Which domains are used by Cyber Crucible?

Domain

Port

Protocol

Component

Producers of Traffic

Purpose

Domain

Port

Protocol

Component

Producers of Traffic

Purpose

dashboard.cybercrucible.com

443

HTTPS

Web Application

Users, typically assigned members of the IT, Security, and Compliance teams, who manage Cyber Crucible software. This web application is built on ReactJS.

This domain is tied to the administration panel for Cyber Crucible software. This admin panel is used to manage all licenses, and software agents. It is used to investigate and observe potential data or identity extortion incidents.

v2-web.tasking.ransomwarerewind.com

443

HTTPS

Web Application

Users, typically assigned members of the IT, Security, and Compliance teams, who manage Cyber Crucible software. Custom REST API programs developed by customers will also use this domain.

This domain is the REST server which the ReactJS dashboard uses to dynamically create, retrieve, update, and delete relevant data from the web application.

v2-agent.tasking.ransomwarerewind.com

443

HTTPS

Windows Service

Cyber Crucible software agents use this domain. Users do not interact with this server, and this server is managed by a separate Federated ID allocation.

Cyber Crucible software agents use this domain to receive tasking, and submit data to the agent-specific REST server.

cognito-idp.us-west-2.amazonaws.com

443

HTTPS

Web Application

Users of the web application, or custom REST API calls by a client will produce traffic to the AWS Cognito service during login.

Cyber Crucible currently uses AWS Cognito for user pool and Federated Identity services, in support of software, REST API, and user oAuth 2.0 protected communications and user management.

ransomwarerewind.auth.us-west-2.amazoncognito.com

443

HTTPS

Web Application

Users of the web application, or custom REST API calls by a client will produce traffic to the AWS Cognito service during login.

Cyber Crucible currently uses AWS Cognito for user pool and Federated Identity services, in support of software, REST API, and user oAuth 2.0 protected communications and user management.

ransomwarerewind-agents.auth.us-west-2.amazoncognito.com

443

HTTPS

Windows Service

Cyber Crucible software agents use this domain. Users do not use this domain.

Cyber Crucible software agents use this domain, which is AWS Cognito, for user pool and Federated Identity services, in support of their oAuth 2.0 protected communications and software management.

ipv4.icanhazip.com

443

HTTPS

Windows Service

Cyber Crucible software agents use this domain.

Cyber Crucible software agents query this domain to correlate the IPv4 WAN address for an agent.

ipv6.icanhazip.com

443

HTTPS

Windows Service

Cyber Crucible software agents use this domain.

Cyber Crucible software agents query this domain to correlate the IPv6 WAN address for an agent.