blog.cyble.com Open in urlscan Pro
192.0.78.183  Public Scan

21 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

• https://s.adroll.com/j/exp/ELNAF2EZDFHJRAP3ODLCUU/index.js HTTP 302
• https://s.adroll.com/j/exp/index.js

Request Chain 106

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1686795017518&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1686795017518&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1686795017518%26url%3Dhttps%253A%252F%252Fblog.cyble.com%252F2023%252F06%252F13%252Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1686795017518&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1686795017518&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&cookiesTest=true&liSync=true&e_ipv6=AQJLdHd-iQxbzwAAAYi80WCGlC-kTJJAFMoPMJiEhP1gRfTsezHSQfv2rhrrozmYkkBO38k

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/	355 KB 69 KB	319ms 225ms	Document text/html	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f28cf4b7f4236dbbe56c3ff59f928bb157f4be63f9ead574b672abe634f9c335 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=179, must-revalidate cf-edge-cache cache,platform=wordpress content-encoding br content-type text/html; charset=UTF-8 date Thu, 15 Jun 2023 02:10:15 GMT host-header WordPress.com last-modified Thu, 15 Jun 2023 02:08:14 GMT link <https://blog.cyble.com/wp-json/>; rel="https://api.w.org/" <https://blog.cyble.com/wp-json/wp/v2/posts/17648>; rel="alternate"; type="application/json" <https://wp.me/pbX1h1-4AE>; rel=shortlink server nginx strict-transport-security max-age=31536000 vary Accept-Encoding Cookie x-ac 2.hhn _atomic_ams BYPASS x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. x-nananana Batcache-Hit x-pingback https://blog.cyble.com/xmlrpc.php
GET H2	200	wp-emoji-release.min.js Show response blog.cyble.com/wp-includes/js/	18 KB 5 KB	205ms 205ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:15 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 02 Feb 2023 00:53:25 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"63db0985-4904" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ blog.cyble.com/_static/	2 MB 208 KB	364ms 364ms	Stylesheet text/css	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJylVNtymzAQ/aEqMrYh+KGTT+nI0kI2FqxGlzD++y4Y16QGUqYvQiudPZy9qXNCUxuhjTK+QwNBqhC94jVADFKHIBtssUIwsvID0rzwyQvf/Ogezs6mGtsg68TmGXwtzwmtkWdL+iIsnr3yVxni1cKSq1VXSlHUHs068AOiU/py//76ZE3kpUqRGhUj6vuN+EQD5DxwFFM5YDCyw2AEOYB4he7+Q2y1TYZz8cHRM1iB5dSwgqnhWC94YaFW+jpNyaI3303ttTS+gzJMXhFF/owOfYyPsixAlhifOLgmEpBhN7o/92I4WxM3K+dfmmNWQ+jQgR84bts5huQsKTNl6PGOQhT566789ofCedqqNtmI3E/wnH52Ej1L4lKKNaoV2ad9lm2tPneW7NDUrEF8ieKbQWnIJAt9ui+8zs7WXekw/UIZQ+10L4pjkeuszKr94TU7iqwoyl1enjYEXB5O+Rb4cXfYAi92T+xLaRhTKANpVPbW71+MJSJNdEEQLfEbA48+2tzyFYOE6iBQM9LwwWj/Pxk/ta3ZNsCzPIEsbh/nJxoPdbJqdqr/LlAPH/c99K35mRVlUexPeXn4DfbThw4= Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 294cfe39b435580b5733554fdb7f66044a117690a8820032338dcfeb2a7a944f Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 15 Jun 2023 02:10:15 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 13 Jun 2023 04:13:03 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"7e87402b9a2a7d988712f7d361e1e1d9" vary Accept-Encoding content-type text/css;charset=utf-8 cache-control max-age=31536000 host-header WordPress.com
GET H2	200	css fonts-api.wp.com/	3 KB 685 B	148ms 61ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.5 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash a1020a8c9c2ec5c451dfc31ff1564dee690d603c4cb68049328581adc77ca7c2 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:15 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip cross-origin-resource-policy cross-origin x-xss-protection 0 x-nc BYPASS hhn 1 last-modified Thu, 15 Jun 2023 02:10:15 GMT server nginx cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin
GET H2	200	css fonts-api.wp.com/	76 KB 3 KB	146ms 59ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 02378e0a16deb3fe97685e82af6c4f11f5bd9581fc74a2104cb60c7725b74327 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:15 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip cross-origin-resource-policy cross-origin x-xss-protection 0 x-nc BYPASS hhn 1 last-modified Thu, 15 Jun 2023 01:30:06 GMT server nginx cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin
GET H2	200	jquery.min.js Show response blog.cyble.com/wp-includes/js/jquery/	88 KB 31 KB	372ms 372ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:15 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 08 Mar 2023 18:37:33 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6408d5ed-15ed7" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery-migrate.min.js Show response blog.cyble.com/wp-includes/js/jquery/	13 KB 5 KB	204ms 204ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-includes/js/jquery/jquery-migrate.min.js?m=1675717155 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:15 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 06 Feb 2023 20:59:15 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"63e16a23-3470" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	front.min.js Show response blog.cyble.com/wp-content/plugins/cookie-notice/js/	8 KB 2 KB	244ms 243ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.8 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 28 Mar 2023 18:11:40 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"64232ddc-21fc" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	177 KB 65 KB	148ms 58ms	Script application/javascript	2a00:1450:4001:801::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash b4fbb36e0d0b7479b59cf2e03c645476098f5a0bce837f23bf22246142e26a48 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 66313 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 15 Jun 2023 02:10:16 GMT
GET H2	200	subscribe-to-CRIL.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2021/11/	16 KB 16 KB	129ms 39ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i1.wp.com Software nginx / Resource Hash 382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 3 date Thu, 15 Jun 2023 02:10:16 GMT x-content-type-options nosniff last-modified Sat, 10 Dec 2022 20:48:17 GMT server nginx etag "90f4a9863ca68d73" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <http://blog.cyble.com/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg>; rel="canonical" content-length 16232 expires Tue, 10 Dec 2024 08:48:17 GMT
GET H2	200	v2.js Show response js.hsforms.net/forms/	526 KB 165 KB	148ms 60ms	Script application/javascript	2606:4700::6810:bb41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:bb41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9936265b3f6a0c5dd572984b8167f726a15b0b37970515e4be8e9aba841af82d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers content-encoding br age 581 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3317/bundles/project-v2.js&cfRay=7d77386378720414-IAD x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"918e877a727abc96a717b3e042210f50" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3317/bundles/project-v2.js date Thu, 15 Jun 2023 02:10:16 GMT x-amz-version-id 8lPhdjeMR1RfDVa7KBsSumuzW5HHElLV via 1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 0 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 0b6cf257-a7a1-4233-9c77-16143617168b last-modified Mon, 12 Jun 2023 09:11:37 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LD%2FsJ3%2BytELYSlCRQhBSeDGHm%2FoAyLdAQ7IMvOsdc%2Bh3gTFlfk%2F1rfJqf8YLHyAVTvQUFNYA7UANZ%2B02w%2Fnk0LR9a3wbu%2BIzNjDApj%2BihBF1%2FQ6AixemK89tLH4zChRta%2BN2GcQBnQWoGMko"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-frzj9 cf-ray 7d7746928a1b9b69-FRA x-amz-cf-id eAPSZDuDXTrkVInGnlYx10ZVe6weJ90t1o98y4DaxBNl8I0ZaIXH_w==
GET H2	200	aib-injectable.js Show response injection.amibreached.com/	2 KB 1 KB	175ms 67ms	Script application/javascript	2606:4700:20::ac43:4768 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/aib-injectable.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 186cb05caa2a06748336b3123d7ac53986a650cffcab18f34e5c0ee3c057f591 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3480 x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:50 GMT server cloudflare etag W/"662ed2e07a2c9b151332e0a8da3b9922" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tiVKCGMkLY0YrZ6lfNhxH0x4gT01RnMU5KYHrwvrdhDBYct%2BJZfkU0Vm4nliCodL%2F3ck6%2BcOQX%2FB9CzZN9r7OY8PnQVXuD%2BD%2Bue6VO3mXhpnLX6A2KN4ol50DBP5QlZgcl3gekxHemrMxQy4w2OqgmRuawgxaWQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7d7746930a731bc3-FRA x-amz-cf-id QJY2iq4txnt5_Og4emCaSjOmvvjkPjF1g0OAqhfw7lgbsyXcKz92Uw==
GET H2	200	bilmur.min.js Show response s0.wp.com/wp-content/js/	7 KB 3 KB	45ms 39ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/js/bilmur.min.js?m=202324 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 51dc1ea3b9642d966bbdf2c63346e4d2d3f668a693fa8e7f1e31bf6acbe48860 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br x-ac 2.hhn _dca MISS last-modified Fri, 19 May 2023 01:51:56 GMT server nginx etag W/"6466d63c-1a69" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Tue, 11 Jun 2024 00:00:00 GMT
GET H2	200	/ blog.cyble.com/_static/	37 KB 8 KB	225ms 223ms	Stylesheet text/css	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJyVjFsKgCAQAC+ULQaZP9FZTJewfOG6eP0I6gD9zjDTi7A5NUwNSuDDJ4ITWzH2gpgdBySwpmYmDEDdF6xi5+QCjpZo6D/qV4gPPIMtrlItk5y1VvoGzj40MA== Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash cd924076cd6bdad7693c484ab0a812a3e8eb905cf751b36b9533dc97380eb277 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 27 Dec 2022 16:34:28 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"f10c7e84a22172fd36bd0473ba2ec996" vary Accept-Encoding content-type text/css;charset=utf-8 cache-control max-age=31536000 host-header WordPress.com
GET H2	200	/ Show response blog.cyble.com/_static/	21 KB 5 KB	213ms 211ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??wp-content/themes/astra/assets/js/minified/frontend.min.js,wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?m=1684390270 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f9d498e1b9cff1af27250e8d52ebf9eaf672ff517d586e0d381e7bf348bc6ea1 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 18 May 2023 06:11:10 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"8ee86e3fe916069b68662d1100a8e664" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	21289959.js Show response js.hs-scripts.com/	2 KB 1 KB	240ms 153ms	Script application/javascript	2606:4700::6812:873b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:873b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6e7246a82b99e5f80e63e0bacbd9d3337d3d9bc358723432530b5ad43c396bc0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cf-cache-status EXPIRED x-hubspot-correlation-id b3f9b09e-edeb-4110-925f-9af84dcd2461 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 4 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c90e3fbf-4f1b-4a0d-9462-aecdef577d92 last-modified Thu, 15 Jun 2023 00:04:34 GMT server cloudflare x-trace 2B89E0A1BE0E8D7407AFD095B6104BF0114D167C14000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-virtual-host all cache-control public, max-age=60 access-control-allow-credentials true x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-xrsrb cf-ray 7d7746932ce204a3-FRA expires Thu, 15 Jun 2023 02:11:16 GMT
GET H2	200	/ Show response blog.cyble.com/_static/	46 KB 11 KB	215ms 213ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJytjVEOgjAQRC9kLYVa4cNwFLO2KylC23S3ED29/BA5gF8zmUneW5OwMTAGliVNERxJIM4gwLkYjl0YbS5WtbV6Vtpq0SlTN8ro80in9UdJUxl8IDkiJ7CvPe8LBhezhMJxBmZv90dM8HkLP8OAJJ0nln4jZULLfrPGB2FeMP9fcxg2eD/flGl101X1VX8BRL1l5Q== Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash ac26533e2901023194baed8e192053457bd8131eb098b5c77890c0bbaf3dc7a3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 18 May 2023 06:11:14 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"747bdee1e027332c48bcff1635823f42" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	e-202324.js Show response stats.wp.com/	13 KB 4 KB	130ms 40ms	Script application/javascript	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://stats.wp.com/e-202324.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash ab8517f3d5171dd42a8b9c22af6a2f944b41d00e7ea54ba02b4ed71a6c59e543 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br last-modified Fri, 19 May 2023 02:56:42 GMT server nginx etag W/"6466e56a-3508" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 expires Sun, 09 Jun 2024 22:50:24 GMT
GET H2	200	/ Show response blog.cyble.com/_static/	270 KB 69 KB	224ms 221ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFCKExXqZ9CkobU1LcOIsTCvv6uYUwJLRu9KVpfHyOr+mDqskn8EkHzI3zrPdgLES1I0pyAEInKEXtfK1b1rs4+ttFyy/9Iztjcp1JcEc0zJBYd84r4WcDqLw5KkHzQoxPC6GrdPuZIZ4LpiKw+4KrdXu5zddmIdDBiR5vL38TWi2kYOqD3g79qbJDq2sTKTNgwVQxTMhQSM535FmaXpKxjtPQ8j1ggHhHllCYLfAASiENMJIMzc4umdFJCeN3toZjShSgnLN07nckECeeULmRVYhUBITcQzU2XayLmL2EmsrlIYUfhZns8kBURzYj8C9zG4d7FD8hCxQIzzuHKD4Q0z84ERoQVzM04O9EmyzXCmJzXdGLiGzPEO0W/LlUnwi3l1c0BLNwurI+uvflerNert5eV5tvodq74w== Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 2e6717fc590d0fc5cff972f683aabedfd81f4b6c4f168da548db53576d6cb194 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 07 Jun 2023 11:32:18 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"e8c64fd876b7dcdbe9b8bb201b2ac74a" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	index.min.js Show response blog.cyble.com/wp-content/plugins/gutenberg/build/i18n/	9 KB 4 KB	207ms 205ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=3b062a0d308091df74bc Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 1f140cec3191bf61b59f706e5e5f7d9bf3d6dea6566dcb210ed822cfab9a5e1e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 31 May 2023 15:24:18 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"647766a2-255c" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	frontend.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	24 KB 7 KB	213ms 211ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.13.2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 51f36864e3fb5b3479d50de93d44403cee100c743cb5c97a1da0b924ca671a86 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 23 May 2023 18:11:17 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"646d01c5-5f3c" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.cyble.com/_static/	33 KB 10 KB	213ms 211ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/_static/??wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js,wp-includes/js/jquery/ui/core.min.js?m=1685297467 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f7f54c64cbe8e1c50bf7e5d79509a8e98213738228ada4fb4dca88bebae7d788 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Sun, 28 May 2023 18:11:07 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS x-page-optimize uncached etag W/"3766434b9bc8548d00099956a269f6f8" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000 host-header WordPress.com
GET H2	200	frontend.min.js Show response blog.cyble.com/wp-content/plugins/elementor/assets/js/	40 KB 12 KB	209ms 207ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.4 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 3f5eb651e087476c3214a5fbb8b77346f7f0dff068c3d961c6070424746fb9db Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Sun, 28 May 2023 18:11:07 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6473993b-9eb1" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	elements-handlers.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	29 KB 7 KB	209ms 207ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.13.2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash c77732d85f58d3043711126b16c097d4b56bb2a0da1a75d526633a6b34c10427 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 23 May 2023 18:11:17 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"646d01c5-73c3" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery.sticky.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/lib/sticky/	4 KB 2 KB	211ms 210ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?m=1684865477 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 23 May 2023 18:11:17 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"646d01c5-e89" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	roundtrip.js Show response s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/	86 KB 26 KB	174ms 72ms	Script text/javascript	2600:9000:20c3:b400:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20c3:b400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1932fe25dcbb6d15dfbbc490a092dd36f188350c35d0021c50881013f31be15e Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Amz-Version-Id 8bb80.iISBphlEMje7vGPWXMSPDSa7vY Content-Encoding gzip Via 1.1 c7cdb483c2afdb721f3c8ba14cd43e86.cloudfront.net (CloudFront) Date Thu, 15 Jun 2023 01:39:50 GMT Age 1826 X-Amz-Cf-Pop MUC50-C1 X-Amz-Server-Side-Encryption AES256 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Last-Modified Mon, 12 Jun 2023 12:36:24 GMT Server AmazonS3 Etag W/"f8287139b85c71786fd19a23b246d841" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type text/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=3600, must-revalidate Access-Control-Allow-Credentials false Access-Control-Max-Age 600 Access-Control-Allow-Headers * X-Amz-Cf-Id yJJNt5LhFmVxyxY-doKqmuZBTFklvm2xw1viMCUosTWolU_sLx3YdQ==
GET DATA	200 OK	truncated /	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Content-Type image/gif
GET H2	200	api.min.js Show response a.omappapi.com/app/js/	50 KB 19 KB	141ms 41ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/api.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash abfe4cecc82151b82da13d10fa55bf3bd6edfced5eb23cc881ffd6044e68c592 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-572 cdn-cachedat 06/09/2023 15:32:46 cdn-pullzone 293267 last-modified Fri, 09 Jun 2023 15:32:46 GMT server BunnyCDN-DE1-1055 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"6483461e-c897" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 6d16d87c7f27bc980c2097089d7d05d6 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkq0.woff2 fonts.wp.com/s/lora/v32/	19 KB 19 KB	126ms 39ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkq0.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 7ff7d3790060dcf14289ea0e50e7df1f00893e53e882ff3101e078b2f948589f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 15 Jun 2023 02:10:16 GMT x-content-type-options nosniff last-modified Tue, 21 Feb 2023 21:45:57 GMT server nginx age 58305 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 19300 x-xss-protection 0
GET H2	200	S6uyw4BMUTPHjx4wXg.woff2 fonts.wp.com/s/lato/v24/	23 KB 23 KB	127ms 39ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 15 Jun 2023 02:10:16 GMT x-content-type-options nosniff last-modified Tue, 02 May 2023 15:17:22 GMT server nginx age 4801 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 23580 x-xss-protection 0
GET H2	200	fa-solid-900.woff2 blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/	76 KB 77 KB	292ms 292ms	Font application/font-woff2	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJylVNtymzAQ/aEqMrYh+KGTT+nI0kI2FqxGlzD++y4Y16QGUqYvQiudPZy9qXNCUxuhjTK+QwNBqhC94jVADFKHIBtssUIwsvID0rzwyQvf/Ogezs6mGtsg68TmGXwtzwmtkWdL+iIsnr3yVxni1cKSq1VXSlHUHs068AOiU/py//76ZE3kpUqRGhUj6vuN+EQD5DxwFFM5YDCyw2AEOYB4he7+Q2y1TYZz8cHRM1iB5dSwgqnhWC94YaFW+jpNyaI3303ttTS+gzJMXhFF/owOfYyPsixAlhifOLgmEpBhN7o/92I4WxM3K+dfmmNWQ+jQgR84bts5huQsKTNl6PGOQhT566789ofCedqqNtmI3E/wnH52Ej1L4lKKNaoV2ad9lm2tPneW7NDUrEF8ieKbQWnIJAt9ui+8zs7WXekw/UIZQ+10L4pjkeuszKr94TU7iqwoyl1enjYEXB5O+Rb4cXfYAi92T+xLaRhTKANpVPbW71+MJSJNdEEQLfEbA48+2tzyFYOE6iBQM9LwwWj/Pxk/ta3ZNsCzPIEsbh/nJxoPdbJqdqr/LlAPH/c99K35mRVlUexPeXn4DfbThw4= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://blog.cyble.com/_static/??-eJylVNtymzAQ/aEqMrYh+KGTT+nI0kI2FqxGlzD++y4Y16QGUqYvQiudPZy9qXNCUxuhjTK+QwNBqhC94jVADFKHIBtssUIwsvID0rzwyQvf/Ogezs6mGtsg68TmGXwtzwmtkWdL+iIsnr3yVxni1cKSq1VXSlHUHs068AOiU/py//76ZE3kpUqRGhUj6vuN+EQD5DxwFFM5YDCyw2AEOYB4he7+Q2y1TYZz8cHRM1iB5dSwgqnhWC94YaFW+jpNyaI3303ttTS+gzJMXhFF/owOfYyPsixAlhifOLgmEpBhN7o/92I4WxM3K+dfmmNWQ+jQgR84bts5huQsKTNl6PGOQhT566789ofCedqqNtmI3E/wnH52Ej1L4lKKNaoV2ad9lm2tPneW7NDUrEF8ieKbQWnIJAt9ui+8zs7WXekw/UIZQ+10L4pjkeuszKr94TU7iqwoyl1enjYEXB5O+Rb4cXfYAi92T+xLaRhTKANpVPbW71+MJSJNdEEQLfEbA48+2tzyFYOE6iBQM9LwwWj/Pxk/ta3ZNsCzPIEsbh/nJxoPdbJqdqr/LlAPH/c99K35mRVlUexPeXn4DfbThw4= Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 x-ac 2.hhn _atomic_ams BYPASS last-modified Sun, 28 May 2023 18:11:07 GMT server nginx etag "6473993b-13174" access-control-allow-methods GET, HEAD content-type application/font-woff2 access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 78196 expires Thu, 22 Jun 2023 02:10:16 GMT
GET H2	200	fa-brands-400.woff2 blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/	75 KB 75 KB	763ms 763ms	Font application/font-woff2	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJylVNtymzAQ/aEqMrYh+KGTT+nI0kI2FqxGlzD++y4Y16QGUqYvQiudPZy9qXNCUxuhjTK+QwNBqhC94jVADFKHIBtssUIwsvID0rzwyQvf/Ogezs6mGtsg68TmGXwtzwmtkWdL+iIsnr3yVxni1cKSq1VXSlHUHs068AOiU/py//76ZE3kpUqRGhUj6vuN+EQD5DxwFFM5YDCyw2AEOYB4he7+Q2y1TYZz8cHRM1iB5dSwgqnhWC94YaFW+jpNyaI3303ttTS+gzJMXhFF/owOfYyPsixAlhifOLgmEpBhN7o/92I4WxM3K+dfmmNWQ+jQgR84bts5huQsKTNl6PGOQhT566789ofCedqqNtmI3E/wnH52Ej1L4lKKNaoV2ad9lm2tPneW7NDUrEF8ieKbQWnIJAt9ui+8zs7WXekw/UIZQ+10L4pjkeuszKr94TU7iqwoyl1enjYEXB5O+Rb4cXfYAi92T+xLaRhTKANpVPbW71+MJSJNdEEQLfEbA48+2tzyFYOE6iBQM9LwwWj/Pxk/ta3ZNsCzPIEsbh/nJxoPdbJqdqr/LlAPH/c99K35mRVlUexPeXn4DfbThw4= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://blog.cyble.com/_static/??-eJylVNtymzAQ/aEqMrYh+KGTT+nI0kI2FqxGlzD++y4Y16QGUqYvQiudPZy9qXNCUxuhjTK+QwNBqhC94jVADFKHIBtssUIwsvID0rzwyQvf/Ogezs6mGtsg68TmGXwtzwmtkWdL+iIsnr3yVxni1cKSq1VXSlHUHs068AOiU/py//76ZE3kpUqRGhUj6vuN+EQD5DxwFFM5YDCyw2AEOYB4he7+Q2y1TYZz8cHRM1iB5dSwgqnhWC94YaFW+jpNyaI3303ttTS+gzJMXhFF/owOfYyPsixAlhifOLgmEpBhN7o/92I4WxM3K+dfmmNWQ+jQgR84bts5huQsKTNl6PGOQhT566789ofCedqqNtmI3E/wnH52Ej1L4lKKNaoV2ad9lm2tPneW7NDUrEF8ieKbQWnIJAt9ui+8zs7WXekw/UIZQ+10L4pjkeuszKr94TU7iqwoyl1enjYEXB5O+Rb4cXfYAi92T+xLaRhTKANpVPbW71+MJSJNdEEQLfEbA48+2tzyFYOE6iBQM9LwwWj/Pxk/ta3ZNsCzPIEsbh/nJxoPdbJqdqr/LlAPH/c99K35mRVlUexPeXn4DfbThw4= Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 x-ac 2.hhn _atomic_ams BYPASS last-modified Sun, 28 May 2023 18:11:07 GMT server nginx etag "6473993b-12bdc" access-control-allow-methods GET, HEAD content-type application/font-woff2 access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 76764 expires Thu, 22 Jun 2023 02:10:16 GMT
GET H2	200	S6u9w4BMUTPHh6UVSwiPGQ.woff2 fonts.wp.com/s/lato/v24/	23 KB 23 KB	126ms 39ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Lora%3A400%7CLato%3A400%2C700&display=fallback&ver=4.1.5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 15 Jun 2023 02:10:16 GMT x-content-type-options nosniff last-modified Tue, 02 May 2023 15:07:25 GMT server nginx age 676 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 23040 x-xss-protection 0
GET H2	200	Cyble-CIRIL-pyyv4ww1nowvginyhq7nrmlg0x8pxv1qcifo3udnvq.png blog.cyble.com/wp-content/uploads/elementor/thumbs/	4 KB 5 KB	203ms 203ms	Image image/png	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://blog.cyble.com/wp-content/uploads/elementor/thumbs/Cyble-CIRIL-pyyv4ww1nowvginyhq7nrmlg0x8pxv1qcifo3udnvq.png Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash ef896b86a77ae191af41c2714906decbab4bbb7fd32321c14f4f398eb7f264ba Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 x-ac 2.hhn _atomic_ams BYPASS last-modified Sat, 10 Dec 2022 19:16:39 GMT server nginx etag "6394db17-11bc" access-control-allow-methods GET, HEAD content-type image/png access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 4540 expires Thu, 22 Jun 2023 02:10:16 GMT
GET H/1.1	200 OK	json Show response forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/	37 KB 7 KB	267ms 184ms	XHR application/json	2606:4700::6811:d3f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/json?hs_static_app=forms-embed&hs_static_app_version=1.3317&X-HubSpot-Static-App-Info=forms-embed-1.3317 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d3f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 92bd4c49d3a1907b39b6068b13f8798bd5230ada4858f22a21dae52ce3710e0f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/plain, */* Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Origin-Hublet na1 Date Thu, 15 Jun 2023 02:10:16 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Encoding br CF-Cache-Status DYNAMIC X-HubSpot-Correlation-Id 83d48a80-810b-41be-9bb9-8e27dcac65d5 x-evy-trace-route-service-name envoyset-translator Transfer-Encoding chunked x-envoy-upstream-service-time 14 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 7f86ed15-dac3-4279-a70b-effbc6c7cfce Server cloudflare X-Trace 2B475B60CD0D68DFFE4D7774FA5110E82466C27FE3000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://blog.cyble.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 7d7746944d5b5c92-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-nt996
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.wp.com/s/opensans/v35/	47 KB 47 KB	41ms 41ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2.2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 15 Jun 2023 02:10:16 GMT x-content-type-options nosniff last-modified Tue, 02 May 2023 15:08:53 GMT server nginx age 635 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 48412 x-xss-protection 0
GET H/1.1	200 OK	json Show response forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/	37 KB 7 KB	265ms 183ms	XHR application/json	2606:4700::6811:d3f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/json?hs_static_app=forms-embed&hs_static_app_version=1.3317&X-HubSpot-Static-App-Info=forms-embed-1.3317 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d3f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 544c959340b9b5488d9dd1d0c8b1e735c034a8e2550a93b4aa98e9629ddf43b9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/plain, */* Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Origin-Hublet na1 Date Thu, 15 Jun 2023 02:10:16 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Encoding br CF-Cache-Status DYNAMIC X-HubSpot-Correlation-Id 302a7589-dc97-4075-ad89-c85655938af1 x-evy-trace-route-service-name envoyset-translator Transfer-Encoding chunked x-envoy-upstream-service-time 16 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c9d9396c-eea9-401b-8341-62a8fb62e5ed Server cloudflare X-Trace 2B45C2D4080E2096FB418E4355775D4C709B46A64F000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://blog.cyble.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 7d7746947e6e19af-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-f4t27
GET H2	200	api.min.css a.omappapi.com/app/js/	18 KB 3 KB	40ms 40ms	Stylesheet text/css	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/api.min.css Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 103f4d3fbc08fff41f2ddb722186887b3d8977d2a7da27e7ed0f2f5752dc339f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache MISS x-amz-request-id MDZ69E0KVKY6TXEQ x-amz-server-side-encryption AES256 cdn-cachedat 06/09/2023 15:32:47 cdn-pullzone 293267 x-amz-id-2 8MitWWGBfpQhWLv1bEeR7xhuYGfVyxyV1/SMFMjFd7kLye7H+Pbf36my1uDgRViKYllqvMrBXyg= last-modified Fri, 09 Jun 2023 15:32:39 GMT server BunnyCDN-DE1-1055 cdn-proxyver 1.03 cdn-requestpullcode 200 etag W/"fdfc47d7f4872c3530f2516e9f42a6ed" vary Accept-Encoding, Accept-Encoding content-type text/css access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 092c2ed9a162c6563107a3f1652e2011 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	poopcsalbacovn7gzkxg Show response api.omappapi.com/v2/embed/239265/	3 KB 2 KB	230ms 140ms	XHR application/json	99.84.88.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.omappapi.com/v2/embed/239265/poopcsalbacovn7gzkxg Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.88.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-88-48.muc50.r.cloudfront.net Software Pagely Gateway/1.5.1 / Resource Hash 40ca23f50bb22c719c27794b5ae6dbca57f4b9848884b8c148fedcdbf71cdd22 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding gzip via 1.1 7ede51d8c775deaef83b54a3beafab3c.cloudfront.net (CloudFront) x-cache-config 0 0 x-amz-cf-pop MUC50-C1 x-cache-status HIT x-cache Miss from cloudfront x-optinmonster-campaign poopcsalbacovn7gzkxg x-user-agent standard-- last-modified Tue, 13 Jun 2023 05:36:50 GMT server Pagely Gateway/1.5.1 etag W/"81d4578a000851a55a6118875c255bed" vary Accept-Encoding, User-Agent content-type application/json access-control-allow-origin * access-control-expose-headers X-OptinMonster-Campaign, X-User-Agent cache-control public, max-age=30, stale-while-revalidate=1800 access-control-allow-headers X-CSRF-Token x-amz-cf-id CKxFzvLr9GtPc79G9_uLIlv1x1A4FQUgmz1A06DGYZ_7PsVV-ii8zA== expires Thu, 15 Jun 2023 01:55:05 GMT
GET H/1.1	200 OK	index.js Show response s.adroll.com/j/exp/ Redirect Chain https://s.adroll.com/j/exp/ELNAF2EZDFHJRAP3ODLCUU/index.js https://s.adroll.com/j/exp/index.js	28 B 785 B	40ms 40ms	Script application/javascript	2600:9000:20c3:b400:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/exp/index.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol HTTP/1.1 Server 2600:9000:20c3:b400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Amz-Version-Id KLTaAvzmAP.1_rS.URSLlTS3u46mZQHP Date Wed, 14 Jun 2023 10:49:40 GMT Via 1.1 c7cdb483c2afdb721f3c8ba14cd43e86.cloudfront.net (CloudFront) Age 55237 X-Amz-Cf-Pop MUC50-C1 X-Amz-Server-Side-Encryption AES256 X-Cache Hit from cloudfront Connection keep-alive Content-Length 28 Last-Modified Tue, 21 Mar 2023 16:39:30 GMT Server AmazonS3 Etag "5816cced8568d223aa09d889f300692b" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type application/javascript Access-Control-Allow-Origin * Access-Control-Max-Age 600 Access-Control-Allow-Credentials false Accept-Ranges bytes Access-Control-Allow-Headers * X-Amz-Cf-Id 8u1yh6eEyLUWjhAgDk07JgcImZGEqh9f4CTTv7a2CQYkGkN3Sxrdtw== Redirect headers Date Wed, 14 Jun 2023 06:33:21 GMT Via 1.1 c7cdb483c2afdb721f3c8ba14cd43e86.cloudfront.net (CloudFront) Age 70614 X-Amz-Cf-Pop MUC50-C1 X-Cache Hit from cloudfront Connection keep-alive Content-Length 0 Server AmazonS3 Access-Control-Max-Age 600 Access-Control-Allow-Methods GET Content-Type application/xml Location https://s.adroll.com/j/exp/index.js Access-Control-Allow-Origin * Access-Control-Allow-Credentials false Access-Control-Allow-Headers * X-Amz-Cf-Id 3qYdmB_nJXCfitvj9bbdw8W_dhOgkdRfPVr6NjpwPh1yJDJxLzbeMQ==
GET H2	200	js Show response www.googletagmanager.com/gtag/	253 KB 86 KB	56ms 56ms	Script application/javascript	2a00:1450:4001:801::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 3d0e7fe3f25a505ffb73a3f64313e69cca894913be820f3ca5395ba51826ed88 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 88381 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 15 Jun 2023 02:10:16 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	51 KB 21 KB	148ms 40ms	Script text/javascript	2001:4860:4802:32::178 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Thu, 15 Jun 2023 01:04:48 GMT last-modified Mon, 17 Apr 2023 22:36:01 GMT server Golfe2 age 3928 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20737 expires Thu, 15 Jun 2023 03:04:48 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	191 KB 71 KB	71ms 71ms	Script application/javascript	2a00:1450:4001:801::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash cb40ef621f17720244a634e340670899b6ac767ae910319bc500d197979a0beb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 72664 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 15 Jun 2023 02:10:16 GMT
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 3 KB	148ms 46ms	Script application/javascript	2606:4700::6810:76be CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:76be , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eed334d1c96abd8c03aacf86a2a30fb9d391290f27e49b0fa456a7af8f1a1bf8 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT x-amz-version-id wXOaVt.1FYp5SJSGbufdokAhWgyD7J.j via 1.1 c0b0d7167cc2eb52d8d154aa7fc03a0a.cloudfront.net (CloudFront) cf-cache-status HIT content-encoding br x-amz-cf-pop IAD12-P3 age 571 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.381/bundles/pixels-release.js&cfRay=7d77389f8c9b699b-FRA x-cache Hit from cloudfront cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 788290a0-1196-452e-8ba5-1e55e25b7ba8 last-modified Mon, 05 Jun 2023 12:31:29 UTC server cloudflare etag W/"3907b3424cd18a581148905ead09299a" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-mm66x cf-ray 7d774695aa435c2c-FRA x-amz-cf-id E_hhhBV-4cdBqnHXkCZV_caSDuVOjmLJvv6qo8e750-8K1sORFBlxA== x-hs-target-asset adsscriptloaderstatic/static-1.381/bundles/pixels-release.js
GET H2	200	conversations-embed.js Show response js.usemessages.com/	75 KB 22 KB	157ms 53ms	Script application/javascript	2606:4700::6811:65ac CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.usemessages.com/conversations-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:65ac , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bbbe9c4d273a13abdade0522f1d5323410659451ef72fb80c16f372ae206b282 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT x-amz-version-id QamE4Oe0AGtrfJSqbw051Y47gukyknvh via 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront) cf-cache-status HIT content-encoding br x-amz-cf-pop IAD12-P3 age 105 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.13423/bundles/project.js&cfRay=7d774403cd905be1-IAD x-cache Hit from cloudfront cache-tag staticjsapp-conversations-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 6 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 70702c30-7f05-4dc9-b41b-1e285cd29d1b last-modified Tue, 13 Jun 2023 10:43:24 UTC server cloudflare etag W/"bd6464fa791153e75807e46f33ec851c" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status MISS x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-cxzff cf-ray 7d774695af5f9a21-FRA x-amz-cf-id XTBXjkA09Q8KAB_g1DaKTXhvk3UUMRuSyVVGuYkbyfVg_vapSrFXXw== x-hs-target-asset conversations-embed/static-1.13423/bundles/project.js
GET H2	200	banner.js Show response js.hs-banner.com/v2/21289959/	209 KB 64 KB	529ms 427ms	Script text/javascript	2606:4700::6812:19c4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/21289959/banner.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 13e66404d3cbcaec7d8d7b080a094c11019c98228654d4f1a200c550bb6ae991 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT x-amz-version-id iVMSXthzttV7TnodgVxw06B1vw18me1x content-encoding br cf-cache-status REVALIDATED x-amz-request-id XQS5XPAPVTQ1G1MQ x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-envoy-upstream-service-time 26 x-amz-id-2 H8IYz8I7xYR1d8u+1+KVl2Zf1kYFKz3pRxrxtazPBDPZVkpEe+9ZvGFzkVJEokVuKzH2pLYXjRs= x-evy-trace-listener listener_https x-request-id 4b2ff545-4bcf-4246-bd96-16fd840513c4 x-evy-trace-route-configuration listener_https/all last-modified Mon, 05 Jun 2023 20:18:05 GMT server cloudflare etag W/"d06bf6d669688038044ef6ab2b719954" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-f4w7q vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 7d774695aa14695e-FRA expires Thu, 15 Jun 2023 02:15:16 GMT
GET H2	200	21289959.js Show response js.hs-analytics.net/analytics/1686795000000/	66 KB 21 KB	277ms 175ms	Script text/javascript	2606:4700::6810:8bce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1686795000000/21289959.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8bce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c4d201b1de9272351de3b6c79278f172e1c29506850451391232254c55aa0589 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT x-amz-version-id null content-encoding br cf-cache-status MISS x-amz-request-id WCK56ZN0TQ08Y43Q x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-envoy-upstream-service-time 21 x-amz-id-2 NnoCnXBMaayJRQY1FpokWfMjlPvk/ypIFNTLRlP1MK35qMREbFlHPgMAFMo7/kTzSe11j9/rbBw= x-evy-trace-listener listener_https x-request-id 9c905747-a256-4fd2-8ae2-e6b1eca86e79 x-evy-trace-route-configuration listener_https/all last-modified Wed, 31 May 2023 19:30:40 GMT server cloudflare etag W/"0caebd8f9c2febd9e1380291a8870e48" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-v9vn7 cache-control max-age=300,public access-control-allow-credentials false cf-ray 7d774695a9439028-FRA expires Thu, 15 Jun 2023 02:15:16 GMT
GET H2	200	leadflows.js Show response js.hsleadflows.net/	545 KB 88 KB	155ms 53ms	Script application/javascript	2606:4700::6811:836e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:836e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 53c6e25ad853b5a6ad922795465a0e178c87af06b8a7ab3bde53b7b6939902c8 Request headers Referer https://blog.cyble.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers content-encoding br x-evy-trace-route-service-name envoyset-translator age 53330 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1213/bundle/main/lead-flows-release.js&cfRay=7d7230931cb6377b-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"e0a28490756bd60883ddd702b459f472" vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=86400, max-age=0 x-hs-target-asset lead-flows-js/static-1.1213/bundle/main/lead-flows-release.js date Thu, 15 Jun 2023 02:10:16 GMT x-amz-version-id 8pz0uDcBGYlrsmWQyDnHbF47HkG8cM.I via 1.1 6e0f9dce97fcb3c9b684592a289e4e72.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-cf-pop IAD12-P1 x-cache Miss from cloudfront cache-tag staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 65 x-evy-trace-route-configuration listener_https/all x-request-id d0514492-0ada-417c-aaa5-0ebf32e4fdfe last-modified Tue, 06 Jun 2023 12:07:08 UTC server cloudflare access-control-max-age 3000 x-hs-cache-status MISS x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-5flz8 cf-ray 7d774695ae581a86-FRA x-amz-cf-id _lo3Es8MQ9Q3U0hrQXiTjxoo6D9GyO0_TXm8UywG5jIwrLTg1bACZg==
GET H2	200	ELNAF2EZDFHJRAP3ODLCUU Show response d.adroll.com/consent/check/	453 B 546 B	188ms 55ms	Script application/javascript	2a05:d018:cc3:fe04:515f:a6a8:c0f8:dd64 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?pv=37435225923.48243&arrfrr=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&_s=be45ef6af9819a2746e497bc168a2fb8&_b=2 Requested by Host: s.adroll.com URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a05:d018:cc3:fe04:515f:a6a8:c0f8:dd64 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx/1.22.1 / Resource Hash 7ff1d99d8c0bae2d14cdfb4b5417fff19973ec8bcaa70326c0a14b97e620f5f3 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT server nginx/1.22.1 content-length 453 content-type application/javascript
GET H2	200	5.58816c65.min.js Show response a.omappapi.com/app/js/	16 KB 6 KB	49ms 41ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/5.58816c65.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 59fd27868af28f0432fefa2051b852b00011cdfda0c18d4e40c5adb48ef7a85b Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-51 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 587 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-3f80" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 1360723452e42a5075386c10a25ff75c cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
POST H2	204	collect region1.google-analytics.com/g/	0 253 B	134ms 46ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-4FJGSRPM4S&gtm=45je36c0&_p=851769410&gdid=dZTNiMT&cid=785965348.1686795017&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1686795016&sct=1&seg=0&dl=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&dt=Cyble%20%E2%80%94%20Threat%20Actor%20Targets%20Russian%20Gaming%20Community%20With%20WannaCry-Imitator&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers pragma no-cache date Thu, 15 Jun 2023 02:10:16 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 54 B	86ms 46ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45je36c0&_p=851769410&cid=785965348.1686795017&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1686795016&sct=1&seg=0&dl=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&dt=Cyble%20%E2%80%94%20Threat%20Actor%20Targets%20Russian%20Gaming%20Community%20With%20WannaCry-Imitator&en=page_view&_fv=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers pragma no-cache date Thu, 15 Jun 2023 02:10:16 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	2 B 206 B	47ms 46ms	XHR text/plain	2001:4860:4802:32::178 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j100&aip=1&a=851769410&t=pageview&_s=1&dl=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&ul=en-us&de=UTF-8&dt=Cyble%20%E2%80%94%20Threat%20Actor%20Targets%20Russian%20Gaming%20Community%20With%20WannaCry-Imitator&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACUABBAAAACAAI~&jid=1418085924&gjid=1217283575&cid=785965348.1686795017&tid=UA-201575643-1&_gid=1705880625.1686795017&_r=1&gtm=457e36c0&did=dZTNiMT&gdid=dZTNiMT&jsscut=1&z=390038487 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 15 Jun 2023 02:10:16 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	g.gif pixel.wp.com/	50 B 93 B	45ms 39ms	Image image/gif	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?v=ext&blog=176605947&post=17648&tz=-4&srv=blog.cyble.com&hp=atomic&ac=2&amp=0&j=1%3A12.3-a.5&host=blog.cyble.com&ref=&fcp=1305&rand=0.6447506522082251 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers access-control-allow-origin * date Thu, 15 Jun 2023 02:10:16 GMT cache-control no-cache server nginx content-length 50 content-type image/gif
GET H2	200	v2.js Show response js.hsforms.net/forms/ Frame E7C3	526 KB 164 KB	64ms 63ms	Script application/javascript	2606:4700::6810:bb41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:bb41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9936265b3f6a0c5dd572984b8167f726a15b0b37970515e4be8e9aba841af82d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers content-encoding br age 581 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3317/bundles/project-v2.js&cfRay=7d77386378720414-IAD x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"918e877a727abc96a717b3e042210f50" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3317/bundles/project-v2.js date Thu, 15 Jun 2023 02:10:16 GMT x-amz-version-id 8lPhdjeMR1RfDVa7KBsSumuzW5HHElLV via 1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 0 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 0b6cf257-a7a1-4233-9c77-16143617168b last-modified Mon, 12 Jun 2023 09:11:37 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FrGBe5eS76CUmzDm1GTfPyfAZt420YFp1hZc4JqvO1LuXitqDVmQ%2B0oulw9wNjdNkm9ZWwXDafXrwVsnOl6ypwmb%2BohPskLOdV1w4STkQkuPUwLiOpCv1%2FkZkXPE7nSLZsAOF7UAo1xiMtC"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-frzj9 cf-ray 7d7746966c229b69-FRA x-amz-cf-id eAPSZDuDXTrkVInGnlYx10ZVe6weJ90t1o98y4DaxBNl8I0ZaIXH_w==
GET H2	200	v2.js Show response js.hsforms.net/forms/ Frame 3C35	526 KB 164 KB	57ms 57ms	Script application/javascript	2606:4700::6810:bb41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/v2.js Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/v2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:bb41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9936265b3f6a0c5dd572984b8167f726a15b0b37970515e4be8e9aba841af82d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers content-encoding br age 581 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3317/bundles/project-v2.js&cfRay=7d77386378720414-IAD x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"918e877a727abc96a717b3e042210f50" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.3317/bundles/project-v2.js date Thu, 15 Jun 2023 02:10:16 GMT x-amz-version-id 8lPhdjeMR1RfDVa7KBsSumuzW5HHElLV via 1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 0 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id 0b6cf257-a7a1-4233-9c77-16143617168b last-modified Mon, 12 Jun 2023 09:11:37 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2BOQfiBX1IOfw1LSGLw%2FDl8SDNp7B2AXiAQzSFlmKMsTHFe7JgdCTV5%2Fj5BGx9u6dSi%2BLPaHJzRGp0fmO83oDt6w6msj7ZhnQFzN5tsn3pnABvFXwahXL7dlXGIsiBs8r2YUBZnVTTm4cWh5"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-frzj9 cf-ray 7d7746967c279b69-FRA x-amz-cf-id eAPSZDuDXTrkVInGnlYx10ZVe6weJ90t1o98y4DaxBNl8I0ZaIXH_w==
GET H2	200	webfont.js Show response a.omappapi.com/app/js/webfont/1.5.18/	16 KB 7 KB	40ms 40ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-570 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Fri, 19 May 2023 23:24:20 GMT server BunnyCDN-DE1-1055 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64680524-40cb" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 0a889bcccf065bc970f58d8965784059 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	4.a4362913.min.js Show response a.omappapi.com/app/js/	41 KB 13 KB	41ms 41ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/4.a4362913.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 7dbf257b712c17d642968848baba0d6ece76863dba4437b0192e2b96b2fe922d Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-570 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 587 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-a570" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 521d73cd532d4876ed844e99667284b5 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	public Show response api.hubspot.com/livechat-public/v1/message/	3 KB 2 KB	227ms 227ms	XHR application/json	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.13423&mobile=false&messagesUtk=9549703a031e410e89badce17f366063&traceId=9549703a031e410e89badce17f366063 Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9983570cb8b40664f21eb9af150f7b9bc06eb23aa998aae79e81aff0863108df Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 X-HubSpot-Messages-Uri https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT content-encoding gzip cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 7b27d15f-bd09-4477-be4c-585570d8db28 x-envoy-upstream-service-time 64 alt-svc h3=":443"; ma=86400 content-length 1386 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8ed8c327-598c-42eb-88cd-0e10b0b5da56 server cloudflare x-trace 2BB8B6679831EFF8D11A3044FA97CA50DCD38C5A85000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-swhgs cache-control no-cache, no-store, no-transform, must-revalidate, max-age=0 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k859zELITvSg89B53zLc%2BCrZKTlFLttokWY%2F0R2RNhlGW9KCzztNvqGSYGwv2lRlgkkNcXoqfy3%2FOgMy%2FAng17hDiu%2FrDWl%2F5wCzoH8j4IgwMEdX8i3RYqXuMzF3wPMTR3DbKS%2Ffa%2FOcjUQy7Q%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7d774698fde437e8-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
GET H2	200	Russian-Gamers-WannaCry-Imitator.png i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/	269 KB 270 KB	40ms 40ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/Russian-Gamers-WannaCry-Imitator.png?w=1200&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i1.wp.com Software nginx / Resource Hash 6de20506e95374f37f20d1d7ae313cf40e3d5d484018a232f0d408f63c4251c4 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 15 Jun 2023 02:10:16 GMT x-content-type-options nosniff last-modified Tue, 13 Jun 2023 16:06:09 GMT server nginx etag "d95b605812fcfbac" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/06/Russian-Gamers-WannaCry-Imitator.png>; rel="canonical" content-length 275618 expires Fri, 13 Jun 2025 04:06:09 GMT
GET H2	200	share-buttons.0bdd88c45462dfb2b073.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	1 KB 632 B	203ms 203ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.0bdd88c45462dfb2b073.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFCKExXqZ9CkobU1LcOIsTCvv6uYUwJLRu9KVpfHyOr+mDqskn8EkHzI3zrPdgLES1I0pyAEInKEXtfK1b1rs4+ttFyy/9Iztjcp1JcEc0zJBYd84r4WcDqLw5KkHzQoxPC6GrdPuZIZ4LpiKw+4KrdXu5zddmIdDBiR5vL38TWi2kYOqD3g79qbJDq2sTKTNgwVQxTMhQSM535FmaXpKxjtPQ8j1ggHhHllCYLfAASiENMJIMzc4umdFJCeN3toZjShSgnLN07nckECeeULmRVYhUBITcQzU2XayLmL2EmsrlIYUfhZns8kBURzYj8C9zG4d7FD8hCxQIzzuHKD4Q0z84ERoQVzM04O9EmyzXCmJzXdGLiGzPEO0W/LlUnwi3l1c0BLNwurI+uvflerNert5eV5tvodq74w== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 198905bddb47215ef14ccde8955cacd96f6b9170681ded0d57305601642da798 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 23 May 2023 18:11:17 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"646d01c5-4bd" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Thu, 22 Jun 2023 02:10:16 GMT
GET H2	200	load-more.c9f6aac03af905f4e206.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	5 KB 2 KB	204ms 203ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/load-more.c9f6aac03af905f4e206.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFCKExXqZ9CkobU1LcOIsTCvv6uYUwJLRu9KVpfHyOr+mDqskn8EkHzI3zrPdgLES1I0pyAEInKEXtfK1b1rs4+ttFyy/9Iztjcp1JcEc0zJBYd84r4WcDqLw5KkHzQoxPC6GrdPuZIZ4LpiKw+4KrdXu5zddmIdDBiR5vL38TWi2kYOqD3g79qbJDq2sTKTNgwVQxTMhQSM535FmaXpKxjtPQ8j1ggHhHllCYLfAASiENMJIMzc4umdFJCeN3toZjShSgnLN07nckECeeULmRVYhUBITcQzU2XayLmL2EmsrlIYUfhZns8kBURzYj8C9zG4d7FD8hCxQIzzuHKD4Q0z84ERoQVzM04O9EmyzXCmJzXdGLiGzPEO0W/LlUnwi3l1c0BLNwurI+uvflerNert5eV5tvodq74w== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 60c30c30b2994c53ef3cabd89167d58914408912f4e7ebefa163997f1603f8f2 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 23 May 2023 18:11:17 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"646d01c5-15eb" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Thu, 22 Jun 2023 02:10:16 GMT
GET H2	200	posts.e33113a212454e383747.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/	3 KB 1 KB	203ms 203ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/posts.e33113a212454e383747.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFCKExXqZ9CkobU1LcOIsTCvv6uYUwJLRu9KVpfHyOr+mDqskn8EkHzI3zrPdgLES1I0pyAEInKEXtfK1b1rs4+ttFyy/9Iztjcp1JcEc0zJBYd84r4WcDqLw5KkHzQoxPC6GrdPuZIZ4LpiKw+4KrdXu5zddmIdDBiR5vL38TWi2kYOqD3g79qbJDq2sTKTNgwVQxTMhQSM535FmaXpKxjtPQ8j1ggHhHllCYLfAASiENMJIMzc4umdFJCeN3toZjShSgnLN07nckECeeULmRVYhUBITcQzU2XayLmL2EmsrlIYUfhZns8kBURzYj8C9zG4d7FD8hCxQIzzuHKD4Q0z84ERoQVzM04O9EmyzXCmJzXdGLiGzPEO0W/LlUnwi3l1c0BLNwurI+uvflerNert5eV5tvodq74w== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 0f02bfc3bc0b8301eb6099b0af18bf0a90a11a50891564a4a6f3697625b3167e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 23 May 2023 18:11:17 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"646d01c5-cfd" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Thu, 22 Jun 2023 02:10:16 GMT
GET H2	200	text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response blog.cyble.com/wp-content/plugins/elementor/assets/js/	1 KB 703 B	203ms 202ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFCKExXqZ9CkobU1LcOIsTCvv6uYUwJLRu9KVpfHyOr+mDqskn8EkHzI3zrPdgLES1I0pyAEInKEXtfK1b1rs4+ttFyy/9Iztjcp1JcEc0zJBYd84r4WcDqLw5KkHzQoxPC6GrdPuZIZ4LpiKw+4KrdXu5zddmIdDBiR5vL38TWi2kYOqD3g79qbJDq2sTKTNgwVQxTMhQSM535FmaXpKxjtPQ8j1ggHhHllCYLfAASiENMJIMzc4umdFJCeN3toZjShSgnLN07nckECeeULmRVYhUBITcQzU2XayLmL2EmsrlIYUfhZns8kBURzYj8C9zG4d7FD8hCxQIzzuHKD4Q0z84ERoQVzM04O9EmyzXCmJzXdGLiGzPEO0W/LlUnwi3l1c0BLNwurI+uvflerNert5eV5tvodq74w== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 7dd40c1df9167d9d73fb014f4d1b4317e9455e08deb5738e7914e579e7662c78 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Sun, 28 May 2023 18:11:07 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6473993b-550" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=604800 expires Thu, 22 Jun 2023 02:10:16 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 345 B	209ms 47ms	XHR text/plain	2a00:1450:400c:c00::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-201575643-1&cid=785965348.1686795017&jid=1418085924&gjid=1217283575&_gid=1705880625.1686795017&_u=YCDACUAABAAAACAAI~&z=914915669 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Thu, 15 Jun 2023 02:10:16 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://blog.cyble.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	consent_tcfv2.js Show response s.adroll.com/j/	410 KB 55 KB	40ms 40ms	Script application/javascript	2600:9000:20c3:b400:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.adroll.com/j/consent_tcfv2.js Requested by Host: s.adroll.com URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20c3:b400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 91144fbcc0e3f609b021e362ec29d2a9b58f15e840f229eb99ea2c04d927882b Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers X-Amz-Version-Id 44sIT20LqRj70wQHqyIoOw7etYYdjkbK Content-Encoding gzip Via 1.1 c7cdb483c2afdb721f3c8ba14cd43e86.cloudfront.net (CloudFront) Date Thu, 15 Jun 2023 02:08:06 GMT Age 134 X-Amz-Cf-Pop MUC50-C1 X-Amz-Server-Side-Encryption AES256 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Last-Modified Wed, 04 May 2022 19:41:48 GMT Server AmazonS3 Etag W/"0a7d0ea8d7d31b07e925fe340acf431b" Vary Accept-Encoding Access-Control-Allow-Methods GET Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control max-age=300, must-revalidate Access-Control-Allow-Credentials false Access-Control-Max-Age 600 Access-Control-Allow-Headers * X-Amz-Cf-Id 6oMsGCedET_1jEm-nQ30tAIlL9Z3hKUoxl_uezhVTO_M3Fdg21Co0Q==
GET H2	200	17.1d529f0c.min.js Show response a.omappapi.com/app/js/	495 B 1 KB	40ms 40ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/17.1d529f0c.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 140510523003c0b9717c71d5a0f9073650326ee85176031df19ca50fac434a2a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-577 cdn-cachedat 06/09/2023 05:13:29 cdn-pullzone 293267 last-modified Sat, 20 May 2023 01:18:16 GMT server BunnyCDN-DE1-1055 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64681fd8-1ef" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid c4c2a584641f814ae48ffe9c9c13c4db cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	20.30ad6480.min.js Show response a.omappapi.com/app/js/	4 KB 2 KB	40ms 39ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/20.30ad6480.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 642dd277edb023fd13d8b20f337f5e8eaf324c4505f9e25205d46679ab6a6e0f Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-168 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 587 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-ed9" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid c322c396fad0ac38e6b996bcfb91d80e cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	28.471a76a7.min.js Show response a.omappapi.com/app/js/	6 KB 3 KB	45ms 45ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/28.471a76a7.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 9e1487afb9546c813f656f2c4e6c33bcadb2cd8b1ee7ea3ed2ee92ac2ebf0bbc Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-164 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:41 GMT server BunnyCDN-DE1-1055 cdn-fileserver 587 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8489-1759" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 150baad04259f165151831d852691dfb cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	34.a4153577.min.js Show response a.omappapi.com/app/js/	8 KB 3 KB	43ms 42ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/34.a4153577.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 6e1d0902f6625b2354dcee9e39853e1eba710efb962eff32d6fc854740c6a522 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-577 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-2071" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 0aa99b2a1a4fa9f0711cf76020de1af4 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	10.1224bb49.min.js Show response a.omappapi.com/app/js/	20 KB 7 KB	48ms 48ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/10.1224bb49.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 2394e70e9e554b5a405d343d73242bb59351f5039ecf19bf5993e592580ed729 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-165 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 587 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-4edc" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 30bdd04443e2463bcd2871125153e16e cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	0.4c34bb83.min.js Show response a.omappapi.com/app/js/	7 KB 3 KB	51ms 51ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/0.4c34bb83.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash b512f2eb5fdbbd412b6c7976aad1daea7082608784fa23b28d4642c5474799df Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-572 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-1afa" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 288f1ac06dc029df657675144229fe69 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	9.dab0c387.min.js Show response a.omappapi.com/app/js/	2 KB 2 KB	51ms 51ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/9.dab0c387.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash a6a4930427c4ca7452715a144525e4cc5faf463189fd9ab7bfad75ada86336b4 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-168 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 587 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-67f" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 9a0b03cf90a40f49c0dc7cc44b09c97d cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	11.0485dfca.min.js Show response a.omappapi.com/app/js/	2 KB 2 KB	52ms 52ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/11.0485dfca.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 0eb3b195796bd34bfe619df29e1bb106e9d438cc76a8d427bd9a186354e28cdd Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-573 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 587 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-7c4" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 3b6b5a2157edb52d0447899935287ba8 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	29.739a6460.min.js Show response a.omappapi.com/app/js/	3 KB 2 KB	50ms 48ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/29.739a6460.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash e78b254562d83b2d7e46a6f4a7787b476bf0e61d9672aa02948a69eb21a23bbd Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-570 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-ad7" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid c78ebd18fa979dae3cd8e439e1d6769b cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	27.f35a62ac.min.js Show response a.omappapi.com/app/js/	1 KB 1 KB	51ms 49ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/27.f35a62ac.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 7d1b10a63cdf8028ae5d1ebfdc35dfb610d5723bf62d833b2f9a9b1f9cd2ff44 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-168 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:39 GMT server BunnyCDN-DE1-1055 cdn-fileserver 587 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8487-4ed" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid c5c4d2a2d6e7dfc4f7fffd0bbe0a9185 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	16.9011206e.min.js Show response a.omappapi.com/app/js/	847 B 1 KB	73ms 71ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/16.9011206e.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash bf628c81f952a8cb4713f04b9b2a78e4786e7c99addcfb3ec9599d3da89df89a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-576 cdn-cachedat 06/09/2023 05:13:21 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:42 GMT server BunnyCDN-DE1-1055 cdn-fileserver 599 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b848a-34f" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 1bb7dbe3714a5be93e61169c8f5fff99 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	1.4d98ec7f.min.js Show response a.omappapi.com/app/js/	9 KB 3 KB	75ms 74ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/1.4d98ec7f.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 9f850130ac43bc95a234767ccf8fd32656091417bd2450c5151e5d53d6617192 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-51 cdn-cachedat 06/09/2023 15:32:48 cdn-pullzone 293267 last-modified Fri, 09 Jun 2023 15:32:48 GMT server BunnyCDN-DE1-1055 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"64834620-2353" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 7654b0d93fef755c8e843eb611c32839 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	22.a1b86cf5.min.js Show response a.omappapi.com/app/js/	2 KB 1 KB	73ms 72ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/22.a1b86cf5.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 96b65f7327df7c3bae0144743369651aae9ab02ee55641e7e63f574f9adbd19e Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-51 cdn-cachedat 06/09/2023 05:13:20 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 587 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-60e" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 876db8fd9efb52e5a6d146776549cf00 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	2.a71e2833.min.js Show response a.omappapi.com/app/js/	2 KB 2 KB	89ms 88ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/2.a71e2833.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash f1a3c0d62125fca80d63d62456095394452749725af04453f061b0757e276e73 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-573 cdn-cachedat 06/09/2023 05:32:30 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:41 GMT server BunnyCDN-DE1-1055 cdn-fileserver 382 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8489-8a1" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid ebe35905ddd7fb8a6160e9a48330588f cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	19.18d36f93.min.js Show response a.omappapi.com/app/js/	1 KB 1 KB	89ms 88ms	Script application/javascript	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/js/19.18d36f93.min.js Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash e1566807ec361db98bf9608dc8cd2f5cc98434d1c67d5c9426bbfa37524b5ee4 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:16 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-571 cdn-cachedat 06/09/2023 05:18:01 cdn-pullzone 293267 last-modified Mon, 22 May 2023 15:04:40 GMT server BunnyCDN-DE1-1055 cdn-fileserver 383 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"646b8488-5ea" vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 925dfcfa603bafa96af73d94cec2d61b cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H3	200	counters.gif forms.hsforms.com/embed/v3/	35 B 625 B	246ms 159ms	Image image/gif	2606:4700::6811:d3f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:d3f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC x-hubspot-correlation-id 3d060f5d-b4a4-4f3c-aba9-1e26b993ed09 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 1 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 6b596b2f-10d1-4129-9884-6d464eb9a531 server cloudflare x-trace 2BB5CD51CA1A472690FA8D3A01FA92F28116C8E855000000000000000000 vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-jkmcj access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 7d774697df4903b8-FRA
GET H/1.1	200 OK	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 983 B	247ms 163ms	Image image/gif	2606:4700::6811:d5f3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d5f3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Thu, 15 Jun 2023 02:10:17 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload CF-Cache-Status DYNAMIC X-HubSpot-Correlation-Id ae51f835-38ed-4724-b5ab-93f4c5e9e2f4 x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 1 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 82989498-66bf-4524-9d6d-df2725a016e0 Server cloudflare X-Trace 2B411374BBB0020015711F8F97F7C6BFF6E9A9D02D000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-cxrpn Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 7d7746981e9c9183-FRA
OPTIONS H2	200	public api.hubspot.com/livechat-public/v1/message/ Frame	0 0	377ms 174ms	Preflight text/plain	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.13423&mobile=false&messagesUtk=9549703a031e410e89badce17f366063&traceId=9549703a031e410e89badce17f366063 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept */* Access-Control-Request-Headers x-hubspot-messages-uri Access-Control-Request-Method GET Origin https://blog.cyble.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://blog.cyble.com allow HEAD,GET,OPTIONS alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7d774697dd3f37e8-FRA content-length 18 content-type text/plain; charset=utf-8 date Thu, 15 Jun 2023 02:10:17 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G6VvHSlZfBn%2B9Ut%2BKeLC7C30ikgJQrxsudOfFBkkUfc5tG2IoR4wtwBZteCi%2Fdg6RVhfAdojfPg5b8Qncg1lZ2Ok2FqB3ryiPc0Amfk%2BaNp7gS58o6wTAiWm%2FiJGU5wv1wTMowkmFWZaUPfB7w%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding x-envoy-upstream-service-time 7 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-79ph8 x-evy-trace-virtual-host all x-hubspot-correlation-id 8797f372-0c85-4d89-b960-ee38684d6713 x-request-id 4a67fda7-5479-48b9-bda4-d8d21c7fea81 x-trace 2B80CF83E68EAF58A9CBC65CB31003D2846718FDE9000000000000000000
GET H2	200	css fonts.googleapis.com/	3 KB 1 KB	138ms 50ms	Stylesheet text/css	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:400 Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash d265615b79f98fdfff370ea32da7b4b02317fc6017b898cfb9c657a65618ac07 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 15 Jun 2023 02:10:17 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Thu, 15 Jun 2023 00:39:14 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 15 Jun 2023 02:10:17 GMT
GET H/1.1	200 OK	nextroll-32x32.png s.adroll.com/i/favicon/	2 KB 2 KB	41ms 41ms	Image image/png	2600:9000:20c3:b400:6:9280:1080:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s.adroll.com/i/favicon/nextroll-32x32.png Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20c3:b400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 14 Jun 2023 20:31:35 GMT X-Amz-Version-Id eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0 Via 1.1 c7cdb483c2afdb721f3c8ba14cd43e86.cloudfront.net (CloudFront) Age 20322 X-Amz-Cf-Pop MUC50-C1 X-Amz-Server-Side-Encryption AES256 X-Cache Hit from cloudfront Connection keep-alive Content-Length 1615 Last-Modified Mon, 28 Jun 2021 18:19:21 GMT Server AmazonS3 Etag "403a0a7dcf2d617e7ea852bfb9d11945" Access-Control-Max-Age 600 Access-Control-Allow-Methods GET Content-Type image/png Access-Control-Allow-Origin * Access-Control-Allow-Credentials false Accept-Ranges bytes Access-Control-Allow-Headers * X-Amz-Cf-Id 0ZedTSzojg58GzpbqqnIveShdsooxLQEM5ufhtYmglM64mfCdg085Q==
GET H2	200	590d3d292d6178957f6f2d56cd112c07-optin.json Show response a.omappapi.com/app/campaign-views/b584497dcf5c/poopcsalbacovn7gzkxg/	32 KB 6 KB	119ms 40ms	XHR application/json	2400:52e0:1e00::1055:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://a.omappapi.com/app/campaign-views/b584497dcf5c/poopcsalbacovn7gzkxg/590d3d292d6178957f6f2d56cd112c07-optin.json Requested by Host: a.omappapi.com URL: https://a.omappapi.com/app/js/api.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1e00::1055:1 , Germany, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-DE1-1055 / Resource Hash 801cc197035c539bb4a679fc5e7196cf27c47fbd83626e83164eec8209bd13ef Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT content-encoding br cdn-edgestorageid 1055 perma-cache HIT cdn-storageserver DE-577 cdn-cachedat 06/13/2023 17:10:28 cdn-pullzone 293267 last-modified Tue, 13 Jun 2023 05:38:24 GMT server BunnyCDN-DE1-1055 cdn-fileserver 588 cdn-requestpullcode 200 cdn-proxyver 1.03 etag W/"648800d0-7f5b" vary Accept-Encoding content-type application/json access-control-allow-origin * cdn-cache HIT cdn-uid efcab737-66db-4b75-ab55-ed485d5a01dd access-control-expose-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cache-control public, max-age=31919000 cdn-requestid 9879a956d723f0cc8b2dc4ffbd5e8da6 cdn-requestcountrycode DE access-control-allow-headers Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match cdn-status 200 cdn-requestpullsuccess True
GET H2	200	share-link.min.js Show response blog.cyble.com/wp-content/plugins/elementor/assets/lib/share-link/	3 KB 1 KB	204ms 203ms	Script application/javascript	192.0.78.183 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.13.4 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Sun, 28 May 2023 18:11:07 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6473993b-a3c" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	Roamer-Android-Banking-Trojan-Crypto.png i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/	37 KB 37 KB	41ms 39ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/Roamer-Android-Banking-Trojan-Crypto.png?fit=300%2C150&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFCKExXqZ9CkobU1LcOIsTCvv6uYUwJLRu9KVpfHyOr+mDqskn8EkHzI3zrPdgLES1I0pyAEInKEXtfK1b1rs4+ttFyy/9Iztjcp1JcEc0zJBYd84r4WcDqLw5KkHzQoxPC6GrdPuZIZ4LpiKw+4KrdXu5zddmIdDBiR5vL38TWi2kYOqD3g79qbJDq2sTKTNgwVQxTMhQSM535FmaXpKxjtPQ8j1ggHhHllCYLfAASiENMJIMzc4umdFJCeN3toZjShSgnLN07nckECeeULmRVYhUBITcQzU2XayLmL2EmsrlIYUfhZns8kBURzYj8C9zG4d7FD8hCxQIzzuHKD4Q0z84ERoQVzM04O9EmyzXCmJzXdGLiGzPEO0W/LlUnwi3l1c0BLNwurI+uvflerNert5eV5tvodq74w== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i1.wp.com Software nginx / Resource Hash f117e1b1bef524419c6726eb6c6924d8ccd0ab0c164126fb4e71c871ae741bcf Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 3 date Thu, 15 Jun 2023 02:10:17 GMT x-content-type-options nosniff last-modified Wed, 14 Jun 2023 13:52:09 GMT server nginx etag "9782b5585c7ed2e4" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/06/Roamer-Android-Banking-Trojan-Crypto.png>; rel="canonical" content-length 37536 expires Sat, 14 Jun 2025 01:52:09 GMT
GET H2	200	Russian-Gamers-WannaCry-Imitator.png i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/	27 KB 27 KB	44ms 43ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/Russian-Gamers-WannaCry-Imitator.png?fit=300%2C150&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFCKExXqZ9CkobU1LcOIsTCvv6uYUwJLRu9KVpfHyOr+mDqskn8EkHzI3zrPdgLES1I0pyAEInKEXtfK1b1rs4+ttFyy/9Iztjcp1JcEc0zJBYd84r4WcDqLw5KkHzQoxPC6GrdPuZIZ4LpiKw+4KrdXu5zddmIdDBiR5vL38TWi2kYOqD3g79qbJDq2sTKTNgwVQxTMhQSM535FmaXpKxjtPQ8j1ggHhHllCYLfAASiENMJIMzc4umdFJCeN3toZjShSgnLN07nckECeeULmRVYhUBITcQzU2XayLmL2EmsrlIYUfhZns8kBURzYj8C9zG4d7FD8hCxQIzzuHKD4Q0z84ERoQVzM04O9EmyzXCmJzXdGLiGzPEO0W/LlUnwi3l1c0BLNwurI+uvflerNert5eV5tvodq74w== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i1.wp.com Software nginx / Resource Hash 87cc19d0e61c12a8fa2de1661d9117aa8b8803e533344f6aa9a3012132524d73 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 15 Jun 2023 02:10:17 GMT x-content-type-options nosniff last-modified Tue, 13 Jun 2023 16:03:07 GMT server nginx etag "1e78a698d1fa9f79" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/06/Russian-Gamers-WannaCry-Imitator.png>; rel="canonical" content-length 27918 expires Fri, 13 Jun 2025 04:03:07 GMT
GET H2	200	Cyble-Blogs-Python-Package.jpg i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/	47 KB 47 KB	46ms 46ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/06/Cyble-Blogs-Python-Package.jpg?fit=300%2C150&ssl=1 Requested by Host: blog.cyble.com URL: https://blog.cyble.com/_static/??-eJydU9tuwjAM/aGFCKExXqZ9CkobU1LcOIsTCvv6uYUwJLRu9KVpfHyOr+mDqskn8EkHzI3zrPdgLES1I0pyAEInKEXtfK1b1rs4+ttFyy/9Iztjcp1JcEc0zJBYd84r4WcDqLw5KkHzQoxPC6GrdPuZIZ4LpiKw+4KrdXu5zddmIdDBiR5vL38TWi2kYOqD3g79qbJDq2sTKTNgwVQxTMhQSM535FmaXpKxjtPQ8j1ggHhHllCYLfAASiENMJIMzc4umdFJCeN3toZjShSgnLN07nckECeeULmRVYhUBITcQzU2XayLmL2EmsrlIYUfhZns8kBURzYj8C9zG4d7FD8hCxQIzzuHKD4Q0z84ERoQVzM04O9EmyzXCmJzXdGLiGzPEO0W/LlUnwi3l1c0BLNwurI+uvflerNert5eV5tvodq74w== Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i1.wp.com Software nginx / Resource Hash e8c74cc2b3f932efd7322e419c4b3d5dfb6e1ecc81b3ed4406fb941a44409c16 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers x-nc HIT hhn 3 date Thu, 15 Jun 2023 02:10:17 GMT x-content-type-options nosniff last-modified Fri, 09 Jun 2023 09:31:42 GMT server nginx etag "36c4f1a360c7ea44" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.cyble.com/wp-content/uploads/2023/06/Cyble-Blogs-Python-Package.jpg>; rel="canonical" content-length 48018 expires Sun, 08 Jun 2025 21:31:42 GMT
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	114 B 1 KB	265ms 175ms	XHR application/json	2606:4700::6811:c9cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=21289959 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 90b705145ef82e9d8493aae55c9bfb3200ec0620c8946b20b0b28366557d6a4a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 19171fb3-b13a-43e5-b1e3-b817f9d48562 x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8228fd90-8517-4b49-830c-91cbdf738a9f server cloudflare x-trace 2B86B7ABE94EF12BEE273BB99C36838CA01C2BBB76000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-t5ghn access-control-max-age 180 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VY1tEfQMloIcREUJODTiyDcx92KNxEaROsjyI0PvCe89gLkXyX4GtOLGQTTmP4VLfw1Dw2joleEn5OC17744OU3xxeYc1ILDw7tpPJ8nNDeWW0%2BYExqYogyuB97TVqxIhxvp1w%2FYmcYRz5aN"}],"group":"cf-nel","max_age":604800} cf-ray 7d7746993c6c37d2-FRA access-control-allow-headers *
GET H2	200	memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 fonts.gstatic.com/s/opensans/v35/	18 KB 19 KB	128ms 40ms	Font font/woff2	2a00:1450:4001:82b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v35/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:400 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Wed, 14 Jun 2023 01:37:13 GMT x-content-type-options nosniff age 88384 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 18664 x-xss-protection 0 last-modified Tue, 02 May 2023 15:19:23 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 13 Jun 2024 01:37:13 GMT
GET H2	200	__ptq.gif track.hubspot.com/	45 B 635 B	237ms 154ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&t=Cyble+%E2%80%94+Threat+Actor+Targets+Russian+Gaming+Community+With+WannaCry-Imitator&cts=1686795017232&vi=007ac8bbb57c4a45c7f96c4a9f357652&nc=true&u=27441379.007ac8bbb57c4a45c7f96c4a9f357652.1686795017229.1686795017229.1686795017229.1&b=27441379.1.1686795017230&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 16430606-92cc-480b-96d6-246f06b251f3 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 5 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 74f894c1-c700-439a-9f37-99734e49ccb8 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IXs39lsVS2f0Yqc%2BVFhOauwIXFnuWZzHfi0TnZPH8n3k2sDBgO1ute8jR%2FAkgeNdnQms238FGX9jH0jwiykTMuya8amyqMPYxUxwrJz%2BoDkAxiHpo7YLRKHFWLN%2FXUHL5GmxAc1mHi65hWGXI7cG"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-xtt4j x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7d77469a58a635e5-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	237ms 161ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=9f0a34c2-ffdf-4c68-97d2-68e75b05f699&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&t=Cyble+%E2%80%94+Threat+Actor+Targets+Russian+Gaming+Community+With+WannaCry-Imitator&cts=1686795017234&vi=007ac8bbb57c4a45c7f96c4a9f357652&nc=true&u=27441379.007ac8bbb57c4a45c7f96c4a9f357652.1686795017229.1686795017229.1686795017229.1&b=27441379.1.1686795017230&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 1ce9f664-12d8-42b3-85ed-11101e0e52fc p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 84b7b169-faa1-48fc-96be-9a48e58f1d30 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EsSVTjiGQgm%2FH0khC0fWQw5zpV9O0P%2FwJT3lkVmM6ilmrsTI5zirjxSyNhcAwa7KWsKaREAezioX8zAf2V1qzlyqbKZ40tHOAhGuYfpmBk%2B2ZPxSE6naQv1KGlKgJASSuz7E%2BsxaSR5zFnBXD%2FSB"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-2c4rt x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7d77469a58aa35e5-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	223ms 147ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=9f0a34c2-ffdf-4c68-97d2-68e75b05f699&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&t=Cyble+%E2%80%94+Threat+Actor+Targets+Russian+Gaming+Community+With+WannaCry-Imitator&cts=1686795017234&vi=007ac8bbb57c4a45c7f96c4a9f357652&nc=true&u=27441379.007ac8bbb57c4a45c7f96c4a9f357652.1686795017229.1686795017229.1686795017229.1&b=27441379.1.1686795017230&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id aac9fae6-c7a8-4bef-a3ec-dc24f60b8465 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 4 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 2c8676fd-882c-45e2-9c35-5d59fffa0571 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZCvTS6m04VT68vXJjucPxek0NUWrTXXvfDRm6dXPSlyoUUGQ11PhbLvczYDkVCdnRN5%2BAvg8tbYlQANntNQON0JcuwAZAJ855QsEQg5ykTe%2Fr9N2X%2BGGL%2FcLZqEZlFgG4JiCGQmvF8X4Pq5EVNf"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-vrlgm x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7d77469a58a835e5-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 636 B	490ms 413ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=77314d15-071d-4b27-8e74-35a1408f6fbc&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&t=Cyble+%E2%80%94+Threat+Actor+Targets+Russian+Gaming+Community+With+WannaCry-Imitator&cts=1686795017235&vi=007ac8bbb57c4a45c7f96c4a9f357652&nc=true&u=27441379.007ac8bbb57c4a45c7f96c4a9f357652.1686795017229.1686795017229.1686795017229.1&b=27441379.1.1686795017230&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 91d80007-153e-4f3b-be1a-4b65e1f6f8a0 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 6 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 22adfef1-ce21-49d9-922c-cec84cc91803 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pe126FZdqMLS9gQ3HCOLVdCF6j607o2RFQcY%2FukhELy0to191X2ZLzSd9IyfVq3z7tGpUnYC7awTc22KVUVXEvKu42VdC%2F4aI7ZU3Mvo2B3AZLNSC%2Fhfx6XcAPgPX9cFYmPpB1irG2XDqII6iWTE"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-pwxm2 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7d77469a58ab35e5-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 642 B	233ms 157ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=77314d15-071d-4b27-8e74-35a1408f6fbc&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&t=Cyble+%E2%80%94+Threat+Actor+Targets+Russian+Gaming+Community+With+WannaCry-Imitator&cts=1686795017235&vi=007ac8bbb57c4a45c7f96c4a9f357652&nc=true&u=27441379.007ac8bbb57c4a45c7f96c4a9f357652.1686795017229.1686795017229.1686795017229.1&b=27441379.1.1686795017230&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 75c30098-6073-44fe-91e2-e3c1010696e4 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 7 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 45864ed9-4a65-4dae-ba71-ac195b2c56cd server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=12IVOsz%2FVPsYwailUrIKq%2BGH6j3p7%2BG0lrICsPxjkzNx8j3XOYjqnvAht%2BqGF%2B7iC%2BY1XxcLQWsN%2BWcN7oKZyGmY2eJQ9xwRLoxaUHgYI9ScDKJMtu2UGgZIQ6zN0E2T3xN2kkQAG5AMw88NQqE4"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-wnd65 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7d77469a58a935e5-FRA x-robots-tag none
GET H2	200	json Show response forms.hubspot.com/lead-flows-config/v1/config/	4 KB 2 KB	193ms 193ms	XHR application/json	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&utk=007ac8bbb57c4a45c7f96c4a9f357652&__hstc=27441379.007ac8bbb57c4a45c7f96c4a9f357652.1686795017229.1686795017229.1686795017229.1&__hssc=27441379.1.1686795017230&currentUrl=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F Requested by Host: js.hsleadflows.net URL: https://js.hsleadflows.net/leadflows.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c8885f93b149028bc18b0c9762528cb2ac41d7521dddab22b8ed68a908752b6b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id 727ba0e7-5c32-44d2-b21b-e401210dabed x-evy-trace-route-service-name envoyset-translator x-envoy-upstream-service-time 29 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 252100e2-5002-4295-887a-9f56b3053448 server cloudflare vary origin access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://blog.cyble.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials false cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w2WSMh88vxONNXllyt3kxsQc7DvxZDbLAJvNo9W8E1i1Le%2BYgunc3wW9joR3iXd5qDbUANFaZoWu0tRtzWuvHszDD4gYJaCt9xWihBqDjKpR%2B9CYB8QHAO5BnxoEpASwQRL0nhHrXjmyqUrctua5"}],"group":"cf-nel","max_age":604800} x-robots-tag none access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 7d77469a0e7037e8-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-759c64d45c-llkhw
GET H2	200	stats.json Show response injection.amibreached.com/ Frame 3987	124 B 977 B	182ms 99ms	Fetch application/json	2606:4700:20::ac43:4768 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/stats.json Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bbdb1d21246d1c1a65aca8b41818f593b2d4704a459983866c0d331151b91887 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront) cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 78471 x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:52 GMT server cloudflare etag W/"b660d52d56d1db01c2e37397c007a1e4" vary Accept-Encoding access-control-allow-methods GET content-type application/json access-control-allow-origin https://blog.cyble.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aeS5V%2B%2B7bqbOEsYGEBgfpWRTqdtvDZzTC2Kmcxp6FZf3OtyZ3oHCq%2Bf0yhN0LebrNRwcT1isw3nJXLyV3dsLohoDkAdlQDKiPFjPg7dqvhIk9tyEX%2FFyIhuVT4tOAtERRy3BqKk1UNLtjf4Tvs61pNxcQn0BJx0%3D"}],"group":"cf-nel","max_age":604800} access-control-expose-headers x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, x-origin access-control-max-age 3000 access-control-allow-credentials true cf-ray 7d77469acb1391f6-FRA x-amz-cf-id I4k4QsbJ4htooMV7M_TKRmkZje5vSUgqSzuQk94TLsUNraDvarQ3qw==
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	202ms 52ms	Script application/x-javascript	2a02:26f0:3100::1735:28a8 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:28a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 10 Jan 2023 17:22:56 GMT x-cdn AKAM vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=10077 accept-ranges bytes content-length 4777
GET H2	200	9549703a031e410e89badce17f366063 Show response app.hubspot.com/conversations-visitor/21289959/threads/utk/ Frame 41CB	53 KB 19 KB	222ms 222ms	Document text/html	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/conversations-visitor/21289959/threads/utk/9549703a031e410e89badce17f366063?uuid=9386ce4c5b0a48fdad98d3108001d92e&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=9549703a031e410e89badce17f366063&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8f43a1fd53a01024b894670187b107eeec4f37531f32cef718083a7b4972c901 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://blog.cyble.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials false age 265 alt-svc h3=":443"; ma=86400 cache-control max-age=600 cache-tag staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod cf-cache-status DYNAMIC cf-ray 7d77469a68b435e5-FRA content-encoding br content-security-policy-report-only script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.15875/html/index.html&cfRay=7d77469a68b435e5&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F21289959%2Fthreads%2Futk%2F9549703a031e410e89badce17f366063%3Fuuid%3D9386ce4c5b0a48fdad98d3108001d92e%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3Dnull%26domain%3Dblog.cyble.com%26inApp53%3Dfalse%26messagesUtk%3D9549703a031e410e89badce17f366063%26url%3Dhttps%253A%252F%252Fblog.cyble.com%252F2023%252F06%252F13%252Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3Dnull%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dtrue%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fblog.cyble.com%2F&cfenv=prod&pdt=2023-06-15&csp=ro content-type text/html; charset=utf-8 date Thu, 15 Jun 2023 02:10:17 GMT etag W/"57da7fac47f6118b412fde3e5779c8a0" last-modified Tue, 13 Jun 2023 10:43:24 UTC report-to {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]} reporting-endpoints default="https://send.hsbrowserreports.com/csp/reports?cfRay=7d77469a68b435e5&resource=conversations-visitor-ui/static-1.15875/html/index.html" server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding via 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront) x-amz-cf-id WXNM1skd7eF-POEytP6s8nGM467RA5Kc5v6ucHxKwMsT1nszcU6wEg== x-amz-cf-pop IAD12-P3 x-amz-replication-status COMPLETED x-amz-server-side-encryption AES256 x-amz-version-id pdsNN44Ej5eBKCZ5KXHR6.D0UlCNBixd x-cache Hit from cloudfront x-envoy-upstream-service-time 5 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-57ff77fcd-ksc82 x-evy-trace-virtual-host all x-hs-cache-status MISS x-hs-target-asset conversations-visitor-ui/static-1.15875/html/index.html x-hs-worker-debug-mode false x-request-id 1bea563c-8a54-4f2b-a03c-4bc6b2ea2aaf
GET H2	200	__ptq.gif track.hubspot.com/	45 B 438 B	408ms 407ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=16&fi=790ac0ff-0b05-4061-9a47-31d43798706a&lfi=3647704&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&t=Cyble+%E2%80%94+Threat+Actor+Targets+Russian+Gaming+Community+With+WannaCry-Imitator&cts=1686795017464&vi=007ac8bbb57c4a45c7f96c4a9f357652&nc=true&u=27441379.007ac8bbb57c4a45c7f96c4a9f357652.1686795017229.1686795017229.1686795017229.1&b=27441379.1.1686795017230&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 3af7649c-c424-4d35-96a8-085b5b5c0e79 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 5 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 41471f45-16e9-4fa3-820a-b43e29cf1cfb server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y42IPwEbcV5ZVB1pPF11FqLZuwvafHX6sImzm8PRD%2FFnUxaXX3Po8x8IBZ6CD0qi7ZoVe2FpyZvGmZ%2Bgb2QN8jDasgjfGsqytZGnmZvD%2B1EQKLJuZhXPTo%2F6q0qwfJO5%2BAVkR72A2HNcrilHwYcj"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-vrlgm x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7d77469b492f35e5-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 742 B	162ms 161ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=16&fi=cee71856-29e8-471c-8003-80db9e58e8dc&lfi=5011554&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&pu=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&t=Cyble+%E2%80%94+Threat+Actor+Targets+Russian+Gaming+Community+With+WannaCry-Imitator&cts=1686795017465&vi=007ac8bbb57c4a45c7f96c4a9f357652&nc=true&u=27441379.007ac8bbb57c4a45c7f96c4a9f357652.1686795017229.1686795017229.1686795017229.1&b=27441379.1.1686795017230&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 8a111908-f812-4ba3-bc0b-2bbeffc00545 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 5 alt-svc h3=":443"; ma=86400 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 29faae78-4126-4a6b-9ebd-753a27128eae server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FYBmmhf3xSYu0CMo5xjO7m5Cr%2B73Eoofsu1TvhBnBlTrASdXIDGCQQdWQszC6Kr4ZyZxIQbQAP2WWRZcN9ySRXK5DyAYG4%2F0mw0YN6kWte4UJZsRJhfjeGeM5BSJZrYhK%2Fgs56ymGiVH%2FrFmKWqe"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-5f6448c676-j9299 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 7d77469b493035e5-FRA x-robots-tag none
GET H2	200	inject.8d8a39d8fa64efbb0671.bundle.js Show response injection.amibreached.com/ Frame 3987	130 KB 44 KB	74ms 74ms	Script application/javascript	2606:4700:20::ac43:4768 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9af44543fbf7b09c3d68e46dcb21d2cb9ec5f18bbd537cea92360a85c5db793e Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 fdd677a35b242f0199586a71e2f6859e.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3479 x-amz-cf-pop FRA56-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"046f84a87526210ff005ab33291675c9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mbBDQjXDI5Q%2BuuyaZOOaWpNCDPZp%2BynzEseR7mCzwr1U71q82cGmB8kXdFwg3IV%2FdYspp6DfWJb1%2FS8Fr4BcaJVQo3uxXeQVj%2BM3xahxVNxYcm%2FV00bc1IA3DB8kV4ZR9DDpqqOSM0GwVjM5Vg2GvrTAh2PWnoE%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7d77469b684e1bc3-FRA x-amz-cf-id tzLbz1kBtdTLV54_UkLpDPryXBG9GY92lHo8XEbX_-hccyA3EOkAsQ==
GET H2	200	main.8d8a39d8fa64efbb0671.css injection.amibreached.com/css/ Frame 3987	703 B 778 B	70ms 70ms	Stylesheet text/css	2606:4700:20::ac43:4768 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/css/main.8d8a39d8fa64efbb0671.css Requested by Host: blog.cyble.com URL: https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c7d0240fd43289ab1411c5fa1277574ee436d3a3bbb82d34c4d82f32d04517b8 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3479 x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"ff4f518052149a21c5b6397b3f717f6a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYNW1TvPz9QqFuWAr4rF8rvezOtkbv4DHZXgmuOoqNmaZgVkpM0SXDoLiPOOs%2FYBK1wW2V2vCw%2F0tponDsJbA3wk49b9X%2FCZT3fDjZgXffuiEV7ThJrZCxW0nJ9WFNwlUDOsWJZWO6nypiEfKo4USd53rqUSTl8%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7d77469b684f1bc3-FRA x-amz-cf-id NXgExu_5hpr7DchpX0tZgh0nAW7WKmMu4WzLzRq1meWQojYlmiGEgg==
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/4053396/domain/blog.cyble.com/	36 B 375 B	187ms 51ms	XHR application/json	2600:9000:237d:8c00:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/4053396/domain/blog.cyble.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:237d:8c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://blog.cyble.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 01:11:59 GMT content-encoding gzip via 1.1 67393fa6b3a865c1a8252acac0aa5cbc.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P2 age 3498 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=3600 x-amz-cf-id Ke5pFZlJNBxNpgMoGdHtTaCtmxtCwxGDsHB0yTQHWuAU0dBQz6oOyA==
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1686795017518&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitato... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1686795017518&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitato... https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1686795017518%26url%3Dhttps%253A%252F%252Fblog.cyble.com%252F202... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1686795017518&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitato... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1686795017518&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitat...	0 268 B	245ms 138ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1686795017518&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&cookiesTest=true&liSync=true&e_ipv6=AQJLdHd-iQxbzwAAAYi80WCGlC-kTJJAFMoPMJiEhP1gRfTsezHSQfv2rhrrozmYkkBO38k Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:18 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 3DFEDD094AC94BF58549E2AD5F201078 Ref B: DUS30EDGE0913 Ref C: 2023-06-15T02:10:18Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lva1 x-li-proto http/2 content-length 0 x-li-uuid AAX+IZHktfaTzITzOJE1Lw== Redirect headers date Thu, 15 Jun 2023 02:10:17 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 98D2E27455E94F9D8D84D999C9C03E6D Ref B: FRAEDGE1405 Ref C: 2023-06-15T02:10:18Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1686795017518&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&cookiesTest=true&liSync=true&e_ipv6=AQJLdHd-iQxbzwAAAYi80WCGlC-kTJJAFMoPMJiEhP1gRfTsezHSQfv2rhrrozmYkkBO38k x-li-proto http/2 content-length 0 x-li-uuid AAX+IZHg89IpBoeszTA8gQ==
GET H2	200	bundle.production.js Show response static.hsappstatic.net/head-dlb/static-1.338/ Frame 41CB	44 KB 17 KB	130ms 47ms	Script application/javascript	2606:4700::6812:8d65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/head-dlb/static-1.338/bundle.production.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/9549703a031e410e89badce17f366063?uuid=9386ce4c5b0a48fdad98d3108001d92e&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=9549703a031e410e89badce17f366063&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8d65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef39ee441c4e7792c5cda9a8bd86ddce96d9b17bda0cc9f7187f1a70ce9b3ed5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT x-amz-version-id uq4ahwTgbmdDVq3iqHPHE8OZSufTo1wc via 1.1 3cfbed06658a9baeb1fb855c8ec682f2.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop MXP63-P2 age 1235275 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Fri, 28 Apr 2023 15:18:57 GMT server cloudflare etag W/"d4a36ffcc533bcbae2a557884d3059e8" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=emIeuSau31N8WR4rr72Y%2F3WdfTy1wMO6nZq0eHKWgzTuOVFLfVIoqR87ornqaCMGJR06mbEqs7Y8Shmy2pgGGmrPw6r6loc2%2BmNFIuvOukTEkjRMwIdl9KSG0%2BlxoE611KQ3HhL9wJicRxKvCNO2qHj8frU%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 cf-ray 7d77469c5e4d9bf5-FRA x-amz-cf-id 9yv5_zJVq-TQVwA1tmCT6CUK10MQir9NjJFOiezrTUMRHyOE8a-dbQ== expires Fri, 14 Jun 2024 02:10:17 GMT
GET H2	200	visitor.css static.hsappstatic.net/conversations-visitor-ui/static-1.14945/sass/ Frame 41CB	20 KB 4 KB	131ms 48ms	Stylesheet text/css	2606:4700::6812:8d65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/conversations-visitor-ui/static-1.14945/sass/visitor.css Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/9549703a031e410e89badce17f366063?uuid=9386ce4c5b0a48fdad98d3108001d92e&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=9549703a031e410e89badce17f366063&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8d65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 36d655313c51c3540e79a4ed3bff5be86110779b4e25043a6e78150a58cdbc66 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://app.hubspot.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT x-amz-version-id eTttM9S_vWGkXsa3G13R54bOHuRyRlPL via 1.1 b7d4565713c18d30abacb67e4342fac0.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop HAM50-P1 age 1282861 x-amz-server-side-encryption AES256 content-encoding br x-cache Miss from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Mon, 06 Mar 2023 22:24:16 GMT server cloudflare etag W/"8b2053a9d9199e217c1f3e61d80f5d90" vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4IjN8%2FpLDThFsoJfTZgs6vPqbOxDSO0%2BIfrtJte9b6lbCK57YdUan4HgYeAf2BhJk1S2lFTkyP4mrciDBTOIrUqntzDzqHXuAigMaFDwB2Pvy%2B4X48YTTE6EHvpJSG08JD%2FbYdVtUWZbGMqUtx0Xo07Q7KU%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=31536000 cf-ray 7d77469c5c632c00-FRA x-amz-cf-id b0rsGI4jhJL1hO-q3-eDaZXBxKuue2gJ7ZT-WNiX572VGv0WYwb4LA== expires Fri, 14 Jun 2024 02:10:17 GMT
GET H2	200	bundle.production.js Show response static.hsappstatic.net/hubspot-dlb/static-1.392/ Frame 41CB	294 KB 94 KB	131ms 48ms	Script application/javascript	2606:4700::6812:8d65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/hubspot-dlb/static-1.392/bundle.production.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/9549703a031e410e89badce17f366063?uuid=9386ce4c5b0a48fdad98d3108001d92e&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=9549703a031e410e89badce17f366063&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8d65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a827ba0a43cbeb52e1f7c01fac1d8526f1a927ef58d5a0bc4ea4047a8b47f075 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT x-amz-version-id GyJQrIoHDRIfCuwwSVVsJwX13g1Qp9_O via 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 age 595726 x-amz-server-side-encryption AES256 content-encoding br x-cache RefreshHit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Thu, 06 Apr 2023 11:56:47 GMT server cloudflare etag W/"90cd3e4c19469ce68f12da7dbe18af11" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cxr6D7uCDEth3bMz0Feb%2Fbcv3J0R%2BfH%2FRm2vga18bc%2Bkc4qqJdWV78nKLjdTMugCN%2B%2FPQ%2FLj4A%2FAfn2dH%2FKUMAEuzAG4wU8AfPoYuHyw%2BEUBmfTPXO0FgaS5NBdl6Lc9rNV9eT6mIaCZfWj65HvEFUa%2FfcM%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 cf-ray 7d77469c5e4e9bf5-FRA x-amz-cf-id zuBVbdQQYg3LBzmKyy3EJoTh60ToWxDtYwBUBF0PsxsXfIZTgjGhJQ== expires Fri, 14 Jun 2024 02:10:17 GMT
GET H2	200	visitor.js Show response static.hsappstatic.net/conversations-visitor-ui/static-1.15875/bundles/ Frame 41CB	609 KB 179 KB	137ms 54ms	Script application/javascript	2606:4700::6812:8d65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/conversations-visitor-ui/static-1.15875/bundles/visitor.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/9549703a031e410e89badce17f366063?uuid=9386ce4c5b0a48fdad98d3108001d92e&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=9549703a031e410e89badce17f366063&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8d65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d2dd6d3ca05d70d8c0b7aea1555a09c5121fc83f24064caacb32066b25cb760b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT x-amz-version-id gzX1w2KZcg7KeqTrg75XcJMiuZCnlpxJ via 1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 age 98800 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Tue, 13 Jun 2023 17:55:03 GMT server cloudflare etag W/"4468d23f08a4175c529ac970d4450693" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2By0L1A6CFBT%2BrwcIFz2aIntq%2FZjug8VGpxwnbk5%2FPjNxWSIeoseLJ2KKFY8Dd5b7ff1EsJH9OZy2ZEmqI2mS2fJKh8W1IhnWMY4GNqfyqxWDV5sMr9vz3cMof%2FJsoULVn0ZCLT9mWdOdvwFV4%2FwrFrUH8xs%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 cf-ray 7d77469c5e4f9bf5-FRA x-amz-cf-id YGMor8B6uNZOgCJeYykiqwnSuop8h_leypiVYC0amnm8DnDiPofI_A== expires Fri, 14 Jun 2024 02:10:17 GMT
GET H2	200	272.8d8a39d8fa64efbb0671.css injection.amibreached.com/css/ Frame 3987	348 KB 52 KB	72ms 71ms	Stylesheet text/css	2606:4700:20::ac43:4768 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c77d2ba289d0e2827ad7f79b00972a63c7f4426d89b8ce6b5da90a368760cfe4 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3479 x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"a858af055119af47585aeffbfd69ceac" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3N4BoivF7FfnreKi0k%2BMXx0BnrnsZ5x15pNsJHlj4bOQD50oS%2FR1qU2Axm%2BEQgBWMfb4py6DtS48%2B7OQ5u%2Fg1R8fS3LIKvjwrFYiHzJWscoFqcV4G2e5P5f8ZekIOfNbRC5z1o4cBL%2BgrPV6l4ELVwYMTSlzFLQ%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7d77469c28d51bc3-FRA x-amz-cf-id VhQv7NaJPhNgjtj6YKA8AnSwQZnXrkcJFHcVtwxUN7N8jgDE52rcyQ==
GET H2	200	272.8d8a39d8fa64efbb0671.chunk.js Show response injection.amibreached.com/chunks/ Frame 3987	381 KB 100 KB	68ms 68ms	Script application/javascript	2606:4700:20::ac43:4768 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/chunks/272.8d8a39d8fa64efbb0671.chunk.js Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 29d409fee0f34ebc05fa36076c101b77e28dccbcfdbfbf4cf248371820ca9ddb Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 89c822bb1ce1445a7be6d1057088cfbe.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3479 x-amz-cf-pop FRA6-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:50 GMT server cloudflare etag W/"a161e1a55882deeacea4aadc5ab6a660" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UBnowB3YyJ8NmrXLxb49W6Vr85zAuZb3fJOf3QfMNw02khthOrlhM8D%2FUerz1jyzzVd4oUF7A1Lg7wCQCTjAuKaYUchbXJm00G0LbHV4H2saVt98PvRXBnWfaqets4q77T158uHibEOS8cvBg5gqAERZB3expJs%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7d77469c28d61bc3-FRA x-amz-cf-id Se6UK0Wh3b8g_e0rrYMtAQxR6p9yUZE_P_1Z06v_ziaK7K5mFVUbHg==
GET H2	200	349.8d8a39d8fa64efbb0671.css injection.amibreached.com/css/ Frame 3987	3 KB 1 KB	109ms 108ms	Stylesheet text/css	2606:4700:20::ac43:4768 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/css/349.8d8a39d8fa64efbb0671.css Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9d904f71a4d973dac278821490969eb0a63dd97635584930bbbbec0a3e608d75 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 f2fa38e6635ded6d22a69d089217bc90.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3479 x-amz-cf-pop FRA56-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"d5e9ad0edf5f90c0d209a111611b1fba" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=emkXgbcHZELrsgQwrYBxlMoYYMJzha2gXATN%2BN8qPAkWy3DhMjbAx2ZPEk0cfj6Z1dVp07%2Ba2DsJdXdOqwywH3UtMY0mtswxy7APutES%2F03Sv7sV7KukNmpPRS2Lc%2B96J3Wc02IeotYLZ%2BCSFRaNfRxPWSgMe4w%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7d77469c28d71bc3-FRA x-amz-cf-id XSOmTNIUC4tNgIsbFIAPtaCG4T6e6VmAwGSZFTku1butz7qkOFFtrw==
GET H2	200	349.8d8a39d8fa64efbb0671.chunk.js Show response injection.amibreached.com/chunks/ Frame 3987	16 KB 5 KB	77ms 77ms	Script application/javascript	2606:4700:20::ac43:4768 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/chunks/349.8d8a39d8fa64efbb0671.chunk.js Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a2c197367cb631f88fca96c13ec0c06d0a99bc5398d0349716bc06ce7a91e8ce Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff age 3479 x-amz-cf-pop FRA2-C1 content-encoding br x-cache Hit from cloudfront last-modified Mon, 23 May 2022 20:31:51 GMT server cloudflare etag W/"0e05edf25a54d46e1a8ef01ec442978b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T7Qlz0337itHs9tYOjFcpwuRGFksfNkiQgTgSJfvGJq3p5p8DpuxlG2vQX7Eg9l%2FwMsiASdzsC3ALEUcrT9shNAT7erLZTwlFAKu3scAP%2FNm760ID%2BuHKLK6HcR%2BatPK7L5iYeGJvIjgIOQmJq27djC3zGJxFdE%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=120 cf-ray 7d77469c28d81bc3-FRA x-amz-cf-id fOXYeKZo72csGnrfL0HfZJq2YWZBSomT9wKFVwle6R8XPHjW5-2Abw==
GET H2	200	primeicons.ttf injection.amibreached.com/assets/fonts/ Frame 3987	56 KB 57 KB	78ms 78ms	Font binary/octet-stream	2606:4700:20::ac43:4768 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://injection.amibreached.com/assets/fonts/primeicons.ttf Requested by Host: injection.amibreached.com URL: https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c1e93246e1f3ea9a11fa1a6d7c14e48a1da911f92043e2e6ef59da5ffd38f070 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css Origin https://blog.cyble.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT strict-transport-security max-age=15552000; includeSubDomains; preload via 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront) cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff x-amz-cf-pop FRA6-C1 x-cache Hit from cloudfront content-length 57384 last-modified Mon, 23 May 2022 20:31:50 GMT server cloudflare etag "121254f73060bcbb53ca13258dbd134f" vary Accept-Encoding access-control-allow-methods GET content-type binary/octet-stream access-control-allow-origin https://blog.cyble.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cFfDCjfR9a3meMK612VUNf890IBuuJtWzk6HwqRta3CYZr8fOJkmxmUveVqpfoN2OOq13uiAXJP60ztEpfD2qKbmQ5M4cyIzACm3erK1HiGvnoguY7AOZqjrzVlVxcbHzv8xRVx1mFmFf28fwSQXFiz4ZP3RLiI%3D"}],"group":"cf-nel","max_age":604800} access-control-expose-headers x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, x-origin cache-control max-age=120 access-control-allow-credentials true access-control-max-age 3000 accept-ranges bytes cf-ray 7d77469d3c2891f6-FRA x-amz-cf-id 8fwfFOnPndQwiUXUc519F6YvjeQtDexlCJaJKthzT5dQp2PX2J65mw==
GET H2	200	i18n-data-data-locales-en-us.js Show response static.hsappstatic.net/conversations-visitor-ui/static-1.15785/ Frame 41CB	776 B 870 B	46ms 46ms	Script application/javascript	2606:4700::6812:8d65 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/conversations-visitor-ui/static-1.15785/i18n-data-data-locales-en-us.js Requested by Host: static.hsappstatic.net URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.15875/bundles/visitor.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8d65 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5773922958407876324a55ff40662ecd526f8829178ab8790a6e8dce853b3f5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:17 GMT x-amz-version-id SpNiq4P9pGdDdfmtMtY74SmCGTt9GDKN via 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA56-P2 age 1340981 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED alt-svc h3=":443"; ma=86400 last-modified Fri, 26 May 2023 19:36:10 GMT server cloudflare etag W/"28c9a8bedc7c9bf5c53a75a4a0be86eb" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CdKgAq4jeqfWWEKxkaIRzIE1eyXUb74NE%2B7XDWpZI68p5gkYvPpqMd%2FrBirrTzkLCT0%2FFeMqwwnNzDxc2ZN%2F%2B50BXGK0GE9I4cW7Jic67qNoBN3ABxvM3vsBhYwzB%2BkgEm3Pcvcw1qWeFEUME5VygpXrpHY%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 cf-ray 7d77469ddf469bf5-FRA x-amz-cf-id 9HBYBmetwfD7dPQ-0qq9NIwBWnFgyhdBMIXNxdb52hBXY0eX09UmOA== expires Fri, 14 Jun 2024 02:10:17 GMT
GET H2	200	hawk.png labs.cyble.com/hs-fs/hubfs/ Frame 41CB	4 KB 5 KB	185ms 61ms	Image image/webp	2606:2c40::c73c:67e2 CLOUDFLARESPECTRU...
General Check archive.org Show headers Download Go to Show image Full URL https://labs.cyble.com/hs-fs/hubfs/hawk.png?width=108&height=108 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 079ceaa0981ce7f89ad67f2b125a26b02d93a4b400b0d01c1095d9d03b24c738 Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app.hubspot.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:18 GMT strict-transport-security max-age=31536000 via 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-content-type-options nosniff content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests cache-tag F-83412232556,P-21289959,FLS-ALL x-hs-https-only worker alt-svc h3=":443"; ma=86400 content-length 4194 cf-resized internal=ok/m q=0 n=882+0 c=53+45 v=2023.4.2 l=4194 last-modified Tue, 30 Aug 2022 08:53:18 GMT cf-bgj imgq:86,h2pri server cloudflare etag "cfLv25S9_RZ9mVF-YFCFUfZcZkUn9Bg2vL7Sxl6y2PDQ:ac94ce2bd2684e2d18ebb6c3988701dd" vary Accept, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8g5ERscL%2B24ziTN05sP0rd1b5d0FpoOqGpSqwdP0VGsfyD4HeDlMzfAs52KtzNSjCm5qOT4pNPoCNBhAzrW7UJMPwzxNxczxYR7XerpaU5KCfSXZqk2imsTA2zEJdKsieLCuD7GqsZkad7w"}],"group":"cf-nel","max_age":604800} content-type image/webp access-control-allow-origin * cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 accept-ranges bytes cf-ray 7d77469f4e0a9ba1-FRA
POST H3	204	rhumb app.hubspot.com/api/cartographer/v1/ Frame 41CB	0 1 KB	156ms 155ms	Ping text/plain	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/api/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.15875 Requested by Host: static.hsappstatic.net URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.15875/bundles/visitor.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/conversations-visitor/21289959/threads/utk/9549703a031e410e89badce17f366063?uuid=9386ce4c5b0a48fdad98d3108001d92e&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=9549703a031e410e89badce17f366063&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Thu, 15 Jun 2023 02:10:18 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 8444755f-12c5-4669-b8a8-27af53c3ca25 x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id ef5dbe93-3e91-4a33-9f30-ceaf44de5cbc server cloudflare vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=05CU8xktfvXmCB6%2Fq%2BJCn%2FWOnc1aLtHuEyfcAIsweWRH1Njo4z%2BQnlJG5icVDJpZyWC%2BL%2BXrQ8MFPw2a%2FeRhRghAcOVlAm0QZRPQGq8Fo0lHYefE7mPvjgoO2NGO0Uqvlu2qIpGVRya%2FSnpXyg%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin https://app.hubspot.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-79ph8 access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing, X-Hubspot-Correct-Hublet, X-HubSpot-Auth-Failure access-control-max-age 604800 access-control-allow-credentials true x-evy-trace-virtual-host all cf-ray 7d77469e8a18193b-FRA access-control-allow-headers Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer timing-allow-origin *
GET H3	200	welcomeMessages Show response app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/ Frame 41CB	982 B 1 KB	187ms 187ms	XHR application/json	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/welcomeMessages?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.15875&conversations-visitor-ui=static-1.15875&traceId=9549703a031e410e89badce17f366063&sessionId=AMOaWbKhrTku7am13yw2VfqRcL7PzASm974hykO0Se2aTu_e1oJdZa07waYuoeU3Fmy6k3AXV_k8_7Go96otF7mIfvuFoKXfNRjMB8GdVVV4OKiOaC2WxEARv57uTpBXg8mIjux12ApygI8CTIEff2K_Db073WiaBhP6GZNSiXznvOtiHiesjs8 Requested by Host: static.hsappstatic.net URL: https://static.hsappstatic.net/head-dlb/static-1.338/bundle.production.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9ee7a0ea6650c0700c69e01125142b11212b04e49a17b5ddf1bd96501fb88b41 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://app.hubspot.com/conversations-visitor/21289959/threads/utk/9549703a031e410e89badce17f366063?uuid=9386ce4c5b0a48fdad98d3108001d92e&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.cyble.com&inApp53=false&messagesUtk=9549703a031e410e89badce17f366063&url=https%3A%2F%2Fblog.cyble.com%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&enableWidgetCookieBanner=false&isInCMS=false accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Thu, 15 Jun 2023 02:10:18 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id a1b97234-55cc-47a4-bac0-2dca1118293d x-envoy-upstream-service-time 23 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id b8a5bf1a-1612-43b3-b9d7-baee8d931e40 server cloudflare x-trace 2B61E64BDF81D93E652D6EA0D3CF21F462913E1F61000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-598c95b5b7-fmst8 x-evy-trace-virtual-host all access-control-allow-credentials false report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mrdNIspo5Qp995U1Iv93UkQ0HXhzu5R3dXv5PFM4RywYLFHmro30UmDm9O5Gs0jZJ8xX8I5lJldcXAxKQlIW5TCxs2rDLnNwgpbFVamNxgZNhJdVdZ%2BWzuE3gsgMMZ0Jf7FSNw4Zp1JF5K0C4g%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 7d77469e8a22193b-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
GET H2	204	boom.gif pixel.wp.com/	0 37 B	41ms 40ms	Image text/plain	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.08&largest_contentful_paint=2093&batcache_hit=0&provider=wordpress.com&service=atomic&effective_connection_type=4g&rtt=0&downlink=9800&host_name=blog.cyble.com&url_path=%2F2023%2F06%2F13%2Fthreat-actor-targets-russian-gaming-community-with-wannacry-imitator%2F&nt_fetchStart=0&nt_domainLookupStart=1&nt_domainLookupEnd=12&nt_connectStart=12&nt_connectEnd=95&nt_secureConnectionStart=51&nt_requestStart=95&nt_responseStart=320&nt_responseEnd=614&nt_domLoading=324&nt_domInteractive=1843&nt_domContentLoadedEventStart=1844&nt_domContentLoadedEventEnd=1870&nt_domComplete=2399&nt_loadEventStart=2399&nt_loadEventEnd=2428&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=1305&first_contentful_paint=1305&resource_size=2626063&resource_transferred=504171&js_size=622941&js_transferred=179700&resource_cache_percent=0&js_cache_percent=0&last_resource_end=3863 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.cyble.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers access-control-allow-origin * date Thu, 15 Jun 2023 02:10:20 GMT cache-control no-cache server nginx