URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Submission: On October 04 via api from IN — Scanned from DE

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 44 HTTP transactions. The main IP is 2606:4700:20::681a:769, located in United States and belongs to CLOUDFLARENET, US. The main domain is malware.news. The Cisco Umbrella rank of the primary domain is 923402.
TLS certificate: Issued by WE1 on September 8th 2024. Valid for: 3 months.
This is the only time malware.news was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
38 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 216.58.206.35 15169 (GOOGLE)
44 7
Apex Domain
Subdomains
Transfer
38 malware.news
malware.news — Cisco Umbrella Rank: 923402
2 MB
2 talosintelligence.com
blog.talosintelligence.com — Cisco Umbrella Rank: 438496
264 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 11271
63 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
552 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 4401
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
92 KB
44 6
Domain Requested by
38 malware.news malware.news
2 blog.talosintelligence.com malware.news
1 www.google.de malware.news
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 www.googletagmanager.com malware.news
44 6
Subject Issuer Validity Valid
malware.news
WE1
2024-09-08 -
2024-12-07
3 months crt.sh
*.google-analytics.com
WR2
2024-09-16 -
2024-12-09
3 months crt.sh
talosintelligence.com
WE1
2024-09-24 -
2024-12-23
3 months crt.sh
*.g.doubleclick.net
WR2
2024-09-16 -
2024-12-09
3 months crt.sh
*.google.de
WR2
2024-09-16 -
2024-12-09
3 months crt.sh

This page contains 1 frames:

Primary Page: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Frame ID: ADF1F6C1560B35BA27A425B2F584A950
Requests: 46 HTTP requests in this frame

Screenshot

Page Title

Threat actor believed to be spreading new MedusaLocker variant since 2022 - Malware News - Malware Analysis, News and Indicators

Detected technologies

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

44
Requests

100 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

7
IPs

3
Countries

2637 kB
Transfer

15112 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 87047
malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/
141 KB
29 KB
Document
General
Full URL
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab0ccb84b56604119b46fc1776d26a47a46a66c6e3b26a62f9ae2eccb6b8f536
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-fDmdUaF9VFPk2tGRpI182aryq' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
8cd3ff4a5af0dc6a-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-fDmdUaF9VFPk2tGRpI182aryq' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self'
content-security-policy-report-only
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-fDmdUaF9VFPk2tGRpI182aryq' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self'
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 04 Oct 2024 09:03:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSzzqf5kUBafbko3zakobLY0h5qHvIREhBL3WzbOTFjw4Msu2aWAJSmo1%2F%2BvrixvnSXEdZm3ErG%2BI9Ug4uPIHpqYAoRyvcYYYSCKqUr8gEmkS66%2BA4Nth7JioqpL4LZ%2FFtwvCrQz81slEw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding Accept
x-content-type-options
nosniff
x-discourse-cached
skip
x-discourse-route
topics/show
x-discourse-trackview
1
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
78f34684-66a0-4781-a128-871e47137371
x-runtime
0.093355
x-xss-protection
0
start-discourse-c524a8995f2f0cbcea43353efe8e8f269da821ea97c21ef0f04df5fcd916170a.js
malware.news/assets/
567 B
687 B
Script
General
Full URL
https://malware.news/assets/start-discourse-c524a8995f2f0cbcea43353efe8e8f269da821ea97c21ef0f04df5fcd916170a.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c524a8995f2f0cbcea43353efe8e8f269da821ea97c21ef0f04df5fcd916170a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256367
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rOIswffzoOCTddTSuayoVzZuZW4qE2Ey%2BfvGgtopjxPLVyY%2FU6cQPwAy7f0rb2snM6vNLrgSGtPxjTXDRauMH999cQnDgtLkPfCDghR1fu7vYDaony2N%2Fd7Qg0PzYWbaqoZvdCzmFo51qA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4bdedfdc6a-FRA
expires
Sat, 13 Sep 2025 23:56:52 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:35:46 GMT
vary
Accept-Encoding
server
cloudflare
browser-update-9070f07226d022f68c06506e046ae33f8fe725302ff53955cd3d483f2fc47ff6.js
malware.news/assets/
2 KB
1 KB
Script
General
Full URL
https://malware.news/assets/browser-update-9070f07226d022f68c06506e046ae33f8fe725302ff53955cd3d483f2fc47ff6.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9070f07226d022f68c06506e046ae33f8fe725302ff53955cd3d483f2fc47ff6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256367
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DHpkgSoB8GuVqWru4xVA0n8%2B7yO7JoHO7Ndl95GmHOcoaraSrJeBZG1OwdG%2BQdR6VxFWWLrXpg6FEwZxtol5nR2xEMn6HzctYwNSRtbjc3BVTBM5BuWcTsqJKusVU%2BExvU%2BJ1TSBT5Dzkw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4bdee2dc6a-FRA
expires
Sun, 09 Mar 2025 04:07:38 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sat, 09 Mar 2024 04:04:58 GMT
vary
Accept-Encoding
server
cloudflare
browser-detect-99f42f91bffa8ca1606d62b70bb92f981d83921e78ccdbd3d9538f07007f27ac.js
malware.news/assets/
497 B
687 B
Script
General
Full URL
https://malware.news/assets/browser-detect-99f42f91bffa8ca1606d62b70bb92f981d83921e78ccdbd3d9538f07007f27ac.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99f42f91bffa8ca1606d62b70bb92f981d83921e78ccdbd3d9538f07007f27ac

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256350
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kdxN6s2NyLXBo2V9Y9g%2BojsbbLy6fC%2F%2FT%2BtfSMSb26bbgkafgZSgmGH0PrSkLLgxYT4WfsBfjjnECPcPosULWWybC0iGYIXlK1YRPtjH%2BIml7EeKgUFeSAy1xuTi8SSXYJp6rU8otYwkrg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f83dc6a-FRA
expires
Sat, 20 Sep 2025 03:22:12 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:35:46 GMT
vary
Accept-Encoding
server
cloudflare
vendor.ff29780b9fed784cce2d843dcb93a803-608f4f77d8437d715d8d39c739c0c8bbe0fe51c9305e55f1ec7d0bee19f5571f.js
malware.news/assets/
438 KB
123 KB
Script
General
Full URL
https://malware.news/assets/vendor.ff29780b9fed784cce2d843dcb93a803-608f4f77d8437d715d8d39c739c0c8bbe0fe51c9305e55f1ec7d0bee19f5571f.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
608f4f77d8437d715d8d39c739c0c8bbe0fe51c9305e55f1ec7d0bee19f5571f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256350
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FkI2QrlBmSPuDggU0kKwJKTrMb6eQA8vOsta5q38B1K3JsFWf%2FtybxNOVQUlGT9%2FKtnhSXeA6G6d8rRGcZE1EHG%2BIo625lKhaaaDYjaIpLqCTWEcnP1jzhNDx8GAOtznxdt8v1628%2BtC8A%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f86dc6a-FRA
expires
Mon, 19 May 2025 17:21:44 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:17:10 GMT
vary
Accept-Encoding
server
cloudflare
chunk.6d6a6a17194d67289ef4.d41d8cd9.js
malware.news/assets/
12 MB
2 MB
Script
General
Full URL
https://malware.news/assets/chunk.6d6a6a17194d67289ef4.d41d8cd9.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5566fc85873915364c34914ef9efda42cca8e77faad713da08a9d3d8e8677943

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256345
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cj9DWaJ8Csa%2BvBklXnu9V4LAvlk7BQRyTsvIS6iO7UNXf42jXRb2ZTLQl07KjTSzIzPAN84iJdbjGq%2B6mEXpXinkJfK9C1FyZHUH2GATdd8B2FtRGWK55LBtMliE9McJRgOQUcRgD62KKw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f88dc6a-FRA
expires
Wed, 01 Oct 2025 09:23:55 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:35:11 GMT
vary
Accept-Encoding
server
cloudflare
chunk.d43472f435e6bfab8439.d41d8cd9.js
malware.news/assets/
305 KB
21 KB
Script
General
Full URL
https://malware.news/assets/chunk.d43472f435e6bfab8439.d41d8cd9.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b5ddfb3a605aeed9ff478a225e8062861424d523836d7256e2b75489bf20cdf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256345
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EGtouIjLmIhn2M9zhnfDL2zu3L6U%2B8boqQUQuF86sEBobzSN0cEhZ8zG%2BO6u6XrwQRHYWdtDP463i3%2FL9ZTFLOUE1U5iUlq24LHYuWd%2BBRL2m2O6MyqdaJwsGTFT04UjSxFtF%2By1rSPdmw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f8bdc6a-FRA
expires
Mon, 19 May 2025 17:21:38 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:17:01 GMT
vary
Accept-Encoding
server
cloudflare
checklist-55813a5bacc3c99fda0b099a80401f124870fa9b510ced078af32f8a82364461.js
malware.news/assets/plugins/
4 KB
2 KB
Script
General
Full URL
https://malware.news/assets/plugins/checklist-55813a5bacc3c99fda0b099a80401f124870fa9b510ced078af32f8a82364461.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55813a5bacc3c99fda0b099a80401f124870fa9b510ced078af32f8a82364461

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256344
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eu8DoSM%2FRvW5nev9JiRvePaGaFSZthpCsnTCA%2B4TKTNv3VApjNu1a4In39yhN0D8dZJnDm2xos1O1BTfwtGZKzNLsuj1daCXOTpvCpu%2BdpBEet0QdyhjvPQdPmaxq9exyK4uRl73zlczAw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f8ddc6a-FRA
expires
Mon, 19 May 2025 17:21:38 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:18:01 GMT
vary
Accept-Encoding
server
cloudflare
discourse-details-48148ec534a4c5e9614302186b345123ba1358787c41bc31cbd17231f794fe42.js
malware.news/assets/plugins/
1 KB
990 B
Script
General
Full URL
https://malware.news/assets/plugins/discourse-details-48148ec534a4c5e9614302186b345123ba1358787c41bc31cbd17231f794fe42.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48148ec534a4c5e9614302186b345123ba1358787c41bc31cbd17231f794fe42

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256341
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2FZIswEWA6eYLl1S84UQUa0J1a5biKQHS%2BxFLBwDY8KzUmwJd2m3I9SXj%2FJlre2Arc0CjYTtWaAZOAs9BD6n1C3RddP8vsl%2F9uzGKMJyWp1hh68nyk8nvAFzc0RMDqiR8Li%2Bh3Z5v3U64A%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f8edc6a-FRA
expires
Mon, 12 May 2025 06:44:11 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sat, 09 Mar 2024 04:05:22 GMT
vary
Accept-Encoding
server
cloudflare
discourse-lazy-videos-bdf1486acc96b228a2163490640a2bdc90f5e0a1bb1949335fd1fde2ad48795c.js
malware.news/assets/plugins/
7 KB
3 KB
Script
General
Full URL
https://malware.news/assets/plugins/discourse-lazy-videos-bdf1486acc96b228a2163490640a2bdc90f5e0a1bb1949335fd1fde2ad48795c.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdf1486acc96b228a2163490640a2bdc90f5e0a1bb1949335fd1fde2ad48795c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256341
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8jNKPMYQnZlOR4csyqX6KjWP5przEuEY3E5tto6vv4ywsxH90nCykfPz04NBV5PWCXMfPyRtRxvnX4j4IYWL6ImKZw%2BgeI7IgtTWHlJDkPJSnUnQE8m7Y%2Fj%2BL%2BQNOtP1aIV0QvJRAssvYA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f8fdc6a-FRA
expires
Fri, 13 Jun 2025 01:09:53 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:36:18 GMT
vary
Accept-Encoding
server
cloudflare
discourse-local-dates-823b91992054aeb8ca1e4921c7a3ae7f9fae09ef838946f3b261ab5a6ad776ee.js
malware.news/assets/plugins/
33 KB
9 KB
Script
General
Full URL
https://malware.news/assets/plugins/discourse-local-dates-823b91992054aeb8ca1e4921c7a3ae7f9fae09ef838946f3b261ab5a6ad776ee.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
823b91992054aeb8ca1e4921c7a3ae7f9fae09ef838946f3b261ab5a6ad776ee

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
262695
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o4U%2FiufF2%2FUFLngx0R0sQvnT7iK0Xug0fv1YZGLjmr67X5yxbV8EOdsQPAU5St6vjhooDmBw05yObKZEO9STGMHLcecP4c3eMUGiNImcdgrC6LL1r21HnjbPAF647aRuIRYcDpoVee%2Fw%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f91dc6a-FRA
expires
Mon, 19 May 2025 17:21:38 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:18:02 GMT
vary
Accept-Encoding
server
cloudflare
discourse-presence-a43bd7b3aa8d60242368b06762baf883047520450269be0bbd5491f6c14661c0.js
malware.news/assets/plugins/
11 KB
3 KB
Script
General
Full URL
https://malware.news/assets/plugins/discourse-presence-a43bd7b3aa8d60242368b06762baf883047520450269be0bbd5491f6c14661c0.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a43bd7b3aa8d60242368b06762baf883047520450269be0bbd5491f6c14661c0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256339
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fiVtXukLIvoYYL4m2gZ2kbe4SQfkhZOKOryxSoV73ttYFNCjOLob2GsOvnY4qqQrxMsxniOYehbsybOSl7zwar%2FQkiPXSV2qw7YB8cIar2KArsaUEfr8wW2AN6n%2F56qv%2FavfkbsSDspnMw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f94dc6a-FRA
expires
Mon, 19 May 2025 17:21:38 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:18:02 GMT
vary
Accept-Encoding
server
cloudflare
docker_manager_admin-b355b48ea8dc5f9252a78cf0a6b7210b0493676ee421a69a425d092b98c2cc51.js
malware.news/assets/plugins/
37 KB
8 KB
Script
General
Full URL
https://malware.news/assets/plugins/docker_manager_admin-b355b48ea8dc5f9252a78cf0a6b7210b0493676ee421a69a425d092b98c2cc51.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b355b48ea8dc5f9252a78cf0a6b7210b0493676ee421a69a425d092b98c2cc51

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256336
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LDHj32SF%2FCSS1mAqOAT00g0pTp%2BfldDq8u79ykPGOZoI2ZQXdJ4p0AnqB0hPZxTAjcADaFsZm46ZeWb7O5yOO%2FuYD5fwQwLFIq5q6HwGzM6K17Q0xtHD1TR3wQkx7djviDCVe84wGbwmGA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f9bdc6a-FRA
expires
Mon, 19 May 2025 17:21:38 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:18:02 GMT
vary
Accept-Encoding
server
cloudflare
footnote-79e2a367b53b791240c3504826b87b2787c9d197d77cd422969d592aae9cf23b.js
malware.news/assets/plugins/
3 KB
1 KB
Script
General
Full URL
https://malware.news/assets/plugins/footnote-79e2a367b53b791240c3504826b87b2787c9d197d77cd422969d592aae9cf23b.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79e2a367b53b791240c3504826b87b2787c9d197d77cd422969d592aae9cf23b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256334
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GxPuJYKzwZEB30In%2B%2FmEaLE4hB%2B%2F%2FSvOlWh6yFdV6VFRQH5qnRdPW3PG5FrMX6C3Wv%2FJkXU667juB5y9FDOmpMm%2BB8jgDE56uxQQaCqWzMR%2FR3cgMfN%2BYBGiVYouydajEab6zjqVAj5PkA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f9ddc6a-FRA
expires
Mon, 19 May 2025 17:21:38 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:18:02 GMT
vary
Accept-Encoding
server
cloudflare
footnote_extra-295b457b90cb18fedfdb544868c494c71842a27c0781d3042fa4fd26589204fa.js
malware.news/assets/plugins/
6 KB
3 KB
Script
General
Full URL
https://malware.news/assets/plugins/footnote_extra-295b457b90cb18fedfdb544868c494c71842a27c0781d3042fa4fd26589204fa.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d42ebdcddd972fdff22dca8398998a80ce50b0ec08915e8e8b9682a941b8651

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256334
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eGbP1jnGL1Y%2BMficpPcFU7IsaOH8fMH0hpS9oKtRIaqGrZrXkjgzODFlw3DuzyP3cPgmppMTf4Lrkb7LbcQwHXNhbllIlilK%2FvTe5Rn6MdrEURGqigArAmCtxgtccBI%2B3Y3Roo%2FnQNWrgw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1f9fdc6a-FRA
expires
Mon, 12 May 2025 01:37:00 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sat, 09 Mar 2024 04:05:57 GMT
vary
Accept-Encoding
server
cloudflare
poll-ee978b42838e26d757251675c40fb0f62dff2f4081dc00fc4bb5492265f63b16.js
malware.news/assets/plugins/
62 KB
17 KB
Script
General
Full URL
https://malware.news/assets/plugins/poll-ee978b42838e26d757251675c40fb0f62dff2f4081dc00fc4bb5492265f63b16.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee978b42838e26d757251675c40fb0f62dff2f4081dc00fc4bb5492265f63b16

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
262694
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bbwmiRqOwF590SV8Znu9yP91YXLzaaEiZkstZ5ARzalHU%2BAB%2FCwusFZ9iCsZ0ase%2B1qT29GTk6ANJZxHrD6Y6YlOSDKsrOdYPBiRJtnLYVgVbRXdgt4kK%2BOcn%2FOSiYghZn3LNfrw4XQNxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1fa1dc6a-FRA
expires
Mon, 19 May 2025 17:21:39 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:18:03 GMT
vary
Accept-Encoding
server
cloudflare
spoiler-alert-77512c36f465902e7dbf3b8252c7cd6387edc9bf4ca804b79466212c1d1c843d.js
malware.news/assets/plugins/
3 KB
2 KB
Script
General
Full URL
https://malware.news/assets/plugins/spoiler-alert-77512c36f465902e7dbf3b8252c7cd6387edc9bf4ca804b79466212c1d1c843d.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77512c36f465902e7dbf3b8252c7cd6387edc9bf4ca804b79466212c1d1c843d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
262694
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gBTGH6FhYVHQ4DZjWPxb5z1hDMgvKT2PJa3yr9ImCUmULFFfmb6kgOo8%2BqZaE%2FNu1Dlq7n2Lm88nRrG5k3usl%2Fnif2jgDSeq7qdSx8SDFas2Gjua3fmBnFvNqTEQ%2Bxv5KFgZA%2BqJL8Ax7g%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1fa4dc6a-FRA
expires
Tue, 29 Apr 2025 17:27:28 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sat, 09 Mar 2024 04:05:23 GMT
vary
Accept-Encoding
server
cloudflare
en-666fe268c5c09740e19778d3756be4ffa4bfa22642e83a31cc7ee39923049ac7.js
malware.news/assets/locales/
348 KB
95 KB
Script
General
Full URL
https://malware.news/assets/locales/en-666fe268c5c09740e19778d3756be4ffa4bfa22642e83a31cc7ee39923049ac7.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ee33f26479a267cb93b664a5c2ff07e4f835e022e2fdbc5c8c23564b0dc292

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256328
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QO2H17GIUgZrbxUBH%2BTRKrKdwPUMq1ncMcqxbDCG1cmEZ3f8%2BR1oW6JyQCT3K0XcTM2q4a%2F3JNaiRVaO2oMZL9%2FU%2Bi%2Fr4zFR%2Br5mpj3LvWSyQECT1i%2BEJgfSkrI%2BR9lHvOY%2BkqlLFXU8vA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1fa6dc6a-FRA
expires
Wed, 01 Oct 2025 09:23:55 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sun, 19 May 2024 17:36:59 GMT
vary
Accept-Encoding
server
cloudflare
js
www.googletagmanager.com/gtag/
259 KB
92 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-SVDG4GL741
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
82d80ccd23351fc2cc99adaea09be92d061da857664eff57b1acdd640ce30556
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 04 Oct 2024 09:03:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
93083
x-xss-protection
0
server
Google Tag Manager
google-universal-analytics-v4-e154af4adb3c483a3aba7f9a7229b8881cdc5cf369290923d965a2ad30163ae8.js
malware.news/assets/
533 B
649 B
Script
General
Full URL
https://malware.news/assets/google-universal-analytics-v4-e154af4adb3c483a3aba7f9a7229b8881cdc5cf369290923d965a2ad30163ae8.js
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e154af4adb3c483a3aba7f9a7229b8881cdc5cf369290923d965a2ad30163ae8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
public, max-age=31536000, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
256327
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2fUGsyUnzCEhcFYiCn0CFkLhpQwA8AZHc6kwQZgJTCCPJSP6mbO99XrDU9iTJi0bWv0xIix%2BTENa4YuDA5MY689PhZsC%2BNhI9ZeETilEc3Rze0qEwufIPrgQdIlb1eaRHWGiuAG7egVoVA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff4c1fa8dc6a-FRA
expires
Tue, 29 Apr 2025 14:41:33 GMT
date
Fri, 04 Oct 2024 09:03:10 GMT
content-type
application/javascript
last-modified
Sat, 09 Mar 2024 04:04:58 GMT
vary
Accept-Encoding
server
cloudflare
color_definitions_base__2_4a8c937dd96730817e3ecfdfc23b856bce1e757d.css
malware.news/stylesheets/
4 KB
2 KB
Stylesheet
General
Full URL
https://malware.news/stylesheets/color_definitions_base__2_4a8c937dd96730817e3ecfdfc23b856bce1e757d.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4e134f40c8c4baad557dbe3eb6869d8cf4a66462084170b4881a2aff6eca274
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
ec55d492-ec82-4a17-9160-650e9eb115b8
content-encoding
gzip
cf-cache-status
HIT
age
256367
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4staK%2F3cdGYq8bjucBJHkjeB2bisiAqOpBQbtjHTMheGnWi5V%2B34r2V3Nfnf67gZp44Hmm4u06AUiS0ieHT2dPhuLoN7EdL3lU8C%2F7RCMNygWo6%2FkNGGUbzn2s95rdULns%2BAqIis1zCMgA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="color_definitions_base__2_4a8c937dd96730817e3ecfdfc23b856bce1e757d.css"; filename*=UTF-8''color_definitions_base__2_4a8c937dd96730817e3ecfdfc23b856bce1e757d.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:16 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdeebdc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
661 KB
103 KB
Stylesheet
General
Full URL
https://malware.news/stylesheets/desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fe258a6b3a482ce904aaa4d71aa8b276ac2d66289e56515adaa373ce73e6173
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
d5e0fb08-e9f8-4b92-9a16-00ade4ca5c82
content-encoding
gzip
cf-cache-status
HIT
age
264227
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2BzZXQhT%2Bme3qN8s4y0WJZinhEzn00Fume2beU%2B03Fw8MQT4mVYnM0YjWcFTupm6UUQ36tg3JwLsWEekVPr38usEgSr%2F%2FFW7Bt4p1gmVkvmaObuyRNpyKoTE%2Bwnac%2B3PbxMhpBrdUTlmxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:10 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdeeedc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
checklist_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
5 KB
2 KB
Stylesheet
General
Full URL
https://malware.news/stylesheets/checklist_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0fbc7f61c0620a4ec824cc106951eff46d60cfd8eb8d8d490218463d2fd98cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
1a993d85-260b-47f0-9546-228b39271db1
content-encoding
gzip
cf-cache-status
HIT
age
256357
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2BVDDGdRVrQDNKptKSPnX%2F40hFjXGx8AvBF7kHGogK0HaM0upOjubIIPveJyXTpO3Jjr%2FeGyTgN52Ka0QDqPiwZh7kCeLBBTAL%2FObCvGR5DOujbOQFsbN1AhuDAjX%2FZJS86FMNJED2TumQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="checklist_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''checklist_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:14 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdef0dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
discourse-details_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
3 KB
1 KB
Stylesheet
General
Full URL
https://malware.news/stylesheets/discourse-details_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0998f98bd48342f12e7081dc237e6982e151d5f03cda0cf111da67e615b8ce9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
1534ccd9-ef9e-455b-8259-e75df474fb94
content-encoding
gzip
cf-cache-status
HIT
age
256355
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wi6oy%2BHSH%2BAyZ%2BJnOtXYj27Lq%2FxcDO78gjaI86Z11kKuylwUMD4o6LRaVj7c%2FpTh2jlefk93EftEdpUyr7jZBX7HU3AKnt%2BnNg1gawZiuHkrmukEDQdtEGAvRrcknk0La2nKGBmfjs1S6g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="discourse-details_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''discourse-details_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:14 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdef1dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
discourse-lazy-videos_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
7 KB
4 KB
Stylesheet
General
Full URL
https://malware.news/stylesheets/discourse-lazy-videos_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
152760f614cc53fb6dd1c362d06c281a719e37ce1dec3636ffb90f33e2bb6131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
f1c5df15-0a88-4aab-bd13-b20596d0831c
content-encoding
gzip
cf-cache-status
HIT
age
256355
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OkQOcu62%2FjkwbFc61njZpy%2F0NvCs6gGCrzd97wjf4OCbMvHDL%2F30i1%2Fau%2Byzb7N%2B6Cu9U14pDH8972wQU1aOtKMYncy2iWKhB0Cjp3zRSHj1mMAWI%2Byt0qyemJ9A5%2BOM92hOdh72VrKdkw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="discourse-lazy-videos_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''discourse-lazy-videos_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:14 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdef2dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
discourse-local-dates_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
875 B
870 B
Stylesheet
General
Full URL
https://malware.news/stylesheets/discourse-local-dates_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2b15f24ee32ae108d07a11757c4e120fb2c0384f3a842952432da1736158ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
fdb288da-5f3e-4e2b-ac1b-dee5aee94f6d
content-encoding
gzip
cf-cache-status
HIT
age
256355
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WzufyBmb%2Fx3jbwv6CnjIEPEAdN6VciRt9dubhfezYFr2XB2OV1TnBx019xyRqQbQiVheEp2QLDK%2B7x1NTIqMGDN2zUDbmtZkNQSSu0FPG24DAblTtc2O%2BlNrVCdmMJhBazdeZAx%2B9fA1lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="discourse-local-dates_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''discourse-local-dates_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:15 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdef3dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
discourse-narrative-bot_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
171 B
722 B
Stylesheet
General
Full URL
https://malware.news/stylesheets/discourse-narrative-bot_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c3dcd0afcea9a61171dd74c218ce2ba9bb686ae0e68c967ae4e75c8fdeb8687
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
1569a4d0-d527-4f26-88b2-4831c34dbba7
content-encoding
gzip
cf-cache-status
HIT
age
256353
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FCzIkOeMhrIrxJj3k0poGr%2BuTVe9JWscK3vlxHCSvSpHlSdfCsAjE5QAjACBVULw9pU3LOA17Lc6ctLMU%2B3UumWTAjwVulQcQUSAjucV2pmTzu02cDLPUuzwIYYDYX5t5wIZreRYyksKHg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="discourse-narrative-bot_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''discourse-narrative-bot_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:15 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdef4dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
discourse-presence_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
1 KB
1 KB
Stylesheet
General
Full URL
https://malware.news/stylesheets/discourse-presence_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a39db0af2b877ea2c5cccbc1420ef9533196f61a33e740d8ec2bb31126470856
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
180573a8-0fd7-428c-88aa-a4821fca2709
content-encoding
gzip
cf-cache-status
HIT
age
256352
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nXvcPI4Phhj%2FTidRQgyftF1Bo5x6lqBDPS19q7xsEopCg1hoyHVikzRkZJ52vF6mrFpeUSXLW0al3GWALWdLcoAC9Nsgvao6D3zFDzHDk0W9ySL5BijMJ27F4D%2BCztZCzumxypeqmQQiaA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="discourse-presence_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''discourse-presence_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:15 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdef6dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
docker_manager_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
2 KB
2 KB
Stylesheet
General
Full URL
https://malware.news/stylesheets/docker_manager_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb79726d8b50ade37e5ca0c5c82fc92eea9757c2e14e5f7feca1b80f7732048e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
8e046a15-4c38-45b5-b003-5981d94f7bef
content-encoding
gzip
cf-cache-status
HIT
age
256352
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qn61ZGkOau0qFniwjCOIGa33gbpGMFXvySXlXf%2FHyk8JiAkT%2B1Ff%2BVEXN1rVdTHBj%2BuXuuMvnpvL1ODdiCq8EyMEoT%2BQswGbYhL9L8FIq0MwzPTVQvIdqAnvvucGAIqGfU4m5BKU9YQ8Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="docker_manager_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''docker_manager_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:15 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdefedc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
footnote_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
2 KB
1 KB
Stylesheet
General
Full URL
https://malware.news/stylesheets/footnote_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b795edfb1b2de13aba43932708e4148b0aa37971047c94fcded06dbe5a4f61ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
0a14e6ff-3c2f-40eb-ac99-ff981b6824ea
content-encoding
gzip
cf-cache-status
HIT
age
256352
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0c7JLbiYcyYFB2V8UE3LBXMXOWx0AdmrPHVuKWXDv%2BBI%2F3epwUU%2FjGg40bStai8ofMQb5CCkTGXRR8Gy4qLmpx8FkWsQIUeG5juzZxmv0hwHGnT4irZxXu64VUwM4li0FmwEyQTTa8FGGw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="footnote_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''footnote_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:15 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdf01dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
poll_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
10 KB
3 KB
Stylesheet
General
Full URL
https://malware.news/stylesheets/poll_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ae4f4ee6f5299f646a880259e857f469f41fc0ae30cc568c94e81901dad49cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
1d474f2c-3dc1-441e-8712-b226c908560a
content-encoding
gzip
cf-cache-status
HIT
age
27400
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JTVH7WYkGTsEoT8p7YYAm%2BO2CzWnQeXaDjVVS5MwrLE9fG2bnNVAZnDOpwCSTHPzyvggcSPv3jEMOwTE6TsjzlhSftjLncQhBffkQMbCM3SQb6p2KsoUu6zymxvsjxH9qV73Si7vzwhFIw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="poll_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''poll_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:15 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdf03dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
spoiler-alert_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
1 KB
860 B
Stylesheet
General
Full URL
https://malware.news/stylesheets/spoiler-alert_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f1ad194fec669a7a9d1643b2e5aa0fc0d4c3566c0652e741f9b7667e687185d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
1025a72b-c694-435b-ae6b-a3817b13fb2e
content-encoding
gzip
cf-cache-status
HIT
age
256350
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bt2kTaNG%2F0fzCr2NrtfwYs6vs004SeVMODV83vkdXF96dJFTVbEKbtgmtNFoKlehGjnN3IOQOQM7C4yLAMuQrrdpn4uyruawAXU8rWAxaIxMTUfMh9aUu05%2FGGs531SffqD0hoKBUFW5WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="spoiler-alert_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''spoiler-alert_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:15 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdf04dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
poll_desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/
611 B
871 B
Stylesheet
General
Full URL
https://malware.news/stylesheets/poll_desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25f16c6ec5664d0694edfe491fb383a433ece0ea25917cf656e87d3867d5dd5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
6fe1b42b-501f-4ea8-a40f-423db8c4ee7f
content-encoding
gzip
cf-cache-status
HIT
age
256350
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t2KdHWjY31tauBZj6STI%2ByQt4eFF6xTn%2Bqc9V8c%2BcMmvY5AXmYZSzvZBrcsyoqCn9ZbilWtF2dGfjhFyMa79is4o2gqhEVJw%2FwDSJeJ8M53%2FGBFwcSzm5usdh0lzJBC9L60o72mCmbY9jg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="poll_desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''poll_desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:15 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdf05dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
desktop_theme_2_a38326017212e35af640b7285f440cd9f26f6eaa.css
malware.news/stylesheets/
108 B
670 B
Stylesheet
General
Full URL
https://malware.news/stylesheets/desktop_theme_2_a38326017212e35af640b7285f440cd9f26f6eaa.css?__ws=malware.news
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b01475a1ed788124386bf51068464a0ea886a403c1b1e51e8a2cde722894a2c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
2623e9a5-df6b-4bf4-ba65-70c12a647b5f
content-encoding
gzip
cf-cache-status
HIT
age
256350
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UD5afeB7RSK2KsKvgd%2FpwPjfk6WZR7PgHljHDuIpkPI5W1xOaze2BfMsVISmNq8ux1mQukkyOgjkr1Zpo5ohLO5VDj7w4krflvmHuHd95iUsJpjM2KLeZUQgfbMSwxJf%2FpMJSl%2BZA5U7Hg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:10 GMT
content-disposition
inline; filename="desktop_theme_2_a38326017212e35af640b7285f440cd9f26f6eaa.css"; filename*=UTF-8''desktop_theme_2_a38326017212e35af640b7285f440cd9f26f6eaa.css
content-type
text/css
vary
Accept-Encoding
last-modified
Sun, 19 May 2024 17:37:16 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff4bdf06dc6a-FRA
x-discourse-route
stylesheets/show
x-xss-protection
0
server
cloudflare
truncated
/
42 B
42 B
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a0389bf2491388d6184b975a3a130c29fc1a9af8f29a4c9a3d0536a3da88e0f3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
svg-2-c1066beb12cc75cc4c3bc42f218f381c862e7905.js
malware.news/svg-sprite/malware.news/
143 KB
48 KB
Script
General
Full URL
https://malware.news/svg-sprite/malware.news/svg-2-c1066beb12cc75cc4c3bc42f218f381c862e7905.js
Requested by
Host: malware.news
URL: https://malware.news/assets/chunk.6d6a6a17194d67289ef4.d41d8cd9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ce1934be1fa8520dcc9442317e483c1fc52cc241cc48c096c0d188cd327ae04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

x-request-id
a1b55771-44c0-4a8f-aedb-1d6a2d2d6638
content-encoding
gzip
cf-cache-status
HIT
age
255368
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d5ZuBNGwSHx1o7muscWGjuhsi8SANTXgdpuwvMHeGXRcGqygI07WIdIBg5g7VcFxytbA1cZ1OpVvK5yqDz1jF%2Bw%2BEdP%2BuUk6IEwU4i%2FPkHlZ%2BCiSGLpxNq9pI0Hc0pS%2F5zx2BI%2F1gJb63w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:11 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding, Accept
last-modified
Mon, 19 May 2014 17:24:04 GMT
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin-allow-popups
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff50ac98dc6a-FRA
x-discourse-route
svg_sprite/show
x-xss-protection
0
server
cloudflare
ba8ee0a927a69022c651441ac23d01bcdbc09785.png
malware.news/uploads/default/original/3X/b/a/
9 KB
9 KB
Image
General
Full URL
https://malware.news/uploads/default/original/3X/b/a/ba8ee0a927a69022c651441ac23d01bcdbc09785.png
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
041dc75fa9294876d29e6d78e76c9f7f3202f1763480da93d6ce2414d0a095c3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
age
255368
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w7Ep3IFIvVSCOSauN%2F%2F0rghN6amfGVjBYNSaRIrsS58PaxlS0rIvjrWOD2NuzY4IQMlsi6sSzKJrIId6oC389TffwwNXxpSNBKo81QF5hEjbkYPTqczXYtqM8eYiX%2BDLMepS6rkFRn7KXg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff530b5adc6a-FRA
expires
Wed, 01 Oct 2025 10:07:03 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
8758
date
Fri, 04 Oct 2024 09:03:11 GMT
content-type
image/png
last-modified
Sat, 22 Dec 2018 04:38:37 GMT
vary
Accept-Encoding
server
cloudflare
24_2.png
malware.news/user_avatar/malware.news/malbot/48/
3 KB
3 KB
Image
General
Full URL
https://malware.news/user_avatar/malware.news/malbot/48/24_2.png
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
acb53c4533765bc5dc1225c4850964ddb2ed637a7a1cf420c446a08104085da8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
264227
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uh%2FbNwuhG9cMdIlFRW0OltT5V5nbn31rI2k66EZkhX4BYc8MaZkCChjJr5sf%2BZFl2eTQKWsxazzHRQbeuCHDbVFPWfmRL7Lcx7LNBwWbxd%2FZJ1wIuSQGIJjIVkldMF858r8s%2F05KmjmqYg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 09:03:12 GMT
content-type
image/jpeg
last-modified
Sat, 09 Mar 2024 04:15:49 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=31556952, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-transfer-encoding
binary
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8cd3ff53fdeadc6a-FRA
accept-ranges
bytes
content-length
2626
x-discourse-route
user_avatars/show
x-xss-protection
0
server
cloudflare
medusa-header.jpg
blog.talosintelligence.com/content/images/2024/10/
99 KB
100 KB
Image
General
Full URL
https://blog.talosintelligence.com/content/images/2024/10/medusa-header.jpg
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fbef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb98b89074394943e10203a176acac2affc406c5057c94b3d72b90e2668337e8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/

Response headers

ghost-age
0
x-request-id
45e4acfd-79be-4423-8fae-5ab21332833e
cf-bgj
imgq:100,h2pri
etag
W/"18bf5-19251819e97"
age
82901
ghost-fastly
true
ghost-cache
MISS
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Sat, 04 Oct 2025 09:03:12 GMT
status
200 OK
cf-polished
status=not_needed
x-cache
MISS, MISS, MISS
date
Fri, 04 Oct 2024 09:03:12 GMT
content-type
image/jpeg
last-modified
Thu, 03 Oct 2024 08:31:42 GMT
x-cache-hits
0, 0, 0
x-served-by
cache-ams2100139-AMS, cache-ams21027-AMS, cache-iad-kiad7000024-IAD
strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-timer
S1727944303.400953,VS0,VE142
via
1.1 varnish, 1.1 varnish, 1.1 varnish
cf-ray
8cd3ff542aa1d28c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
101365
server
cloudflare
AD_4nXdEPaSCke7t03Zfq1cquRARJbADIHMEaRB1tC-jvWWR1bGtLnK9yfGVn_w7U-Ov3ojqO0_DWutwItfZekGJ6BgRpqqAn7iRQCsuRMFhDgHI9KOFMMw0S9d85jLBtZZQfl3N8uUuKZ6mSGkXkToccZXeanFx.png
blog.talosintelligence.com/content/images/2024/10/
164 KB
165 KB
Image
General
Full URL
https://blog.talosintelligence.com/content/images/2024/10/AD_4nXdEPaSCke7t03Zfq1cquRARJbADIHMEaRB1tC-jvWWR1bGtLnK9yfGVn_w7U-Ov3ojqO0_DWutwItfZekGJ6BgRpqqAn7iRQCsuRMFhDgHI9KOFMMw0S9d85jLBtZZQfl3N8uUuKZ6mSGkXkToccZXeanFx.png
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fbef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae6114d5cc24a9ce77644e4b8164d32af201551e051fbf8f32f3aa0ebd169b5d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/

Response headers

ghost-age
0
x-request-id
d10c0297-540c-4c10-84c7-99b4da9a6c0a
cf-bgj
imgq:100,h2pri
etag
W/"49c48-1925176edf8"
ghost-fastly
true
ghost-cache
MISS
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Sat, 04 Oct 2025 09:03:12 GMT
status
200 OK
cf-polished
origFmt=png, origSize=302152
x-cache
MISS, MISS, HIT
date
Fri, 04 Oct 2024 09:03:12 GMT
content-type
image/webp
content-disposition
inline; filename="AD_4nXdEPaSCke7t03Zfq1cquRARJbADIHMEaRB1tC-jvWWR1bGtLnK9yfGVn_w7U-Ov3ojqO0_DWutwItfZekGJ6BgRpqqAn7iRQCsuRMFhDgHI9KOFMMw0S9d85jLBtZZQfl3N8uUuKZ6mSGkXkToccZXeanFx.webp"
vary
Accept
last-modified
Thu, 03 Oct 2024 08:20:01 GMT
x-served-by
cache-ams2100138-AMS, cache-ams2100138-AMS, cache-iad-kiad7000090-IAD
x-cache-hits
0, 0, 0
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
public, max-age=31536000
x-timer
S1727968646.080020,VS0,VE1
via
1.1 varnish, 1.1 varnish, 1.1 varnish
cf-ray
8cd3ff542aa2d28c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
167694
server
cloudflare
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-SVDG4GL741&gtm=45je4a20v9121104881za200&_p=1728032591188&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101747727&cid=859918640.1728032592&ecid=697793652&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&dl=%2Ft%2Fthreat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022%2F87047&dt=Threat%20actor%20believed%20to%20be%20spreading%20new%20MedusaLocker%20variant%20since%202022%20-%20Malware%20News%20-%20Malware%20Analysis%2C%20News%20and%20Indicators&sid=1728032592&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.autoLinkConfig=%5Bobject%20Object%5D&tfd=1895
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SVDG4GL741
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://malware.news
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 09:03:12 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
552 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SVDG4GL741&cid=859918640.1728032592&gtm=45je4a20v9121104881za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101671035~101747727
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SVDG4GL741
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c02::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://malware.news
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 09:03:12 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SVDG4GL741&cid=859918640.1728032592&gtm=45je4a20v9121104881za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=568647542
Requested by
Host: malware.news
URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Fri, 04 Oct 2024 09:03:12 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
a0086c91da850eb004fb4af82117ab347b9e272a_2_32x32.png
malware.news/uploads/default/optimized/3X/a/0/
2 KB
2 KB
Other
General
Full URL
https://malware.news/uploads/default/optimized/3X/a/0/a0086c91da850eb004fb4af82117ab347b9e272a_2_32x32.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7afa12ce5701916349284e884f7fddcf56832f30d041982b6f9a484b64084f5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047

Response headers

cache-control
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
age
252807
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ECc9FRqETFHEOsjW74kVUPMroODtF3UKdVYC8JvGcheqs5RdaPZXd1v4aPnqEiIagAnYhnv6VTs3vF63eHMUA9Zo84jpKeBu4I4K1VFnqKawA8zKzbmcHtAl0jOlwJwwSzKdMCRdZx4%2FEw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd3ff569d14dc6a-FRA
expires
Sun, 09 Mar 2025 04:07:40 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
1851
date
Fri, 04 Oct 2024 09:03:12 GMT
content-type
image/png
last-modified
Sat, 01 Jun 2019 22:43:41 GMT
vary
Accept-Encoding
server
cloudflare
poll
malware.news/message-bus/041bcfc31531449db747827d89fd5164/
267 B
0
XHR
General
Full URL
https://malware.news/message-bus/041bcfc31531449db747827d89fd5164/poll
Requested by
Host: malware.news
URL: https://malware.news/assets/chunk.6d6a6a17194d67289ef4.d41d8cd9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Discourse-Deferred-Track-View
true
X-CSRF-Token
undefined
Referer
https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
X-SILENCE-LOGGER
true
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
text/plain, */*; q=0.01
Discourse-Present
true
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-max-age
7200
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cApvJ7Yz6pWEGhWQr%2BXX2L%2BzqTOQI8tuZH4UAvdkRSCyzRdZRoapOGQr7ZZ5E7FSQ%2BhUhMP9x2UmnQDxXxgDDpw9EEfP3RrrRUraT3K462R0zxhz9RlRwLgn9Oz2PVWWyK1jHnPOgGKnsw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, POST
x-content-type-options
nosniff
expires
0
date
Fri, 04 Oct 2024 09:03:12 GMT
content-type
text/plain; charset=utf-8
access-control-allow-headers
X-SILENCE-LOGGER, X-Shared-Session-Key, Dont-Chunk, Discourse-Present, Discourse-Deferred-Track-View
cache-control
must-revalidate, private, max-age=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
cf-ray
8cd3ff56cd7ddc6a-FRA
access-control-allow-origin
https://malware.news
server
cloudflare

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| loader function| define function| requireModule function| require function| requirejs object| EmberENV object| deprecationWorkflow object| google_tag_manager object| google_tag_data object| dataLayer object| webpackChunkdiscourse object| _embroiderRouteBundles_ function| markdownitFootnote object| I18n object| MessageFormat function| moment function| gtag object| gaGlobal string| __INDIVIDUAL_ONE_VERSION_ev-store_ENFORCE_SINGLETON function| filterCSS function| filterXSS object| __widget_helpers object| virtualDom function| jQuery function| $ function| ItsATrap object| bootbox object| Logster object| MessageBus object| Discourse

3 Cookies

Domain/Path Name / Value
.talosintelligence.com/ Name: __cf_bm
Value: r4CPdhHJC8XmXdnmhPF..LC81KUwhXsU.jHNPL3qKfk-1728032592-1.0.1.1-XUapAXzWNeL5XNrZEt6w.UiIjixIJv9x9.ErUJbZdoTQizUugoHvuC9.1Nj.CXEPBmzBbfeQipYhFtHDndvWhA
.malware.news/ Name: _ga_SVDG4GL741
Value: GS1.1.1728032592.1.0.1728032592.60.0.697793652
.malware.news/ Name: _ga
Value: GA1.1.859918640.1728032592

2 Console Messages

Source Level URL
Text
security error URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Message:
The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
recommendation verbose URL: https://malware.news/t/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/87047
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-fDmdUaF9VFPk2tGRpI182aryq' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.talosintelligence.com
malware.news
region1.analytics.google.com
stats.g.doubleclick.net
www.google.de
www.googletagmanager.com
2001:4860:4802:32::36
216.58.206.35
2606:4700:20::681a:769
2606:4700::6810:fbef
2a00:1450:4001:829::2008
2a00:1450:400c:c02::9c
041dc75fa9294876d29e6d78e76c9f7f3202f1763480da93d6ce2414d0a095c3
0998f98bd48342f12e7081dc237e6982e151d5f03cda0cf111da67e615b8ce9a
0b5ddfb3a605aeed9ff478a225e8062861424d523836d7256e2b75489bf20cdf
152760f614cc53fb6dd1c362d06c281a719e37ce1dec3636ffb90f33e2bb6131
1c3dcd0afcea9a61171dd74c218ce2ba9bb686ae0e68c967ae4e75c8fdeb8687
1f1ad194fec669a7a9d1643b2e5aa0fc0d4c3566c0652e741f9b7667e687185d
25f16c6ec5664d0694edfe491fb383a433ece0ea25917cf656e87d3867d5dd5d
2fe258a6b3a482ce904aaa4d71aa8b276ac2d66289e56515adaa373ce73e6173
48148ec534a4c5e9614302186b345123ba1358787c41bc31cbd17231f794fe42
4ae4f4ee6f5299f646a880259e857f469f41fc0ae30cc568c94e81901dad49cd
5566fc85873915364c34914ef9efda42cca8e77faad713da08a9d3d8e8677943
55813a5bacc3c99fda0b099a80401f124870fa9b510ced078af32f8a82364461
5d42ebdcddd972fdff22dca8398998a80ce50b0ec08915e8e8b9682a941b8651
608f4f77d8437d715d8d39c739c0c8bbe0fe51c9305e55f1ec7d0bee19f5571f
77512c36f465902e7dbf3b8252c7cd6387edc9bf4ca804b79466212c1d1c843d
79e2a367b53b791240c3504826b87b2787c9d197d77cd422969d592aae9cf23b
823b91992054aeb8ca1e4921c7a3ae7f9fae09ef838946f3b261ab5a6ad776ee
82d80ccd23351fc2cc99adaea09be92d061da857664eff57b1acdd640ce30556
8ce1934be1fa8520dcc9442317e483c1fc52cc241cc48c096c0d188cd327ae04
9070f07226d022f68c06506e046ae33f8fe725302ff53955cd3d483f2fc47ff6
99f42f91bffa8ca1606d62b70bb92f981d83921e78ccdbd3d9538f07007f27ac
a0389bf2491388d6184b975a3a130c29fc1a9af8f29a4c9a3d0536a3da88e0f3
a2b15f24ee32ae108d07a11757c4e120fb2c0384f3a842952432da1736158ce7
a39db0af2b877ea2c5cccbc1420ef9533196f61a33e740d8ec2bb31126470856
a43bd7b3aa8d60242368b06762baf883047520450269be0bbd5491f6c14661c0
ab0ccb84b56604119b46fc1776d26a47a46a66c6e3b26a62f9ae2eccb6b8f536
acb53c4533765bc5dc1225c4850964ddb2ed637a7a1cf420c446a08104085da8
ae6114d5cc24a9ce77644e4b8164d32af201551e051fbf8f32f3aa0ebd169b5d
b01475a1ed788124386bf51068464a0ea886a403c1b1e51e8a2cde722894a2c1
b355b48ea8dc5f9252a78cf0a6b7210b0493676ee421a69a425d092b98c2cc51
b795edfb1b2de13aba43932708e4148b0aa37971047c94fcded06dbe5a4f61ac
bdf1486acc96b228a2163490640a2bdc90f5e0a1bb1949335fd1fde2ad48795c
c4e134f40c8c4baad557dbe3eb6869d8cf4a66462084170b4881a2aff6eca274
c524a8995f2f0cbcea43353efe8e8f269da821ea97c21ef0f04df5fcd916170a
c5ee33f26479a267cb93b664a5c2ff07e4f835e022e2fdbc5c8c23564b0dc292
c7afa12ce5701916349284e884f7fddcf56832f30d041982b6f9a484b64084f5
cb79726d8b50ade37e5ca0c5c82fc92eea9757c2e14e5f7feca1b80f7732048e
cb98b89074394943e10203a176acac2affc406c5057c94b3d72b90e2668337e8
e154af4adb3c483a3aba7f9a7229b8881cdc5cf369290923d965a2ad30163ae8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee978b42838e26d757251675c40fb0f62dff2f4081dc00fc4bb5492265f63b16
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0fbc7f61c0620a4ec824cc106951eff46d60cfd8eb8d8d490218463d2fd98cb