dccd3e9bfe91a9f3627e19d6cf0fc7267e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com

Response headers

Pragma: no-cache
Date: Mon, 13 May 2019 17:38:40 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://blog.alertlogic.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 224
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cookie-iframe.html
jukebox.lookbookhq.com/ Frame DB61 0
0 564ms
183ms Document
text/html 52.1.226.55
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.lookbookhq.com/cookie-iframe.html
Requested by: Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.226.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-1-226-55.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: jukebox.lookbookhq.com
:scheme: https
:path: /cookie-iframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

status: 200
date: Mon, 13 May 2019 17:38:41 GMT
content-type: text/html
last-modified: Wed, 20 Mar 2019 21:19:25 GMT
content-encoding: gzip

OPTIONS
H2 200 custom_domains Show response
jukebox.lookbookhq.com/api/public/v1/ 0
295 B 129ms
129ms XHR
text/plain 52.20.5.219
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.lookbookhq.com/api/public/v1/custom_domains?clientId=LB-36FF9D6D-10460
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.5.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-20-5-219.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: GET
Origin: https://blog.alertlogic.com
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Mon, 13 May 2019 17:38:41 GMT
content-encoding: gzip
access-control-allow-origin: https://blog.alertlogic.com
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: text/plain
status: 200
access-control-expose-headers
access-control-allow-credentials: true
access-control-allow-headers: content-type

GET
H2 200 custom_domains Show response
jukebox.lookbookhq.com/api/public/v1/ 90 B
562 B 146ms
145ms XHR
application/json 52.20.5.219
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.lookbookhq.com/api/public/v1/custom_domains?clientId=LB-36FF9D6D-10460

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.20.5.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-20-5-219.compute-1.amazonaws.com

Software

Resource Hash

a62165ab840ff92a94c6430f32f60236e15ced4aac714033930043b190fc609c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.011721
date: Mon, 13 May 2019 17:38:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
etag: W/"a62165ab840ff92a94c6430f32f60236"
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.alertlogic.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
vary: Origin
x-request-id: 7bc2a0a9-b08c-4d90-a4da-ff0b93e14bab

POST
H/1.1 204
No Content pr Show response
alertlogic.evergage.com/ 0
197 B 130ms
130ms XHR
text/plain 52.54.19.237
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://alertlogic.evergage.com/pr?_r=954221
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.19.237 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-54-19-237.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://blog.alertlogic.com
Date: Mon, 13 May 2019 17:38:40 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Timing-Allow-Origin: *

GET
H2 200 cookie-iframe.html Show response
resources.alertlogic.com/ Frame 0B69 2 KB
958 B 459ms
140ms Document
text/html 52.200.38.55
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.alertlogic.com/cookie-iframe.html
Requested by: Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.38.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-200-38-55.compute-1.amazonaws.com
Software: /
Resource Hash: 09939c2042098c0fc0247a1645a961cc66461b5b30dc3776eaf390a3671be41d

Request headers

:method: GET
:authority: resources.alertlogic.com
:scheme: https
:path: /cookie-iframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

status: 200
date: Mon, 13 May 2019 17:38:41 GMT
content-type: text/html
last-modified: Wed, 20 Mar 2019 21:19:25 GMT
content-encoding: gzip

OPTIONS
H2 200 page_views Show response
jukebox.lookbookhq.com/api/public/v1/ 0
295 B 121ms
121ms XHR
text/plain 52.20.5.219
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.lookbookhq.com/api/public/v1/page_views
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.5.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-20-5-219.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://blog.alertlogic.com
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Mon, 13 May 2019 17:38:41 GMT
content-encoding: gzip
access-control-allow-origin: https://blog.alertlogic.com
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: text/plain
status: 200
access-control-expose-headers
access-control-allow-credentials: true
access-control-allow-headers: content-type

POST
H2 200 page_views Show response
jukebox.lookbookhq.com/api/public/v1/ 153 B
624 B 157ms
157ms XHR
application/json 52.20.5.219
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.lookbookhq.com/api/public/v1/page_views

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.20.5.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-20-5-219.compute-1.amazonaws.com

Software

Resource Hash

76deeacda94ba5d403a2c53722c209171d8f1095484ad9d0e4719aa03940064a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.038765
date: Mon, 13 May 2019 17:38:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
etag: W/"76deeacda94ba5d403a2c53722c20917"
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.alertlogic.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
vary: Origin
x-request-id: 65c31db3-061b-476b-a1d4-a6daec00c189

OPTIONS
H2 200 create_event Show response
jukebox.lookbookhq.com/api/public/v1/page_views/ 0
295 B 119ms
119ms XHR
text/plain 52.20.5.219
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.lookbookhq.com/api/public/v1/page_views/create_event
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.5.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-20-5-219.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://blog.alertlogic.com
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Mon, 13 May 2019 17:38:42 GMT
content-encoding: gzip
access-control-allow-origin: https://blog.alertlogic.com
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: text/plain
status: 200
access-control-expose-headers
access-control-allow-credentials: true
access-control-allow-headers: content-type

POST
H2 204 create_event Show response
jukebox.lookbookhq.com/api/public/v1/page_views/ 0
363 B 128ms
128ms XHR
text/plain 52.20.5.219
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.lookbookhq.com/api/public/v1/page_views/create_event

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.20.5.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-20-5-219.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin: https://blog.alertlogic.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.010394
date: Mon, 13 May 2019 17:38:42 GMT
x-content-type-options: nosniff
status: 204
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://blog.alertlogic.com
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
vary: Origin
x-request-id: 31e18048-2591-4332-a17e-6d62fd4d81e6

Verdicts & Comments Add Verdict or Comment

155 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.app-ab01.marketo.com/	1970-01-19 09:28:25	Name: __cfduid Value: d1979353d41f84591d9f36be598b364aa1557769118
.youtube.com/	1970-01-19 06:33:27	Name: PREF Value: f1=50000000
.alertlogic.com/	1970-01-19 18:14:01	Name: _mkto_trk Value: id:023-PWJ-200&token:_mch-alertlogic.com-1557769119726-69884
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: i_K6FnLn0o0
.alertlogic.com/	1969-12-31 23:59:59	Name: s_cc Value: true
app-ab01.marketo.com/	1969-12-31 23:59:59	Name: BIGipServerab01web-nginx-app_https Value: !7DiuC/UQXAnNRk9ybf/nLIVwOTHiDlxs6G7x7wkMrG1A9YNJSuCF1cY0h4A9DV9N50K/gIk8bVW/kIk=
.alertlogic.com/	1970-02-25 05:30:49	Name: BE_CLA3 Value: p_id%3D66PJRRJ4LLNNRLN8R4PL26N6RAAAAAAAAH%26bf%3D04771c541b3ff8e8ff5601c99c2fbae3%26bn%3D1%26bv%3D3.40%26s_expire%3D1557855519344%26s_id%3D66PJRRJ4LLNNR6J66J6L26N6RAAAAAAAAH
.alertlogic.com/	1970-01-19 00:42:50	Name: _biz_sid Value: 120297
.alertlogic.com/	1970-01-19 09:28:25	Name: _biz_uid Value: 449abc0cc8bd4e8eb6f116c77c3d5394
.alertlogic.com/	1970-01-19 00:42:50	Name: s_lv_s Value: First%20Visit
.alertlogic.com/	1970-01-20 02:59:37	Name: s_lv Value: 1557769119309
.alertlogic.com/	1970-01-19 09:28:25	Name: _biz_pendingA Value: %5B%5D
.alertlogic.com/	1970-01-19 00:42:49	Name: _gat Value: 1
.youtube.com/	1970-01-19 00:42:50	Name: GPS Value: 1
.alertlogic.com/	1969-12-31 23:59:59	Name: AMCVS_2D2BFE14571E4A8E7F000101%40AdobeOrg Value: 1
.youtube.com/	1970-01-19 05:02:01	Name: VISITOR_INFO1_LIVE Value: wgr2ANoJwhU
.alertlogic.com/	1970-01-19 00:44:15	Name: _gid Value: GA1.2.233813471.1557769119
.alertlogic.com/	1970-01-19 09:28:25	Name: _biz_nA Value: 1
.alertlogic.com/	1970-01-19 18:15:27	Name: AMCV_2D2BFE14571E4A8E7F000101%40AdobeOrg Value: -1176276602%7CMCIDTS%7C18030%7CMCMID%7C12364503984084849452814299813473721742%7CMCAAMLH-1558373918%7C6%7CMCAAMB-1558373918%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1557776318s%7CNONE%7CMCAID%7CNONE
.alertlogic.com/	1970-01-19 18:14:01	Name: _evga_4145 Value: ef0dc5370e3e671c.
.alertlogic.com/	1970-01-19 09:28:25	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22XDomain%22%3A%221%22%2C%22ViewThrough%22%3A%221%22%7D
.alertlogic.com/	1970-01-19 18:14:01	Name: _ga Value: GA1.2.80364065.1557769119

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Frame-Options	allow-from https://resources.alertlogic.com https://www.alertlogic.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

023-pwj-200.mktoresp.com
a.b0e8.com
ajax.googleapis.com
alert-logic.disqus.com
alertlogic.evergage.com
alertlogic.sc.omtrdc.net
analytics.twitter.com
app-ab01.marketo.com
app.cdn.lookbookhq.com
assets.adobedtm.com
bat.bing.com
blog.alertlogic.com
c.disquscdn.com
cdn.b0e8.com
cdn.bizible.com
cdn.bizibly.com
cdn.evgnet.com
cdnjs.cloudflare.com
connect.facebook.net
disqus.com
dpm.demdex.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
jukebox.lookbookhq.com
links.services.disqus.com
maxcdn.bootstrapcdn.com
munchkin.marketo.net
pbs.twimg.com
platform.twitter.com
px.ads.linkedin.com
resources.alertlogic.com
s.ytimg.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
vars.hotjar.com
www.alertlogic.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.linkedin.com
www.youtube.com
104.111.217.111
104.16.92.80
104.244.42.3
104.244.42.5
147.75.204.215
147.75.80.178
147.75.83.82
151.101.0.134
151.101.120.134
151.101.120.157
151.101.120.64
151.101.64.114
172.217.16.130
172.82.228.19
184.31.84.223
192.28.151.250
209.197.3.15
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:50a6
2606:4700::6813:c397
2620:1ec:c11::200
2a00:1450:4001:808::200e
2a00:1450:4001:809::2003
2a00:1450:4001:817::200a
2a00:1450:4001:81a::200e
2a00:1450:4001:81b::2002
2a00:1450:4001:81b::2004
2a00:1450:4001:81e::2003
2a00:1450:4001:821::200a
2a00:1450:400c:c08::9b
2a02:26f0:6c00:296::25ea
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a05:f500:10:101::b93f:9101
2a05:f500:10:101::b93f:9105
3.208.35.11
34.95.105.148
35.190.5.192
52.1.226.55
52.20.5.219
52.200.38.55
52.49.47.75
52.54.19.237
54.230.93.198
54.230.93.230
54.230.93.232
93.184.220.178
93.184.220.42
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
06768ff08a78f24b60973b047561141c4413864fa2d3ac9292fb0b217a81f917
08c5812dd025af3149b80ecb972803b280476bebb5e9f02416e6f007a04de8b4
093e8ad6879175a558add8c94d0074d1b87d10e29f90ad58f45ec8fb26140832
09939c2042098c0fc0247a1645a961cc66461b5b30dc3776eaf390a3671be41d
0f67efb1a352a2239f06b373e951655b99a8ea6530929247218bcee5f1358cf9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12c0bc0ed4f34ad6251de0db7eb2db8f52cb37191482f98c1e9ac8f78dcfbdac
13a2ec182fe7cd3a00d98057115584fd356265e484b08a3a18cf76ebb2714f36
14f3b6819ef43c89752e13e38011994f18bf74ef99c92679243bbc30e3b1ed7e
1cdc48e451e5acc23a10a350583be260114164838184afe59bb497fcf4c1df5a
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
22f35f1e580566391809fff946156e10901faac6df9584e8a1427f8d3e6dcc33
26a9c8770bb5e7769425cb053b2be9c8ddfaebcd8cf2b5ae860620a94ff14690
28239dad3b58e4a8d3c4de1e7af088de5021c50532593d1d945fc8dc40b3804c
2c2b83b5a9f188b6f91fdb4db32a68cae12d7c15d62263ebd3e345429dab2ec5
2c56963d3872741ba26ccb25a7f4a4316a6083324d73d276c59fbca2c4da962e
2e4fff8d63f0306c6a9aa0563df042f03446141668b2a81e49418b8a64c3c3f4
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
347e4c3fa50e6f98a2a10fff78a4c732f09f53c0eb0b08a9df3213494d4ca043
34c2659fd8cefa81566bb68fd35fb0e6a2e91d76d0bdc35dbe3ec9f7bd57c833
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
44e763c06fc465b461a26b4aea5306f0d6bac8d1e5c1f512e951bf101e935ef8
487f2e9da2ff0740755a5ef01dc15a2888b89537795895203a831b13b199d8bb
4bc28714ca63b3fcb498447844674fdce085f2c7409d608477501dd38cd639e2
556213d68f2f3386a34135c07ea432d252682ac7deecc5eb9c9c23a194e83415
57ba3a02c8080a32202bf6daf06e30d5adf4b392b249531c6fd7b29fac584cd0
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
5cd1b9ee05ab05b7ff10c8169dbdad672013e98c4524127fc0f33f5759d70596
5da6cab971320f684d11532a4dce04c6d30d7b473343fe0c1ae9e6eda1a5c2fc
606fe67f66cae43dafd22616543240855633eb1e68050d64610b5958fb0747de
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76
6ac7b199f71de2f4ffad267887891a63377843226829fb1a02485668434284af
6d3bddeeb1d2e641dc51c4b085d18ba4b29a4bbd95ed7a3aca1c04a30a304bfe
6f3db9be60255c3cf567cd8ce72278deb86f2bffc714f877ce909855cc3fcf1b
76deeacda94ba5d403a2c53722c209171d8f1095484ad9d0e4719aa03940064a
78b37ed8e1576145bcf491de5d2c9db26ed81845fdbb48537f9248912dd92a24
79e4ebe446beb792f757e503371ae1e73ffca487abe6b2d38b228836dd6bbdf7
7b70f16263b007c197a7f1a50d6a82a617e34b18c865a3ee1ba333a6d06a2347
7c3eca218afc1869a365fac68fac54b1dd93d0531cc2abe49860d6e3db8983c6
7cc2c8a7bd96173ee2a862c122630ab8d45ad0676ad2ad60fc55307763782230
7e6b64eaf0276ec4ba7ae04f80b5b825f89034a55e1196b200b1edcb06bda958
8221c3f49ef546af3e8c05533a8e5fd532e7c192a8355064fcc93c9b3ce1c4df
83a25b6da863419e47e0cd1cc2ccdfbe977341e9df76b5e108a0d77d89172f4d
8964f1fe20bd22829aa12283e7e59515e7fc658348810e00c55a4c6c1c368628
8bc3251047c963d11d510dc2a97f6a7c6bb5934eec528e5bb786314da2bcb4c0
8c99a2efb42f096f7628d2a67dc7bde4ba3ecd96f1f21a15b7e293135d06ecf8
97b605975cae7d3866d5c0ce5088b89d16edd33cc227abfdab5d8fb3afc06ffe
9a840cbc1851e412ca570bde62526c4cbecde684da1c79e9ef8debd83ab15869
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9ef8292dbcde1495ae58d7a796d655b861c97cae627bffb1b8505d5984c7eff9
a05c99a2b5b008f0964c9e5fbd7c82baebc6d45b54449b5a11a41fa56e176d1e
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a38af8eef7e3901ac7b76cc9fe95b92c22428c407d309ffa7f6985afbf9e33f6
a62165ab840ff92a94c6430f32f60236e15ced4aac714033930043b190fc609c
a71627b229a3d8bc6683b642f9a935697c58fc2814737f28dcc7ad9e1850fa42
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
b73336a70c8e2b73cd8e349c54db26910f6f1c51be47806790252b72587ebf24
b916baec833d0b279940c3c9dc0197cc8c78f552ef8853c4e51dd16202bca116
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
bcc326a932512b85b357a85eff7a4d53ba307b8f98dda12d03e5f093d35f1fc3
c25470fbe4c62e4969e06dac19ce0a526580e2943ddb4ec3edf5427b42f5fc3e
c3f3e368a55924db35a044bebd91f76b72e33a61df8f589ec63c02098ed9a984
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
c7bdbbdc5796065794e3ffcfdd995fd7a43c618e3a56707e133f72f5ca57cd1b
c7e528d4f055f2880561bd856c5d208b563b8a0bf5842b337fd4ca11cf06d7ec
c93f3f4d498ca8a69597ebd2d6e07b5f3be531f924c1ee4abe39a0ca6d8bc071
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
d2b8a9966a1a907912e3d74509505585eeff1b7f4ef18080caac12d2dbc76957
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d
d4631de95e8413346dedfde1266d66e35294fbd88f0b675d7637f007a71b01ae
d68bb7b5d396436b422fb7656ef916b888386d70aae9d10118ed07bf37d760e1
d7d9d11f05f1629d699d61f50665fea7a3ba83b6ce14bbd47f6c839c581bc2c7
d8c51ada934b90dacd098c726db56074625d38f2f2451364d3b35c13b1671409
da7ebd42b410dec8e844022c3445e6367f49b0d68654e4012c05e5cdec6fff4e
ddf5defcdc201d8b0e28668d2db5b9f0196867d17e11ad9ab839ac818b71945e
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e1b14fab01159f43f337ddbf24563382b9099558189106cef967084f9e94ff37
e367786278723e60fe5c4692b30f2435c45f305876b06888ba832c27aa145db1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e73035342ef69a696cf2e1ddda0c23b03e39d415307cfed23c75e8899e38f4be
e97e1647b609849b4d781a2783a73e0d4fde0a1347856167657be0f613db70db
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
f3aa62e151c19d02630f97da628b703469b53a5d5a9e8fa46cb111bc86dbfeed
f8df5f0a57926e718bf3201eefa6b8dccd3e9bfe91a9f3627e19d6cf0fc7267e

blog.alertlogic.com Open in urlscan Pro 54.230.93.232 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

115 Requests

98 %HTTPS

39 %IPv6

36 Domains

48 Subdomains

47 IPs

8 Countries

1922 kBTransfer

5126 kBSize

22 Cookies

113 Outgoing links

Page URL History

Redirected requests

115 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

blog.alertlogic.com Open in urlscan Pro
54.230.93.232 Public Scan

Screenshot
Live screenshot

Full Image

115
Requests

98 %
HTTPS

39 %
IPv6

36
Domains

48
Subdomains

47
IPs

8
Countries

1922 kB
Transfer

5126 kB
Size

22
Cookies

115 HTTP transactions
1 data transactions