Which domains are used by Cyber Crucible?
Domain | Port | Protocol | Component | Producers of Traffic | Purpose |
|---|---|---|---|---|---|
dashboard.cybercrucible.com | 443 | HTTPS | Web Application | Users, typically assigned members of the IT, Security, and Compliance teams, who manage Cyber Crucible software. This web application is built on ReactJS. | This domain is tied to the administration panel for Cyber Crucible software. This admin panel is used to manage all licenses, and software agents. It is used to investigate and observe potential data or identity extortion incidents. |
v2-web.tasking.ransomwarerewind.com (deprecated) | 443 | HTTPS | Web Application | Users, typically assigned members of the IT, Security, and Compliance teams, who manage Cyber Crucible software. Custom REST API programs developed by customers will also use this domain. | This domain is the REST server which the ReactJS dashboard uses to dynamically create, retrieve, update, and delete relevant data from the web application. |
v2-agent.tasking.ransomwarerewind.com (deprecated) | 443 | HTTPS | Windows Service | Cyber Crucible software agents use this domain. Users do not interact with this server, and this server is managed by a separate Federated ID allocation. | Cyber Crucible software agents use this domain to receive tasking, and submit data to the agent-specific REST server. |
agent.tasking.rpp.cybercrucible.com | 443 | HTTPS | Windows Service | Cyber Crucible software agents use this domain. Users do not interact with this server, and this server is managed by a separate Federated ID allocation. | Cyber Crucible software agents use this domain to receive tasking, and submit data to the agent-specific REST server. |
cognito-idp.us-west-2.amazonaws.com | 443 | HTTPS | Web Application | Users of the web application, or custom REST API calls by a client will produce traffic to the AWS Cognito service during login. | Cyber Crucible currently uses AWS Cognito for user pool and Federated Identity services, in support of software, REST API, and user oAuth 2.0 protected communications and user management. |
ransomwarerewind.auth.us-west-2.amazoncognito.com | 443 | HTTPS | Web Application | Users of the web application, or custom REST API calls by a client will produce traffic to the AWS Cognito service during login. | Cyber Crucible currently uses AWS Cognito for user pool and Federated Identity services, in support of software, REST API, and user oAuth 2.0 protected communications and user management. |
ransomwarerewind-agents.auth.us-west-2.amazoncognito.com | 443 | HTTPS | Windows Service | Cyber Crucible software agents use this domain. Users do not use this domain. | Cyber Crucible software agents use this domain, which is AWS Cognito, for user pool and Federated Identity services, in support of their oAuth 2.0 protected communications and software management. |
installerfiles.rpp.cybercrucible.com | 443 | HTTPS | HTTPS File Server | Cyber Crucible installation and update files (drivers, services, etc.) | Cyber Crucible’s installation and update files are stored in this website. It is used to do initial agent installation as well as fetch files for any required updates. |
installerfiles.ransomwarerewind.com (deprecated) | 443 | HTTPS | AWS S3 File Server | Cyber Crucible download and installers | Cyber Crucible’s installation and update files are stored in this S3 bucket. It is used to do initial agent installation as well as fetch files for any required updates. |
ransomware-rewind-installation-files-64.s3.us-west-2.amazonaws.com | 443 | HTTPS | AWS S3 File Server | Cyber Crucible installer file location | Cyber Crucible’s installer exe is located in an S3 bucket hosted at this domain. This domain is likely only accessed if using the script installer. |
ipv4.icanhazip.com | 443 | HTTPS | Windows Service | Cyber Crucible software agents use this domain. | Cyber Crucible software agents query this domain to correlate the IPv4 WAN address for an agent. |
ipv6.icanhazip.com | 443 | HTTPS | Windows Service | Cyber Crucible software agents use this domain. | Cyber Crucible software agents query this domain to correlate the IPv6 WAN address for an agent. |