blog.morphisec.com Open in urlscan Pro
199.60.103.31 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Submission: On June 10 via api (June 10th 2024, 11:07:51 am UTC) from IN — Scanned from DE

Summary HTTP 166 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 50 IPs in 6 countries across 36 domains to perform 166 HTTP transactions. The main IP is 199.60.103.31, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.morphisec.com.
TLS certificate: Issued by GTS CA 1P5 on May 15th 2024. Valid for: 3 months.

This is the only time blog.morphisec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
55	199.60.103.31 199.60.103.31	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	104.18.91.62 104.18.91.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2400:52e0:1e0... 2400:52e0:1e00::1079:1	60068 (CDN77 _) (CDN77 _)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
14	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:ac5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.102.51 18.66.102.51	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
7	199.60.103.225 199.60.103.225	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	13.32.27.107 13.32.27.107	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:1496	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	18.193.30.91 18.193.30.91	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:267... 2600:9000:2670:aa00:7:d7d6:3c40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:4869	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
3	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
4	142.250.185.131 142.250.185.131	15169 (GOOGLE) (GOOGLE)
3 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2606:4700:440... 2606:4700:4400::6812:2929	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	157.240.253.1 157.240.253.1	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8911	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6cfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.112.19 18.66.112.19	16509 (AMAZON-02) (AMAZON-02)
1	52.50.93.182 52.50.93.182	16509 (AMAZON-02) (AMAZON-02)
3	3.127.196.46 3.127.196.46	16509 (AMAZON-02) (AMAZON-02)
7	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.168 142.250.185.168	15169 (GOOGLE) (GOOGLE)
2	54.145.242.215 54.145.242.215	14618 (AMAZON-AES) (AMAZON-AES)
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
3	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	142.250.185.68 142.250.185.68	15169 (GOOGLE) (GOOGLE)
1	74.125.133.154 74.125.133.154	15169 (GOOGLE) (GOOGLE)
2	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:f46c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.153.4.44 18.153.4.44	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
1 1	157.240.253.13 157.240.253.13	32934 (FACEBOOK) (FACEBOOK)
2	2600:9000:223... 2600:9000:223c:6a00:2:7dc7:8f00:93a1	16509 (AMAZON-02) (AMAZON-02)
4	54.85.162.54 54.85.162.54	14618 (AMAZON-AES) (AMAZON-AES)
166	50

55 199.60.103.31 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.morphisec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.91.62 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2400:52e0:1e00::1079:1 (Germany)

ASN60068 (CDN77 _, GB)

consent.cookiefirst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ac5b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-51.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 199.60.103.225 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.morphisec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-107.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:1496 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.193.30.91 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-30-91.eu-central-1.compute.amazonaws.com

snid.snitcher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2670:aa00:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4869 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2929 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8911 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6cfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-19.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.93.182 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-93-182.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.127.196.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

x.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.168 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.145.242.215 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-145-242-215.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

1534169.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f46c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.153.4.44 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-153-4-44.eu-central-1.compute.amazonaws.com

app.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.253.13 (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)
PTR: edge-star-shv-02-fra5.facebook.com

web.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:6a00:2:7dc7:8f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.85.162.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-162-54.compute-1.amazonaws.com

trackingapi.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	morphisec.com blog.morphisec.com www.morphisec.com	911 KB
17	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 15016 js.hubspot.com — Cisco Umbrella Rank: 4638 app.hubspot.com — Cisco Umbrella Rank: 6200 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4658 track.hubspot.com — Cisco Umbrella Rank: 2847 forms.hubspot.com — Cisco Umbrella Rank: 6154	115 KB
8	linkedin.com 4 redirects platform.linkedin.com — Cisco Umbrella Rank: 3852 px.ads.linkedin.com — Cisco Umbrella Rank: 351 www.linkedin.com — Cisco Umbrella Rank: 553 px4.ads.linkedin.com — Cisco Umbrella Rank: 6771	165 KB
7	hsforms.com forms-na1.hsforms.com — Cisco Umbrella Rank: 8146 perf.hsforms.com — Cisco Umbrella Rank: 16268 forms.hsforms.com — Cisco Umbrella Rank: 5060 perf-na1.hsforms.com — Cisco Umbrella Rank: 4907	4 KB
6	trendemon.com assets.trendemon.com — Cisco Umbrella Rank: 130490 trackingapi.trendemon.com — Cisco Umbrella Rank: 94433	66 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1430 analytics.twitter.com — Cisco Umbrella Rank: 943 syndication.twitter.com — Cisco Umbrella Rank: 1706	31 KB
4	facebook.com 1 redirects www.facebook.com — Cisco Umbrella Rank: 119 web.facebook.com — Cisco Umbrella Rank: 265	4 KB
4	google.de www.google.de — Cisco Umbrella Rank: 8139	252 B
4	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 130	469 B
4	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3163 www.google.com — Cisco Umbrella Rank: 5	364 B
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 205	162 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	397 KB
3	clearbitjs.com x.clearbitjs.com — Cisco Umbrella Rank: 19433	45 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 12512 scout.salesloft.com — Cisco Umbrella Rank: 16014	4 KB
3	snitcher.com snid.snitcher.com — Cisco Umbrella Rank: 92991	25 KB
3	cookiefirst.com consent.cookiefirst.com — Cisco Umbrella Rank: 33096	27 KB
3	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 9781	6 KB
2	hubspotusercontent-na1.net 1534169.fs1.hubspotusercontent-na1.net	50 KB
2	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 3438 content.hotjar.io — Cisco Umbrella Rank: 6129	403 B
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 5381 forms.hscollectedforms.net — Cisco Umbrella Rank: 5510	25 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 880	17 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 65	21 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 887 script.hotjar.com — Cisco Umbrella Rank: 1282	59 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 260	32 KB
1	clearbit.com app.clearbit.com — Cisco Umbrella Rank: 20385	1 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 4174	1 KB
1	t.co t.co — Cisco Umbrella Rank: 713	376 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2604	26 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2553	26 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5889	92 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3888	4 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 907	15 KB
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 15978	5 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 70	3 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 6339	5 KB
0	lltrck.com Failed lltrck.com Failed
166	36

	Domain	Requested by
55	blog.morphisec.com	blog.morphisec.com cdnjs.cloudflare.com
7	track.hubspot.com
7	www.morphisec.com	blog.morphisec.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
5	no-cache.hubspot.com	blog.morphisec.com
4	trackingapi.trendemon.com	assets.trendemon.com
4	www.google.de	blog.morphisec.com
4	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
4	platform.twitter.com	blog.morphisec.com platform.twitter.com
4	connect.facebook.net	blog.morphisec.com connect.facebook.net
4	www.googletagmanager.com	blog.morphisec.com www.googletagmanager.com www.google-analytics.com
3	perf.hsforms.com	blog.morphisec.com
3	www.facebook.com	blog.morphisec.com connect.facebook.net
3	x.clearbitjs.com	tag.clearbitscripts.com
3	region1.analytics.google.com	www.googletagmanager.com
3	snid.snitcher.com	blog.morphisec.com snid.snitcher.com
3	consent.cookiefirst.com	blog.morphisec.com consent.cookiefirst.com
3	cdn2.hubspot.net	blog.morphisec.com
2	assets.trendemon.com	blog.morphisec.com assets.trendemon.com
2	1534169.fs1.hubspotusercontent-na1.net	blog.morphisec.com
2	scout.salesloft.com	scout-cdn.salesloft.com
2	forms-na1.hsforms.com	blog.morphisec.com
2	cta-service-cms2.hubspot.com	blog.morphisec.com js.hubspot.com
2	snap.licdn.com	blog.morphisec.com js.hsadspixel.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdnjs.cloudflare.com	blog.morphisec.com
1	forms.hubspot.com	js.hsleadflows.net
1	web.facebook.com	1 redirects
1	perf-na1.hsforms.com	blog.morphisec.com
1	forms.hsforms.com	blog.morphisec.com
1	syndication.twitter.com	blog.morphisec.com
1	app.clearbit.com	x.clearbitjs.com
1	api.hubapi.com	js.hsadspixel.net
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	www.google.com	blog.morphisec.com
1	analytics.twitter.com	blog.morphisec.com
1	t.co	blog.morphisec.com
1	content.hotjar.io	script.hotjar.com
1	vc.hotjar.io	script.hotjar.com
1	app.hubspot.com	blog.morphisec.com
1	js.hscollectedforms.net	blog.morphisec.com
1	js.hs-analytics.net	blog.morphisec.com
1	js.hs-banner.com	blog.morphisec.com
1	js.hubspot.com	blog.morphisec.com
1	js.hsleadflows.net	blog.morphisec.com
1	js.hsadspixel.net	blog.morphisec.com
1	px4.ads.linkedin.com	blog.morphisec.com
1	www.linkedin.com	1 redirects
1	scout-cdn.salesloft.com	blog.morphisec.com
1	static.ads-twitter.com	blog.morphisec.com
1	tag.clearbitscripts.com	www.googletagmanager.com
1	script.hotjar.com	static.hotjar.com
1	fonts.googleapis.com	blog.morphisec.com
1	static.hotjar.com	blog.morphisec.com
1	static.hsappstatic.net	blog.morphisec.com
1	platform.linkedin.com	blog.morphisec.com
0	lltrck.com Failed	blog.morphisec.com
166	57

This site contains links to these domains. Also see Links.

Domain
support.morphisec.com
www.morphisec.com
engage.morphisec.com
www.linkedin.com
www.twitter.com
research.checkpoint.com
azuremarketplace.microsoft.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
blog.morphisec.com GTS CA 1P5	`2024-05-15` - `2024-08-13`	3 months	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2024-03-06` - `2024-12-31`	10 months	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
*.cookiefirst.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-05` - `2024-12-16`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-07-11` - `2024-07-10`	a year	crt.sh
hubspot.com E1	`2024-05-23` - `2024-08-21`	3 months	crt.sh
hsappstatic.net E1	`2024-05-08` - `2024-08-06`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
upload.video.google.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
www.morphisec.com GTS CA 1P5	`2024-05-15` - `2024-08-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-03-19` - `2024-06-17`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
snid.snitcher.com Amazon RSA 2048 M01	`2023-08-18` - `2024-09-14`	a year	crt.sh
clearbitscripts.com Amazon RSA 2048 M03	`2024-05-11` - `2025-06-08`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-20` - `2025-04-19`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.google.de WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
hsadspixel.net E1	`2024-04-16` - `2024-07-15`	3 months	crt.sh
hsleadflows.net E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
hs-banner.com E1	`2024-05-30` - `2024-08-28`	3 months	crt.sh
hs-analytics.net GTS CA 1P5	`2024-04-13` - `2024-07-12`	3 months	crt.sh
hscollectedforms.net E1	`2024-05-27` - `2024-08-25`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-02-07` - `2025-03-08`	a year	crt.sh
clearbitjs.com Amazon RSA 2048 M02	`2024-02-15` - `2025-03-16`	a year	crt.sh
hsforms.com GTS CA 1P5	`2024-04-17` - `2024-07-16`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
*.google.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-12-26` - `2024-12-25`	a year	crt.sh
hubapi.com E1	`2024-05-04` - `2024-08-02`	3 months	crt.sh
clearbit.com Amazon RSA 2048 M03	`2024-02-15` - `2025-03-16`	a year	crt.sh
syndication.twitter.com R3	`2024-05-21` - `2024-08-19`	3 months	crt.sh
*.trendemon.com SSL.com RSA SSL subCA	`2023-06-18` - `2024-06-26`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Frame ID: E175104ACDAAF4B35277491455D589D3
Requests: 162 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.morphisec.com
Frame ID: D459A993DE18E98B057516271661FF28
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: E763ABD030BB118175372BDEBCBE1C1A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.0/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff3e706d46ab5ca51%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff676b933bd251e23d%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&layout=button_count&locale=en_US&sdk=joey&_rdc=1&_rdr
Frame ID: 78F3EDF469ECE6E3EC07DFDF21FBE9A0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

166
Requests

99 %
HTTPS

51 %
IPv6

36
Domains

57
Subdomains

50
IPs

6
Countries

2344 kB
Transfer

6497 kB
Size

45
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://support.morphisec.com/
Title: Support

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/partners
Title: Partners

Search URL Search Domain Scan URL

URL: https://engage.morphisec.com/experiencing-a-breach
Title: Under Attack?

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/
Title: Product Overview

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/adaptive-exposure-management
Title: Adaptive Exposure Management

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-windows-endpoint-protection
Title: Morphisec for Windows Endpoints

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-windows-server-protection
Title: Morphisec for Windows Servers & Workloads

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-linux-server-protection
Title: Morphisec for Linux Server Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/incident-response-services
Title: Incident Response Services

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/moving-target-defense
Title: About Moving Target Defense

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/finance-industry
Title: Finance

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/hedge-funds-industry
Title: Hedge Funds

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/healthcare-industry
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/tech-industry
Title: Technology

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/manufacturing-industry
Title: Manufacturing

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/legal-industry
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/k-12-school-cybersecurity
Title: K-12 Education

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/small-business
Title: SMB

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-microsoft-defender-av
Title: Microsoft Defender AV

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-microsoft-defender-for-endpoint
Title: Microsoft Defender for Endpoint

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/virtual-desktop-infrastructure
Title: Virtual Desktop Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/cloud-workload-protection
Title: Cloud Workload Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/remote-employee-security
Title: Remote Employee Security

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/ransomware-prevention
Title: Ransomware Prevention

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/virtual-patch
Title: Virtual Patching and Compliance

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/supply-chain-attack-prevention
Title: Supply Chain Attack Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/browser-attack-protection
Title: Browser Attack Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/about-us
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/news-and-events
Title: News & Events

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/contact-us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/resources
Title: Learning Center

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-customer-corner
Title: Customer Stories

Search URL Search Domain Scan URL

URL: https://support.morphisec.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/arnoldosipov/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.twitter.com/osipov_ar
Title: Twitter

Search URL Search Domain Scan URL

URL: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/
Title: various campaigns

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/schedule
Title: Schedule a demo

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-vulnerability-management
Title: Morphisec Vulnerability Visibility & Prioritization

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/legal-compliance
Title: Privacy & Legal

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/morphisec.morphisec_threat_prevention?tab=Overview
Title: Inquire via Azure

Search URL Search Domain Scan URL

URL: https://twitter.com/morphisec

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/morphisec

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCe48cR5xTxPJSYMjG-So7Rw

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 84

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3607898%252C32136%26time%3D1718017665615%26url%3Dhttps%253A%252F%252Fblog.morphisec.com%252Fsticky-werewolfs-aviation-attacks%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true&liSync=true&e_ipv6=AQLYElCX2Dtw9AAAAZAB1S0jCF-X7jYr4lo8tq_vu0BZ5QO6SBZ1hDiGCPnM9qe3

Request Chain 148

https://web.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff3e706d46ab5ca51%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff676b933bd251e23d%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&layout=button_count&locale=en_US&sdk=joey HTTP 302
https://www.facebook.com/v3.0/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff3e706d46ab5ca51%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff676b933bd251e23d%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&layout=button_count&locale=en_US&sdk=joey&_rdc=1&_rdr

166 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request sticky-werewolfs-aviation-attacks Show response
blog.morphisec.com/ 149 KB
24 KB 150ms
96ms Document
text/html 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

357668a31323571ee684d38cb7ab8adfb4aa4cb228017e7b5d254f969541307a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Xss-Protection	1

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-ray: 8918e6456d87382b-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 10 Jun 2024 11:07:44 GMT
edge-cache-tag: CT-169577076135,CG-3742504875,P-1534169,L-111241817773,W-110459115301,W-110461035085,W-110617941043,W-17242827075,CW-109590708858,CW-111929326924,CW-148583664153,CW-6224157750,CW-96190736016,E-109591972187,E-109621200285,E-109629951254,E-109788822098,E-110333050473,E-110410292559,E-110414479364,E-110809165900,E-36272650673,E-6213834399,E-6224156614,E-6224925249,E-91587260036,MENU-110459115301,MENU-110461035085,MENU-110617941043,MENU-17242827075,PGS-ALL,SW-1,GC-109628533403,GC-111932574522
etag: W/"2a0128b916457d73ce2e179113dea8ed"
last-modified: Sat, 08 Jun 2024 17:05:04 GMT
link: </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AC7MnMOYXbLEPxgr8n3gboqSYdgBHJBHmGnlzwumAokaLc1xTz82VQlSzJkgDwbkNho02IQ0lxuCeUp1odOzWl34Y5mF6RS8eLC8z0MnhyBwvUYTVtdTZEwEKC26%2BXylc6LPzA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-campaign-id: bf6dd9fa-5c30-4bd3-8325-81c4e2e02c33
x-hs-content-id: 169577076135
x-hs-hub-id: 1534169
x-hs-prerendered: Sat, 08 Jun 2024 17:05:04 GMT
x-xss-protection: 1

GET
H3 200 project.js Show response
blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 128ms
127ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
via: 1.1 93c19401e4c3042840b49b10b9478098.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7659994
x-amz-cf-pop: VIE50-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E%2Bmpc7WFzws%2Bvi1gq%2BRPgppQBAtVgLI%2FkEL2Azp0dlqWOEXmaAuv8uFvUk5cr0Xj7FpUI3pwz6fm6hTnj3hfJXjmstN%2Bwzk5WN%2Bf1OfKfDkKqJ%2F%2BzKFETi2xUZsuO9XAuz%2BB1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8918e6460e9f382b-FRA
x-amz-cf-id: taibrJxhl0Pv-g2kLxYdkl-I0t1gMNjDW9iJ8n3fVTWw3x2RnykuiQ==
expires: Tue, 10 Jun 2025 11:07:45 GMT

GET
H3 200 project.js Show response
blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 115ms
114ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7673691
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ObhO0OMCOTAaxuZKaWfg5UHqN3TLkm1in7qJVjuAdunz5o2UzlC6tx5TiLx6ohDAEq9AhwZM0V2bjyO1YtIbW%2FRMCiTs0xnomZSdjl6ZGxwfWhrHOkv5li06xQ6Ls7JFmrSw%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8918e6460ea5382b-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Tue, 10 Jun 2025 11:07:45 GMT

GET
H3 200 post_listing_asset.js Show response
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 3 KB
2 KB 121ms
120ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
via: 1.1 e221f111ed3ebc025b531e81056d37a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7664860
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: RefreshHit from cloudfront
x-amz-version-id: nC1hzr07YsutChb9rCwKsMoiyxip8lR7
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"d95d7dafd49a1edc76a47120c287b579"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QkJvlxL94zpObKWxVE%2FbH5qXctKymRfhjTeme1EJxkVcv57gF8WEuAjv6ROoYzUEuWOqA%2Brv7yGckfWuzdpTJO7GfueJL1gda76hJk6JXxGOcM1IiE5ch9Hefn6xlC6sF1yNGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8918e6460ea7382b-FRA
x-amz-cf-id: TjVkfYIMeFG53PNehI5mn1DOtTFkLDWPEd0kLAMkZtJeAP_-UO3jmw==
expires: Tue, 10 Jun 2025 11:07:45 GMT

GET
H3 200 v2.js Show response
blog.morphisec.com/_hcms/forms/ 482 KB
161 KB 117ms
116ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 20
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=8918e5c951ae9b7d-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5387/bundles/project-v2.js
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 66999d32-6d9f-4157-9eb0-0aba26abfedf
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 66999d32-6d9f-4157-9eb0-0aba26abfedf
last-modified: Thu, 06 Jun 2024 13:36:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BuZbplcRlk2R5FUaPnC25GNBOTuUGk5G0%2FXa%2BkpKwFPBP0AcN7zTpN0BDLnd8KljLdgfnMwiFZzsSYAngieXmIgJECmKLQt73d%2BgDuGU0%2FK6YN7KpGDiZKlDvgPGxH1UBIENMA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-ddwd7
cf-ray: 8918e6460eab382b-FRA
x-amz-cf-id: yFvMcbrO1l1h8vqgPxo8hEU04XerOzSiV3U6Yj4cVkKvr15IPiyaag==

GET
H3 200 reset.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1697111371858/2023/CSS/ 1 KB
2 KB 118ms
112ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1697111371858/2023/CSS/reset.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

abd611420c0557b18c6fbd0dd66eb643fc3298fbaccd15e0a2ba9fdf78f2ca72

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 3034
x-amz-request-id: WS9GJ3E0Y1W663TF
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fdc18c7998eab7f0173b18cbfee4df06"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1697111372573
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: LIGvZMYA2GuHTR7O2Z5oVj7c2QZI5kJK
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 442a620d-81d4-46d3-a1ff-c2d3cf88d226
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 203
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ADMQP+vULYexcmO3qlq3/ntA7pMAD1BEXTcYMSBOxfM1UdUYn0Cwnp+iReLj5LXTVl6kqAvwLHc=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 442a620d-81d4-46d3-a1ff-c2d3cf88d226
last-modified: Thu, 12 Oct 2023 11:49:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KJTmBrT7l%2BOnAFbPjlvPTOF4B0CL6MVKfp1Q6ZFq5TGSzwFLmzBPGwagETASi%2FYXICqlcbjN4BXdxeQtkruKXOMGt%2BC8v6OUmXuA%2BgZClKKkmOFujhLGvY6oBViCA6HUQPuYFA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8918e6460eb7382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: lasT-RQqNGcn6RNPBpCqJzS1xfyMcvvoGEot4fmATwm5gDO16BPUZQ==

GET
H3 200 fonts.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/ 6 KB
2 KB 119ms
112ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 519
x-amz-request-id: WS9R9TZDVJ98YRZB
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"129a23607bce2eee640430d3bbfef277"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680693252902
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: dVLtzAKZg__B3uxHbu3a_2GX4VNB5e_S
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 057a8449-0421-4ae7-a647-a5ad3034e951
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 167
alt-svc: h3=":443"; ma=86400
x-amz-id-2: tuLkaSL5Z1fQLIIDpipfPP90FTCrUIY7LBK4tauu0EatuXWBxmglMmhbliSMZ2UQHRMESCtptYA=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 057a8449-0421-4ae7-a647-a5ad3034e951
last-modified: Wed, 05 Apr 2023 11:14:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OC6xN%2BL%2FO5QkSSrJJ3Je2AYE1BJT2gNqdB8oiHfnedC8ZnHtXgM9d0xuzztcDhoMbSj6V6Tq2jPvWffARzYIxvZdbi4ehuFz%2BsIcD%2BA%2Bcr8bvOgcg3hGJvbWcRlTufsX0OOn%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8918e6460eb8382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: O47wukNnZI_YnlKyJBJKOu4HDVXMALNhdCQlNEKCR6g1ERMdp306Bg==

GET
H3 200 custom.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/ 280 B
2 KB 143ms
136ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/custom.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 519
x-amz-request-id: 0TEWBS9ZW4AA4TQN
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"5c5cddb5467e6fe854b7d0a6f51135e8"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682414590689
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Tnt1z7gJRW9yvpi1rPu2tP7PpekG4_IL
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b5f661b8-e85a-4ebd-ab12-834fd651d025
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 173
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xoGN3IQVBFPDK/EcdXHlMiU637ho47awTsh9UkXGGaWzMcFXkYo5NN/fiTY/Li0Dzbc+cqjY9f4=
x-evy-trace-route-configuration: listener_https/all
x-request-id: b5f661b8-e85a-4ebd-ab12-834fd651d025
last-modified: Tue, 25 Apr 2023 09:23:11 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AyZlfYPCJkgG9E%2FyF0x0XYxdBsW27IZm8nu6Bk9bxs89EpQko%2BDBGhWkmZwtfCJlEDSFqoCIClTXN9CViFMnpUfiCX4HZ%2Ftc0H%2BNFMEnuPrpPh3d%2BKclDpRf5pCs1ux7%2Biz4DA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials: false
cf-ray: 8918e6460eba382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: 08RGV2vtv5sRx6rRaNSpBjNIecMWIKnCHjfT8hcLUBp-ApQDHNzA3A==

GET
H3 200 slick.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/ 1 KB
2 KB 143ms
137ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/slick.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 519
x-amz-request-id: WS9YX6NKECEEMAP4
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"50424795a4c8f41eaba805785dcd11a3"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681177549173
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 9b097dfab92228268a37145aac5629c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: CSM7qjm5tr1tplGgJgxA9LlFMJy2.Rrt
x-cache: Miss from cloudfront
x-hubspot-correlation-id: c0ba61b1-7ff8-407c-b677-7c40d7b45a89
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 166
alt-svc: h3=":443"; ma=86400
x-amz-id-2: fGEz8nLtg8tREw2Lxtf8BOTyXroKQ6zNbgAzooBuPF0wTWQqT6LstY73wyPPHB7rOai7KMSh0gQ=
x-evy-trace-route-configuration: listener_https/all
x-request-id: c0ba61b1-7ff8-407c-b677-7c40d7b45a89
last-modified: Tue, 11 Apr 2023 01:45:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wRaYZ55B%2BsHUssVBWxvNjdGYi4qkkiExU4Fo5VXDtIn0TUKujxZJfMGLsfrEQlyPMs7eRzS37YOUa6fHKqVwF86EJ%2FKDuLMgroc46Sh%2BzxarXVnzOn%2FFpV4uCIwIGJ%2FrzVsLAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials: false
cf-ray: 8918e6460ebc382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: TH6HrsanyjF4Y9lZPSREjp88nwLOdC0io4YyMzH3742Sm7abazCaYg==

GET
H3 200 module_109590708858_Header_-_Global.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281837/ 19 KB
5 KB 143ms
137ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281837/module_109590708858_Header_-_Global.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

82bd71b6661f724ea282854a39a327fc9977c582f2ab0d4a63ae9f19c2df27ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 519
x-amz-request-id: WS9WXVJTYR9K5864
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d094d382fe759f4d5bba2e7961af25d9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1712731281837
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: xuDU3AyM6SL4EpOScEBunVgr8bg8duxo
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 0de7d8e7-0e63-4161-88f3-e57f89bacf0d
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 269
alt-svc: h3=":443"; ma=86400
x-amz-id-2: uGGmTEsRRmY6pcdb2ShML0xmH2i2E4qptzRCnjfyQ1VM7o4dktsJv2AOox34f0nLlM1Kxt2cNQw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 0de7d8e7-0e63-4161-88f3-e57f89bacf0d
last-modified: Wed, 10 Apr 2024 06:41:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=REJFC9NFy2KkaSh%2F%2B00wQNuyOsUWEiQDcDW9vLNky2aHkOTiNA6xojxGFyyiNOAYAzcWjnylbdIvWEd8XG1BYayeZyJjIzPz%2FShJHp%2FBOnL%2Bh1ATYtY5PfNvP1LFNqwOvFHp5A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8918e6460ebe382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: 0enqbjFEodyki8ApwYkSLR6k9k0YI_SjEsRBi8UypemxchQuSKkEAw==

GET
H3 200 project.css
blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/ 720 B
1 KB 93ms
87ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/project.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 7057218
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: 8ccI4weZqJTdCHtwNm3UqetXb_uUGb6Y
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Mar 2024 20:21:22 GMT
server: cloudflare
etag: W/"a81c70764750950eb72d4537c41e781f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J%2BzkkLNfGPQF5q3Xe1pPOz7nogU%2Fwc8k3CYBrdfCOzxFP6d5ptXtmmBhrsap1Q3ZKfjOlyJHJq75kBbMPZOK6WD7B4TuYBB8%2B7i0rGq8yPRZOm72ZYT9xka%2BFLqJj4ZKC8JT%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8918e6460ec0382b-FRA
x-amz-cf-id: g7Xq0RBZkXYErLa84Vt7JzfPtPOIstnRQrqC3IhE4nOzaCNhgj_NTA==
expires: Tue, 10 Jun 2025 11:07:45 GMT

GET
H3 200 module_148583664153_Blog_Quiz.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/148583664153/1703224192160/ 1 KB
2 KB 143ms
137ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/148583664153/1703224192160/module_148583664153_Blog_Quiz.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e0a2edf9cc6b61a6576a95fe791ac7b4470577d68e0cc738a2f90d2d6416589

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 519
x-amz-request-id: WS9Z24REX5F9TT58
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"5292316ee34f942adabf9639035cb5f1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1703224192160
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: YbKx_knHjcoCWj.kdAsSCG6ojGVZltfV
x-cache: Miss from cloudfront
x-hubspot-correlation-id: e97b6a12-21b0-417a-8103-4c17964614e8
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 214
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 0jH7YwRrHTK1YBpCv7zJMknAhXVnGjCWow6/1113mTTbYVeoUY3KxPF+r/+61HhZi2/RalWHniM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: e97b6a12-21b0-417a-8103-4c17964614e8
last-modified: Fri, 22 Dec 2023 05:49:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LFnsvb8rQAdLkRoIBaL1FzHDv3UevUae1sREaVvM07%2FOQJ%2BXq5190QoOWbxSKlQWS%2FQ%2FvYciuPgkozuK9Lk8w0edJi2ngFeOCjDva8QA6zFlFVQngJRSLtktroBalB3zV9tR3g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8918e6460ec2382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: uRvA7RRSMaqVKk-8HPE_l4koR7N-8hQ-exHhErvJQhrgbYtOPIUEPQ==

GET
H3 200 module_-2712622_Site_Search_Input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1717687439473/ 612 B
1 KB 79ms
50ms Stylesheet
text/css 104.18.91.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1717687439473/module_-2712622_Site_Search_Input.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.91.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 330044
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c708989561e0cdbfcf996d1b7f47482c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1717687439473
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 75101491-fe4c-42dc-afbb-f660f031f4b1
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 229
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 75101491-fe4c-42dc-afbb-f660f031f4b1
last-modified: Thu, 06 Jun 2024 15:24:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iIcfGXwwDJJNXqPAbeEB1cmCpyu3wQdRrNpB%2F5B5oKuOf8rAcWxvvQ9yhT5upga1tX0iIby9FWqAVP4Jk2XCSamwsP8cDlSfm20zWRZv5Or%2FN%2FOVy1uqhd%2BBzEeiZf13qNU%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-4f62g
cf-ray: 8918e646386f366f-FRA

GET
H3 200 rss_post_listing.css
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 910 B
1 KB 88ms
83ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4d0ae7ca3bb5e2d6eaa1450e1906adb4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 2998736
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22tgKEE7SEjN765Pl6LZ00PYMnJNu0zKcrLlma6w1xpYyawKBJz0AH%2BlUvvjPE4vH%2BIgOaLBz79PcZNohzGtFkdq%2B7LzeCl%2B2ICpBnY760470%2FH4JGZoP3dH%2BurenjPBtpAKJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8918e6460ec3382b-FRA
x-amz-cf-id: -qMof7lyKXEb2NoFcvGNm4_DKNNLQiJqyYayO2ib1A_4z-SDh2pfbg==
expires: Tue, 10 Jun 2025 11:07:45 GMT

GET
H3 200 module_111929326924_Footer_Global_2023.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1698849006892/ 4 KB
3 KB 142ms
137ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1698849006892/module_111929326924_Footer_Global_2023.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c1113b143de12d58d3771cbddb3a4e7c76580a89ea241479cc9bd5288fd2fd0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 3034
x-amz-request-id: WS9RS9F5846600VN
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a5ec360241c57fd3faa2fbc7878eba90"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698849006892
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: q50x7qOtfnDDU2ZegP01O0u6R_AW5._N
x-cache: Miss from cloudfront
x-hubspot-correlation-id: aa23af53-bfe0-4afb-9272-615026a9b751
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 276
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BuKs66hKG2K7iLwKIRc9nxmCwQ3hrGUoaYmwIC5K5s92qgJf7/i00XwdvGemgGbvSEeOw0PTKPN1+/KJqOX4t8BF1CKzCqlt3DbtjefYO6E=
x-evy-trace-route-configuration: listener_https/all
x-request-id: aa23af53-bfe0-4afb-9272-615026a9b751
last-modified: Wed, 01 Nov 2023 14:30:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sy1d7Mw6zZHelmYLFy7NOtCDPMuPRONRQ%2B0rAgmBMdfiutosOAWrZfBRO%2FqJwU6hJHih5uSZRNGpkjxrymUcvbZ7XCreM5hT%2F6SKpzNA4gYxKiBWm%2Fu3TbQa1kC5HwYJtgVz9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
cf-ray: 8918e6460ec4382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: Ms1R8kXaG8ccsmi7b0esUciznnPc-rhpvaOztAa-i5fqiMZrnSIy6A==

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 87 KB
28 KB 59ms
37ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 319190
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27958
last-modified: Mon, 04 May 2020 23:01:39 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb09ed3-15d84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V62oHCNzWU6StYYJ6fTa045WmU0u94plmqADVtzC%2BWNOY75CrkZjSHmLzUoJrXhtgv21zc9gJLz509%2FdMovz7Q8KFOzclUUHv7ffLJ2d35xT5MIXpmJ%2FkTWwAmpOh7cpTk%2By9ydy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8918e6462d399747-FRA
expires: Sat, 31 May 2025 11:07:45 GMT

GET
H3 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/ 11 KB
4 KB 58ms
36ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/jquery-migrate.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 319025
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3592
last-modified: Thu, 25 Jun 2020 01:22:57 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5ef3fc71-2b0b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l8YoOiPX9ATxGjGsnzesdi7H0Z8YaBuo679sZYfmFjCdnhvlh7RElvC0t53vfEArzzXIaSEFD%2BlNhMxMIaH6DygxKZgvKZjCXkg5QNnPZwR0NEpHWeI8Y%2FWVpf3qwMU89xdmV7t9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8918e6462d349747-FRA
expires: Sat, 31 May 2025 11:07:45 GMT

GET
H2 200 consent.js Show response
consent.cookiefirst.com/sites/morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/ 3 KB
2 KB 48ms
15ms Script
application/javascript 2400:52e0:1e00::1079:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/consent.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: Cookie First CDN-DE1-1079 /
Resource Hash: d274658b075acbf695a0c18e0dc8a5f3f576a603882464574547b7e05b6a4c7c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: br
cdn-edgestorageid: 1082
cdn-storageserver: DE-383
cdn-cachedat: 05/23/2024 00:10:45
cdn-pullzone: 236985
visitor-location: DE
last-modified: Wed, 22 May 2024 20:41:28 GMT
server: Cookie First CDN-DE1-1079
cdn-fileserver: 588
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"664e5878-aba"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: REVALIDATED
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=30
cdn-requestid: e103e46d8fe77ae689ca74a4f973d867
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 custom.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/ 723 B
2 KB 142ms
138ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/custom.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 519
x-amz-request-id: 698VKKQMH7KR53S8
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"aa1f7340688642df1a14a1ed11c7650d"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680774296492
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 041a4887d523cabe8177e269cc358162.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: E6pXkgaUwSKGBww5g6OhIUrjEzq.3zLC
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 145e1e95-6686-4af3-beba-c4a736a45451
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 158
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QqPYDofCkJ5DgYqX0tyKBH/xgb2A0vq0aZ5+6WQnOlqYlafSNx4kG/CBsa7Dg82XOlmJ7kVLuow=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 145e1e95-6686-4af3-beba-c4a736a45451
last-modified: Thu, 06 Apr 2023 09:44:57 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BcjOxsQiMoogvoxFf%2BnNT2nvZQ6Huccwqa7rx%2BsUNs13R%2FA1THxjn6Ae8Yb4SYTz1BVQbmu4nHPMp7dPQwbbKSUZbHhqeks0vrBQXF%2F%2Bqnj9qRYXE%2F3%2FAlM3ZaOqxB8leioyOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials: false
cf-ray: 8918e6460ec7382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: yd6VZ2so3rXUZk8LMCQ_p0HneavL37Z8e6p6ALzFwW3VWDncDy4brg==

GET
H3 200 font-awesome.min.css
blog.morphisec.com/hubfs/dynamic_esg/css/ 20 KB
6 KB 141ms
138ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/dynamic_esg/css/font-awesome.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d8006f736d3dc32a20a91813f2f50fa2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
content-security-policy: upgrade-insecure-requests
age: 229501
x-amz-cf-pop: FRA60-P7
x-amz-request-id: 7RDTK1EBGZVCJHCS
content-encoding: br
edge-cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
x-amz-version-id: t80ZTUuyC2UKWRLSZGKnunSDBqf49hOf
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: FV3Ppi2de3oTpFVzQwmgtD5EAQ8kEUZWbCMk+L/jkEWPC3MroRhztPlj8GtUavTF0aBK2ac7c5M=
last-modified: Wed, 02 May 2018 21:34:26 GMT
server: cloudflare
etag: W/"aede50e4be8da8450a046f9d293e57a5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XlFN23wY5%2F%2Bi0aaDAv9j%2B4FRr4H31hmDyy4hMpgpXehDhoFuoYbYhDNjEI%2FqgxirhKNI7hMg0LcszsfH4PaqVJNr5b%2FjOpFvybTicWAYKhN%2Fd0avJ%2B7LEm4Gyv%2FXQLDsKdg12A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 8918e6460ec9382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: xZphUSRNTQnxss8yAjcV6Zszty0hIZP4B386SlIud334AT0Mtk2_9w==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 56ms
8ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE6) /

Resource Hash

f16a9696b3176614d3fe439def6fd9754fd489877999517b99b3b2f265cb7990

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 69
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163630
x-li-uuid: AAYahySKsAzFs4Tb3Xmnug==
last-modified: Mon, 10 Jun 2024 11:06:36 GMT
server: ECAcc (frc/4CE6)
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lva1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Mon, 10 Jun 2024 12:06:36 GMT

GET
H3 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1717687419966/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 79ms
54ms Stylesheet
text/css 104.18.91.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1717687419966/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.91.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
age: 330112
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fda5882b24ca5a84d04d090722dc713b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1717687420655
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: faeac3a5-4bbc-40a7-9615-eb2ea311c410
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 188
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: faeac3a5-4bbc-40a7-9615-eb2ea311c410
last-modified: Thu, 06 Jun 2024 15:23:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j8SW9i1crUsipVZXUht4VFYkwqneSnl9ezlXTBcd6dj60QAXRXzsiHZMrhMDURfZIu96561pW2Vm1tCstfE%2FHs0DvKUaYIjQQgLToJGlIut2oswew%2F6PBxALOo86VsItXQA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-qd96f
cf-ray: 8918e6463869366f-FRA
timing-allow-origin: cdn2.hubspot.net

GET
H3 200 old-style.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1709023725071/2023/CSS/ 119 KB
31 KB 142ms
140ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1709023725071/2023/CSS/old-style.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e605a433da0b6d187b3cdfe5bc2e9459a994338d3d3befa8c43fb4f450340a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 519
x-amz-request-id: WS9QRR7QHGAVQ6DH
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"113cfc86f2822c8fe6a587c4d5f5f5e0"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1709023726300
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: ITfStmbWvO1RG2y8hwIO3ex.42tWx3Mj
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 2ef55c0a-437b-432d-92f7-2b48f409232e
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 322
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lsgdHBEiN8fWiDZZnMKPMMHtcmP6N7dsh41iIX52OZaHX0cvrrY5V4oXAreagurs1WJpWJ7qrng=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2ef55c0a-437b-432d-92f7-2b48f409232e
last-modified: Tue, 27 Feb 2024 08:48:47 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J1cprnbksGzfinf36G7hVrN4jawVHyDG%2BiZfoG2kKQYSKjyPz2vD9rzcbPjl%2BjproWO7XinSxP3YGLkH8nTOtcxEAo%2B3qzqmPimY2T3sYORp9WPwYsSvKZuw311%2Bc%2FcCtxLybg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8918e6460ecb382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: Gb5cVfYplaJTSsKBwSBjup6ixHOm4VmZKVrnrim0FkvONYdvn55VRQ==

GET
H2 200 c5a43670-224e-4ee8-a697-dff8dfc97039.png
no-cache.hubspot.com/cta/default/1534169/ 1 KB
2 KB 207ms
171ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/c5a43670-224e-4ee8-a697-dff8dfc97039.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef919241c4f9e8332708cde9d589d64af4e72883eaa283d774e27c40a29d10d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: W8AeyTnaqVV3pfbxKJWSin4pOfI_4xTy
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: CCZKN0YTBD5ASN25
x-amz-server-side-encryption: AES256
content-length: 1502
x-amz-id-2: WFeTVnnc49ULCF7d971t21wmqEp1po1PEJPkehaHNBVGHrxwjoo/0aQPo0OpYG2HYASy74/N7bPXcAQfArThZw==
last-modified: Mon, 01 Apr 2024 18:37:57 GMT
server: cloudflare
etag: "a27297b1717befe332ddf4f792ecbe89"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GD%2FOYxtQIK50BSAv5gJ0V19xskFRT3ayzyytR77Acdyc99bvCKJhYNBmcZTc5Azyelg6xGDSzvYvlO%2BG9TrwINFRmBsdnm7Ac%2FE0Mshxhrtp8f%2B%2Ff68jWVIpgGMevqbEp6Qs09%2B%2BpggTNwu%2B%2B5QF4CyB"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e6464ad665a2-FRA

GET
H3 200 current.js Show response
blog.morphisec.com/hs/cta/cta/ 18 KB
8 KB 142ms
140ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/cta/current.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

99638cf918a36ae5912b6e521489ec6f3c8cb82e2e21e2f43941b86f8b223aa6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 564
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.292/bundles/current.js&cfRay=8918d88314f31953-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"6d8dd07e8368ff52cc7dcb421189093b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.292/bundles/current.js
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 36b04143ac1626bb30bb225fb2cccb1e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: 6dYEpr.GOIl1ONbJkQvzy0C6ZtehNCz3
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: d2042d4e-0dd1-4678-b1a1-1cbaee55636a
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: d2042d4e-0dd1-4678-b1a1-1cbaee55636a
last-modified: Mon, 10 Jun 2024 09:48:04 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g5WuCDtrwls1Nrh6IXEhJfjHm7cArkLTIhOSVp5UAJPv%2FNSvof0JxwxqXr%2FMamY9kk9w02kTHqRQIY55rdJrlco8dZpEyuWtApodo42qx49mtYPpvCxrzDhfoLqYUU9CICz%2BiA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-w988t
cf-ray: 8918e6460ecf382b-FRA
x-amz-cf-id: PQuL0iJFTXCyf_lnWmJHYsD1Ym502XlWfORLZm5zJIZG2VK-inxI1g==

GET
H3 200 Morphisec-Logo.svg
blog.morphisec.com/hubfs/ 5 KB
3 KB 123ms
119ms Image
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/Morphisec-Logo.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-163965048881,P-1534169,FLS-ALL
age: 75270
x-amz-request-id: W5G6ZV21Z67457P3
x-amz-server-side-encryption: AES256
edge-cache-tag: F-163965048881,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"765cc8beac4cc28676c6e847214549f8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1712695150225
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 75373f3f77c169166bbce98d302dff7c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CLh4I1f8H1fjYE.XdVDUvmpXn1gHCWyp
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-163965048881,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: T++7JXLJ/dCIkuMF8v2O3oi+GOW8nIxCTZ4pvAcXmM0Z5XvjuZqMRFBRnzC1e9TVQjzYYySreV8=
last-modified: Tue, 09 Apr 2024 20:39:11 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lys4PZhT9hWJnxJawEnmVQWAWBkno%2BfQ%2Fz5ZbPcREqCG5mVU5upjflDvLaut2l4T4YSG88IvX5Z5WcuuJTeIqxSIrmOD0Zptpj1j0Mzu7KJxiZbSzjBnzWVB7qTfVKgEyygkAg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e64738ae382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 5bphS4sA-IB5KTGAO3fzImbXONYqSRfQBGOSU5iUz3tPNZnkOler6A==

GET
H2 200 3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
no-cache.hubspot.com/cta/default/1534169/ 2 KB
2 KB 190ms
183ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: ulKQMNoMzME6ZWTBPDeq_A_qJjzsu_Xz
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: CCZKKT5CZDM9V9FG
x-amz-server-side-encryption: AES256
content-length: 1631
x-amz-id-2: VFpLs2lSatZBSNzEFVItb04WjeD8A4PeNTIpuCewOMYIe1u1bClk+1Tumh8TIaWtGUlX/Ra3ue3+pIjbJENWYBbDECW9Hm/KJ6vSvfBADLY=
last-modified: Wed, 05 Apr 2023 16:30:06 GMT
server: cloudflare
etag: "3d5f63abc7db36507720723f2c0d0e15"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DFvtfKMttPBBWX%2BcYJTDAOEWjzRLOjqA1D6osagRBSBzW0pfZvzX5sYnboGYxN4nA%2F05z0eItv6hmdZ7Q0R3a6J%2FzATDWS0uYToeKm%2FGFzYuVsnnhSxftWA%2BBP2nXucQ1XUU4RwFdBMZ88QFBcktNbfr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e6473c5265a2-FRA

GET
H2 200 d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
no-cache.hubspot.com/cta/default/1534169/ 1 KB
2 KB 157ms
150ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: CCZMVJK7FSXDPPGB
x-amz-server-side-encryption: AES256
content-length: 1384
x-amz-id-2: BHqFPllYTct6j+Meit7ZceupV8xaYjmhNDXG+ibGU7d9B9RGKxrK+KYQgYDJBbPp93NllffP169AZH3mvxQ/sQ==
last-modified: Fri, 18 Nov 2022 14:30:06 GMT
server: cloudflare
etag: "eacaba2cc1bbf4de2a43469ab485d45e"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OsAPWLGnL7%2F%2BeM%2BAmi%2FfQxFibwtMvaigHJvh6IZIYdGK5bIvILJbfqcKCDPRuuiX6lqLk7LB%2F8azKy1GzsLsNtWMdiZhNN1ulbP6hUb%2BocRFiObWrh0weh6YSaBD5jxeqEVs%2B4%2BFnc8UL6oyT5RoB%2BED"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e6473c5765a2-FRA

GET
H2 200 c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab.png
no-cache.hubspot.com/cta/default/1534169/ 42 KB
43 KB 214ms
208ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60bd6bad64c21fc8b1d3f6bf3fa261780974e6b0489a67a1d02db33fb4c9b7b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: mQywM4EnlQtO1rXgIPZZ_ORcxGxdaqep
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: CCZMQ54GPX8W3Z4N
x-amz-server-side-encryption: AES256
content-length: 42909
x-amz-id-2: 64tXXqJBgzwC0MthdwvxL8cbZGmhiMSe2tdMyobjl27oJhH35OLdGKcMYPl1TY7brhiEvdAZzztfW4KcjW6rLA==
last-modified: Fri, 05 Jan 2024 21:55:07 GMT
server: cloudflare
etag: "52f2133547882c1af4bd99b776191ea7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eXNGr9%2BtttuoWDjbBJeIIiAA3r4edHZWRaCNkw9JTSc3za%2BEmV1gF8shqeuf42OVCloexZvWKiMSFpkqRMyLYWzJ9IixT0WN12N1F%2BVBpgHdcO45GtL%2BOe6%2BSIlRQUVNZNnKucGkqsTFR08SkOCbWbPp"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e6473c5f65a2-FRA

GET
H2 200 6e3260d1-4218-4c07-8a6b-23a2b2c30656.png
no-cache.hubspot.com/cta/default/1534169/ 29 KB
30 KB 242ms
236ms Image
image/jpeg 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/6e3260d1-4218-4c07-8a6b-23a2b2c30656.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf33e7f713c3422d8843e777c6400fb30e1eaf0b80e2b04cbf74d6e0d3e5b468

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: e3EHINO7AnmPMuAiWEsgkJOJ_w7wjr2w
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: CCZN2Z67WZ5JYRZM
x-amz-server-side-encryption: AES256
content-length: 29780
x-amz-id-2: dGjtDrH5awwyuvW5k25TgHeMpR6E9fPd+WxC4m5S94BIftX6iCcF5Q991jLkwv8OSSFgPzSuNEKYUVFgfUS+rw==
last-modified: Wed, 14 Feb 2024 20:21:18 GMT
server: cloudflare
etag: "ab6719c435bf97abff2e789f81601412"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XhifWUW%2Bbba8Fbxu%2B2Msr16SYd1%2B3epY0xOYwCx3J7J7s6sRVKl4SlBIMcXbwVIGHUHIwC8Tu%2B2Y%2BbfTGlOMcq5xCrXbsNrY%2FRHP3yg7Vp6FhToCH7OWzCXq4Ars0%2F382VLh5G2qCX0kaPaH6qF9NwS6"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e6473c6565a2-FRA

GET
H3 200 x_twitter_icon.svg
blog.morphisec.com/hubfs/ 460 B
2 KB 89ms
84ms Image
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/x_twitter_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-141944464032,P-1534169,FLS-ALL
age: 75270
x-amz-request-id: 5KV7DBQQ34K1JJ3X
x-amz-server-side-encryption: AES256
edge-cache-tag: F-141944464032,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"c7279b34bfee002c148f828d14255c4f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1698243363640
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 8OVftkuv4j6Khff8Nb5oAG2Y32IjKCXk
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-141944464032,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BrHcOlwDM+/pnG3YAhuqHBKXsQOL42tufIx+O/7bFOPda7IhOzqyN89yYVGcR1lyPbWEMyrKx0w=
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jdorl7uH1lOa9%2BKD0kycZFB9%2FPDXWmgBiPAHVYIWzDoeBk4Vd8oMrbCzwu7CUmexa85Y9PtQgKO7qLX%2F9ZomzkzB0guWZ%2Flo1%2BLCUzXEmTlp6XkyM1O3zngvxfUVy%2FhI4Kh5Tg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e64738b0382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: _ZqNAmXcDyB9fskS45u_k2v1EqusRVOIzOaeR0C202COZ3bl4Lh1DA==

GET
H3 200 linkedin_icon.svg
blog.morphisec.com/hubfs/ 628 B
2 KB 138ms
133ms Image
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/linkedin_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-141945428832,P-1534169,FLS-ALL
age: 75270
x-amz-request-id: 3MWS5YET0SWAJE2Y
x-amz-server-side-encryption: AES256
edge-cache-tag: F-141945428832,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3ef5ac1f024120437e19fcc4abf556d8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1698243363623
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Bq5Mo6REJV_bnwvIwff4zb93JWXV7_WO
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-141945428832,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: P8rkGKzF4keaNPIPfyk0tsASTo0QaUCWBdpRp3qQIOmoqLf4PXe0SeOhFyGxz0lfejFhDXhgJig=
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UBkbHv%2BkXkM0y5%2BkA4Ts8IruiblUbOC3c3Exoq9IKg0KZsE7TxmqY%2F8UZE0UJdJkKuFLUumhz8G6us%2BQ%2FWzpwXIwJloUUDGD1Iz4dIeMAnImRoePQWPgIxhuUXaJuSI3iEQ%2BDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e64738b1382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: lPA81Pq6byHhCt3_QS4_yxPkAYhnPWoN5Fz8gAmRR2ikTmSH8GGrFA==

GET
H3 200 youtube_icon.svg
blog.morphisec.com/hubfs/ 642 B
2 KB 96ms
91ms Image
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/youtube_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-141945248869,P-1534169,FLS-ALL
age: 75269
x-amz-request-id: PPY5SJM12YC2197V
x-amz-server-side-encryption: AES256
edge-cache-tag: F-141945248869,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"ced4da2370fbc2016321a375dbbed68b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1698243363649
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 6183f44271d091c21804d467f8a4ce20.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: sJlFqbLZ7aHbNE_.KGb6N9TqRjJsKyuv
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-141945248869,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Y072vs+y97GicnPB6CDQqVUF5nYcuxiFxzosoPQd0P4hWrGS+xDq2SjrXSTJHWXTwFjxWuec3PU=
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tLoV9qenRQ97ii9a9oWBGXsdtxta0DWLX48wfxTA65r7Ki%2FMl%2FnOSWUee4P60jQ6LkQ%2FX7%2FuQ7Hlqpzb1q8K9jrE1H9BeT%2FBpNRLxIrrzK5VTl8F18c7NvUh2IfiqoOJNnDU3w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e64738b2382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: Umrg_YvQZ1ifABIXyXYzUy2R2rxQRkDtlEq8hPceyURCnzqfpziMPg==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.971/ 13 KB
5 KB 89ms
55ms Script
application/javascript 2606:4700::6811:ac5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.971/embed.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ac5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: 1gm1MaaLzWiIBc2FerIVtLdckhSMSaY7
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 409028
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jun 2024 15:05:39 GMT
server: cloudflare
etag: W/"26c40482b55a607cd44486a2958741d4"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Xe25ll3dl2RSUkI6HSWEo23EigYWKuRaM%2BGsIm%2FcgjMAGNaCGFVLn0lp5bEkNPD2Kl7crVIMJnv1vWR9CWdoI%2FOxKcGctP%2FrV40jwCCh44e7AKiBVTSyR5pAoJLRUHSai4q4D3BCdvY8nI1%2FOiZ6GNbcnw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8918e6475cf41903-FRA
x-amz-cf-id: 4KGI5t64pXc0VBpiZlqrGzYDMFRUiAtNY-kZWNgC73HhfnStC05rHQ==
expires: Tue, 10 Jun 2025 11:07:45 GMT

GET
H3 200 svgConvert.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/ 668 B
2 KB 115ms
110ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/svgConvert.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3033
x-amz-request-id: 698XNMSNT54TC3V1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"1cb72e618cce9cc73c57265e9b726362"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680697800276
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: SZXdPmhYHKeWP0u0ggYIHYhJ0L5KYvd5
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 01267464-31d4-43a6-a861-46b187dc5427
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 150
alt-svc: h3=":443"; ma=86400
x-amz-id-2: IAdAsb4P0gUlHIB8qDJ6vO9vidHdokx+OYvyCZk8IFSXmPvWOu+TRQRBS9FPOss1CsunM+ZFR2mXpP5eKsqOzoMu3Wk9xAXQ
x-evy-trace-route-configuration: listener_https/all
x-request-id: 01267464-31d4-43a6-a861-46b187dc5427
last-modified: Wed, 05 Apr 2023 12:30:01 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QyCzOnEmmwUT6CRPBIqGJspkuGxqggr8OMZvMH5iz3N42h9IscM%2B%2BEzx9Z9gP%2BSsRFpe6YMSjcRbMK09U%2BnVUkg%2BXVhQ3O59V1HtpFao92vAbMlDzjWDOqjHlLUbaFPuHfaUVw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8918e64738a1382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: VhWS-ezXd8eEm7gMkUI885gqB3tN6cHoMIvkE8x2GBzhClX8iEGiZA==

GET
H3 200 lottie-player.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/ 359 KB
95 KB 129ms
124ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/lottie-player.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3033
x-amz-request-id: XG4SGBR4WCYYPB6R
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"9540cac57a5805fdde520bb1869134b2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681491232806
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CTo5DkzSjS7Z2UMEH7W3RDGvw45iU9vL
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 3bea0894-ec1f-4332-bd74-a1f475969202
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 153
alt-svc: h3=":443"; ma=86400
x-amz-id-2: oEtMFbclfHGidzjQpEZEWcUFX0jeTliOsGcowMDN2ZJFSVExxLOsjbmj6KaW8tWjkosIgBKK7Mw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3bea0894-ec1f-4332-bd74-a1f475969202
last-modified: Fri, 14 Apr 2023 16:53:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=up2IPvvTv28dLvT5lmlbMOxCajxZvUqp0EtSYClFIfUFOYOGptQwo9bDh5WSme0Jvc986%2FSjqjwZG3GRPQcW7kVupI6tDWLfyme003QNRbhCZSUnGDDklQXfO3AnMKca71EU8w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8918e64738a6382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: RfDEYOmqcEy2hJzRswpT6dlxiuiFv8gV3bx03VjaHfINplG1NfV3EA==

GET
H3 200 slick.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/ 42 KB
12 KB 116ms
111ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/slick.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 519
x-amz-request-id: D1Z76D2B4MXFQQR8
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f6085c5be1a35b91955cf9abd5b2b0ea"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681177460907
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: uoS3eYGmK1dPCzG_bq7yGgNyq7YIozdd
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 449ed9a6-9e22-4b1d-bce9-f7a0bb05180b
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 214
alt-svc: h3=":443"; ma=86400
x-amz-id-2: RHsdXISb9Ka8uTpgm1raBYAXITzgR33tpgUGdJ9D3UlZX9QBPDq6eOt+vTuIx7bhVCKR/4+AJ5I=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 449ed9a6-9e22-4b1d-bce9-f7a0bb05180b
last-modified: Tue, 11 Apr 2023 01:44:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xz%2FkU%2FeWrdPdrgPqKa9ZrKwoUnFIGC7TQzO%2Fl3JBQpwDVn7P5IRuvgrskVzs8jTi6FXMAP%2BmO7BNrdGRt7lloWrAa4Xov%2B%2FDrnpL%2FLmimlj62vfGwkJrQDbm%2FwQEo12pL4HOrg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8918e64738a8382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: SFZxPxi131VX8ikwaIlJWqUs-ajIQlwWyFKWOopKKUtyHMhyuqRF1A==

GET
H3 200 module_109590708858_Header_-_Global.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281038/ 1 KB
2 KB 118ms
113ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281038/module_109590708858_Header_-_Global.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b28f2758dd0c48fa0e8e33ccfee02f1b581b93484aae2af63190df3d4bcc068f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 519
x-amz-request-id: E89JDQT3YN6R4AZ3
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"48cafa9929e94f1a90da5d8bff870b98"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1712731281038
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ic4RHBFCPmyWvypLWH34rOyE17GmvrnL
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 11811928-6a00-4028-b2b3-1d1ecc5e5a16
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 193
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lN0Q+aYPnXvXE/JA9sz6vpTYGTbuQA7kRngm9QB6IVm8DFmy8FICC8ozSYrZZvuknQFW40sItCwiLne1pYHxIA==
x-evy-trace-route-configuration: listener_https/all
x-request-id: 11811928-6a00-4028-b2b3-1d1ecc5e5a16
last-modified: Wed, 10 Apr 2024 06:41:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EUWmLWmdyzMjgVNWO56n3kJqilbuuP0IxiIFWpBfmgnbUAP8sKCHrV4C%2BjJ0n3DA6fNMeiQDhVbaSwqQEjll0KhM070HQYLj%2BoIiCXHa5Zw5mYJt0Kd6s%2BO978DemST94i%2FhcA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8918e64738ab382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: rK8Qobd-yIUG_nMbctb3YcdlglCE5KEUpXfDFFSL16FfmsiT4zaelA==

GET
H3 200 module_-2712622_Site_Search_Input.min.js Show response
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1717687438732/ 4 KB
2 KB 45ms
40ms Script
application/javascript 104.18.91.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1717687438732/module_-2712622_Site_Search_Input.min.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.91.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 330043
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f9134a973469f840bf03f740af92c65f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1717687438732
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5ff98687-cf82-42f1-8f35-e227da5a3346
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 165
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5ff98687-cf82-42f1-8f35-e227da5a3346
last-modified: Thu, 06 Jun 2024 15:23:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V2OmlSXIyVCod9vKJPhzjIDTDpGvwr%2FQrRlBVJi5R3CTvjfs2Ac71TXcmUJ8j7uOv84JvXGetCxfaBQBJV%2FPiwZ336O9AFpAdNKJ49DDmycqKW%2BcsfoYLJF7fRErJ6pYNL0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-qd96f
cf-ray: 8918e64739e6366f-FRA

GET
H3 200 lazyload-min.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/ 8 KB
4 KB 99ms
96ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/lazyload-min.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3032
x-amz-request-id: 60PS19102AHKFCP6
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"67744f609bc5dbc8a0fb9fe0d5005f25"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1603042259630
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4SGyaLwa93KERwdBmZy9UM4.3aqx9djg
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9bf7a7d5-5602-45ba-8285-d8c3d4479514
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 175
alt-svc: h3=":443"; ma=86400
x-amz-id-2: cAeQuoUwECAA4f/+kiXZnh5GEPWt7H1rfslH6cel92fTXi5ZTLJ1WwV2c/pNTLW+PkOLEM6B77I=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9bf7a7d5-5602-45ba-8285-d8c3d4479514
last-modified: Sun, 18 Oct 2020 17:31:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nD3KCOplcSXXcy%2FsKqGy6OX%2FlYWaWdfH6HwYqBaptlDw1X23OWuBTqJJDzpRtvfaKfQ3%2BTun6zhcwcXCewDwxXjFhw%2F3Dw33VcVFCNBxLslp8sa%2BD1MR87dFPmsrxpdpCJ%2FBLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials: false
cf-ray: 8918e64738b6382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: KTRZJ3Gc_LRn-iY3ylcKpNwXelQ5fxlEt06gBwhmVs6xbDkPD4-60Q==

GET
H3 200 vide.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/ 4 KB
3 KB 119ms
116ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/vide.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 519
x-amz-request-id: P553ZQM2EDM003BS
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"901e2d8fd2af243d3d8dd68e38fa22da"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xCDhIWpBzbsqxgnqK8jsUmPM_UWe2ml.
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: 37796c96-5e20-4cf0-88ad-bf5811a7b1dd
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 129
alt-svc: h3=":443"; ma=86400
x-amz-id-2: m9+ocZVcws9zVZDj0asaWb2T2WcBVAAlFwgzs44Z/7I2fAiOy64BXwLTSyeghS5WQ1QgGQzQIX/uWPwNrGrtQdsCi2wmCjHH9qCmcqIO7Ew=
x-request-id: 37796c96-5e20-4cf0-88ad-bf5811a7b1dd
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 30 Sep 2019 05:35:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PW%2FUH3HlE8Mgx%2BpHcfNCw0V8kuq8wj1L4fxNK2BVdhTBdQZ3opyZmTjPCaP5ZlXmCw8JrfW4NytKGAYGSGMYpHtDJHyevh9lZ9EMahOHcA%2BP4sRIVBdQ0I8nhF3c978ScRGoDA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
cf-ray: 8918e64738ba382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: 4ItJp3PfHLfMrhvGpK4oO20n1LEC4fWIBJndtnCWoMnuubn3twUl6w==

GET
H3 200 magnificpopup.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/ 20 KB
9 KB 126ms
123ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/magnificpopup.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3033
x-amz-request-id: JZ4R1M0XEN59HA08
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"ba6cf724c8bb1cf5b084e79ff230626e"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: AenlXmDNTXiJmWpCG4hF_X9US4k8ofw.
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: 400f9d7d-f0e8-4a64-9652-58f168564b84
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 168
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 0cA0WNlFy3YqnV/Wwyzzevo6F5wNRCbNKerUxaoWEKoMN2yGcOHMM/QaCZWwxlIxC7cl2qMMGv3IaLeeGb6048ASKAg58gtLLcpYn7wT4uw=
x-request-id: 400f9d7d-f0e8-4a64-9652-58f168564b84
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 30 Sep 2019 05:35:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=epzySVfTvMbBq5noOvJ1QUwumt2ZP%2B2fEN%2BLoWRpj1f0NFppkjGytCtxxMH5MyUum3d7L6gbMqqfQ94Ucmn62qZHbVPhKTwH3Wr1nIYvvxY3bU%2FHcqLLdHuvkAiy2%2FbBk8Trbw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8918e64738bc382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: kvL9MeMyffF68A12pT9uh7ugo0WYPyoQY4vzKZuFAg7tZiNBoPBtww==

GET
H3 200 Morphisec_Sept2018_script.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/ 166 KB
43 KB 118ms
115ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/Morphisec_Sept2018_script.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3032
x-amz-request-id: 60PKSPWPVERYHG2M
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f7327c38d9f5aeef245b0ee300152178"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1671716922383
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d1cde188ada6755fe03b8541b71fce4a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YMjvkoc5EhQ12za.7KqifcSwG8LKYS3S
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: eac3cd15-9495-490c-8884-e63eae06baf9
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 213
alt-svc: h3=":443"; ma=86400
x-amz-id-2: aIfsUNet6oYYdTBWBxjfp0v917wGVM46z18sMoFIPcpcUqaJED5bPfxY1FLcibuDBIJU4Dn30KEYrtEUHwK1xeK3aUCJNphc
x-evy-trace-route-configuration: listener_https/all
x-request-id: eac3cd15-9495-490c-8884-e63eae06baf9
last-modified: Thu, 22 Dec 2022 13:48:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gZ7O4JoDJKMER2sLo1Qk77GkGkk3smXlsuRsWvoWLzR1Iq2o%2B82%2FbRVLm0Ex3XXZHPdzp1gbwAEQfLFnUMuBjPCwyUE1T0EvvP9uwuQg%2F3gToO6%2FN0MNDXpDwhSmtZoZEmZVQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8918e64738be382b-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: O6swmMYsESHWrzb-DCEtaLJH-EuCK5NBELb9qoIEATsuavdHAQfnQg==

GET
H3 200 1534169.js Show response
blog.morphisec.com/hs/scriptloader/ 3 KB
2 KB 190ms
187ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/scriptloader/1534169.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

183aedc05bc40d61bade2856e0125c7053bc2702da811231b5da807b7d6b0fe0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a5f4b146-5b9c-4b0b-b1ee-461ac6de0fb2
content-security-policy: upgrade-insecure-requests
x-envoy-upstream-service-time: 10
alt-svc: h3=":443"; ma=86400
content-length: 701
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a5f4b146-5b9c-4b0b-b1ee-461ac6de0fb2
last-modified: Mon, 10 Jun 2024 11:01:22 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-2hls6
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9S7lq5cW7Ud%2FixqqPSijAmLlx3WvSzwun2Da18EgCDAjMabhDeaJF8J2qRSlWvgcojv9Jh0vgYO%2FecbgMCatuIX%2BJ4d1ZRrQl5eyVUGBCbPkdbkzUoPBtGTMflQBEVAZblF6Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8918e64738bf382b-FRA
expires: Mon, 10 Jun 2024 11:09:15 GMT

GET
H3 200 index.js Show response
blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/ 12 KB
5 KB 99ms
96ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7066446
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: 1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 15:59:57 GMT
server: cloudflare
etag: W/"5885ac5129ee80f8b7e1e228e142587d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5RLY7Spb4%2BupJqcSVa8Jx56YzHB3JBmEU%2Bp7MwRdKJGMmDIlIhJtMdEDDtaAFiSFhvMWSNOlpp1UNT%2BLqe6422Y3GF6G6C0nO37IXVKQ9tg8xHTchu3DRw8CNuu6SQ7hR4muOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8918e64738c2382b-FRA
x-amz-cf-id: LBGxxkuxmXbhcFaI-NR3fKwzXfE0BgYFZAIA9oCaZx8Z6HSTKhi43g==
expires: Tue, 10 Jun 2025 11:07:45 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 254 KB
88 KB 67ms
37ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6645c45d30029be81ade24d2078b34db6dcbe981e8602c73a983b87e4e59fdef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89277
x-xss-protection: 0
last-modified: Mon, 10 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 Jun 2024 11:07:45 GMT

GET
H2 200 banner.no-autoblock.js Show response
consent.cookiefirst.com/ 63 KB
24 KB 23ms
21ms Script
application/javascript 2400:52e0:1e00::1079:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/sites/morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/consent.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: Cookie First CDN-DE1-1079 /
Resource Hash: e310c4e689e7bcf75fda1bde019d6e4fb564d95da0b9a7d04fd7e68d9673a444

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: br
cdn-edgestorageid: 1081
cdn-storageserver: DE-51
cdn-cachedat: 06/10/2024 09:48:03
cdn-pullzone: 236985
visitor-location: DE
last-modified: Wed, 22 May 2024 14:39:11 GMT
server: Cookie First CDN-DE1-1079
cdn-fileserver: 588
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"664e038f-faf0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=1200
cdn-requestid: 61a46b68fc90a6fca055c6c794dc02c4
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 hotjar-3506314.js Show response
static.hotjar.com/c/ 9 KB
4 KB 48ms
10ms Script
application/javascript 18.66.102.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3506314.js?sv=6

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.51 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-51.fra56.r.cloudfront.net

Software

Resource Hash

41db6e1b3eff24bb920613970f711e6219dbed6b36f6f312b3b7bdbcb8f3ec8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 9015971351bc982a04ee209a022bb1f8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 40
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/7270bd5bc546b6156629693f7ada3fc6
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: VyiyrH93BvNg9WY9a7UHmFDnwO77OEPJ-uoAClTk9eiamf5Yxbedaw==

GET
H2 200 css2
fonts.googleapis.com/ 57 KB
3 KB 46ms
17ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1709023725071/2023/CSS/old-style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f322afdaf7184e4ddd7fca589f89cdd7e2e2721dffbf8abed7cb1eca88b0915f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1709023725071/2023/CSS/old-style.min.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 10 Jun 2024 09:36:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 10 Jun 2024 11:07:45 GMT

GET
H2 404 version.json Show response
consent.cookiefirst.com/sites/blog.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/ 678 B
1 KB 62ms
47ms Fetch
text/html 2400:52e0:1e00::1079:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/version.json?v=1718017665178
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1079:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: Cookie First CDN-DE1-1079 /
Resource Hash: f62504abbb867b0d53b4d90d746313621819f2c5d39ceab4695ac2b0ef8cf223

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/json
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: br
cdn-edgestorageid: 1082
cdn-storageserver: DE-679
cdn-cachedat: 06/10/2024 11:07:45
cdn-pullzone: 236985
visitor-location: DE
server: Cookie First CDN-DE1-1079
cdn-proxyver: 1.04
cdn-requestpullcode: 404
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cdn-cache: MISS
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=5
cdn-requestid: b5e9923603177788c7afdcf386d493e0
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 404
cdn-requestpullsuccess: True

GET
H3 200 Montserrat-Regular.woff2
www.morphisec.com/hubfs/fonts/ 64 KB
66 KB 109ms
73ms Font
application/font-woff2 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-Regular.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-109620535302,FD-109627043208,P-1534169,FLS-ALL
age: 75269
x-amz-request-id: 64E09KC2V5JB872J
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109620535302,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "6b8307d4d485772acfa7afe8265fb942"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680693119101
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 429f4d0dffb8bf0b68cf2d9d500542f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nSDGlIqPXu9uV3l2fdqqNA5m3fzDIOo2
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109620535302,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 65900
x-amz-id-2: OuPDYAF8Y6pRMy5iNUlze2bM9gJIlJaFFxJV2veYJ4WTiKhUEkTU+zBM0Z1YRNIWtg1gUU2Fk5s=
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mN7TkPSgZEBaGsYLuDboTF1lx2OVS7b4%2BCkMR5BV3ndFEX3u%2BdZa9E415AJiF9JaIL5WLIBShL159svf%2B5OmEBwD%2Fe4nZqT09Mjdz6odfUmF8yuRHNexqQh4A%2B59Zt4J2zKt"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8918e647cb2b2bbb-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: KGEdqojuGd00yCAEoJhbIwER7j9DF_e-j9aYawO50ZyWW3jeCzaiXg==

GET
H2 200 modules.349061f2d87d84c4c336.js Show response
script.hotjar.com/ 222 KB
55 KB 51ms
8ms Script
application/javascript 13.32.27.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.349061f2d87d84c4c336.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3506314.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-107.fra56.r.cloudfront.net

Software

Resource Hash

5ade1526f1674ac49650f04fa328b8aec7266c24c9a045f5efbb96b6984422c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 11:43:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 d8670b0c6b76371fb58f730881dfe504.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 429878
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56093
last-modified: Wed, 05 Jun 2024 11:42:10 GMT
etag: "4aa8ac29ac41e30cfd27b0bfd1a19aca"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: kHASDe2tvZgPsdS7HyvqN7qjQ0uCN2sGlw3i3Se53vTqAAtpNW_xCg==

GET
H3 200 arrow.svg
www.morphisec.com/hubfs/ 271 B
2 KB 89ms
57ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.morphisec.com/hubfs/arrow.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281837/module_109590708858_Header_-_Global.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109679247133,P-1534169,FLS-ALL
age: 77268
x-amz-request-id: DR9MTN9QKB0N8PTQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109679247133,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"4e0f4888e02de418e83ed88b0fb6b77b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680710835406
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: NbewtlYhb0U79FAEY4s37zmrf8HRhCTq
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109679247133,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: P8JLcPzwwAGZnQtt8L7Zz7EONC4hFEZoe9m3UpF3ILFr6pzmQmauxSlR1OxfRK/4ZKsBNBAP2Lw=
last-modified: Wed, 05 Apr 2023 16:07:16 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PUBXxxO862ggedUYgZ5zt6vMQt%2FK44YNXk3trujh2svFbeOo2Wr59KJStARgdrDiX%2BfqTAb%2F4JLGkmLX2PPZ4%2FfTSEziN%2Ft6H7QoQqJqXvT1Z4qksnOU7xA5%2F8DtXsJspxjK"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e647ba8a926d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: OXnSov5x0VvBwegcxfrVGuliDJF5-NNyKkl3mveM4g1pcBv8Kg0ozA==

GET
H3 200 arrow-white.svg
blog.morphisec.com/hubfs/ 349 B
1 KB 73ms
73ms Image
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/arrow-white.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109627044436,P-1534169,FLS-ALL
age: 77268
x-amz-request-id: DR9GMYA3GHEMFZNG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680694543135
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 362b298821815168614ba932732916ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: NPuCNlg810R0YCc6uLonqEzwW8Xztt30a3EHTpExZFoCIMuWzP9ALqp4jXcfABTkeVtvPlu7AHKdUOulqLh4j7Tm6rluA5df
last-modified: Wed, 05 Apr 2023 11:35:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mjhDXCnkZLoFd12joCV16NPxGDyHuWV6MPRVxJr5HGVpr09VEEd%2FIqnqXZjREWbJZ0sfTmNwU4PTN8IZP3g3P9nzjER5XIZn2G5J6Lf1zidJdbiloMnKQZYFGUBqAIlWhQsD2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e647894d382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: kGapFjK0WW9c8s7oSveYnrJ77nk-mVKGkDgTZE-jrZ1rlF3mpDhafA==

GET
H3 200 cybersecurity%20threat%20research%20blog.jpg
blog.morphisec.com/hubfs/ 4 KB
5 KB 81ms
81ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/cybersecurity%20threat%20research%20blog.jpg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-129397473892,P-1534169,FLS-ALL
age: 62697
x-amz-request-id: 5KV4BZBHA35K2F40
x-amz-server-side-encryption: AES256
edge-cache-tag: F-129397473892,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="cybersecurity%20threat%20research%20blog.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "2b7b7ed7eb036c12623f2218a7bab31b"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691668529263
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 bdba42cf1410fb617eeb4ffd3e0b9cb6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: c0ZTjM3EuQi57sUJlqRjc9N65oFUDRbx
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=26491
x-cache: Miss from cloudfront
cache-tag: F-129397473892,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 3770
x-amz-id-2: uYu8GuiIO1eUx0FgWeG8w5YVRndnteUVnuOTf2dlh0A7oQDb3rD9lcUiElgdbAo6V4dtH9rNuP4=
last-modified: Thu, 10 Aug 2023 11:55:30 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZSQX1S2hThrqGzolk2Wp7ufpAq0GnbpJoBe7ZBpbcYgKMUXcVKAV01z%2BO8kaziOcpiOq16E7nsbAAsj79H6AHKpAqeHO3sk3KODJEvcA3DnH18jCKYD5kiievjmavpNjRCjdyg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8918e6478951382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: uheSV8bM-uZGNYxE8XOSQcfr48s1r8xPrMmDXge2YsISlX1KmgrONw==

GET
H3 200 footer-bg-01.svg
blog.morphisec.com/hubfs/ 1010 B
2 KB 67ms
67ms Image
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/footer-bg-01.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-110476466060,P-1534169,FLS-ALL
age: 77268
x-amz-request-id: DR9HBHD23X1B6H5Y
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110476466060,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"2ede0c7ada32266a0c611cfc210050ce"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681221340353
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f2b02f5afeb695ea85b659be98f49e92.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: _gIdfKK3n3930Ooq3mAnm0BVYetLtdSX
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-110476466060,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MMdfq0462kOKHU3E1DDt2XXYrTgKcfwhl+VODh77I3eWwOr2b8+dyUput+XFiudSNKvM8Gqld0E=
last-modified: Tue, 11 Apr 2023 13:55:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qlaxiHMNfAdIy2g%2Bz%2Byx%2FIoUS8l0iSmV3a%2FrCxjUAkVTDk4fh8aFLn%2BYdDscx0TFoh4KC8q0uQYaHpOjJVAxkM3wkj6zq3VDl0COHP2wsr3b9SU%2F%2FIL%2FlBfIbBMIYVSt4YJCxA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e6479959382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: oRl98F-rvHzNc0aDH4RDvtY0FJtwzjesXoQFssAC-LjeAFrUI98UaQ==

GET
H3 200 Montserrat-SemiBold.woff2
www.morphisec.com/hubfs/fonts/ 65 KB
66 KB 73ms
72ms Font
application/font-woff2 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-SemiBold.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-109621325689,FD-109627043208,P-1534169,FLS-ALL
age: 75269
x-amz-request-id: SVD7J153FHJTFKC2
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109621325689,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "09e9af57c990afbf2833f00d90880b6b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680693119436
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 a17242a6cf9be61e0412ecea1610cbde.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: N4AY2AcWVnuw91nHKeLaBhsvto1u2FqE
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109621325689,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 66104
x-amz-id-2: 9vG6cZ9LiSss9kuP9dNdm58VrcYikCsXfdexZg9ynSZ7YKesBYMe5wHt6ExswHwi4+r7P7ULksc=
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VPdylBeOohdBxG%2FF4ji%2FOk0sqReNHHLkc97QU9EF%2ByhJeIjMTeWte3bJwhEaqVSQmeWzCtE021%2F5gTWprRMXAqJxjUeYdvlvAV2wbdgUUQSRDymk%2FDyp%2FowamfTblpeopWRn"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8918e647cb522bbb-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: ctAYXXvfldFkpxaKv66EmeX41Jv5NrAmfqpYFwI6BwL-vY54c-o9Nw==

GET
H3 200 Montserrat-Light.woff2
www.morphisec.com/hubfs/fonts/ 64 KB
65 KB 96ms
94ms Font
application/font-woff2 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-Light.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-109627043216,FD-109627043208,P-1534169,FLS-ALL
age: 75269
x-amz-request-id: ZYEXQ0RFR0SXMN76
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109627043216,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "aab897981ce728bf9faaf8d7e9273e82"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680693119255
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: pc80gFZ4d8MJD6P02C8Utp.DAeRoai1s
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109627043216,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 65268
x-amz-id-2: JlpVyBh4W2xi/3m2dHkNjIlh7KqUcDuaMDy+9za1ijnd7XrmSXVFtvIt3HstadG5asSFMPboqzgKKy1DJTFyvg==
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HzU1QFwkraka757gaNQGXjlY59CYFLMAV9K9NdLe%2FadrnN3BzDzaU4ed1gSkJYRHFo3hh2UMy02exb9dq4fc0AvLvAO4DMGTeWzBMUilSbSgfgvb%2FsoQk8t0DEHVwBcVbSuU"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8918e647cb552bbb-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: GwreaGWFcgp7FK3nrK2aRXgefsuYTyoNpQliQaxIsyQ_IAvt-ufJfw==

GET
H3 200 Montserrat-ExtraBold.woff2
www.morphisec.com/hubfs/fonts/ 65 KB
67 KB 106ms
105ms Font
application/font-woff2 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-ExtraBold.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-109628007973,FD-109627043208,P-1534169,FLS-ALL
age: 62696
x-amz-request-id: K1389BEMAN068JRW
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "4e861b47db165af12ec0447c91b0167f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680693119362
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 85310f8b6878a9cfaa0218e021ae364e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Ai1BLbuGpLfH9Dc8qMneVI9MZINf4ZFA
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 66876
x-amz-id-2: MpKs0Sjry6fBtGHDvNsVlYw9i/qIN9JMBdjgcrr0nfhWRFedkv+LQEV/yg7adBmD0F4rva2OwysjmTbq7M4N6Z1ugfjFAdqY
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dj1LI64SdLF5XIYuHfXW3f%2Fj4lPcpkk%2BdhFrNwHdHh1BaFW9BObj7rwK0FmqaGM9np8hPOXuK3k1SNuEWXPNeVC1%2BQt7R6PIgQhkUk1nRHSyfDcCYlA6pty1nc4W1zI90zgp"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8918e647cb592bbb-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: nM86ORLY7par2XiXISj1ajpuzdenOGU4rNj7ODcdHpWCQht77XWEpw==

GET
H3 200 Montserrat-Medium.woff2
www.morphisec.com/hubfs/fonts/ 64 KB
66 KB 108ms
107ms Font
application/font-woff2 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-Medium.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-109620535301,FD-109627043208,P-1534169,FLS-ALL
age: 62697
x-amz-request-id: FT10XJDHC07A8HJD
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "16c1a5b7a2037ec2bad9740c8b0ff8ee"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680693119004
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4ce5e5162c2d4fc9022ceb290f794ffe.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: FUjuK6I4k.9p.Gx8MyhsJW6pvpTlo4q4
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 66036
x-amz-id-2: hxeTNgDOAtupfM9nZmIsXh25cddARSLSpjxk5ORWbYbl6D8vHf/S4HXdc2SsWNc/fNS5aRcH51cpBJSJ2yyFLUsWTkSfxIDt2mTHijF6GCE=
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7tYDJ8Af47kQpfGg3vnoEw6QqTsY0Nj1Ll2%2FnejxhXyIGejloR1sDdME4y3ehIWJ6vxesnSmr94OJGn21%2BTyxv9Q%2FjQiubxkUAppZwiJTEB4DrIV88X%2BustuOixG8UFMPNpV"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8918e647cb5d2bbb-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: eQ8VfxmUvIO6i9TjoxcjgToeDw8PxL2D-UOEz_NQhUqR-knvnt-PEQ==

GET
H3 200 search_icon.svg
blog.morphisec.com/hubfs/ 350 B
1 KB 77ms
76ms Image
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/search_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109619762806,P-1534169,FLS-ALL
age: 75271
x-amz-request-id: N83RXDEZBCD54J4G
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3d95f4288550b5cf8de25c3fedbd715b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680691466397
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 bb8a874d65e0b595aaa3d9aa3f930102.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop: ATH50-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Jhmue0YtUB6bRHV5+xYrGfYlMAi2svy2OuvLebtJbKICc6sv0Uyl9nMQ+kQ3qaiGy4/0QeavfNo=
last-modified: Wed, 05 Apr 2023 10:44:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BjBuGs7t7It8PXIH8PGpKfEd7j4b1pn9oGlfKDbyJb%2BPb0dPH8361ZoWgHgc7x5GAuyMqJPl%2F8oh4HnupdlQrLk4ZzDmqYvMiUey3WNKHFry7wb7PX6HZPkim7OrYAfRl1oviw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e647c9a4382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: AQAz_-2gccUjYCI9rIgvF6K8JEs8_2o8uCS7FZ4OTzvgpXMUJbM0uw==

GET
H3 200 blog.svg
blog.morphisec.com/hubfs/ 797 B
2 KB 90ms
89ms Image
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/blog.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109682604959,P-1534169,FLS-ALL
age: 77019
x-amz-request-id: 75XVDRC60YKZ81CQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680711424510
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3W+dw2WT65M2sIeXOwzQWhCmJ8tUIxYLZbGirGsC7bd1Jm9aEnDDQVU4upiLEb3t7SUtLx0Ragw=
last-modified: Wed, 05 Apr 2023 16:17:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vopOfIqhe3aJlANmmUyE0A9iaTmjyvhvYrx%2FvuLCpJg2OqX51e0H3OXrvStKO0t%2BL1OMGVjjeCgdUWkQOLffEPYBIvT%2FX6geGGM66%2BnINtW1tsaIzfOU5hCgdevdaMwfoggTfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e647c9a6382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: E2HMTmu_VrejzI-DzMHGd-d6tchK1S5p307BVCPmb_nc1g6GdcgoTw==

GET
H3 200 Morphisec_Werewolf_1200x628_v.1.41-ezgif.com-png-to-webp-converter-1.webp
blog.morphisec.com/hs-fs/hubfs/ 54 KB
55 KB 73ms
72ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hs-fs/hubfs/Morphisec_Werewolf_1200x628_v.1.41-ezgif.com-png-to-webp-converter-1.webp?width=1200&height=628&name=Morphisec_Werewolf_1200x628_v.1.41-ezgif.com-png-to-webp-converter-1.webp

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a347ea34a470dd127acceeca1bd03e781aa2f248064c300ba2d27d81ac90a3d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 3199fed6c4260c9448326645d333530a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-169578897286,P-1534169,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 55046
cf-resized: internal=ok/m q=0 n=822+0 c=11+0 v=2024.6.0 l=55046
last-modified: Wed, 05 Jun 2024 17:43:44 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfC8yr9J2aHcAkT8r9HMFuIBc4P85LQoHV409H_JZsDQ:9d2b38e2508b58416b7d5469baf2d0aa"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3gVo0H1bcmKnV4UL%2FKUuPhVOVj1wmN7kaWNgTci60QM5n95b8e73DTUrJV8ojnH7BT%2FXGmoG9Lm4aAKuCjpaynfLkFeivEwg%2FZGWTuO2wo1k5K%2FT7XtEKenPgkLNIzwkYPDyrw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8918e647c9a9382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 AttackChain_2-ezgif.com-png-to-webp-converter.webp
blog.morphisec.com/hs-fs/hubfs/ 50 KB
51 KB 79ms
78ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hs-fs/hubfs/AttackChain_2-ezgif.com-png-to-webp-converter.webp?width=2501&height=1309&name=AttackChain_2-ezgif.com-png-to-webp-converter.webp

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7aaaa35f71c2759c365534f95547697d30e5ef8863ec17c4ccec17b3af2705

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-169579739174,P-1534169,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 51268
cf-resized: internal=ok/m q=0 n=780+0 c=245+894 v=2024.6.0 l=51268
last-modified: Wed, 05 Jun 2024 17:47:11 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfedg5y4uVN_2FPNB2q7Ar54AXUQdJaJU54KlRhswcDQ:2af0f4cdc6d40f7e5c90d0e2d6628519"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FX%2Bfr1WSA4VXGbxir4ohAfPqJsdJ%2Bt9RKSF71n7TCNugN7kHyWNnXAhsFsOnOc4a646mmD4dwwJ5ApuoK%2BhIexKwaBWza68E0qZIRtuj2QLU079htTEgJCeuLZWjncL8cUUIdA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8918e647c9aa382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 322 KB
106 KB 39ms
38ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

38c44ba0c4b5172c3bf5024c8a06f58faf3e0c24bea228184ae2d46feac23864

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108332
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 10 Jun 2024 11:07:45 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 322 KB
106 KB 42ms
42ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QY7QHR57BF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4e7a55d19cdc03cf965cce3c56c44837687b0e4be91e4eab989607fff5c61f6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108258
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 10 Jun 2024 11:07:45 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 55ms
7ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 10 Jun 2024 10:29:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 2317
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 10 Jun 2024 12:29:08 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 219 KB
59 KB 67ms
7ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 10 Jun 2024 11:07:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57975
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=14, mss=1297, tbw=2810, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: Y+Pb4gwq8rBYw5xB5bcrDIhMJsRUmDFcoLBaEVy4lfg1EZO9S3Jdg2cR0J94QBis1pGVISv3OcNMnTR0UptfQg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
17 KB 88ms
7ms Script
application/javascript 2a02:26f0:3500:16::215:1496
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1496 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=22726
accept-ranges: bytes
content-length: 16683

GET
H2 200 8424750.js Show response
snid.snitcher.com/ 24 KB
25 KB 258ms
158ms Script
application/javascript 18.193.30.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/8424750.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.30.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-30-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 6113398c0ed3cf83e7b6360a9e635316c7114ca3db1d3b1e187c0b01f26cf539

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
x-vapor-base64-encode: True
date: Mon, 10 Jun 2024 11:07:45 GMT
cache-control: max-age=1800, private
content-length: 24862
apigw-requestid: ZJe0Rj-cFiAEJoA=
content-type: application/javascript

GET
H2 200 tags.js Show response
tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/ 17 KB
5 KB 215ms
158ms Script
application/javascript 2600:9000:2670:aa00:7:d7d6:3c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:aa00:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Clearbit /

Resource Hash

3fc6f43f8d589a8e68a0242c1b868cc5219f5bd368d1b960af52716a8541dfec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 129f13101f12370407d42127c62b1bd8.cloudfront.net (CloudFront)
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P9
etag: W/"4dc4ea822cc55aa67719411f6076fcbc"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
x-amz-cf-id: iCJDE3OAH9UoC6H4IYKf1_DsmKTVHLXnAp8csO6VCjRnzGn9gPoI8A==

GET lt-v3.js
lltrck.com/scripts/ 0
0

GET
H3 200 json Show response
blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/ 11 KB
4 KB 204ms
203ms XHR
application/json 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b15d797c8bc45336d507d8fd0977b264fb188c40c2e7dc03a982f648598c4e3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/json, text/plain, */*
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d3b259e2-0221-45e5-874e-27145df99868
content-security-policy: upgrade-insecure-requests
x-envoy-upstream-service-time: 30
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d3b259e2-0221-45e5-874e-27145df99868
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-cgx6f
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O8JRyNeex3Dsx0JqTh0pAzOgXf0Je%2BribsXMvUWTheQmNheC781ku7OvPLbr%2Fdc3RPZ9fwWO%2FiBOSStCIQHImkalC7w604epmujnpTsDepcsQXqIj5c%2BsUOJF8TBm%2Fviz3iGsg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e6499c79382b-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 35ms
7ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220058-FRA

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 166ms
21ms Script
application/javascript 2606:4700::6810:4869
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4869 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: EZPGEPEQRJ835T56
age: 3816
alt-svc: h3=":443"; ma=86400
x-amz-id-2: vj/H9CfyiKNwtvLJrelCw6CtXo93qB0KDTwbomYs8Kf/kZA94jYHXVgMqek/RNtsa+9eO7BrPxA=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 8918e64a8a64a073-FRA
expires: Mon, 10 Jun 2024 15:07:45 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5ef27e1555c5bbad5d59a33c50d30e35e6e808b2a6c6fce4ab68f91ad4bb83da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 10 Jun 2024 11:07:45 GMT
content-md5: 17Ank56qW/yJsNrDMQdBqg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=64, mss=1297, tbw=63539, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: B6XvcFICAnuqhRPJeoSrGSL4kuEJEVSHHv6ygdIeY9uB6+TOxi3zwEfGLH/d8o0DGPilPky7fimSomPA23a5+w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 9705a56472a24de5a51ccd8af2700682
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "1c2d3155e4d1b1195071e2b06cbd3a77"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Mon, 10 Jun 2024 11:20:16 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 163ms
10ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 11:07:45 GMT
Content-Encoding: gzip
Age: 653
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/6738)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 128ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-HFVX4VZHCS&gtm=45je4650v897583451z8897572158za200zb897572158&_p=1718017665117&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1455964903.1718017666&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718017665&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&dt=Howling%20at%20the%20Inbox%3A%20Sticky%20Werewolf%27s%20Latest%20Malicious%20Aviation%20Attacks&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=770
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 132ms
19ms Ping
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HFVX4VZHCS&cid=1455964903.1718017666&gtm=45je4650v897583451z8897572158za200zb897572158&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 144ms
36ms Image
image/gif 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HFVX4VZHCS&cid=1455964903.1718017666&gtm=45je4650v897583451z8897572158za200zb897572158&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1229217308

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
224 B 15ms
14ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1695628188&t=pageview&_s=1&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&ul=de-de&de=UTF-8&dt=Howling%20at%20the%20Inbox%3A%20Sticky%20Werewolf%27s%20Latest%20Malicious%20Aviation%20Attacks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=117197572&gjid=1879298343&cid=1455964903.1718017666&tid=UA-60065248-1&_gid=1782878325.1718017666&_r=1&_slc=1&gtm=45He4650n81PQBJZ8Kv897572158za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&npa=1&z=1071499787

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8d1ab314c5802e0fb9580452bd6e3c67918198a9a5ed8bcb3697959e785a7d9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 88ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-QY7QHR57BF&gtm=45je4650v898987771z8897572158za200zb897572158&_p=1718017665117&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1455964903.1718017666&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718017665&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&dt=Howling%20at%20the%20Inbox%3A%20Sticky%20Werewolf%27s%20Latest%20Malicious%20Aviation%20Attacks&en=page_view&_fv=1&_ss=1&tfd=812
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QY7QHR57BF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
45 B 92ms
19ms Ping
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QY7QHR57BF&cid=1455964903.1718017666&gtm=45je4650v898987771z8897572158za200zb897572158&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QY7QHR57BF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 104ms
37ms Image
image/gif 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QY7QHR57BF&cid=1455964903.1718017666&gtm=45je4650v898987771z8897572158za200zb897572158&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=277507951

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
815 B 198ms
127ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: *
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 700F99A1ED6A4FE1B0E616363BEBC6C7 Ref B: FRAEDGE1114 Ref C: 2024-06-10T11:07:45Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYahyivGHd3Bhj+2++LCw==
x-fs-uuid: 00061a8728af1877770618fedbef8b0b

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3607898%252C32136%26time%3D1718017665615%26url%3Dhttps%253A%252F%252Fblog.morphis...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true&liSync=true&e_ipv6=A...

0
266 B

220ms
182ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true&liSync=true&e_ipv6=AQLYElCX2Dtw9AAAAZAB1S0jCF-X7jYr4lo8tq_vu0BZ5QO6SBZ1hDiGCPnM9qe3
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1D903B46D5F04C39AE8A5F1FFAEBB500 Ref B: DUS30EDGE0407 Ref C: 2024-06-10T11:07:46Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYahyi7s2bYrjjPqd29MQ==

Redirect headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 6061B43BC5DE4E2CB7DD806AD03C26A7 Ref B: FRAEDGE1107 Ref C: 2024-06-10T11:07:46Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1718017665615&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true&liSync=true&e_ipv6=AQLYElCX2Dtw9AAAAZAB1S0jCF-X7jYr4lo8tq_vu0BZ5QO6SBZ1hDiGCPnM9qe3
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYahyi4JyMOAL7sB+0K/Q==

GET
H3 200 885880844953016 Show response
connect.facebook.net/signals/config/ 67 KB
14 KB 138ms
137ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/885880844953016?v=2.9.157&r=stable&domain=blog.morphisec.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

7c55a17ff1c99ae06713a4f027b263c90c7fa9da42be6b2a32d21ae174e1c44c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 10 Jun 2024 11:07:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=10, rtx=0, c=23, mss=1232, tbw=4623, tp=11, tpl=0, uplat=129, ullat=0
pragma: public
x-fb-debug: OMD5feA9skS4cf+bUtHYYTvQzVlg9lQSLR72i7E52MW145wlsxaLxtFctLpggPJGfq4+sEu34cUcssKJjz0u7w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 74ms
29ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47d1036cdfb7fa765e45f0f3d193baadcd53005e95a2f9bf7b531ebfbf41ea2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: tGbAtiolnAFnleIlWBGAzvQOiFsm5cIW
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 394
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.563/bundles/pixels-release.js&cfRay=8918dca88aa1901e-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: d4023404-2a36-4fdf-9423-bef6acc399b9
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d4023404-2a36-4fdf-9423-bef6acc399b9
last-modified: Thu, 30 May 2024 14:14:49 UTC
server: cloudflare
etag: W/"7f1cb0f6264fd05edb4cc0ec6a9bc096"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-lw8xd
cf-ray: 8918e64a8e4c4d64-FRA
x-amz-cf-id: yHyn8ix0X-leocuBisb2qgpCQaF0xz3y5fJmkZXGD8FbPwTDYbBmiQ==
x-hs-target-asset: adsscriptloaderstatic/static-1.563/bundles/pixels-release.js

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
92 KB 186ms
17ms Script
application/javascript 2606:4700::6812:8911
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8911 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
age: 62696
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js&cfRay=8912eb9d6e9e1da6-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"be45bdb720f44c8db4ee42bc228ff2a8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js
date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: HLkmxotJV8gQ_mnvhNwLT9fnVmh1uWjb
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 930ed0ef-dfed-47b5-b91f-8912bf17b252
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-request-id: 930ed0ef-dfed-47b5-b91f-8912bf17b252
last-modified: Thu, 30 May 2024 10:22:15 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-rcvgx
cf-ray: 8918e64bae3037ec-FRA
x-amz-cf-id: CnpeJz5G9fU4jvtXSm-aMLCooohrRCRIRFGhg17LwjJc20P5eg5cnw==

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 82 KB
24 KB 297ms
151ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2af4c240d46b3e99eea9ccbfd9c0c1c856c710a5ed3692f455767a96224171b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1159/bundles/project.js&cfRay=8918e64b8fe78ebb-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"e6c06eb0663c717e3d4635531672a1e1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.1159/bundles/project.js
date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: V4YhUHRJMuZkqxb1cpgehoNLVpfwce83
x-content-type-options: nosniff
cf-cache-status: EXPIRED
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 49adb618-1ae1-4428-8ee9-322d924127cf
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-request-id: 49adb618-1ae1-4428-8ee9-322d924127cf
last-modified: Mon, 03 Jun 2024 20:17:08 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7zx70kv7sSdn59Q%2BTUoePWLfo18FiPGrBe4cwNX%2B6CQWYkKDWicJAE25%2FxzmhTAVHHipIaHfeCfgNMzCpLw133%2Fz%2Bhjfokkvaqh6mi68GBGnAGGqrfQCbbO6ZkoNVUFW9amyrS0GysT%2FJlXB"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-sc4vs
cf-ray: 8918e64b8fe78ebb-FRA
x-amz-cf-id: 7_gJqmeiHpnJum28DOb7BSilO4LTbgNw_-X2UFZerBiop5zjbxxzkQ==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/1534169/ 71 KB
26 KB 301ms
137ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/1534169/banner.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae0393f48f5412e3124cafc47dd3e8b7bd39a6eb1f2517883c8b175df4df6334

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: JBubI2iZXhfvR9NjtL2LPV82OaUIjqI9
content-encoding: gzip
cf-cache-status: REVALIDATED
x-amz-request-id: 14DBK5GSVW1766D0
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: dc90babd-2c05-4308-9b78-5c5c5b1b045d
x-envoy-upstream-service-time: 35
x-amz-id-2: fNtaD2/+CL16j47yKcag64bZEShqo0t6JNu02ODWsuAqnqErevo/tDO6KKR4VZMTyoazReDLw80=
x-evy-trace-listener: listener_https
x-request-id: dc90babd-2c05-4308-9b78-5c5c5b1b045d
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 24 Apr 2024 13:11:59 GMT
server: cloudflare
etag: W/"850933666a1091136679efb21afc00bc"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-vhl7w
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8918e64bae9fa01d-FRA
expires: Mon, 10 Jun 2024 11:12:45 GMT

GET
H2 200 1534169.js Show response
js.hs-analytics.net/analytics/1718017500000/ 74 KB
26 KB 353ms
200ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1718017500000/1534169.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0860cea05a45cce23e1946837fd060d75a13aef98275aaf5262e9dfb1e4a388c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: CCZHNXVEYSMPWHEB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: cfda0e18-5d17-4a98-aeca-18c1b4589517
x-envoy-upstream-service-time: 47
x-amz-id-2: WHUPqhaiu/7xH3X7Bnm25E8hCF9ZJdoxBRhbSUVrNV83LMIBLkYN0LkMruPm/4IRHVPa9ULK6U3KRMYnJ1gp/Q==
x-evy-trace-listener: listener_https
x-request-id: cfda0e18-5d17-4a98-aeca-18c1b4589517
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 30 May 2024 20:49:00 GMT
server: cloudflare
etag: W/"24993f61b04f3084fce74b9ca89e39d6"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-gnznr
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8918e64b999e5d3c-FRA
expires: Mon, 10 Jun 2024 11:12:45 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
24 KB 181ms
22ms Script
application/javascript 2606:4700::6810:6cfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6cfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
age: 518
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=8918d9a21bdb8ed0-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"7d377a186677c174f204d466b8fa5fdb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.503/bundles/project.js
date: Mon, 10 Jun 2024 11:07:45 GMT
x-amz-version-id: WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: ffe7af37-9b35-43b9-8efa-ca4f00c90393
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-request-id: ffe7af37-9b35-43b9-8efa-ca4f00c90393
last-modified: Wed, 15 May 2024 14:34:44 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-sc4vs
cf-ray: 8918e64ba8248ebb-FRA
x-amz-cf-id: JvvDLB_e5Ayyr3Nk0809WoBvisFoyzwTpN720yRcg04mrAHAO5YeJQ==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
623 B 241ms
190ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 32F5AA9DE8EF4E75AFFE6DDDA0843CED Ref B: FRAEDGE1107 Ref C: 2024-06-10T11:07:45Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://blog.morphisec.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYahyivxhWYIGKSinXaew==

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
652 B 292ms
282ms XHR
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=1534169

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ef8c643d-615a-4376-83aa-329811a3992d
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8918e64a59ca65a2&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: ef8c643d-615a-4376-83aa-329811a3992d
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-ddwd7
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 8918e64a59ca65a2-FRA

GET
H2 204 3506314 Show response
vc.hotjar.io/sessions/ 0
232 B 74ms
35ms XHR
text/plain 18.66.112.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/3506314?s=0.25&r=0.15273480796213335
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.349061f2d87d84c4c336.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-19.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 10 Jun 2024 11:07:45 GMT
cache-control: no-store
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: fMiqMVcgyF4xMhNpmhlJkFapiKnQWuFhLg5ZGtoN3cEqjwlDxeTz7g==
x-cache: Miss from cloudfront

POST
H2 200 / Show response
content.hotjar.io/ 56 B
171 B 209ms
86ms XHR
application/json 52.50.93.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?site_id=3506314&gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.349061f2d87d84c4c336.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.50.93.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-93-182.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4acb6077f5cd25851109a6783ffdb7fc23c197c8d86ae80678fad175ccb55d6d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 10 Jun 2024 11:07:45 GMT
content-length: 56
access-control-max-age: 86400
content-type: application/json

GET
H3 200 postlisting Show response
blog.morphisec.com/_hcms/ 12 KB
3 KB 96ms
95ms XHR
application/json 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/postlisting?blogId=3742504875&maxLinks=10&listingType=recent&orderByViews=false&hs-expires=1749402303&hs-version=2&hs-signature=AJ2IBuHPzg7zsOG4mchNvVJ1NqSVjkUfDQ&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9414149991982b734e78033b9ca2f2cfb01f7f60d041dfa15279ea77e53547f4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 709
x-evy-trace-route-service-name: envoyset-translator
content-security-policy: upgrade-insecure-requests
x-hubspot-correlation-id: fe14f684-351c-47ab-a2a2-0e94874042c9
x-envoy-upstream-service-time: 22
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fe14f684-351c-47ab-a2a2-0e94874042c9
last-modified: Mon, 10 Jun 2024 08:19:57 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yc4K17pHFHdZPWgFNw4zpJAohLKCvT226djD272NfR%2FPOy5eUH0jCbw6tmg8%2B7Tcq8HjgD6fMdGqMQMw9wj4xihhg%2BdP1qTzTRougH1o49GP18qqa8BxPu4s9O77TL5HFNHzQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-10-19-td/envoy-proxy-5585d4d4b8-sdwnn
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 8918e64adeb3382b-FRA
x-robots-tag: none

GET
H2 200 destinations.min.js Show response
x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/ 0
21 B 318ms
192ms Script
application/javascript 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/destinations.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
content-length: 0

GET
H2 200 tracking.min.js Show response
x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/ 168 KB
45 KB 306ms
181ms Script
application/javascript 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/tracking.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e87be82092a8e1a5544ef566ba1a636162eecb31e33095c6f17eb06c87cc2efb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600

GET
H2 404 forms.js
x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/ 0
0 301ms
177ms Script
application/javascript 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/forms.js?page_path=%2Fsticky-werewolfs-aviation-attacks

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
content-length: 0
content-type: application/javascript;charset=utf-8

GET
H3 200 arrow-white.svg Show response
blog.morphisec.com/hubfs/ 349 B
0 0ms
0ms XHR
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/arrow-white.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109627044436,P-1534169,FLS-ALL
age: 77268
x-amz-request-id: DR9GMYA3GHEMFZNG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680694543135
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 362b298821815168614ba932732916ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: NPuCNlg810R0YCc6uLonqEzwW8Xztt30a3EHTpExZFoCIMuWzP9ALqp4jXcfABTkeVtvPlu7AHKdUOulqLh4j7Tm6rluA5df
last-modified: Wed, 05 Apr 2023 11:35:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mjhDXCnkZLoFd12joCV16NPxGDyHuWV6MPRVxJr5HGVpr09VEEd%2FIqnqXZjREWbJZ0sfTmNwU4PTN8IZP3g3P9nzjER5XIZn2G5J6Lf1zidJdbiloMnKQZYFGUBqAIlWhQsD2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e647894d382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: kGapFjK0WW9c8s7oSveYnrJ77nk-mVKGkDgTZE-jrZ1rlF3mpDhafA==

GET
H3 200 arrow-white.svg Show response
blog.morphisec.com/hubfs/ 349 B
0 1ms
1ms XHR
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/arrow-white.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109627044436,P-1534169,FLS-ALL
age: 77268
x-amz-request-id: DR9GMYA3GHEMFZNG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680694543135
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 362b298821815168614ba932732916ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: NPuCNlg810R0YCc6uLonqEzwW8Xztt30a3EHTpExZFoCIMuWzP9ALqp4jXcfABTkeVtvPlu7AHKdUOulqLh4j7Tm6rluA5df
last-modified: Wed, 05 Apr 2023 11:35:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mjhDXCnkZLoFd12joCV16NPxGDyHuWV6MPRVxJr5HGVpr09VEEd%2FIqnqXZjREWbJZ0sfTmNwU4PTN8IZP3g3P9nzjER5XIZn2G5J6Lf1zidJdbiloMnKQZYFGUBqAIlWhQsD2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e647894d382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: kGapFjK0WW9c8s7oSveYnrJ77nk-mVKGkDgTZE-jrZ1rlF3mpDhafA==

GET
H3 200 close.svg Show response
blog.morphisec.com/hubfs/ 543 B
2 KB 68ms
67ms XHR
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/close.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109618525080,P-1534169,FLS-ALL
age: 75271
x-amz-request-id: N83NMTECNESBC24X
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109618525080,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"613d5e657a45fdd73680a2a43b1810a9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680690377289
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 b05d0d6fb6ec555d0a055fe98c1f60dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ojcPDMW2kfX705kNgng7YRySVuOGEcf5
x-amz-cf-pop: ATH50-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109618525080,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Ch3JMZwgLfxY1yJfyFnC5wr7RFtTtqF+4YB1o1DFqDWvr3Ra7SyHsfhF6B1GnFMjxomhuP7AcZg=
last-modified: Wed, 05 Apr 2023 10:26:18 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LgCzE%2FvbJq9MrbiLbN9EAhzbd5gOEfv%2FBkFFv7Q0N2iiqF6lt5QwufkPr6b7FgoQpmE0MzGQjRckr%2BpFAZolLWHOUY5u8wOlxC5uBgmSTuXmA5hT9kUr0D96DL4MhMSHeGCmHA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e64afed6382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: zhG2o4pfMFfoZqIp_53B1cB2Tvc49V64j_36IXzzuKT60joUL1K5_g==

GET
H3 200 search_icon.svg Show response
blog.morphisec.com/hubfs/ 350 B
0 2ms
2ms XHR
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/search_icon.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109619762806,P-1534169,FLS-ALL
age: 75271
x-amz-request-id: N83RXDEZBCD54J4G
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3d95f4288550b5cf8de25c3fedbd715b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680691466397
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 bb8a874d65e0b595aaa3d9aa3f930102.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop: ATH50-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Jhmue0YtUB6bRHV5+xYrGfYlMAi2svy2OuvLebtJbKICc6sv0Uyl9nMQ+kQ3qaiGy4/0QeavfNo=
last-modified: Wed, 05 Apr 2023 10:44:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BjBuGs7t7It8PXIH8PGpKfEd7j4b1pn9oGlfKDbyJb%2BPb0dPH8361ZoWgHgc7x5GAuyMqJPl%2F8oh4HnupdlQrLk4ZzDmqYvMiUey3WNKHFry7wb7PX6HZPkim7OrYAfRl1oviw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e647c9a4382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: AQAz_-2gccUjYCI9rIgvF6K8JEs8_2o8uCS7FZ4OTzvgpXMUJbM0uw==

GET
H3 200 blog.svg Show response
blog.morphisec.com/hubfs/ 797 B
0 1ms
1ms XHR
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/blog.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109682604959,P-1534169,FLS-ALL
age: 77019
x-amz-request-id: 75XVDRC60YKZ81CQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680711424510
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3W+dw2WT65M2sIeXOwzQWhCmJ8tUIxYLZbGirGsC7bd1Jm9aEnDDQVU4upiLEb3t7SUtLx0Ragw=
last-modified: Wed, 05 Apr 2023 16:17:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vopOfIqhe3aJlANmmUyE0A9iaTmjyvhvYrx%2FvuLCpJg2OqX51e0H3OXrvStKO0t%2BL1OMGVjjeCgdUWkQOLffEPYBIvT%2FX6geGGM66%2BnINtW1tsaIzfOU5hCgdevdaMwfoggTfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e647c9a6382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: E2HMTmu_VrejzI-DzMHGd-d6tchK1S5p307BVCPmb_nc1g6GdcgoTw==

GET
H3 200 search_icon.svg Show response
blog.morphisec.com/hubfs/ 350 B
0 1ms
1ms XHR
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/search_icon.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109619762806,P-1534169,FLS-ALL
age: 75271
x-amz-request-id: N83RXDEZBCD54J4G
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3d95f4288550b5cf8de25c3fedbd715b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680691466397
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 bb8a874d65e0b595aaa3d9aa3f930102.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop: ATH50-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Jhmue0YtUB6bRHV5+xYrGfYlMAi2svy2OuvLebtJbKICc6sv0Uyl9nMQ+kQ3qaiGy4/0QeavfNo=
last-modified: Wed, 05 Apr 2023 10:44:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BjBuGs7t7It8PXIH8PGpKfEd7j4b1pn9oGlfKDbyJb%2BPb0dPH8361ZoWgHgc7x5GAuyMqJPl%2F8oh4HnupdlQrLk4ZzDmqYvMiUey3WNKHFry7wb7PX6HZPkim7OrYAfRl1oviw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e647c9a4382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: AQAz_-2gccUjYCI9rIgvF6K8JEs8_2o8uCS7FZ4OTzvgpXMUJbM0uw==

GET
H3 200 blog.svg Show response
blog.morphisec.com/hubfs/ 797 B
0 1ms
1ms XHR
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/blog.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109682604959,P-1534169,FLS-ALL
age: 77019
x-amz-request-id: 75XVDRC60YKZ81CQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680711424510
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:45 GMT
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3W+dw2WT65M2sIeXOwzQWhCmJ8tUIxYLZbGirGsC7bd1Jm9aEnDDQVU4upiLEb3t7SUtLx0Ragw=
last-modified: Wed, 05 Apr 2023 16:17:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vopOfIqhe3aJlANmmUyE0A9iaTmjyvhvYrx%2FvuLCpJg2OqX51e0H3OXrvStKO0t%2BL1OMGVjjeCgdUWkQOLffEPYBIvT%2FX6geGGM66%2BnINtW1tsaIzfOU5hCgdevdaMwfoggTfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e647c9a6382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: E2HMTmu_VrejzI-DzMHGd-d6tchK1S5p307BVCPmb_nc1g6GdcgoTw==

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 14 KB
4 KB 208ms
191ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&pageId=169577076135&pid=1534169&sv=cta-embed-js-static-1.292&rdy=1&cos=1&df=t&pg=c5a43670-224e-4ee8-a697-dff8dfc97039&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab&pg=6e3260d1-4218-4c07-8a6b-23a2b2c30656

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

728882ffe2674f637d8972f5bb7f742a1eb62f4447a18b5ce268bb15c909ceb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3eb0bff4-1857-4dd3-a119-6c955b2fc1ff
x-envoy-upstream-service-time: 64
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3eb0bff4-1857-4dd3-a119-6c955b2fc1ff
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4xq5s
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dj7ZSUCidAmbK2pp9buFqSFO2lO0YG50WyoTakizwDckf3i%2B3NTVWq9g6q2%2Bst0qp17qCBwv3DF36qP3JI1RxNrqf%2B1LPvsPaW4%2Bwim8v2fMUYcEXsBQYtXdQWSvgLZmyVsZQM3OSET6xCUwZx5GCS5yZ4Xd1GSU6P0%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8918e64b1ae665a2-FRA

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
880 B 195ms
119ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 02f20720-b3e8-407a-bde1-e8e9abaeac19
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 02f20720-b3e8-407a-bde1-e8e9abaeac19
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-87rj7
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8918e64b9d229040-FRA

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 20ms
19ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-60065248-1&cid=1455964903.1718017666&jid=117197572&gjid=1879298343&_gid=1782878325.1718017666&npa=1&_u=YADAAEAAAAAAACAAI~&z=1620762924

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Jun 2024 11:07:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 284 KB
97 KB 41ms
41ms Script
application/javascript 142.250.185.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4GZ4VXKYJ8&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

7397a1ca9c7d6b1ac6b73eab68183ebc0a5e101b414752b7d829bbf8b6891677

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99767
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 10 Jun 2024 11:07:45 GMT

POST
H2 200 verify Show response
snid.snitcher.com/ 6 B
148 B 166ms
164ms XHR
application/json 18.193.30.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/verify
Requested by: Host: snid.snitcher.com
URL: https://snid.snitcher.com/8424750.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.30.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-30-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Mon, 10 Jun 2024 11:07:46 GMT
cache-control: no-cache, private
content-length: 6
apigw-requestid: ZJe0Vj-JFiAEKmw=
content-type: application/json

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
847 B 137ms
137ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ec4a00e4-4d2f-44e2-aaf3-b899acd9c63f
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ec4a00e4-4d2f-44e2-aaf3-b899acd9c63f
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-rxkvm
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8918e64bdd609040-FRA

OPTIONS
H2 204 verify
snid.snitcher.com/ Frame 0
0 50ms
34ms Preflight 18.193.30.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/verify
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.30.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-30-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://blog.morphisec.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: ZJe0VhiyliAEJpw=
cache-control: no-cache, private
date: Mon, 10 Jun 2024 11:07:45 GMT
vary: Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
359 B 297ms
94ms XHR
application/json 54.145.242.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDQ1MTF9.eiHnDZAhBhx__pSttlATzaQdSltPIpahvpYGdr_Bfrg

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.145.242.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-145-242-215.compute-1.amazonaws.com

Software

Resource Hash

aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 9bd7abd02bee9ed36843bbc4d9cb963f

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 305 KB
87 KB 22ms
10ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=58ee314bca9a8c7ec6a2c1478d974c8f

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

cbfc7b03f6b71e6e71843cce1744b2a8023dd0dcf36740fec1517caeddf910c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 10 Jun 2024 11:07:45 GMT
content-md5: CcwMSogzNsSVXGBv1LYwvw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 89070
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4333, tp=9, tpl=0, uplat=1, ullat=-1
x-fb-debug: nDFrYO8//rMLtbkeRLlcYis0VO9dKSCtlQ6pe9DZJd2Zc520cdnigJ2jMe1ZK4T1vfWnBH2b5BNtCdya3LzAXA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 96a25f6171eae0c417ea6d5346724408
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "81bde21999b839cf1c5992bd04928b3b"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Tue, 10 Jun 2025 09:36:56 GMT

GET
H2 200 adsct
t.co/i/ 43 B
376 B 223ms
183ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=305e53fa-738d-44db-b704-bb3e51347069&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fd253f9d-f48c-42ab-a4f2-2d22a40451dd&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.30

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 173
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 8b047ebfc91c1548
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 3ac8e5b26fe2344f7d8bc716f40e31fcf512ca52163d035ed2939bfb4a0b0ffc
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
392 B 143ms
118ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=305e53fa-738d-44db-b704-bb3e51347069&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fd253f9d-f48c-42ab-a4f2-2d22a40451dd&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.30

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 110
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 99e9d70a90caea5b
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 168f86085bacfcbdc75e18c09aa82bfa84f0fdf0188570805589ec59bd1dbe1c
content-length: 43

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame D459 0
0 31ms
8ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.morphisec.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 6675334
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Mon, 10 Jun 2024 11:07:45 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 34ms
8ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&rl=&if=false&ts=1718017665877&sw=1600&sh=1200&v=2.9.157&r=stable&ec=0&o=4126&fbp=fb.1.1718017665873.4559398831986150&cs_est=true&ler=empty&cdl=API_unavailable&it=1718017665627&coo=false&rqm=GET

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1297, tbw=2792, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 10 Jun 2024 11:07:46 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 323ms
304ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&rl=&if=false&ts=1718017665877&sw=1600&sh=1200&v=2.9.157&r=stable&ec=0&o=4126&fbp=fb.1.1718017665873.4559398831986150&cs_est=true&ler=empty&cdl=API_unavailable&it=1718017665627&coo=false&rqm=FGET

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x2090aa17e1215216","source_keys":["1","2"]},{"key_piece":"0xf39227e9b08ad876","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Mon, 10 Jun 2024 11:07:46 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1297, tbw=3109, tp=-1, tpl=-1, uplat=297, ullat=0
pragma: no-cache
x-fb-debug: pkqqeYk8WAPxadQ2ktynAkgKb7qC/+eFpj0NtISgszSD6FVl6VtR8Qnh8iOWZ41GklustLdrRPsd1kYAWouyaA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 49ms
31ms Image
image/gif 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-60065248-1&cid=1455964903.1718017666&jid=117197572&npa=1&_u=YADAAEAAAAAAACAAI~&z=1247962037

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 32ms
31ms Image
image/gif 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-60065248-1&cid=1455964903.1718017666&jid=117197572&npa=1&_u=YADAAEAAAAAAACAAI~&z=1247962037

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 18ms
17ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4GZ4VXKYJ8&_ng=1&gtm=45je4650v9136559716za200&_p=1718017665117&_gaz=1&gcd=13l3l3l2l3&npa=1&dma_cps=sypham&dma=1&tag_exp=0&ul=de-de&sr=1600x1200&cid=1455964903.1718017666&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&dt=Howling%20at%20the%20Inbox%3A%20Sticky%20Werewolf%27s%20Latest%20Malicious%20Aviation%20Attacks&sid=1718017665&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1186&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4GZ4VXKYJ8&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 21ms
20ms Ping
text/plain 74.125.133.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-4GZ4VXKYJ8&cid=1455964903.1718017666&gtm=45je4650v9136559716za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l3&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4GZ4VXKYJ8&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.133.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wo-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 31ms
30ms Image
image/gif 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-4GZ4VXKYJ8&cid=1455964903.1718017666&gtm=45je4650v9136559716za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l3&npa=1&frm=0&z=1541316657

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 133 B
477 B 142ms
127ms XHR
application/json 2606:4700::6810:6cfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=1534169&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6cfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fbec94ad9621a43267c401bb53db7e0605c1a5fb4b666a613356bee7cb84d81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/json, text/plain, */*
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e63d3a6b-118a-4fee-9c86-c9dbcfe3b62d
x-envoy-upstream-service-time: 11
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e63d3a6b-118a-4fee-9c86-c9dbcfe3b62d
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-mgch5
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8918e64c99708ebb-FRA

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 185ms
184ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1718017665195&dt=1718017665196&at=1718017666002&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f8615d8a-28aa-4944-8cf5-9ab07f0398e4
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f8615d8a-28aa-4944-8cf5-9ab07f0398e4
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2B492ypM1bSYMbBM3xmo2s044M9PYfQ4EVL344oVBF%2F11%2BnWG68eG0K6JbjKrKU4HLgaVAsTI9qQ9d2Fs4%2BP1pS3XZb9flothYTvzQMAirlkEieFiDmxoxFD64DZ7TQSGLYdPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-h57s4
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e64c9977382b-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 168ms
167ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1718017665195&dt=1718017665196&at=1718017666004&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 42fe844a-a3d7-47c2-9b69-5c92d4fe7a81
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 42fe844a-a3d7-47c2-9b69-5c92d4fe7a81
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e9oKxxJFR8DPf7TVya4JXpg0aUt03QDKSeXwiOSNNnIYVE752hPyrMPEJmdN3eDEF6%2FpY6pYBqa41Gp7z%2FmQFSvNmbR2A4%2Bpfdj5Kw7hTxXZpzuze7FcipfOQtQ3lJsUX3W7Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-cgx6f
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e64c997a382b-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 370ms
368ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=6e3260d1-4218-4c07-8a6b-23a2b2c30656&lt=1718017665199&dt=1718017665199&at=1718017666005&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3ea0efcb-dc30-4225-84e3-c7981a2ae67c
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3ea0efcb-dc30-4225-84e3-c7981a2ae67c
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rrddQvAbZFCayvfodOV6n3sx2OrB%2FSNzajnCe%2BHKYcCN9GzQ10IAEM8W7BvNyzRLLUFC4xK4lvrqxJCqH434kkqEQWi9itvlYN5r434icceh%2Bb5TWjrdfF7lq15ZYtlnFIuVJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-8jmrd
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e64c997f382b-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 191ms
189ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&lt=1718017665194&dt=1718017665195&at=1718017666007&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 36b8adf4-b378-4632-97e3-98ce1c99816d
x-envoy-upstream-service-time: 14
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 36b8adf4-b378-4632-97e3-98ce1c99816d
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2BHXpRV3gZ5RCn9MaTTh02tbFeCkyyk%2B9Yy2gISnf0%2BkN2D0mCdoMm6beZDWwA7TowabOVtMi1CLyFtdq46n3Mvl%2BGPyWmfJQyGKqv%2FD0aA0IRq8or3BA36jHAmVH1SoC%2Bfvrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-996n5
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e64c9983382b-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 195ms
193ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab&lt=1718017665198&dt=1718017665198&at=1718017666008&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4bf92e19-3824-4923-a9d1-cbd0f0396ed7
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4bf92e19-3824-4923-a9d1-cbd0f0396ed7
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxnN%2Fy%2FIcmuQCuVAipd5f57iM2Z2hEXM3CVL1kBBnEbRKzrQauguDxzgy09UVuWAVQobIJhed3JzH5tkfsu13UMrlVgn0h1vr8iHk3GqcrZH%2BxKXp%2BvEyvo3qvynas0KBAc%2FVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nbtvm
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e64c9985382b-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 155ms
154ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=c5a43670-224e-4ee8-a697-dff8dfc97039&lt=1718017665192&dt=1718017665193&at=1718017666009&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 337612d1-6804-4139-802b-a69cc48d0774
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 337612d1-6804-4139-802b-a69cc48d0774
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w6KwpD4mNVzWP5akf5zGq%2Bfhp6eZecFPQO8axFGChOYztxXtD8Qh9xyQXCBtI%2FkIu9vF2RGxAM%2BtEjbNnXcOV%2FWTzxqQ02Sfl4gEFOounDubPFTwMW7GYVoKMC32HxglMOdEmA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-8jmrd
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8918e64c9987382b-FRA
x-robots-tag: noindex, follow

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
578 B 133ms
123ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: dc29fd90-b2e2-4717-815d-8fe8678c81d1
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: dc29fd90-b2e2-4717-815d-8fe8678c81d1
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nbtvm
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8918e64ccea19040-FRA

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
581 B 121ms
121ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5b686b9a-5c4e-4b40-bcf8-5741d8f74afd
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5b686b9a-5c4e-4b40-bcf8-5741d8f74afd
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-x6gd9
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8918e64ccea59040-FRA

GET
H2 200 d0921e69-55cd-4553-be6f-32df2a0186c2.jpeg
1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/ 14 KB
15 KB 232ms
191ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/d0921e69-55cd-4553-be6f-32df2a0186c2.jpeg
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8d01d76fee55c57a09b3da50e7a879102df24b962df9f31ff43ebc50d31043a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-meta-cache-tag: P-1534169,FLS-ALL
age: 2246723
x-amz-request-id: 091M9W773J0NMP9E
x-amz-server-side-encryption: AES256
edge-cache-tag: P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="d0921e69-55cd-4553-be6f-32df2a0186c2.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "ab6719c435bf97abff2e789f81601412"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1707942076165
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:46 GMT
via: 1.1 8bd22c4e977189bdb5963957ff8477de.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: QYC2eZdeOFpNUUj3LEEwlL4OmCzyc0tV
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=29780
x-cache: Miss from cloudfront
cache-tag: P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 14444
x-amz-id-2: XlpZ9yeuiJCBdDwNhb7bc/W/8PHPHHkCI1+MWj3EDhSxPvqPlnMs3ZatWq1Tad3i2KOrJslPj64pJrZwvAgRWebYjCDjV4gp/v7LX7X7+cU=
last-modified: Wed, 14 Feb 2024 20:21:17 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8918e64ce9743667-FRA
timing-allow-origin: 1534169.fs1.hubspotusercontent-na1.net
x-amz-cf-id: Gpk7RP5uaDpMEpI1i_bHn3rnDsbKUuIkgUv_w3Yz9hqvtYTkgsdRaQ==

GET
H2 200 a8b85f6e-5b92-440b-9490-8f52fe151636.png
1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/ 34 KB
35 KB 192ms
182ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/a8b85f6e-5b92-440b-9490-8f52fe151636.png
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 648318e55febdac418f0f8a23db309f81c273a66c5eb41a8aab85b29bebcdc9f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-meta-cache-tag: P-1534169,FLS-ALL
age: 607003
x-amz-request-id: 4QBWHGR4FGFC32TM
x-amz-server-side-encryption: AES256
edge-cache-tag: P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="a8b85f6e-5b92-440b-9490-8f52fe151636.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "52f2133547882c1af4bd99b776191ea7"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1704491705781
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:46 GMT
via: 1.1 9ec406dc5379d974fc3d9f41dd497bf0.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: aXW8S0NNcXgP1skXixHskKHTqJIbr4lJ
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=42909
x-cache: RefreshHit from cloudfront
cache-tag: P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 34660
x-amz-id-2: 9yICKfJDbDCWeI/LLyXSgQgvZSY0mmMIqBRQMm8Ii/TMCfaMX0NsDue02BwkNjPwQkF0nHs3eLV4OpjEKoKJ4RSDq014yFN1Ig1hcWYikhM=
last-modified: Fri, 05 Jan 2024 21:55:06 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8918e64ce9773667-FRA
timing-allow-origin: 1534169.fs1.hubspotusercontent-na1.net
x-amz-cf-id: nauRF0JmO5GmYITEwcYc4Hzq5NjTWwf-Chkb-F4pJi0v3qFfHthtHw==

GET
H3 200 arrow-white-1.svg
www.morphisec.com/hubfs/ 393 B
2 KB 58ms
58ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.morphisec.com/hubfs/arrow-white-1.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281837/module_109590708858_Header_-_Global.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109682673984,P-1534169,FLS-ALL
age: 77269
x-amz-request-id: 3MWQ8N1J0BN8FC96
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109682673984,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f6b8983a7a9f44be13760be2a7d47927"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680712961922
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4a95385e61c9df8f5f8de6338a3fe59a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ZWYxcYkJ3fJQSXhQh1nDTahxfuzH5ivg
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109682673984,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: x55JhrFN0ifBxRz2Rxfix49ZYkFfADqhpB4FeI5gGmhXUEhP0WjqtUWh987feCNMrmO+4bySRb0=
last-modified: Wed, 05 Apr 2023 16:42:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oU8EDGT4xvbj8OGXOa81HCiZBcaRWF5RePHYQFqxXsfu0UgAnidUMLccFmi9OkeKntljrtnbZLJBTvqzAk4sibKwrujCB4q1ZAyb%2BM%2FwVSH58EGwAKQGL832fSUqnc8f8z67"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e64ca8a0926d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 64hSM1uXXTq_VKbkKx9kNJ4DHRLwy0pyzYZkfjzsOA4o4ZnDR-qDtQ==

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1 KB 147ms
147ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=1534169&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&contentId=169577076135

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c64ee070-8907-41d1-91ca-cf73d5346917
content-encoding: br
x-envoy-upstream-service-time: 26
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c64ee070-8907-41d1-91ca-cf73d5346917
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5slnIaEwaAgpakcwP2pem6b8X2LJ9KJkyovH1z9Yvb2fY7VsuhvuLhQyvToemGJSWXvQ%2F0BfP94kRJiLi5drcS2rf8Rcp8GdYZgW87yWMjNmmZCgIBG3OZplnk9Na04DULxHpff73KV1tYtldCPgF3ErpmVDFKvRbgU%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8918e64ce9f38ebb-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4lbrq

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 114 B
1 KB 165ms
134ms XHR
application/json 2606:4700::6812:f46c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=1534169

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f46c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf1cb8930dbca6515121d94c81df4c6b2567c5021435ab4ac683abfc51768ec5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5f50b8b0-d0e8-434f-bc36-b2a7f6d48651
content-encoding: br
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5f50b8b0-d0e8-434f-bc36-b2a7f6d48651
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-qnkzx
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0VCBwFdjxfPWpiBwGkAnJDiXEj%2BkWIdi8du26zQVIJ77y8eQNMgXs4gcPD1D349boCvlL0onx0SxGiKOQRz3cQScPyBeTVuPVdVz4GxIYtTfp14v76SiH3oRrloCXFgMO45dMVkLO9dpg2%2Bj"}],"group":"cf-nel","max_age":604800}
cf-ray: 8918e64d285d4d85-FRA
access-control-allow-headers: *

POST
H2 200 p Show response
app.clearbit.com/v1/ 16 B
1 KB 201ms
174ms XHR
application/json 18.153.4.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clearbit.com/v1/p

Requested by

Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/tracking.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-153-4-44.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding, Origin
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://blog.morphisec.com
access-control-expose-headers
content-security-policy-report-only: default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
access-control-allow-credentials: true
content-type: application/json

GET
H/1.1 200
OK button.856debeac157d9669cf51e73a08fbc93.js Show response
platform.twitter.com/js/ 8 KB
3 KB 7ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: 426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 11:07:46 GMT
Content-Encoding: gzip
Age: 6685303
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2620
Last-Modified: Mon, 11 Dec 2023 17:19:47 GMT
Server: ECS (frb/6738)
Etag: "fdf02dd038ed38dbf3c240d56262af0c+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
platform.twitter.com/widgets/ Frame E763 0
0 8ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668A) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 6685286
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 12332
Content-Type: text/html; charset=utf-8
Date: Mon, 10 Jun 2024 11:07:46 GMT
Etag: "e29e65db7bf0a096587728e1faacfd9c+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/668A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
292 B 130ms
112ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22morphisec%22%2C%22widget_creator_screen_name%22%3A%22osipov_ar%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1718017666115%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=1a85a0677580073afff0d1979fd21a26d0c8a7d8

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 105
date: Mon, 10 Jun 2024 11:07:45 GMT
strict-transport-security: max-age=631138519
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: 608d2a917dd2ca12
cache-control: must-revalidate, max-age=600
perf: 7402827104
x-connection-hash: 132c299fb15db67695da07fd6621f0c5694dcaa329e5b65b82f024f0c3d6d651
content-length: 43

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
466 B 94ms
94ms XHR
application/json 54.145.242.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.145.242.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-145-242-215.compute-1.amazonaws.com

Software

Resource Hash

48ae818d936578ed5a5e292fd7a735207483d6a343132c590f0dc2df9565ee36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 07d1f61cddf7d0b48593ccd044fb4f34

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
537 B 147ms
137ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 73faeb90-3190-4fb1-89aa-2d652ca47734
x-envoy-upstream-service-time: 9
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 73faeb90-3190-4fb1-89aa-2d652ca47734
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-x6gd9
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8918e64d7f859040-FRA

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
579 B 125ms
116ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: cbe15738-59a3-4b8d-b1fe-6f0048abf215
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cbe15738-59a3-4b8d-b1fe-6f0048abf215
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-87rj7
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8918e64de8269040-FRA

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
0 0ms
0ms Script
application/javascript 2a02:26f0:3500:16::215:1496
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1496 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=22726
accept-ranges: bytes
content-length: 16683

GET
H2

200

share_button.php
www.facebook.com/v3.0/plugins/ Frame 78F3
Redirect Chain

https://web.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff3e706d46ab5ca51%26domain%3Dblog.morp...
https://www.facebook.com/v3.0/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff3e706d46ab5ca51%26domain%3Dblog.morph...

0
0

90ms
74ms

Document
text/html

2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v3.0/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff3e706d46ab5ca51%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff676b933bd251e23d%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&layout=button_count&locale=en_US&sdk=joey&_rdc=1&_rdr

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=58ee314bca9a8c7ec6a2c1478d974c8f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jun 2024 11:07:46 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v14.0
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma: no-cache
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1297, tbw=2780, tp=-1, tpl=-1, uplat=66, ullat=0
x-fb-debug: 0p79qT9vSGlBwUzkGOkHoiWdVOd2qjKFSmWsE6XyPlIFOTplCy8PCTTr+sAiqk6Zyv6i5DgnM4EYQBDWWzVTOQ==
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
date: Mon, 10 Jun 2024 11:07:46 GMT
location: https://www.facebook.com/v3.0/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff3e706d46ab5ca51%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff676b933bd251e23d%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&layout=button_count&locale=en_US&sdk=joey&_rdc=1&_rdr
origin-agent-cluster: ?0
priority: u=0,i
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/web.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}
reporting-endpoints: coop_report="https://web.facebook.com/browser_reporting/coop/?minimize=0"
strict-transport-security: max-age=15552000; preload
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4586, tp=11, tpl=0, uplat=112, ullat=0
x-fb-debug: O/aYu7sHLNKKsrW4ShURnrDXyjIkab6kNrC5ZOI7ueUkC90UvFMxH7FtDOOCUENQAa516w0tB6EsbDD6FPPZPA==
x-fb-zr-redirect: 02|1718104066|

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
569 B 151ms
141ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1718017666676&vi=cc11b8c52b1dcd68db59ddb4fd9e0b46&nc=true&u=182053752.cc11b8c52b1dcd68db59ddb4fd9e0b46.1718017666673.1718017666673.1718017666673.1&b=182053752.1.1718017666673&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 860bca31-b26d-4693-99b4-020dd44b3da0
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 860bca31-b26d-4693-99b4-020dd44b3da0
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PPp3KfgQOpfo%2BmI%2B6RBCb939DVG3E9%2FdLYrBu9KgEXfaq7MyLAcg4pi5G3jxpZzKJixZmk0p7HKJXM9SZX%2FdURJM1MEqv26uuPa7l5lVmgZy0wgEkPpBl2E79nRa%2FbqjnIBnPDD7%2BBfCua%2ByGzFM"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-fn8tt
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8918e650db1165a2-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
578 B 121ms
121ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f40d0a52-d056-461d-a08f-a5f9ce7fef1d
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f40d0a52-d056-461d-a08f-a5f9ce7fef1d
last-modified: Mon, 10 Jun 2024 11:07:46 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-fnshr
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8918e650cbb29040-FRA

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
539 B 140ms
135ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=0f46e8ea-b4fe-46e5-a9bc-db49fc107d4c&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1718017666677&vi=cc11b8c52b1dcd68db59ddb4fd9e0b46&nc=true&u=182053752.cc11b8c52b1dcd68db59ddb4fd9e0b46.1718017666673.1718017666673.1718017666673.1&b=182053752.1.1718017666673&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0e95a741-d7f0-4ba7-8874-dcc27fd58900
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0e95a741-d7f0-4ba7-8874-dcc27fd58900
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SwLKPs9CcoHCSxn9FAlE8KqTr0VHlH3Ouxy%2FVMzGksENDgH12OA2exdxCfR2gQXwFYlS3yf%2B6fp4xDqJTuVr3zvXrAaLAJw75PDlcEP2ddQ6AEHvtaZMqFaBGYlFisE9eCu%2F11FTsuEhPX1ijye7"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-q4klr
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8918e650db0b65a2-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
457 B 145ms
140ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=0f46e8ea-b4fe-46e5-a9bc-db49fc107d4c&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1718017666677&vi=cc11b8c52b1dcd68db59ddb4fd9e0b46&nc=true&u=182053752.cc11b8c52b1dcd68db59ddb4fd9e0b46.1718017666673.1718017666673.1718017666673.1&b=182053752.1.1718017666673&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: be3bb148-4f80-42fe-a7cb-1ff224c2b047
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 11
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: be3bb148-4f80-42fe-a7cb-1ff224c2b047
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KI2tZwLrLYJkEGqSD5IbC6oCpOD%2Fq3PgsEoJKMgxDbVLu8jrDBNLNNcMjBLnyKdP2J0vt%2FBVdAGygqjiNe8BwtMzSV3VLQJ73Vibt2ApwXh34TgdCpGi8p6R1wiWvdth5yk4uOd0YXSrR%2FqRszXC"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-hch7x
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8918e650db0d65a2-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
519 B 137ms
136ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3%22%2C%22c5b10fd2-1f83-4c8f-b33b-106296dbd6da%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1718017666678&vi=cc11b8c52b1dcd68db59ddb4fd9e0b46&nc=true&u=182053752.cc11b8c52b1dcd68db59ddb4fd9e0b46.1718017666673.1718017666673.1718017666673.1&b=182053752.1.1718017666673&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 832f2649-a6ef-4b07-9855-370c9054f799
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 11
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 832f2649-a6ef-4b07-9855-370c9054f799
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AfL%2Bhcwc7iAKRbJXEd3XyKl1luOlriUghnUgrLOEvnT6fLVbTW4eTIxQl8Q6m3rh61%2Bmglf%2F3Bofqqa8m9VGU9k3%2BJYBE2gWHbBzIrq5iWW9dgKStMjvcLwygE5hQmIBJu%2FtO8c2iRKHEYmAgiI%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-v5zn2
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8918e650eb2165a2-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
463 B 135ms
135ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%226e3260d1-4218-4c07-8a6b-23a2b2c30656%22%2C%222ae2553a-d7fa-43ea-8156-aa61fcfbe9a0%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1718017666679&vi=cc11b8c52b1dcd68db59ddb4fd9e0b46&nc=true&u=182053752.cc11b8c52b1dcd68db59ddb4fd9e0b46.1718017666673.1718017666673.1718017666673.1&b=182053752.1.1718017666673&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c35d0a6b-dabe-434b-937e-d9bac18dcf97
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c35d0a6b-dabe-434b-937e-d9bac18dcf97
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=axbB%2FnFX4mZODAQuY8%2BY%2B0ILrUAt3QukuvpuHUZ6ank6HOq0dePGEV6kvQsp3sx3vLfYi0%2BfwyOHMuq2pQtwDRk6nBX%2F6rYxaamSjvuiHWNALEIGk%2FQgIKe%2BZqydhckss9ptqvSWL17bkmEzIwV8"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-djmcg
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8918e650eb2565a2-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
603 B 137ms
136ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%223c83d6d5-0c56-47b7-8aee-ae6edf73c360%22%2C%2264affa5c-d696-47c5-9e88-09336d256046%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1718017666679&vi=cc11b8c52b1dcd68db59ddb4fd9e0b46&nc=true&u=182053752.cc11b8c52b1dcd68db59ddb4fd9e0b46.1718017666673.1718017666673.1718017666673.1&b=182053752.1.1718017666673&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 24d741aa-b353-4933-afba-4edf2dafa1b2
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 24d741aa-b353-4933-afba-4edf2dafa1b2
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y1zzxgv9xdLDxdoLL4IKx8bByufTOTEJJoMwnSdv30tSd6NYgRnzFMVVhEtmDc5avL%2FvdAW1euH8giEJTnCYYIHE5AW9A%2BpUzWJGXgzIH8hule4YJV8HkRgdS7RxM5hZW7NuRfifFFrxHmvpBr3H"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-zw6hg
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8918e650eb2c65a2-FRA
x-robots-tag: none

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 3 KB
2 KB 147ms
138ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1534169&utk=cc11b8c52b1dcd68db59ddb4fd9e0b46&__hstc=182053752.cc11b8c52b1dcd68db59ddb4fd9e0b46.1718017666673.1718017666673.1718017666673.1&__hssc=182053752.1.1718017666673&contentId=169577076135&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7498a29092e3eb49a4def0a4b7f47d10eea2e6b038cfc2dcfdedfd57e2b6ea46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 91ff0864-d59b-43fb-a01f-1f18126a40ba
x-envoy-upstream-service-time: 17
content-length: 1068
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 91ff0864-d59b-43fb-a01f-1f18126a40ba
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-virtual-host: all
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-46sjt
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uRSxwQU8yWyjwos0%2BMwoYX%2FFW2qE99tsz2KQe6yeGlzqXMpl%2FpbsyFqEdM9Cwn6fUYhUY1%2BHp1tfFSNuNlmfIicZLpIINc1k5rUVCbnSJ4OW9qnSZkXrmyIefWTn1JykvtgWg8o%2B0VutX44uSDF7"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8918e65149758ebb-FRA

GET
H2 200 trends.min.js Show response
assets.trendemon.com/tag/ 291 KB
59 KB 47ms
8ms Script
application/javascript 2600:9000:223c:6a00:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/tag/trends.min.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6a00:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4fa240d2b87d4d2f4e714a6eb95fdd173bc33787301c558bee07e0744a10df22

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 23:40:08 GMT
content-encoding: gzip
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jun 2024 09:21:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 41261
x-amz-server-side-encryption: AES256
etag: "1a8e2d56ff84b74b8e6508f249fb9747"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 59602
x-amz-cf-id: Hmb88qp088P2GlNqXl43_LiXpJlVrrseH_ZODsHtMwX6vkeAv2QfGQ==

GET
H2 200 2552 Show response
trackingapi.trendemon.com/api/settings/ 642 B
781 B 327ms
124ms Script
application/x-javascript 54.85.162.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/settings/2552?callback=jsonp487185&vid=
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.85.162.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-162-54.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 143468b25e3454e3921436d13d1863882a3fa17dc55f586278212600547e9998

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:47 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 642
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
440 B 143ms
143ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=793c7b55-5354-40a5-a09f-5c8f3e0c1a23&lfi=147151&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1718017666900&vi=cc11b8c52b1dcd68db59ddb4fd9e0b46&nc=true&u=182053752.cc11b8c52b1dcd68db59ddb4fd9e0b46.1718017666673.1718017666673.1718017666673.1&b=182053752.1.1718017666673&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 11:07:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 884bc4dd-d42c-4ccd-a1ce-1d5944513c70
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 884bc4dd-d42c-4ccd-a1ce-1d5944513c70
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Qu6%2F2%2F%2FrJ1JIsqUtQ04VQO%2F1LVncyibqrUBLo1Xa2ohIJkPNbjVRUesL%2FMgTIiV0WScL01M%2BE3gmI5ZhVxpPNteKiMxBdN9etmDdzGzZjOPBx1OP7FILX%2BZNI9LtEFWTgmHHhk2x2gxP5Nvm6o6"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-djmcg
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8918e6522d5865a2-FRA
x-robots-tag: none

GET
H2 200 identity.min.js Show response
assets.trendemon.com/global/ 18 KB
6 KB 8ms
7ms Script
application/javascript 2600:9000:223c:6a00:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/global/identity.min.js
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6a00:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 10 Jun 2024 10:03:36 GMT
content-encoding: gzip
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jun 2024 09:22:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 5990
x-amz-server-side-encryption: AES256
etag: W/"3f44b799c727cbac65d90f0779b8eb4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: kNTzoIsOmbOsoCAJXN0oH5gQ1BVyP_89jBHF9iSF1gEvkP5cFSZdUw==

GET
H2 200 me Show response
trackingapi.trendemon.com/api/Identity/ 95 B
508 B 97ms
97ms Script
application/x-javascript 54.85.162.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/Identity/me?accountId=2552&DomainCookie=17180176671899218&fingerPrint=2422aae6b4d5b5da5672ebb43cc2ccc3&callback=jsonp461481&vid=
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.85.162.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-162-54.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 4aef810d9e63ff1d2a81ff15944d626129cbcf19d02351b427bb77070fe29903

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:47 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 95
content-type: application/x-javascript; charset=UTF-8

GET
H3 200 favicon.png
blog.morphisec.com/hubfs/ 6 KB
7 KB 83ms
83ms Other
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/favicon.png

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

21b4725e42948eeab21e8cf6f0affb63ebc065012b4c7dff779e428ebd33a814

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-3821681143,P-1534169,FLS-ALL
age: 77121
x-amz-request-id: B2Z6WZ96C0WAZB5B
x-amz-server-side-encryption: AES256
edge-cache-tag: F-3821681143,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="favicon.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "ea24d021ea3624ea4b240968cf888698"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1453980185925
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 10 Jun 2024 11:07:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 9eeac92de4b8d1ece6bccbf46123cea0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Cnv3wBnNrZaYmPSr18E5pTmPg2lCgt7t
x-amz-cf-pop: CDG52-P5
cf-polished: origFmt=png, origSize=8707
x-cache: RefreshHit from cloudfront
cache-tag: F-3821681143,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 5908
x-amz-id-2: nLFfXAy1G4woziAix4WqAUV+bWcreTtJkTYiMP0bHMq+FJJIt+3tM9JgRUAtYUG5vdkcgf3MKvllCP6yrt3RRJD5tMNJWc6uCNN0YgFAzHo=
last-modified: Wed, 03 Apr 2024 17:46:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WClG7%2B5Tfh8RK%2FAWcv0q8BwkjfzMsigK8jwxGyKax8z8l4WZs1ryLwIUi1cMOyKVZEgAPkVMAPF%2BLJIDWqa9Ej8ufWM6EHoxXWjt4rpEw9lFSe6mqjzGdB%2FT%2Ft7IIiC5AbGqEw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8918e6546e9c382b-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: RpRC0re1ug9fIKsxt8tGE1IMpKJUIrbmYh62MchHDDUCwNkWckAFoQ==

GET
H2 200 marketingautomation Show response
trackingapi.trendemon.com/api/ 95 B
232 B 98ms
98ms Script
application/x-javascript 54.85.162.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2552&ClientUrl=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vc3RpY2t5LXdlcmV3b2xmcy1hdmlhdGlvbi1hdHRhY2tz&CookieId=17180176671899218&MaCookie=Y2MxMWI4YzUyYjFkY2Q2OGRiNTlkZGI0ZmQ5ZTBiNDY%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp732828&vid=2552:17180176671899218
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.85.162.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-162-54.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 06f0b3540b9f724720b7bbff7667b8cf273558c19235c45961fbb3d2a292126c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:47 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 95
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 pageview
trackingapi.trendemon.com/api/events/ 43 B
234 B 141ms
140ms Image
image/gif 54.85.162.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trackingapi.trendemon.com/api/events/pageview?accountId=2552&url=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vc3RpY2t5LXdlcmV3b2xmcy1hdmlhdGlvbi1hdHRhY2tz&cookie=17180176671899218&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2552:17180176671899218&r=1718017667358
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.85.162.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-162-54.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 10 Jun 2024 11:07:47 GMT
server: Kestrel
age: 1691358
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
expires: Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lltrck.com
URL: https://lltrck.com/scripts/lt-v3.js?llid=35958

Verdicts & Comments Add Verdict or Comment

215 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blog.morphisec.com/	1970-01-20 21:13:39	Name: __cf_bm Value: OQiM.SXUZHPathM9WXWLcZWHnInRDC71QUdyhUukbSQ-1718017664-1.0.1.1-M_LSg5htasXBpi4JxzvfcGIaqcOVD4ylD8eAh_23Pw8SWSJxAq8TdvGF2s4rFx8tH2OrdNFrWt4YPeHwmRBuiA
.blog.morphisec.com/	1969-12-31 23:59:59	Name: __cfruid Value: 22bcf2a67ef10705a111392dfccfa92ab29873e0-1718017664
.www.morphisec.com/	1970-01-20 21:13:39	Name: __cf_bm Value: O73OwIRpGxqX9rFAPlAwCgMPUepDpuZ_GluJ9AM_mXY-1718017665-1.0.1.1-fCXHFXbvM59QBnjfWQNVG2tEx70IJ4Y_yanVKBL_aK.QbrsPLHD92O4fZCz_iEinS9joEbYiptwbQNuzDAlRdg
.www.morphisec.com/	1969-12-31 23:59:59	Name: __cfruid Value: 968281f13b33d205b7ff9a48c1e646bcd82c9780-1718017665
.hubspot.com/	1970-01-20 21:13:39	Name: __cf_bm Value: Br3Wdv8.Egd1lRymxiJYQp_niYJpSJMZUwjP9KyxKlY-1718017665-1.0.1.1-Ku_y3PoF41xbG1_ZxZZsdRN7xXUOQVw3t0dgq4xJlw4sgfy3Em_7EGL499HNkL4ZDy1TK.AdHALlz.uMxLLfIA
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: OVRTI_dzGDBi9_wgmggdkonpApxN1o1xGMVRr3tHP9w-1718017665378-0.0.1.1-604800000
snid.snitcher.com/	1970-01-21 06:49:37	Name: SNID Value: eyJpdiI6IjJGZWdYQVU3UDRNZFB6TmlyRVlaa3c9PSIsInZhbHVlIjoiYldhWjI1WFZIem1wRXB1OE9CY3NiS3NXTld4L2NZd0ptYlNiaGpBb1ZQeUY2K0dSQmxTdkhnbjJJb1Roa04rODlPNmcySVgxY3BhVHhZVEpNekFzME16NjQ5bDdFVW5aMUNhVDA0T2pXbjIrcGxMejVWanFTWUsxbVhMOTZpRS8iLCJtYWMiOiI2YzBhNWFjZDUyNzk2NWFiZDlhMTg0NDMyZmUwMjZhNjQ4MzU4N2JmMDYxN2U2ZTIzYzYyOTgwOWJhZWU4MzViIiwidGFnIjoiIn0%3D
.morphisec.com/	1970-01-20 21:15:04	Name: _gid Value: GA1.2.1782878325.1718017666
.morphisec.com/	1970-01-20 21:13:37	Name: _gat_UA-60065248-1 Value: 1
.morphisec.com/	1970-01-21 06:49:37	Name: _ga_QY7QHR57BF Value: GS1.1.1718017665.1.0.1718017665.60.0.0
.morphisec.com/	1970-01-21 06:49:37	Name: _ga Value: GA1.1.1455964903.1718017666
.morphisec.com/	1970-01-21 05:59:13	Name: _hjSessionUser_3506314 Value: eyJpZCI6IjE1Zjc2NjRmLTYzYjAtNTk5NS05OGY1LTE5NDAxMjA3OTk3MCIsImNyZWF0ZWQiOjE3MTgwMTc2NjU2NDUsImV4aXN0aW5nIjp0cnVlfQ==
.morphisec.com/	1970-01-20 21:13:39	Name: _hjSession_3506314 Value: eyJpZCI6Ijc3MGYzYjNiLTY4NzAtNDdiNi1iYjVmLTdjM2ZkZmU2OGMyZiIsImMiOjE3MTgwMTc2NjU2NDYsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
.linkedin.com/	1970-01-20 23:23:13	Name: li_sugr Value: bbc45619-86a1-451d-8c77-ab60e6b19ed2
.morphisec.com/	1970-01-20 23:23:13	Name: _fbp Value: fb.1.1718017665873.4559398831986150
.linkedin.com/	1970-01-20 21:15:04	Name: lidc Value: "b=OGST03:s=O:r=O:a=O:p=O:g=3255:u=1:x=1:i=1718017665:t=1718104065:v=2:sig=AQEfEBmuCuJKWsEVS2TSfLvDN4xmQWFE"
.morphisec.com/	1970-01-21 06:49:37	Name: _ga_4GZ4VXKYJ8 Value: GS1.2.1718017665.1.0.1718017665.60.0.0
.linkedin.com/	1970-01-20 21:56:49	Name: UserMatchHistory Value: AQINxTKJ7IXWnQAAAZAB1SuQAPuPlST1eR_pi9fx9Ln4EbM3BYnCwmk-YIH3ikVpqraiQOCg3bO-eg
.linkedin.com/	1970-01-20 21:56:49	Name: AnalyticsSyncHistory Value: AQJbi4y4Im6sJwAAAZAB1SuQZl4818c-MWhFBsVKGlP-uy9JjNDr7o8xIHvmOHgK2tREoVSs85_9HB2NtEyqLg
.linkedin.com/	1970-01-21 05:59:13	Name: bcookie Value: "v=2&c38391d2-cde4-4007-80f3-e5518c1634f9"
.hsforms.com/	1970-01-20 21:13:39	Name: __cf_bm Value: O_a6LO706.7fF2Y9vnSnNxrhcS6gCgJXPc3PzARRvbo-1718017666-1.0.1.1-srzCYEBiuTo4Mwn7iopec6scv4wRdh.THXndI0K1X3iaG.hRT.pBKooEnhWRZfRZ3ezX.yvFjD7TW3gJBBzJNQ
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: O5tIEB9GyBeLtkiC46xw86M5XV0xf5H8eArg.kr4LhY-1718017666021-0.0.1.1-604800000
.morphisec.com/	1970-01-21 05:59:13	Name: cb_user_id Value: null
.morphisec.com/	1970-01-21 05:59:13	Name: cb_group_id Value: null
.morphisec.com/	1970-01-21 05:59:13	Name: cb_anonymous_id Value: %22f51e36df-fc29-4676-9fd5-7aa9f221daee%22
.t.co/	1970-01-21 06:49:37	Name: muc_ads Value: 0cbb8ef5-facc-47f7-8b21-95d0e4c36292
.twitter.com/	1970-01-21 06:49:37	Name: personalization_id Value: "v1_6eHcDSp1PQIGPNlqmchE1g=="
blog.morphisec.com/	1970-01-20 21:23:42	Name: slireg Value: https://scout.us2.salesloft.com
blog.morphisec.com/	1970-01-21 05:59:13	Name: sliguid Value: a91a09ed-98e2-406e-8a1c-b97924c78683
blog.morphisec.com/	1970-01-21 05:59:13	Name: slirequested Value: true
.www.linkedin.com/	1970-01-21 05:59:13	Name: bscookie Value: "v=1&2024061011074696bcbd1f-299d-418c-8863-3146dbaf01b1AQHlY7P23TUUXJNPX04_lfS3c88vjw1z"
.linkedin.com/	1970-01-21 01:32:49	Name: li_gc Value: MTswOzE3MTgwMTc2NjY7MjswMjGP0mCMLBUlLqXJxfbfgL9RHvB0HqVgzDfNQ0reyb9JJg==
.linkedin.com/	1970-01-20 21:13:39	Name: __cf_bm Value: DbIYeVP3PukZ9AStWXrujUaxud2Xd5pDKp.WVBlCsCM-1718017666-1.0.1.1-9aFEO20jyLFznfxSH_pYlxqat2DBzgrK1UvxdpDxA4mLK5lUaerIWSrBFZvDSe7Qfy08kN.5JF667OJCqUMwVA
.morphisec.com/	1970-01-21 01:32:49	Name: __hstc Value: 182053752.cc11b8c52b1dcd68db59ddb4fd9e0b46.1718017666673.1718017666673.1718017666673.1
.morphisec.com/	1970-01-21 01:32:49	Name: hubspotutk Value: cc11b8c52b1dcd68db59ddb4fd9e0b46
.morphisec.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.morphisec.com/	1970-01-20 21:13:39	Name: __hssc Value: 182053752.1.1718017666673
.morphisec.com/	1970-01-21 06:49:37	Name: _ga_HFVX4VZHCS Value: GS1.1.1718017665.1.0.1718017666.59.0.0
.morphisec.com/	1970-01-21 05:59:13	Name: trd_cid Value: 17180176671899218
trackingapi.trendemon.com/	1970-01-21 06:49:37	Name: trd_gavid_2552 Value: 17180176671899218
trackingapi.trendemon.com/	1970-01-21 06:49:37	Name: trd_gvid Value: 17180176671899218
trackingapi.trendemon.com/	1970-01-21 06:49:37	Name: trd_vid_2552 Value: 2552%3A17180176671899218
.morphisec.com/	1970-01-21 05:59:13	Name: trd_vid_l Value: 2552%3A17180176671899218
.morphisec.com/	1970-01-21 05:59:13	Name: trd_vuid_l Value: -2904429226764512027
.morphisec.com/	1970-01-20 21:14:20	Name: trd_ma_cookie Value: Y2MxMWI4YzUyYjFkY2Q2OGRiNTlkZGI0ZmQ5ZTBiNDY%3D

92 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/version.json?v=1718017665178 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks(Line 1473) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks(Line 1473) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks(Line 1473) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks(Line 1473) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks(Line 1473) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks(Line 1473) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/forms.js?page_path=%2Fsticky-werewolfs-aviation-attacks Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1534169.fs1.hubspotusercontent-na1.net
analytics.twitter.com
api.hubapi.com
app.clearbit.com
app.hubspot.com
assets.trendemon.com
blog.morphisec.com
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
consent.cookiefirst.com
content.hotjar.io
cta-service-cms2.hubspot.com
fonts.googleapis.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
lltrck.com
no-cache.hubspot.com
perf-na1.hsforms.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
snap.licdn.com
snid.snitcher.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
tag.clearbitscripts.com
track.hubspot.com
trackingapi.trendemon.com
vc.hotjar.io
web.facebook.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.morphisec.com
x.clearbitjs.com
lltrck.com
104.17.24.14
104.18.80.204
104.18.91.62
104.244.42.195
104.244.42.72
13.107.42.14
13.32.27.107
142.250.185.131
142.250.185.168
142.250.185.68
146.75.120.157
157.240.253.1
157.240.253.13
18.153.4.44
18.193.30.91
18.66.102.51
18.66.112.19
199.60.103.225
199.60.103.31
2001:4860:4802:34::36
2400:52e0:1e00::1079:1
2600:9000:223c:6a00:2:7dc7:8f00:93a1
2600:9000:2670:aa00:7:d7d6:3c40:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:4700:4400::6812:2929
2606:4700:4400::6812:297c
2606:4700:4400::ac40:991b
2606:4700::6810:4869
2606:4700::6810:6cfe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6811:ac5b
2606:4700::6811:afc9
2606:4700::6811:df98
2606:4700::6812:8911
2606:4700::6812:f46c
2620:1ec:21::14
2a00:1450:4001:808::200e
2a00:1450:4001:80b::200a
2a00:1450:4001:811::2008
2a00:1450:400c:c07::9b
2a02:26f0:3500:16::215:1496
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
3.127.196.46
52.50.93.182
54.145.242.215
54.85.162.54
74.125.133.154
93.184.221.165
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
06f0b3540b9f724720b7bbff7667b8cf273558c19235c45961fbb3d2a292126c
0860cea05a45cce23e1946837fd060d75a13aef98275aaf5262e9dfb1e4a388c
0c7aaaa35f71c2759c365534f95547697d30e5ef8863ec17c4ccec17b3af2705
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc
143468b25e3454e3921436d13d1863882a3fa17dc55f586278212600547e9998
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
183aedc05bc40d61bade2856e0125c7053bc2702da811231b5da807b7d6b0fe0
1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c
1fbec94ad9621a43267c401bb53db7e0605c1a5fb4b666a613356bee7cb84d81
21b4725e42948eeab21e8cf6f0affb63ebc065012b4c7dff779e428ebd33a814
2af4c240d46b3e99eea9ccbfd9c0c1c856c710a5ed3692f455767a96224171b2
3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1
357668a31323571ee684d38cb7ab8adfb4aa4cb228017e7b5d254f969541307a
38c44ba0c4b5172c3bf5024c8a06f58faf3e0c24bea228184ae2d46feac23864
3a347ea34a470dd127acceeca1bd03e781aa2f248064c300ba2d27d81ac90a3d
3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
3fc6f43f8d589a8e68a0242c1b868cc5219f5bd368d1b960af52716a8541dfec
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56
40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13
41db6e1b3eff24bb920613970f711e6219dbed6b36f6f312b3b7bdbcb8f3ec8b
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786
46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513
47d1036cdfb7fa765e45f0f3d193baadcd53005e95a2f9bf7b531ebfbf41ea2f
48ae818d936578ed5a5e292fd7a735207483d6a343132c590f0dc2df9565ee36
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4acb6077f5cd25851109a6783ffdb7fc23c197c8d86ae80678fad175ccb55d6d
4aef810d9e63ff1d2a81ff15944d626129cbcf19d02351b427bb77070fe29903
4c1113b143de12d58d3771cbddb3a4e7c76580a89ea241479cc9bd5288fd2fd0
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e0a2edf9cc6b61a6576a95fe791ac7b4470577d68e0cc738a2f90d2d6416589
4e605a433da0b6d187b3cdfe5bc2e9459a994338d3d3befa8c43fb4f450340a8
4e7a55d19cdc03cf965cce3c56c44837687b0e4be91e4eab989607fff5c61f6d
4fa240d2b87d4d2f4e714a6eb95fdd173bc33787301c558bee07e0744a10df22
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
5ade1526f1674ac49650f04fa328b8aec7266c24c9a045f5efbb96b6984422c0
5ef27e1555c5bbad5d59a33c50d30e35e6e808b2a6c6fce4ab68f91ad4bb83da
60bd6bad64c21fc8b1d3f6bf3fa261780974e6b0489a67a1d02db33fb4c9b7b6
6113398c0ed3cf83e7b6360a9e635316c7114ca3db1d3b1e187c0b01f26cf539
636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8
648318e55febdac418f0f8a23db309f81c273a66c5eb41a8aab85b29bebcdc9f
6645c45d30029be81ade24d2078b34db6dcbe981e8602c73a983b87e4e59fdef
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72
6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545
71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
728882ffe2674f637d8972f5bb7f742a1eb62f4447a18b5ce268bb15c909ceb7
7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3
7397a1ca9c7d6b1ac6b73eab68183ebc0a5e101b414752b7d829bbf8b6891677
7498a29092e3eb49a4def0a4b7f47d10eea2e6b038cfc2dcfdedfd57e2b6ea46
76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2
7c55a17ff1c99ae06713a4f027b263c90c7fa9da42be6b2a32d21ae174e1c44c
8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded
82bd71b6661f724ea282854a39a327fc9977c582f2ab0d4a63ae9f19c2df27ef
83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4
899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
8b15d797c8bc45336d507d8fd0977b264fb188c40c2e7dc03a982f648598c4e3
8d1ab314c5802e0fb9580452bd6e3c67918198a9a5ed8bcb3697959e785a7d9f
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
9414149991982b734e78033b9ca2f2cfb01f7f60d041dfa15279ea77e53547f4
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
99638cf918a36ae5912b6e521489ec6f3c8cb82e2e21e2f43941b86f8b223aa6
9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd611420c0557b18c6fbd0dd66eb643fc3298fbaccd15e0a2ba9fdf78f2ca72
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65
ae0393f48f5412e3124cafc47dd3e8b7bd39a6eb1f2517883c8b175df4df6334
afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b28f2758dd0c48fa0e8e33ccfee02f1b581b93484aae2af63190df3d4bcc068f
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453
c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cbfc7b03f6b71e6e71843cce1744b2a8023dd0dcf36740fec1517caeddf910c2
cf1cb8930dbca6515121d94c81df4c6b2567c5021435ab4ac683abfc51768ec5
cf33e7f713c3422d8843e777c6400fb30e1eaf0b80e2b04cbf74d6e0d3e5b468
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
d274658b075acbf695a0c18e0dc8a5f3f576a603882464574547b7e05b6a4c7c
d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c
d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24
d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461
d8d01d76fee55c57a09b3da50e7a879102df24b962df9f31ff43ebc50d31043a
d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e310c4e689e7bcf75fda1bde019d6e4fb564d95da0b9a7d04fd7e68d9673a444
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e87be82092a8e1a5544ef566ba1a636162eecb31e33095c6f17eb06c87cc2efb
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef919241c4f9e8332708cde9d589d64af4e72883eaa283d774e27c40a29d10d1
f16a9696b3176614d3fe439def6fd9754fd489877999517b99b3b2f265cb7990
f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22
f322afdaf7184e4ddd7fca589f89cdd7e2e2721dffbf8abed7cb1eca88b0915f
f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96
f62504abbb867b0d53b4d90d746313621819f2c5d39ceab4695ac2b0ef8cf223
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

blog.morphisec.com Open in urlscan Pro 199.60.103.31 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

166 Requests

99 %HTTPS

51 %IPv6

36 Domains

57 Subdomains

50 IPs

6 Countries

2344 kBTransfer

6497 kBSize

45 Cookies

45 Outgoing links

Redirected requests

166 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.morphisec.com Open in urlscan Pro
199.60.103.31 Public Scan

Screenshot
Live screenshot

Full Image

166
Requests

99 %
HTTPS

51 %
IPv6

36
Domains

57
Subdomains

50
IPs

6
Countries

2344 kB
Transfer

6497 kB
Size

45
Cookies

166 HTTP transactions
0 data transactions