urlscan.io logo urlscan.io
SecurityTrails logo

blog.morphisec.com Open in urlscan Pro
199.60.103.225  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoLz30vLIaNV6YIZjr-2BP6-2Foh8HbCATPaMnFzi8XwOaekhl2S5QJhgP...
Effective URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Submission: On September 07 via api from IL — Scanned from IL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 49 IPs in 4 countries across 38 domains to perform 179 HTTP transactions. The main IP is 199.60.103.225, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.morphisec.com.
TLS certificate: Issued by WE1 on July 13th 2024. Valid for: 3 months.
This is the only time blog.morphisec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.115.147 11377 (SENDGRID)
65 199.60.103.225 209242 (CLOUDFLAR...)
3 104.18.91.62 13335 (CLOUDFLAR...)
2 104.17.24.14 13335 (CLOUDFLAR...)
1 2.21.20.141 20940 (AKAMAI-ASN1)
16 104.16.117.116 13335 (CLOUDFLAR...)
1 104.17.173.91 13335 (CLOUDFLAR...)
3 216.58.206.72 15169 (GOOGLE)
1 142.250.186.170 15169 (GOOGLE)
1 2.21.20.155 20940 (AKAMAI-ASN1)
1 146.75.120.157 54113 (FASTLY)
1 104.16.71.105 13335 (CLOUDFLAR...)
4 157.240.251.9 32934 (FACEBOOK)
4 192.229.233.25 15133 (EDGECAST)
13 169.150.247.39 60068 (CDN77 _)
3 104.16.118.116 13335 (CLOUDFLAR...)
1 104.18.139.17 13335 (CLOUDFLAR...)
1 172.64.147.16 13335 (CLOUDFLAR...)
1 104.16.160.168 13335 (CLOUDFLAR...)
1 104.17.128.172 13335 (CLOUDFLAR...)
2 104.16.111.254 13335 (CLOUDFLAR...)
2 104.19.175.188 13335 (CLOUDFLAR...)
5 104.18.80.204 13335 (CLOUDFLAR...)
1 104.18.41.124 13335 (CLOUDFLAR...)
2 54.159.40.228 14618 (AMAZON-AES)
3 6 13.107.42.14 8068 (MICROSOFT...)
1 162.159.140.229 13335 (CLOUDFLAR...)
1 104.244.42.67 13414 (TWITTER)
1 104.18.244.108 13335 (CLOUDFLAR...)
1 169.150.247.37 60068 (CDN77 _)
1 104.244.42.8 13414 (TWITTER)
1 18.66.192.32 16509 (AMAZON-02)
3 3.127.89.46 16509 (AMAZON-02)
1 54.230.228.126 16509 (AMAZON-02)
1 104.18.18.71 13335 (CLOUDFLAR...)
2 172.67.10.172 13335 (CLOUDFLAR...)
2 34.111.208.231 396982 (GOOGLE-CL...)
1 54.230.228.76 16509 (AMAZON-02)
2 142.250.185.98 15169 (GOOGLE)
2 142.250.186.34 15169 (GOOGLE)
1 2 142.250.185.100 15169 (GOOGLE)
1 142.250.74.206 15169 (GOOGLE)
1 74.125.71.155 15169 (GOOGLE)
2 142.250.184.195 15169 (GOOGLE)
3 157.240.251.35 32934 (FACEBOOK)
4 3.127.196.46 16509 (AMAZON-02)
1 52.210.223.39 16509 (AMAZON-02)
2 108.138.36.8 16509 (AMAZON-02)
4 3.209.4.234 14618 (AMAZON-AES)
179 49
1    167.89.115.147 (Herndon, United States)

ASN11377 (SENDGRID, US)
PTR: o16789115x147.outbound-mail.sendgrid.net
u33254697.ct.sendgrid.net
65    199.60.103.225 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
blog.morphisec.com
www.morphisec.com
3    104.18.91.62 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
2    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2.21.20.141 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-141.deploy.static.akamaitechnologies.com
platform.linkedin.com
16    104.16.117.116 (None, )

ASN13335 (CLOUDFLARENET, US)
no-cache.hubspot.com
app.hubspot.com
cta-service-cms2.hubspot.com
track.hubspot.com
1    104.17.173.91 (None, )

ASN13335 (CLOUDFLARENET, US)
static.hsappstatic.net
3    216.58.206.72 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f8.1e100.net
www.googletagmanager.com
1    142.250.186.170 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f10.1e100.net
fonts.googleapis.com
1    2.21.20.155 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-155.deploy.static.akamaitechnologies.com
snap.licdn.com
1    146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    104.16.71.105 (None, )

ASN13335 (CLOUDFLARENET, US)
scout-cdn.salesloft.com
4    157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net
connect.facebook.net
4    192.229.233.25 (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
13    169.150.247.39 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 169-150-247-39.bunnyinfra.net
consent.cookiefirst.com
3    104.16.118.116 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hubspot.com
cta-service-cms2.hubspot.com
forms.hubspot.com
1    104.18.139.17 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    172.64.147.16 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    104.16.160.168 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    104.17.128.172 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
2    104.16.111.254 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
forms.hscollectedforms.net
2    104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)
forms-na1.hsforms.com
5    104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)
perf.hsforms.com
perf-na1.hsforms.com
forms.hsforms.com
1    104.18.41.124 (None, )

ASN13335 (CLOUDFLARENET, US)
1534169.fs1.hubspotusercontent-na1.net
2    54.159.40.228 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-40-228.compute-1.amazonaws.com
scout.salesloft.com
6    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)
t.co
1    104.244.42.67 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    104.18.244.108 (None, )

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
1    169.150.247.37 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 169-150-247-37.bunnyinfra.net
edge.cookiefirst.com
1    104.244.42.8 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
1    18.66.192.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-32.muc50.r.cloudfront.net
static.hotjar.com
3    3.127.89.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-89-46.eu-central-1.compute.amazonaws.com
snid.snitcher.com
1    54.230.228.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-126.muc50.r.cloudfront.net
tag.clearbitscripts.com
1    104.18.18.71 (None, )

ASN13335 (CLOUDFLARENET, US)
trk.techtarget.com
2    172.67.10.172 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.inspectlet.com
hn.inspectlet.com
2    34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com
ibc-flow.techtarget.com
1    54.230.228.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-76.muc50.r.cloudfront.net
script.hotjar.com
2    142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net
googleads.g.doubleclick.net
2    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
td.doubleclick.net
2    142.250.185.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net
www.google.com
1    142.250.74.206 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f14.1e100.net
analytics.google.com
1    74.125.71.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wn-in-f155.1e100.net
stats.g.doubleclick.net
2    142.250.184.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f3.1e100.net
www.google.co.il
3    157.240.251.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-fra5.facebook.com
www.facebook.com
4    3.127.196.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-196-46.eu-central-1.compute.amazonaws.com
x.clearbitjs.com
app.clearbit.com
1    52.210.223.39 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-223-39.eu-west-1.compute.amazonaws.com
content.hotjar.io
2    108.138.36.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-8.muc50.r.cloudfront.net
assets.trendemon.com
4    3.209.4.234 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-209-4-234.compute-1.amazonaws.com
trackingapi.trendemon.com
Apex Domain
Subdomains		 Transfer
65 morphisec.com
blog.morphisec.com
www.morphisec.com
1 MB
19 hubspot.com
no-cache.hubspot.com — Cisco Umbrella Rank: 34139
app.hubspot.com — Cisco Umbrella Rank: 10634
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 8074
js.hubspot.com — Cisco Umbrella Rank: 8139
track.hubspot.com — Cisco Umbrella Rank: 5359
forms.hubspot.com — Cisco Umbrella Rank: 11636
184 KB
14 cookiefirst.com
consent.cookiefirst.com — Cisco Umbrella Rank: 40486
edge.cookiefirst.com — Cisco Umbrella Rank: 48961
86 KB
7 hsforms.com
forms-na1.hsforms.com — Cisco Umbrella Rank: 15115
perf.hsforms.com — Cisco Umbrella Rank: 36274
perf-na1.hsforms.com — Cisco Umbrella Rank: 8524
forms.hsforms.com — Cisco Umbrella Rank: 9382
5 KB
7 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 7061
px.ads.linkedin.com — Cisco Umbrella Rank: 669
www.linkedin.com — Cisco Umbrella Rank: 914
164 KB
6 trendemon.com
assets.trendemon.com — Cisco Umbrella Rank: 246335
trackingapi.trendemon.com — Cisco Umbrella Rank: 210305
68 KB
6 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1868
analytics.twitter.com — Cisco Umbrella Rank: 1356
syndication.twitter.com — Cisco Umbrella Rank: 2285
31 KB
5 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 77
td.doubleclick.net — Cisco Umbrella Rank: 481
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
3 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
161 KB
3 clearbitjs.com
x.clearbitjs.com — Cisco Umbrella Rank: 44158
45 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
3 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 10
analytics.google.com — Cisco Umbrella Rank: 238
88 B
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 66995
ibc-flow.techtarget.com — Cisco Umbrella Rank: 63746
2 KB
3 snitcher.com
snid.snitcher.com — Cisco Umbrella Rank: 175372
25 KB
3 salesloft.com
scout-cdn.salesloft.com — Cisco Umbrella Rank: 28532
scout.salesloft.com — Cisco Umbrella Rank: 36652
4 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
293 KB
3 hubspot.net
cdn2.hubspot.net — Cisco Umbrella Rank: 20878
6 KB
2 google.co.il
www.google.co.il — Cisco Umbrella Rank: 18481
562 B
2 inspectlet.com
cdn.inspectlet.com — Cisco Umbrella Rank: 38126
hn.inspectlet.com — Cisco Umbrella Rank: 35931
65 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 1335
script.hotjar.com — Cisco Umbrella Rank: 2017
61 KB
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 9601
forms.hscollectedforms.net — Cisco Umbrella Rank: 9837
25 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336
32 KB
1 clearbit.com
app.clearbit.com — Cisco Umbrella Rank: 46721
1 KB
1 hotjar.io
content.hotjar.io — Cisco Umbrella Rank: 8904
171 B
1 clearbitscripts.com
tag.clearbitscripts.com — Cisco Umbrella Rank: 38565
5 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 7580
1 KB
1 t.co
t.co — Cisco Umbrella Rank: 979
623 B
1 hubspotusercontent-na1.net
1534169.fs1.hubspotusercontent-na1.net
35 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 7189
4 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 5135
26 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 5067
26 KB
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 11009
92 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 1253
15 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1884
14 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
3 KB
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 12087
5 KB
1 sendgrid.net
u33254697.ct.sendgrid.net
267 B
0 lltrck.com Failed
lltrck.com Failed
179 38
Domain Requested by
56 blog.morphisec.com blog.morphisec.com
cdnjs.cloudflare.com
13 consent.cookiefirst.com www.googletagmanager.com
consent.cookiefirst.com
www.morphisec.com
9 www.morphisec.com blog.morphisec.com
consent.cookiefirst.com
7 track.hubspot.com
7 no-cache.hubspot.com blog.morphisec.com
5 px.ads.linkedin.com 2 redirects snap.licdn.com
blog.morphisec.com
4 trackingapi.trendemon.com assets.trendemon.com
4 platform.twitter.com blog.morphisec.com
platform.twitter.com
4 connect.facebook.net blog.morphisec.com
connect.facebook.net
3 x.clearbitjs.com tag.clearbitscripts.com
3 www.facebook.com blog.morphisec.com
connect.facebook.net
3 snid.snitcher.com blog.morphisec.com
snid.snitcher.com
3 perf.hsforms.com blog.morphisec.com
3 www.googletagmanager.com blog.morphisec.com
www.googletagmanager.com
3 cdn2.hubspot.net blog.morphisec.com
2 assets.trendemon.com blog.morphisec.com
assets.trendemon.com
2 www.google.co.il blog.morphisec.com
2 www.google.com 1 redirects blog.morphisec.com
2 td.doubleclick.net www.googletagmanager.com
2 googleads.g.doubleclick.net www.googletagmanager.com
blog.morphisec.com
2 ibc-flow.techtarget.com trk.techtarget.com
2 scout.salesloft.com scout-cdn.salesloft.com
2 forms-na1.hsforms.com blog.morphisec.com
2 cta-service-cms2.hubspot.com blog.morphisec.com
js.hubspot.com
2 cdnjs.cloudflare.com blog.morphisec.com
1 forms.hubspot.com cdn.inspectlet.com
1 app.clearbit.com cdn.inspectlet.com
1 hn.inspectlet.com cdn.inspectlet.com
1 content.hotjar.io script.hotjar.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com www.googletagmanager.com
1 script.hotjar.com static.hotjar.com
1 cdn.inspectlet.com blog.morphisec.com
1 trk.techtarget.com blog.morphisec.com
1 tag.clearbitscripts.com www.googletagmanager.com
1 static.hotjar.com www.googletagmanager.com
1 syndication.twitter.com blog.morphisec.com
1 forms.hsforms.com blog.morphisec.com
1 edge.cookiefirst.com consent.cookiefirst.com
1 perf-na1.hsforms.com blog.morphisec.com
1 forms.hscollectedforms.net js.hscollectedforms.net
1 api.hubapi.com js.hsadspixel.net
1 analytics.twitter.com blog.morphisec.com
1 t.co blog.morphisec.com
1 www.linkedin.com 1 redirects
1 1534169.fs1.hubspotusercontent-na1.net blog.morphisec.com
1 js.hscollectedforms.net blog.morphisec.com
1 js.hsadspixel.net blog.morphisec.com
1 js.hs-analytics.net blog.morphisec.com
1 js.hs-banner.com blog.morphisec.com
1 js.hsleadflows.net blog.morphisec.com
1 js.hubspot.com blog.morphisec.com
1 app.hubspot.com blog.morphisec.com
1 scout-cdn.salesloft.com blog.morphisec.com
1 static.ads-twitter.com blog.morphisec.com
1 snap.licdn.com blog.morphisec.com
1 fonts.googleapis.com blog.morphisec.com
1 static.hsappstatic.net blog.morphisec.com
1 platform.linkedin.com blog.morphisec.com
1 u33254697.ct.sendgrid.net 1 redirects
0 lltrck.com Failed blog.morphisec.com
179 61
Subject Issuer Validity Valid
blog.morphisec.com
WE1		 2024-07-13 -
2024-10-11		 3 months crt.sh
hubspot.net
Cloudflare Inc ECC CA-3		 2024-03-06 -
2024-12-31		 10 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-07-31 -
2024-10-29		 3 months crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-03-29 -
2025-03-28		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2024-01-06 -
2024-12-31		 a year crt.sh
hsappstatic.net
WE1		 2024-09-06 -
2024-12-05		 3 months crt.sh
*.google-analytics.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
upload.video.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
www.morphisec.com
WE1		 2024-07-13 -
2024-10-11		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-12-13 -
2024-12-12		 a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-06-25 -
2025-06-24		 a year crt.sh
salesloft.com
Sectigo RSA Domain Validation Secure Server CA		 2024-03-20 -
2025-04-19		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-06-17 -
2024-09-15		 3 months crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-08 -
2025-07-07		 a year crt.sh
*.cookiefirst.com
Sectigo RSA Domain Validation Secure Server CA		 2023-12-05 -
2024-12-16		 a year crt.sh
hsleadflows.net
WE1		 2024-07-31 -
2024-10-29		 3 months crt.sh
hs-banner.com
WE1		 2024-07-27 -
2024-10-25		 3 months crt.sh
hs-analytics.net
WE1		 2024-08-09 -
2024-11-07		 3 months crt.sh
hsadspixel.net
WE1		 2024-08-12 -
2024-11-10		 3 months crt.sh
hscollectedforms.net
WE1		 2024-07-25 -
2024-10-23		 3 months crt.sh
hsforms.com
WE1		 2024-08-12 -
2024-11-10		 3 months crt.sh
hubspotusercontent-na1.net
WE1		 2024-08-29 -
2024-11-28		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-08-27 -
2025-02-27		 6 months crt.sh
t.co
E6		 2024-07-31 -
2024-10-29		 3 months crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-31 -
2024-10-29		 a year crt.sh
hubapi.com
E6		 2024-08-30 -
2024-11-28		 3 months crt.sh
syndication.twitter.com
R10		 2024-08-23 -
2024-11-21		 3 months crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
snid.snitcher.com
Amazon RSA 2048 M03		 2024-07-17 -
2025-08-14		 a year crt.sh
clearbitscripts.com
Amazon RSA 2048 M03		 2024-05-11 -
2025-06-08		 a year crt.sh
trk.techtarget.com
WE1		 2024-07-23 -
2024-10-21		 3 months crt.sh
inspectlet.com
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
ibc-flow.techtarget.com
WR3		 2024-08-28 -
2024-11-26		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.doubleclick.net
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.google.co.il
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
clearbitjs.com
Amazon RSA 2048 M02		 2024-02-15 -
2025-03-16		 a year crt.sh
*.hotjar.io
Amazon ECDSA 256 M02		 2024-01-31 -
2025-03-01		 a year crt.sh
clearbit.com
Amazon RSA 2048 M03		 2024-02-15 -
2025-03-16		 a year crt.sh
*.trendemon.com
SSL.com RSA SSL subCA		 2024-06-18 -
2025-06-18		 a year crt.sh

This page contains 7 frames:

Primary Page: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Frame ID: C8D817C752186F9A60CB218E68B3AB57
Requests: 170 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.morphisec.com
Frame ID: 722472D05950722A1F0274BB7923FA31
Requests: 1 HTTP requests in this frame

Frame: https://www.morphisec.com/cf-bc-handler.html
Frame ID: BF6206DE8893146DA14667A2AB062F68
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: 70CD4C2BB782564279A09BD8384B0F44
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/784310031?random=1725734117166&cv=11&fst=1725734117166&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4940z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&hn=www.googleadservices.com&frm=0&tiba=Decoding%20the%20Puzzle%3A%20Cicada3301%20Ransomware%20Threat%20Analysis&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=511159890.1725734119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 2E67ECC5D68353DCFCCB6498035FE58C
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-HFVX4VZHCS&gacid=1833227746.1725734119&gtm=45je4940v897583451z8897572158za200zb897572158&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1300606155
Frame ID: B33673E7C808E5F5C6D7AC90F3CE2B60
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df41e52d5339aaf39d%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ffc644f85beb3e1f67%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&layout=button_count&locale=en_US&sdk=joey
Frame ID: 0BB541A9095FD349509AC0A684BACC94
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Decoding the Puzzle: Cicada3301 Ransomware Threat Analysis

Page URL History Show full URLs

  1. https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoLz30vLIaNV6YIZjr-2BP6-2Foh8HbCATPaMn... HTTP 302
    https://blog.morphisec.com/cicada3301-ransomware-threat-analysis Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • cdn\.inspectlet\.com
Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

179
Requests

98 %
HTTPS

0 %
IPv6

38
Domains

61
Subdomains

49
IPs

4
Countries

2616 kB
Transfer

6656 kB
Size

49
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoLz30vLIaNV6YIZjr-2BP6-2Foh8HbCATPaMnFzi8XwOaekhl2S5QJhgPil57V-2Bnz9ccOwWdKPHTZYbeUHTwSow7Cy8g-3DNptA_xe6fOXjz6id-2FgGyhTJI-2FmntAo0gAdry6sqehMjQCGvDAFtMnlaUWzisPqLcW4KF7wDRDoRuZoUyP0CEv58t6kWnN9XVmXWEa5DbeP6uG-2BAvs7XZa2z8TBFkLzaam7GP5XliDRdskCnQGBEwW1g1-2BGoWecRit3VzSZIpvSP3iAH8sIz1vUQGrvLVFCP7gxyg0-2BC5sWreNUnHkyqch0MpSMLfOCScb-2BQ0KvgB9ae38srA-3D HTTP 302
    https://blog.morphisec.com/cicada3301-ransomware-threat-analysis Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 102
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1725734117226&li_adsId=744d8848-bc4d-4bee-aae4-07ec56932810&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1725734117226&li_adsId=744d8848-bc4d-4bee-aae4-07ec56932810&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32136%26time%3D1725734117226%26li_adsId%3D744d8848-bc4d-4bee-aae4-07ec56932810%26url%3Dhttps%253A%252F%252Fblog.morphisec.com%252Fcicada3301-ransomware-threat-analysis%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1725734117226&li_adsId=744d8848-bc4d-4bee-aae4-07ec56932810&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cookiesTest=true&liSync=true
Request Chain 143
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=44836810.1725734119&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&dma=0&npa=0&gtm=45He4940n81PQBJZ8Kv897572158za200&auid=511159890.1725734119 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=44836810.1725734119&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&dma=0&npa=0&gtm=45He4940n81PQBJZ8Kv897572158za200&auid=511159890.1725734119

179 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request cicada3301-ransomware-threat-analysis
blog.morphisec.com/
Redirect Chain
  • https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoLz30vLIaNV6YIZjr-2BP6-2Foh8HbCATPaMnFzi8XwOaekhl2S5QJhgPil57V-2Bnz9ccOwWdKPHTZYbeUHTwSow7Cy8g-3DNptA_xe6fOXjz6id-2FgGyhTJI-...
  • https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
91 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e717c1d53f9598b02a6a3ccb937d61989af5ae4af0ef0627b922aca16dd460c7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-ray
8bf8cc2eba8fd246-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Sat, 07 Sep 2024 18:35:15 GMT
edge-cache-tag
CT-177081907483,CG-3742504875,P-1534169,L-111241817773,W-110459115301,W-110461035085,W-110617941043,W-17242827075,CW-109590708858,CW-111929326924,CW-148583664153,CW-6224157750,CW-96190736016,E-109591972187,E-109621200285,E-109629951254,E-109788822098,E-110333050473,E-110410292559,E-110414479364,E-110809165900,E-36272650673,E-6213834399,E-6224156614,E-6224925249,E-91587260036,MENU-110459115301,MENU-110461035085,MENU-110617941043,MENU-17242827075,PGS-ALL,SW-1,GC-109628533403,GC-111932574522
last-modified
Tue, 03 Sep 2024 13:01:16 GMT
link
</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFbhhkjKrIya4MS865pDA0LPFNZVDPlNwklD39JVMfcSzHh70syRCpo6cAdbCwNlJE3g5dIdQqbOvekEladmi4Lv%2BQ25OCcitLc4jcOmXbBYfuAsPbnr%2FmGvu2sfXHCN%2Fh7yYg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=10800, max-age=0
x-hs-cf-cache-status
HIT
x-hs-content-id
177081907483
x-hs-hub-id
1534169
x-hs-prerendered
Tue, 03 Sep 2024 13:01:16 GMT
x-xss-protection
1

Redirect headers

Connection
keep-alive
Content-Length
87
Content-Type
text/html; charset=utf-8
Date
Sat, 07 Sep 2024 18:35:15 GMT
Location
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Server
nginx
X-Robots-Tag
noindex, nofollow
project.js
blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:15 GMT
content-encoding
gzip
via
1.1 a2ce61e5ddc66736c9e2bfb6581fa2da.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
1085057
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
content-security-policy
upgrade-insecure-requests
x-cache
Hit from cloudfront
x-amz-version-id
gEenO44eZUewxnIWfgj9q6LB.g9OszNv
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 19 Aug 2020 22:24:11 GMT
server
cloudflare
etag
W/"ef84f26c310485299d6b75777414eddb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=04gk9R69j9OgMtTNH9iUJE1KtjNSEiPTlOqNUQxTr%2Bqv633F%2FvoKy62GV17UwQ9hCDhjwfQsYegch5JyUQcKKfgO5P2Ia21p1z1ykfex6D1oH4cZaJF8%2BkWEptXPt%2BwKNbZgYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8bf8cc2fec01d246-FRA
x-amz-cf-id
am7XuUpzgZ44gWC9uZHQXtJ4bHkVqmd66-PXMSp85hKSj5xpJB6Nng==
expires
Sun, 07 Sep 2025 18:35:15 GMT
project.js
blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:15 GMT
content-encoding
gzip
via
1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
15390141
x-amz-cf-pop
FRA56-P2
x-amz-server-side-encryption
AES256
content-security-policy
upgrade-insecure-requests
x-cache
Hit from cloudfront
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4EMmjTs5rTu%2BGhOusGA2mMYcvQTMLFrgoVuBIP%2F0Fru%2F32d7PBbiNcyn5ZPL68h%2FZ0xdjmEc%2BstILUx8B%2BNl8pQsCYTdkS%2B8awxKGRFrW%2Fv7%2BQCGKTPDxAlLcAFhyu8zvyfL8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8bf8cc2fec03d246-FRA
x-amz-cf-id
vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires
Sun, 07 Sep 2025 18:35:15 GMT
post_listing_asset.js
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:15 GMT
content-encoding
gzip
via
1.1 bc3ecf5f025b0be9b8c39c5dd2dace2e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
1003338
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
content-security-policy
upgrade-insecure-requests
x-cache
RefreshHit from cloudfront
x-amz-version-id
nC1hzr07YsutChb9rCwKsMoiyxip8lR7
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"d95d7dafd49a1edc76a47120c287b579"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iiOfE8t9TexcjcJV2nvhgeDOYcPKNeSsf3xD8TvyoAQ1P9eROQQ2NfmhNWf1dYrB8LYHcp1XAr56O%2B7tfn8yoETGzy%2F2IzFGppSqqT2wvfpVgWVkxuyNFq0KdPl%2BYGKk1UJn%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8bf8cc2fec04d246-FRA
x-amz-cf-id
4QXhYHfOMT6HEtT47YRhFGazvFhrK50X_pzJ4k5ybraJGjz8H-izwg==
expires
Sun, 07 Sep 2025 18:35:15 GMT
v2.js
blog.morphisec.com/_hcms/forms/ 		483 KB
161 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
72
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5999/bundles/project-v2.js&cfRay=8bd6880c43f392fe-ARN
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"6baa082bb753a0d6d6e8a595ed1a8003"
vary
accept-encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5999/bundles/project-v2.js
date
Sat, 07 Sep 2024 18:35:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-amz-version-id
AFaf8mWb39Qooe1K5qzICbDOfESNQB7s
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
82a87069-a174-4a04-8bf6-c6c22b946f16
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
82a87069-a174-4a04-8bf6-c6c22b946f16
last-modified
Tue, 03 Sep 2024 14:36:36 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6NYI55NZXtWOo5Y%2Fw44Bpy814H56BJvp0bOVF9a0m92CjbRgjFJh98XSXtEv4nPJ40D90d0lRtouLzdEKtvAUvToJ9ab5hLz5kCCKa2BlCitw%2BmRIUmBHgcwBJ9WbMeg3bTLVw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-jfqmf
cf-ray
8bf8cc2fec08d246-FRA
x-amz-cf-id
GfWF64iWgwAqdoEl1BhiU1p8LwtSJT0SiIi_7W4YyTqRKMNtYGQzkA==
reset.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1697111371858/2023/CSS/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1697111371858/2023/CSS/reset.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
abd611420c0557b18c6fbd0dd66eb643fc3298fbaccd15e0a2ba9fdf78f2ca72
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
x-amz-request-id
7S946JEJB4KE1DRG
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"fdc18c7998eab7f0173b18cbfee4df06"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1697111372573
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:15 GMT
via
1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
LIGvZMYA2GuHTR7O2Z5oVj7c2QZI5kJK
x-cache
RefreshHit from cloudfront
x-hubspot-correlation-id
bd229b21-a80f-4ea8-8af6-f55cbcc82740
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
140
alt-svc
h3=":443"; ma=86400
x-amz-id-2
iUEfLXlPoOdA6Dozk3PWkMoxiHCJovtawjLjBAhgxMhqpfRJkxa2iGkb4YIgTthaDJWqcony6I0=
x-evy-trace-route-configuration
listener_https/all
x-request-id
bd229b21-a80f-4ea8-8af6-f55cbcc82740
last-modified
Thu, 12 Oct 2023 11:49:33 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D2Zn601Q9uS%2F7%2BwRXbK0V6CKRSaP2draLc%2FnEkLsnx44tntYHDJstOkSrwCZDrRUAssFjJQetec3q3dndosDl1PReSzHGLJcHhmQgWh7K0hKjL3j3oehQMBWOKuaf03LLnogig%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-bkstl
access-control-allow-credentials
false
cf-ray
8bf8cc2ffc09d246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
gY6EF-8KzawA1msdHOcXsz9tv6juF8RI02O_lIzLRnHg5TMbU4VYxg==
fonts.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
x-amz-request-id
WS9R9TZDVJ98YRZB
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"129a23607bce2eee640430d3bbfef277"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1680693252902
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
via
1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
dVLtzAKZg__B3uxHbu3a_2GX4VNB5e_S
x-cache
Miss from cloudfront
x-hubspot-correlation-id
057a8449-0421-4ae7-a647-a5ad3034e951
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
167
alt-svc
h3=":443"; ma=86400
x-amz-id-2
tuLkaSL5Z1fQLIIDpipfPP90FTCrUIY7LBK4tauu0EatuXWBxmglMmhbliSMZ2UQHRMESCtptYA=
x-evy-trace-route-configuration
listener_https/all
x-request-id
057a8449-0421-4ae7-a647-a5ad3034e951
last-modified
Wed, 05 Apr 2023 11:14:13 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YM1XNkAvnU37BeVgu4RqZwU0QvwlgimcBEcwPHRfjAqTkdTzxh7H410IwH9au8lzO9qvJ1PPyBDL0gBApiB0vbF8wmWIoBBkL6BU7LjjaJDu83D7d4VgHnGXq%2FnkOumTFkFD%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials
false
cf-ray
8bf8cc2ffc0cd246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
O47wukNnZI_YnlKyJBJKOu4HDVXMALNhdCQlNEKCR6g1ERMdp306Bg==
custom.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/ 		280 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/custom.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
P5PGB04BMQPZRW2G
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"5c5cddb5467e6fe854b7d0a6f51135e8"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1682414590689
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 5e6930ff15cb9ece8bd1c3b20d8103c0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Tnt1z7gJRW9yvpi1rPu2tP7PpekG4_IL
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
7bc555e8-dce9-4c4f-8aca-04f18d1a55ba
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
125
alt-svc
h3=":443"; ma=86400
x-amz-id-2
ZuiYvZZ/xSM+LE0SceOfjVtvRHTGxnwx5F+aVtO+1W9vip2Mcl2x3p4Ah+/O2SYdEJd1i3Lp7kY=
x-evy-trace-route-configuration
listener_https/all
x-request-id
7bc555e8-dce9-4c4f-8aca-04f18d1a55ba
last-modified
Tue, 25 Apr 2023 09:23:11 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O1y2iLnO6ru%2Fs3AdnHi70o9u20VEcpQTTzUi349hUADCueMPzHRT3OHba2CR6EwHPi73jla1bu9eSM7wIWU46w7HRFDAUxCfYb5gRr0ofbgpjlt6zdmki3%2BxM%2BI2Iyx72qjZcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-6c69l
access-control-allow-credentials
false
cf-ray
8bf8cc2ffc0ed246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
qdaxDn5uNUPbzlpEQEZoStnbCQNwErwlf9ojD6T_tndoVD4Tpjef9g==
slick.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/slick.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
x-amz-request-id
2JWDMKJZQBB7VFC5
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"50424795a4c8f41eaba805785dcd11a3"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1681177549173
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
via
1.1 6946167499a4b8f515865d62f0b0b284.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-amz-version-id
CSM7qjm5tr1tplGgJgxA9LlFMJy2.Rrt
x-cache
RefreshHit from cloudfront
x-hubspot-correlation-id
fe726919-0273-448f-934a-8bbcfec8fa46
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
153
alt-svc
h3=":443"; ma=86400
x-amz-id-2
T77Kr0ygWhEE82PyHiC52Sv47veyJQrCnfrJqUUdImIWEdW6XshUAIGOK7+8u1rlTF9hJZEtN4U=
x-evy-trace-route-configuration
listener_https/all
x-request-id
fe726919-0273-448f-934a-8bbcfec8fa46
last-modified
Tue, 11 Apr 2023 01:45:50 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z28p1IjQKDwteStDF0tK73pYisb5F3zY%2FIL0OmOo5s9FAAgxXunjvNbzrUI0s2rAZYJ1qNvJL3xPdHlzP4J9VJr80iUzolgA%2B1fx8NCKKzlvlMmjQ9ux%2FOadWqDvF5CFO1SV5A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-6c69l
access-control-allow-credentials
false
cf-ray
8bf8cc2ffc10d246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
b8ILdj0PWlIJ8V_znzxye4o74V3Mez5Xv4KcDdues8Dtwxxe7X0mag==
module_109590708858_Header_-_Global.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/ 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/module_109590708858_Header_-_Global.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ec3c84e8019f979befe03094b124908c617d66036668dade9e8edf77b239924
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
x-amz-request-id
FDBNXZ6E52JE4CRR
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"6e88b79d3c88ae7b7cdc87de63b2df5d"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1718666705155
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
via
1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
EmcCbP35dT6z.TbaRVMftxuobV7Ho9gP
x-cache
RefreshHit from cloudfront
x-hubspot-correlation-id
a01825c4-527a-487a-8c2f-b6a1ee52a950
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
147
alt-svc
h3=":443"; ma=86400
x-amz-id-2
PtIb3Redxg6JGp6LH0ZQJvSr8Apxx2rcl0rolibJt4lNeZ+rBRh3yUSV/1SvU1xQ626cxJgvkkasM7uG+qFmivPkVwIyOY4KFV1UPyeVgbc=
x-evy-trace-route-configuration
listener_https/all
x-request-id
a01825c4-527a-487a-8c2f-b6a1ee52a950
last-modified
Mon, 17 Jun 2024 23:25:06 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KGUoBsAt5Oy1%2FZ9NK9vxr%2BskOSvkq%2FtKas5FMB16iXRaNsjHNPQK5iv8w0RYugJ57v6%2F%2Fm%2BHIEPwMVF6petB0PJxUvo8mpC979z2G5DWCqIr7%2BJTvbnlf45rA5PnRWqKmMLAFg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials
false
cf-ray
8bf8cc2ffc13d246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
2rnQmmp_hFWsO4mU_8ztK_11VzEumF19KuSSowvqiJattcBZnJd5dQ==
project.css
blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/ 		720 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/project.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
14773668
x-amz-cf-pop
FRA56-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
8ccI4weZqJTdCHtwNm3UqetXb_uUGb6Y
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 19 Mar 2024 20:21:22 GMT
server
cloudflare
etag
W/"a81c70764750950eb72d4537c41e781f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dEdV6LDc7KWfmhM6MOLs2BKsku7ULRNywjdTTFcFDEZvtegB%2B20u3bOcqzc9tUc2KM0Nrts9vqN%2B5H4T%2B8mt%2B%2FVM9wtcz3aLezDwGEdjMlI8HjYiuAMNLU6%2FRb18xeYcQQOGdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
8bf8cc2ffc15d246-FRA
x-amz-cf-id
g7Xq0RBZkXYErLa84Vt7JzfPtPOIstnRQrqC3IhE4nOzaCNhgj_NTA==
expires
Sun, 07 Sep 2025 18:35:15 GMT
module_148583664153_Blog_Quiz.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/148583664153/1703224192160/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/148583664153/1703224192160/module_148583664153_Blog_Quiz.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e0a2edf9cc6b61a6576a95fe791ac7b4470577d68e0cc738a2f90d2d6416589
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
x-amz-request-id
8B7J6SBP63MJA809
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"5292316ee34f942adabf9639035cb5f1"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1703224192160
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
via
1.1 40c1e5c4b3789c2ca411f57891da3fe4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-amz-version-id
YbKx_knHjcoCWj.kdAsSCG6ojGVZltfV
x-cache
RefreshHit from cloudfront
x-hubspot-correlation-id
e4c99318-e24f-46b3-a83f-d5f3fdfd45da
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
168
alt-svc
h3=":443"; ma=86400
x-amz-id-2
umZskWftZm4E8buTPnO2ju/qP3STzxFoGo0b94Q2l6Zl2zB7TQ6Xd9RGOmMqsCOdMJuvBHhLAS0=
x-evy-trace-route-configuration
listener_https/all
x-request-id
e4c99318-e24f-46b3-a83f-d5f3fdfd45da
last-modified
Fri, 22 Dec 2023 05:49:53 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4edbZSauSwKzFol97f8U0ed1Z1UZJME91tWnOYSjm%2Bg4kHW3jVcCLCIWoBYmKd0QHnqxsrnvP1Fol6cOqXeVai3uVicHko42o6NSUWqBEGznZFLzhJlOqZA%2B8jIkxN8u9zZ1Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-bkstl
access-control-allow-credentials
false
cf-ray
8bf8cc2ffc16d246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
pgqoFWUQqOWYpQrWd-0zjqucLx1ISibX3S_05n_6sQQEvU8jhE1jfg==
module_-2712622_Site_Search_Input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1725293205480/ 		612 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1725293205480/module_-2712622_Site_Search_Input.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.91.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
br
age
440772
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"c708989561e0cdbfcf996d1b7f47482c"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1725293205480
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:15 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
30c2594e-ca48-4fb3-8ba1-4ad8dd8c6d98
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
193
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
30c2594e-ca48-4fb3-8ba1-4ad8dd8c6d98
last-modified
Mon, 02 Sep 2024 16:06:46 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RNtv2%2B06%2F1ogE4UPTYDTMhzvD6l6ziYrxoo6e4ZMLdOGc3tgda%2Fhvbn6OX7GVfMjItBEB1eo3dyiYE%2BvEx1u41CGK%2F7y0qwm%2FOU524E9r0SdXmMuiPm%2BDTPbDyafruOQlGg%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-6748d4cfc8-4jgmf
cf-ray
8bf8cc30bc9e3722-FRA
rss_post_listing.css
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 		910 B
1022 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 4d0ae7ca3bb5e2d6eaa1450e1906adb4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
10715186
x-amz-cf-pop
FRA56-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"e1b521ec14a912d6d385c21388ec7d79"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lSWWROeXldupjYnrw6%2BYf%2FEM27ZjKlpSvkvgfPpEoVv0XkChdFguNhubzzpnMb88o6O6jdD2QjVHj5N4DOzlr4oWaXoIQZ9n4Q2cZCyC%2BOVT5QquGJCzos3Pgyrno8r4kVGhyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
8bf8cc2ffc1ad246-FRA
x-amz-cf-id
-qMof7lyKXEb2NoFcvGNm4_DKNNLQiJqyYayO2ib1A_4z-SDh2pfbg==
expires
Sun, 07 Sep 2025 18:35:15 GMT
module_111929326924_Footer_Global_2023.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1718631910284/ 		4 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1718631910284/module_111929326924_Footer_Global_2023.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c1113b143de12d58d3771cbddb3a4e7c76580a89ea241479cc9bd5288fd2fd0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
x-amz-request-id
HBQATTC7Q1PC8DJN
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"a5ec360241c57fd3faa2fbc7878eba90"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1718631910284
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:15 GMT
via
1.1 281687fdef6568ba75a1a090e3b48e2a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-amz-version-id
jCxWLjuzpDes5PguwdA4b48KQVfcw1n0
x-cache
Miss from cloudfront
x-hubspot-correlation-id
f376bc71-34bd-4f30-b92b-d43c559bd0e7
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
198
alt-svc
h3=":443"; ma=86400
x-amz-id-2
V/9Eu/jY6QPiFGYMNRWmtikF0aYg+Kt0NfwKbiLD9Hz7SXA5HQvDM9DIsQskNtaAy7FgmorLtLh0qOSQ5zglLSwVt2F+PTjU+RQ+n9J9IwE=
x-evy-trace-route-configuration
listener_https/all
x-request-id
f376bc71-34bd-4f30-b92b-d43c559bd0e7
last-modified
Mon, 17 Jun 2024 13:45:11 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pm7FdodBATBJIAI8WN%2FGndIIOBAGDPIZ5CICTq1COu9xuubqHWHC0FqojUloJet3WQXwp%2B7iKgMn3t78RtS3FnJTDRqw3%2B6xTInFP%2F64WHNvHde9gZDYQFb77Py3BMnHLZ68gw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-bkstl
access-control-allow-credentials
false
cf-ray
8bf8cc2ffc1bd246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
Ts3QBLLT3IDkSFWgpgGW5_EV2JJhhMq6e_K977mShiMNNivWHtqRZQ==
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
223093
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27958
last-modified
Mon, 04 May 2020 23:01:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb09ed3-15d84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MHB%2BjzurZ0uXz5FM1CeoV6%2FdL5s7WeuKsAcgYpt1Ht3EMpcJ1yLC3lGyMiwu2rJgsEU7pwzaRtqSwPcC0fdzB1GMtZorLpaPv26leLqXnIgONxj7wXq2qlQt6lutfRNQdX4y5g1D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8bf8cc30bed2d2a4-FRA
expires
Thu, 28 Aug 2025 18:35:15 GMT
jquery-migrate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/jquery-migrate.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
847771
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
3592
last-modified
Thu, 25 Jun 2020 01:22:57 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5ef3fc71-2b0b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7yuAsLBK9malknIoV3OtQ6rfuZg7G%2FyHrq8%2BKfGSOCfzZCoIW8tl6DYbtK%2B9VoqtqxcOynSMi6ewTJvVcRzTGPXQoqmYUJ3A7PkUE1pFX22a3qsSRCal%2BZMAMZ1WGs6UmtBBhQiH"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8bf8cc30bed5d2a4-FRA
expires
Thu, 28 Aug 2025 18:35:15 GMT
custom.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/ 		723 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/custom.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
698VKKQMH7KR53S8
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"aa1f7340688642df1a14a1ed11c7650d"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1680774296492
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 041a4887d523cabe8177e269cc358162.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
E6pXkgaUwSKGBww5g6OhIUrjEzq.3zLC
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
145e1e95-6686-4af3-beba-c4a736a45451
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
158
alt-svc
h3=":443"; ma=86400
x-amz-id-2
QqPYDofCkJ5DgYqX0tyKBH/xgb2A0vq0aZ5+6WQnOlqYlafSNx4kG/CBsa7Dg82XOlmJ7kVLuow=
x-evy-trace-route-configuration
listener_https/all
x-request-id
145e1e95-6686-4af3-beba-c4a736a45451
last-modified
Thu, 06 Apr 2023 09:44:57 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tL8ygfaLDe8xH%2Bbn73n4vCfAlBiN90iIb15A%2BqTFwQDpoOnTot0JQ8N1Jg6LAgtXLBxl12Fub%2Byt%2BS%2FHv2f2x0lhhBFYsmxSiSnNwOk%2FUOddxnoNrYvMrEgNRH31cwdBHodQTA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials
false
cf-ray
8bf8cc2ffc1cd246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
yd6VZ2so3rXUZk8LMCQ_p0HneavL37Z8e6p6ALzFwW3VWDncDy4brg==
font-awesome.min.css
blog.morphisec.com/hubfs/dynamic_esg/css/ 		20 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/dynamic_esg/css/font-awesome.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 e7901684d85170d527aec3a64956def6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
content-security-policy
upgrade-insecure-requests
age
1062838
x-amz-cf-pop
FRA60-P7
x-amz-request-id
669R7WYPPFYXCGKG
content-encoding
br
edge-cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
x-amz-version-id
t80ZTUuyC2UKWRLSZGKnunSDBqf49hOf
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
CLSrILIyzozsRY1J0AAGWXOzNBJ0iRI+mUB3cs2iNVZKBjCOj7eyDYoAzQTiexXPH66CcTEnY+s=
last-modified
Wed, 02 May 2018 21:34:26 GMT
server
cloudflare
etag
W/"aede50e4be8da8450a046f9d293e57a5"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=urGTkkJNTMcdxguBp2QFA5twv5R53Sjfr1RO9Zf1dOqe5Uy3Z%2FIjTcVNYzQZGU%2BFzlu1e8Kk8X0Zc2jIgkkxy9CT%2Fv8VkQc3bpyfcj45ZW2DHg3N1tl4cQo7CpO6tB%2F8Qw1W4A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8bf8cc2ffc1dd246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
seXHxCeJGvvcEeYyuzKfycppFhcbLl-ImgVm9tqfdzKPvoAV5VAU-g==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
in.js
platform.linkedin.com/ 		510 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.141 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-141.deploy.static.akamaitechnologies.com
Software
Play /
Resource Hash
87d049fc6d16da1f81063235c0e3d31a4656800cbbdca8277d6ae56614a52aba
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV4
server
Play
x-li-pop
prod-lva1-x
x-cdn
AKAM
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
x-li-fabric
prod-lva1
cache-control
public, max-age=3600
x-li-proto
http/1.1
content-length
163630
x-li-uuid
AAYhi3TvHGtNgDKz4aSaCg==
expires
Sat, 7 Sep 2024 19:11:46 GMT
layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1725293136163/hubspot/hubspot_default/shared/responsive/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1725293136163/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.91.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
age
440945
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"fda5882b24ca5a84d04d090722dc713b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1725293136786
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:15 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
39989acb-c9fa-4f8d-b75d-04245d378804
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
198
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
39989acb-c9fa-4f8d-b75d-04245d378804
last-modified
Mon, 02 Sep 2024 16:05:37 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nhTiHvcGF3poincPf1AlO8PACmfJkMwQWEuLFqwrFv5KLkfV%2BoIrgMtJwB32szaHaqbWT1vo6B7Pe5t1qvSQf%2BkTVFN7rSyjLuhtkA2eLK14bH8%2B3SeIy2OKkNxdMzK965o%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-6748d4cfc8-cqdhg
cf-ray
8bf8cc30bc9c3722-FRA
timing-allow-origin
cdn2.hubspot.net
old-style.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1724090786853/2023/CSS/ 		120 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1724090786853/2023/CSS/old-style.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fb9092683cdc84ad2d4099ca958bb2dd1e102a8e754f503e997cc95ff5d4b11
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
x-amz-request-id
M172VHZWSK1TZJ3Z
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"66a87e63a861a626b8f743dad5da31d4"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1724090788240
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:15 GMT
via
1.1 85fc1201a1918facbeb30836e7391660.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
sVex1pKoellFr5ehM7j9ZVUl2Ag.DkLx
x-cache
Miss from cloudfront
x-hubspot-correlation-id
94834e57-e00c-43e3-b0b8-169c209dcc0c
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
221
alt-svc
h3=":443"; ma=86400
x-amz-id-2
/5tMQTinJ1BX3B/3bV8OV2wAGoTZ1HIcE7Ggn3uLB4fZuDWuDWQgpTeuxuRrLlFgWt0d5Y6yuac=
x-evy-trace-route-configuration
listener_https/all
x-request-id
94834e57-e00c-43e3-b0b8-169c209dcc0c
last-modified
Mon, 19 Aug 2024 18:06:29 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WrLE7dH2wl3HstDpUeCllrJwncPTYuGMRaezvZgYW7ZiMspyZYdNCcw9Fm6Fud0OkvX7PFgQuxIxv7t9vhu7zs%2B%2Brs5DU6pZhfUq80QvN7gVohbyQYsV%2FRL3qsyLjGHs3phb6w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-rz8x5
access-control-allow-credentials
false
cf-ray
8bf8cc2ffc1ed246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
lV-Wh2t9lwAF6u81KrhZrjiCk97N4IN0kD1h6tZUU22JxBUqdE1pmg==
6359793e-b232-4b79-9da5-b929fc3dc7aa.png
no-cache.hubspot.com/cta/default/1534169/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/6359793e-b232-4b79-9da5-b929fc3dc7aa.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd258baa6cbc14c2a6a22803337f584d9fd08907952e766c0d33527d9ae302c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
x-amz-version-id
Ouhh5h43kAs48TTY36jwxtD8FIsDpel5
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
1P6S29NCGTVQM5CS
x-amz-server-side-encryption
AES256
content-length
1291
x-amz-id-2
oxBjVL9UUalX4euUQ3GyZPCDs7vo1TmOvuQ89vDzLIeBw106UZHdCJMm31dYT/GfG136wlWczJc=
last-modified
Wed, 21 Aug 2024 16:17:28 GMT
server
cloudflare
etag
"d67c5c6f4a83307d5e5d860c371477ce"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xvDGbbI1cd%2BMLpBnr5evJyhXE5z9uwc2%2FjKo14G8nwUDa9srVRdAbxtZRdtaIhxTEtFf84%2FqWuuyfQ3I9jt2P6XCGYJasnbsXLBm4uh2IdAOfrc1jVolqLXBEq2If%2FRZ%2F9%2FV1Cck"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc316fc2907c-FRA
current.js
blog.morphisec.com/hs/cta/cta/ 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/cta/current.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ad1bae6d460c542914e6daf142d4bdcbd71aabebe3c551ac3cb82408e71a77c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
378
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.313/bundles/current.js&cfRay=8bf8c2f0f2c8d28d-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"27612678f14836c22ef91a2045a3ae92"
vary
accept-encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
cta-embed-js/static-1.313/bundles/current.js
date
Sat, 07 Sep 2024 18:35:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-amz-version-id
E.yaflAURLVj1zF1slBBxWyM1axLMwRT
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
fc66683f-51ac-4dd1-9ddc-004a705264a5
x-cache
Hit from cloudfront
cache-tag
staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
fc66683f-51ac-4dd1-9ddc-004a705264a5
last-modified
Thu, 05 Sep 2024 16:33:22 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FU1jgnaZuaTKLtVg5EdmXd%2BDyfpDVKaRFfLo47XH7H%2FHZbD2s4%2FzK4K2A6XnwdzPTAzUI2hPXfLrHreJuv5ic7rWbgGMIW7HIcE9PV%2BYW2D%2BzPBjb6uRPGq9W%2Bi4lVFyH%2BQBnA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-msg6n
cf-ray
8bf8cc2ffc1fd246-FRA
x-amz-cf-id
48iLO_xmpA3IKtOYKGKVpzjEsxbRNqqHpGJOmO3xWUVwOJvR4x4HDA==
Morphisec-Logo.svg
blog.morphisec.com/hubfs/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/Morphisec-Logo.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-163965048881,P-1534169,FLS-ALL
age
1086963
x-amz-request-id
RK271K3DNE8XTJQC
x-amz-server-side-encryption
AES256
edge-cache-tag
F-163965048881,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag
public-indexable
etag
W/"765cc8beac4cc28676c6e847214549f8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1712695150225
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 a952a9f23f3cd76250ef3c22a1c48a20.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
CLh4I1f8H1fjYE.XdVDUvmpXn1gHCWyp
x-amz-cf-pop
TLV50-C2
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-163965048881,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
zqqf9YGYs/2C+U5XXpE9brA3Qk/53+bNto9OlQkokXqWHkvB6+pevGRdgkoh58jZ0VUyYrBvVAVDq46JHEtWwQvvRBx/eA85pJdLIHJDhx0=
last-modified
Tue, 09 Apr 2024 20:39:11 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K9GZj9dd4mn8dgH9ozMCsGewdJzt9lCMUgOdkWae8AL5ysesWy2FaUFpiG0tQsZ5zUom6MRfyyCnCQ1Emqr1RIvV5CABtpvDFZcxtsK5H6%2B7xNTSl%2BZHfWfFfGMBLZUyPkE9Ew%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc33cfb1d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
KhVRwL_mhw6F8gQlqRZ19neGKlcrxK11sUGBrpyomUxNyoB78eC--A==
3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
no-cache.hubspot.com/cta/default/1534169/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
x-amz-version-id
ulKQMNoMzME6ZWTBPDeq_A_qJjzsu_Xz
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
1P6WA495BGSFRSHV
x-amz-server-side-encryption
AES256
content-length
1631
x-amz-id-2
j53wpnO0rJFPY3IeIQ7yqWFE/WN2lBI3bKnm6zM93wCWTxzvqbF/sIpNM0w0uW0j8mMng1QdTGY=
last-modified
Wed, 05 Apr 2023 16:30:06 GMT
server
cloudflare
etag
"3d5f63abc7db36507720723f2c0d0e15"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7OBcNr6QqMmZjevue2v7HsTJxss8Edg30lwyj0hm7RzJ8kgtC00wdU20t4WQbCtQ%2FRa%2FT8MTvf%2BRMzamQ%2FV2%2BoKJmrHGwNYC753s4QoaJ2PSy0PF9tGCG1O5QUxMfv8vMILx2ewX"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc334948907c-FRA
d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
no-cache.hubspot.com/cta/default/1534169/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
x-amz-version-id
null
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
1P6HRRNXBR34RMZ5
x-amz-server-side-encryption
AES256
content-length
1384
x-amz-id-2
PU/yrgiVcFE04dIxkIRqpjZ8oDo6C67W0JuQJbev7e7flRPTcVfg0DPiBQVXxfZpymW+xnosOtc=
last-modified
Fri, 18 Nov 2022 14:30:06 GMT
server
cloudflare
etag
"eacaba2cc1bbf4de2a43469ab485d45e"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yPEnAYtGM9552Y9ojxaQRZdMpPKWZqdKZ35VqpQ%2FZUi3T59Q55uV1OnCcF6hbW%2BDYm9%2FiTpsHIlI4gbG3%2B2cPV4W66%2Fo9fHrC%2F42cwByGMessq83jDwgb9PKHcSz2D44%2BiQ8%2B17u"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc33c9ba907c-FRA
c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab.png
no-cache.hubspot.com/cta/default/1534169/ 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60bd6bad64c21fc8b1d3f6bf3fa261780974e6b0489a67a1d02db33fb4c9b7b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
x-amz-version-id
mQywM4EnlQtO1rXgIPZZ_ORcxGxdaqep
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
1P6RY3VYD52ZQNZ0
x-amz-server-side-encryption
AES256
content-length
42909
x-amz-id-2
8qZKMTSiT5aTDQeSO17epqmd8rq00MjKwL8NKTD1EcrcT1gA6RH3LaZNa/ytxeIDrQFF7yf8I2w=
last-modified
Fri, 05 Jan 2024 21:55:07 GMT
server
cloudflare
etag
"52f2133547882c1af4bd99b776191ea7"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w09Nd6oo9OJSY4dknQ5h38qUd6FPjDlc5lz%2Bp%2ByCeRbAZrm%2FwGzn8BEBeI9nAfglRGk2faX7tKxEmEGLW26ZyBEcfHO0J9v0mOLapoGB9n%2BmRAZT7kKhdH6IJxdeYHE0M%2FjhvSsj"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc33c9bd907c-FRA
e098d357-1710-4cfe-8901-19c93de122f4.png
no-cache.hubspot.com/cta/default/1534169/ 		95 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/e098d357-1710-4cfe-8901-19c93de122f4.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5b1ceffda14543118fcc1d2d886fa5049d579ef1d139a7e94efbe9368fa9235
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
x-amz-version-id
a5wEPE_vNxVsuUiF6y0jYUWP_0fr7ZRz
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
1P6N0W87FZ4KXMSX
x-amz-server-side-encryption
AES256
content-length
97240
x-amz-id-2
SEVQgePJBM9BkMXXzF6H8y/zHXgoOcHPBYittIgL+gfhiPS7ELOhJcKjvg6qLbz3HvwHqbhjBFE=
last-modified
Fri, 28 Jun 2024 20:36:24 GMT
server
cloudflare
etag
"a015821c789fe4047a66a1cb79283ff8"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eVElkTLO2xTGr6gN52PskjJrYAXYDhzJo4nziM1tpWec10IcchEuiYf1t%2FHk53G58CdBCdZ86ofZR5zwm7cLCwH95RdhKHBT%2BkZtdTbFETkk5m5qGPNsuxTHOtBKaXW3tILpOskM"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc33c9bf907c-FRA
x_twitter_icon.svg
blog.morphisec.com/hubfs/ 		460 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/x_twitter_icon.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-141944464032,P-1534169,FLS-ALL
age
985335
x-amz-request-id
8WRM4SWKECMCAJXK
x-amz-server-side-encryption
AES256
edge-cache-tag
F-141944464032,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"c7279b34bfee002c148f828d14255c4f"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1698243363640
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 aa89236c3ef628703c4b8322e4ce6d96.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
8OVftkuv4j6Khff8Nb5oAG2Y32IjKCXk
x-amz-cf-pop
MXP64-C2
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-141944464032,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
NSaWf2OaeIC6ic2gvlc/OOz24fl3N9F4EPzJuFYZ9hH1G4UWcbioXM4jMlXhYT54jxD8KrvPh6RhqFb2bxhRbgb0rAeeerVPrbo0oUsRHk0=
last-modified
Wed, 25 Oct 2023 14:16:04 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J1LaaT3ADqw34zJxTn8ynyjStEIWyQzKoLx2Z9F9kkHjTijsdJnIbyRcuK3xo0DJWsxTDNRTa7HF3KhbLnViQKGG9tJJyhWjP4A60NmzKE7G5YqZiSAq%2FhDw7JRmKxHHAszF3w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc33cfb2d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
RuJqV8WYZCnXtGyjw3bXUG-jSNnKTckx0yKJclOPtHOzAq7xvo3A-Q==
linkedin_icon.svg
blog.morphisec.com/hubfs/ 		628 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/linkedin_icon.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-141945428832,P-1534169,FLS-ALL
age
1086961
x-amz-request-id
TYFP0MF99BHRKH1H
x-amz-server-side-encryption
AES256
edge-cache-tag
F-141945428832,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"3ef5ac1f024120437e19fcc4abf556d8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1698243363623
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 c11768c6b1b5ff333d5fbf47fdd112fe.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Bq5Mo6REJV_bnwvIwff4zb93JWXV7_WO
x-amz-cf-pop
TLV50-C2
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-141945428832,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
bu3nkG5dJHDQawPmg/eDNwDf2TYN+81E3S/o8ZEIFEA6ywlY9FXUBgUnmwrI5DS20BslcId9eZI=
last-modified
Wed, 25 Oct 2023 14:16:04 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DQLXDMpYDqLO0%2Fe3Sb5sx350LxQ4feokA2S4%2BWwjwN5%2FuNH85FIlsy6ZpN%2BSr%2B7cV%2B0ifC79I4uK8ZCBRoceLNZuZmt1DYNOb67FvZ8m4Q3tTM72NfQ326oPvlTxuL1SEjnPjw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc33cfb4d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
qNRyK1zrovv5Y23HRo7YkLRy-jADHGKp-I-t67P1sYSYFVjKMp1VTA==
youtube_icon.svg
blog.morphisec.com/hubfs/ 		642 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/youtube_icon.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-141945248869,P-1534169,FLS-ALL
age
1055868
x-amz-request-id
26X0T4VG7HASQPEC
x-amz-server-side-encryption
AES256
edge-cache-tag
F-141945248869,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"ced4da2370fbc2016321a375dbbed68b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1698243363649
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 21f03f5333352c6494e837ba1b3bb6ce.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
sJlFqbLZ7aHbNE_.KGb6N9TqRjJsKyuv
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-141945248869,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
1Kcn9PfLNxvVAY46uQzUUMPEOAaaEfCFYPa0DOUxbOyYk7J+Mx/oEV+62OFZYuBLfa2Z3CKMXdI=
last-modified
Wed, 25 Oct 2023 14:16:04 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=naFT0mkW%2BWMS2kQqlCXy%2BADnuv02OrmOPB0UkF8VpTVubbSfRfP7tunLRkI63rlh%2BqKPkwMz2%2BVrdKNY9arzdTh54MyWv4mtL3pteHIhQKFwijdF%2FdtDA9RV7FpJ3ZnFsq8CSw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc33cfb6d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
m7jQal8GXiESlgSUlkldGVeEE4kialsI9nen0oDR6xAAIn5Cb2l2Mw==
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.971/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.971/embed.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.173.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
x-amz-version-id
1gm1MaaLzWiIBc2FerIVtLdckhSMSaY7
content-encoding
gzip
cf-cache-status
HIT
via
1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P6
age
867876
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 05 Jun 2024 15:05:39 GMT
server
cloudflare
etag
W/"26c40482b55a607cd44486a2958741d4"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NVoiXEPcEelnK8T%2B1bkopsOdzRN1Er0loGF0xoEcuBz%2BnlJvx6NRUjjL82i90sQ9GGCBQgLiOgsmD%2B2Ij87p5pSALyS1mWUfcFafst%2FBpKKLFd7zVXIN6srk2JTIqaDWc0HvyM89Dlw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8bf8cc3549e74d50-FRA
x-amz-cf-id
4KGI5t64pXc0VBpiZlqrGzYDMFRUiAtNY-kZWNgC73HhfnStC05rHQ==
expires
Sun, 07 Sep 2025 18:35:16 GMT
svgConvert.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/ 		668 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/svgConvert.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
698XNMSNT54TC3V1
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"1cb72e618cce9cc73c57265e9b726362"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1680697800276
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
SZXdPmhYHKeWP0u0ggYIHYhJ0L5KYvd5
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
01267464-31d4-43a6-a861-46b187dc5427
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
150
alt-svc
h3=":443"; ma=86400
x-amz-id-2
IAdAsb4P0gUlHIB8qDJ6vO9vidHdokx+OYvyCZk8IFSXmPvWOu+TRQRBS9FPOss1CsunM+ZFR2mXpP5eKsqOzoMu3Wk9xAXQ
x-evy-trace-route-configuration
listener_https/all
x-request-id
01267464-31d4-43a6-a861-46b187dc5427
last-modified
Wed, 05 Apr 2023 12:30:01 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kqyGCBumYOrI1he8zYS5AJlVmSJL7r4OeqVYepvz%2FrEg939MwQ38pnGvqOPqOm8jZbSGFcSIOEFZGZEiM54NAxqZ%2BLqyh%2FDxqenPFtQS%2Fy0PVAU4O6%2B1aAhUvrHwVDU4FsW3Cw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials
false
cf-ray
8bf8cc33cfa7d246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
VhWS-ezXd8eEm7gMkUI885gqB3tN6cHoMIvkE8x2GBzhClX8iEGiZA==
lottie-player.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/ 		359 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/lottie-player.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
94AZXQP6H1KDXF2K
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"9540cac57a5805fdde520bb1869134b2"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1681491232806
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
CTo5DkzSjS7Z2UMEH7W3RDGvw45iU9vL
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
8a549648-7248-495f-8d3f-7b081774f652
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
233
alt-svc
h3=":443"; ma=86400
x-amz-id-2
tSWxL5O/JhGuY8KptJIcP6SZ/lJenpN6YUyt7mNUyxUWCi1UMnh9wcfJWU+PEWdzxBJ+OVa+IOo=
x-evy-trace-route-configuration
listener_https/all
x-request-id
8a549648-7248-495f-8d3f-7b081774f652
last-modified
Fri, 14 Apr 2023 16:53:53 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YW9KLt2sd6CoOrCnLl5kPfTTNqMG6lv0tCMx6UoCatCg9Tsd8umEhV%2BSyxOrv2%2ByXJZTtfv%2BmqfDKrrW%2FHYpQ1rEgubC58lq0k1TVzc9jpL7V39t25lfSKfwiwQ2kPUeTf9pIg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-b2s92
access-control-allow-credentials
false
cf-ray
8bf8cc33cfa8d246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
q4sesnDH8M9-NCQ8PxbfGIpv9-mJM2VckY3CompAjmN1kmnjoDPVlA==
slick.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/ 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/slick.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
KQ9WWY86DEMQHY9N
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"f6085c5be1a35b91955cf9abd5b2b0ea"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1681177460907
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
uoS3eYGmK1dPCzG_bq7yGgNyq7YIozdd
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
ad563a9c-569d-47ec-8a86-55377eb3bc7b
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
185
alt-svc
h3=":443"; ma=86400
x-amz-id-2
AynwRaOHX7BxNqrzXRfB9UinEbhTlY73DVFH8lhhPgzruzZYiI6Ho1ozi8nACGXUsSTqtgKa3QGr9C4hKhYpND669u704Ud5s70dc3Q/hT8=
x-evy-trace-route-configuration
listener_https/all
x-request-id
ad563a9c-569d-47ec-8a86-55377eb3bc7b
last-modified
Tue, 11 Apr 2023 01:44:21 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S1L9tBd6bYoqFSaZHRN2dfkyEfSAE3o2bQhczmD9BP2m0BGVyeVGSQ4CiDw887Kc5VLyPVW6X2KuIct72b8tnhZyevMsVUmhLNz5ow9mzK0%2B8K2c7W0eHehQPF6F1Qedvig3gA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-bkstl
access-control-allow-credentials
false
cf-ray
8bf8cc33cfaad246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
3-JYiNIbvNyHqxQswK3eVYBUoPPLoa4ooe_6jJEZ1Mh5wuU9Sn-7aQ==
module_109590708858_Header_-_Global.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666704342/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666704342/module_109590708858_Header_-_Global.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b28f2758dd0c48fa0e8e33ccfee02f1b581b93484aae2af63190df3d4bcc068f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
FDBR0KY1X16R5WE3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"48cafa9929e94f1a90da5d8bff870b98"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1718666704342
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Z8bW_Nc0jF3khU_5_zx9kQwF.kZyIvdN
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
3bbf2536-c00f-4eda-8720-702b9ec563ae
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
111
alt-svc
h3=":443"; ma=86400
x-amz-id-2
PrlT5tieoDSP31zHlaSifKdlhgRqb1EeeIrUNEm9cCJc0oFivoyojuk9lROT6WxNzpAEsUaqhZ8=
x-evy-trace-route-configuration
listener_https/all
x-request-id
3bbf2536-c00f-4eda-8720-702b9ec563ae
last-modified
Mon, 17 Jun 2024 23:25:05 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rZIlAQDjrdJFvIMWuk05fA3jkDjGabEx%2Bt8DnkzgINl65F%2F%2BmDqudIlTaWpPv7yTbt7P%2BEGX6xv58bizScPdN3dB2ZQ2IfPt5zZf9OTjRyLZ1yoa6RhLlc0hz0pNVWyp%2BIPo7g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials
false
cf-ray
8bf8cc33cfadd246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
b4Mu_o4GrlMjBlDUUV3O2HWpyIsI3GVU9PVkZL1GhlqZLwIj20sKUg==
module_-2712622_Site_Search_Input.min.js
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1725293204846/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1725293204846/module_-2712622_Site_Search_Input.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.91.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
br
age
440773
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"f9134a973469f840bf03f740af92c65f"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1725293204846
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
39a5c8c7-ab02-42ce-a542-3e3d05188ac2
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
190
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
39a5c8c7-ab02-42ce-a542-3e3d05188ac2
last-modified
Mon, 02 Sep 2024 16:06:45 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SMZXFwj%2FtY%2FfaM0Nvgji5Y2un4v8i%2FTDwPM9dwgWGvgNFyNSDETK1TqHpQfMDDLV9jBkC5Z37l6aAh16h6r9KJoZF72bQt%2FqVOiHlAPiNDVejpEdVzbS5nf9qF%2Bs4rYD4ms%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-6748d4cfc8-c5nbr
cf-ray
8bf8cc33c80a3722-FRA
lazyload-min.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/lazyload-min.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
60PS19102AHKFCP6
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"67744f609bc5dbc8a0fb9fe0d5005f25"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1603042259630
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
4SGyaLwa93KERwdBmZy9UM4.3aqx9djg
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
9bf7a7d5-5602-45ba-8285-d8c3d4479514
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
175
alt-svc
h3=":443"; ma=86400
x-amz-id-2
cAeQuoUwECAA4f/+kiXZnh5GEPWt7H1rfslH6cel92fTXi5ZTLJ1WwV2c/pNTLW+PkOLEM6B77I=
x-evy-trace-route-configuration
listener_https/all
x-request-id
9bf7a7d5-5602-45ba-8285-d8c3d4479514
last-modified
Sun, 18 Oct 2020 17:31:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vNlFOLkmqFer0m%2Bv4biLGtqvOZAtYi25P4C2lM2Od7%2B4k0%2FoBy4LzZ0OE4XxgQVVMt%2BglMGgOhPiDJ%2FkqQ88IAGCPhf9bJ%2B8MpXi4CwfITGA7JluBhggBM%2BZAp8FiAJzF8nfxw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials
false
cf-ray
8bf8cc33cfb9d246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
KTRZJ3Gc_LRn-iY3ylcKpNwXelQ5fxlEt06gBwhmVs6xbDkPD4-60Q==
vide.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/vide.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
P553ZQM2EDM003BS
x-evy-trace-route-service-name
envoyset-translator
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"901e2d8fd2af243d3d8dd68e38fa22da"
vary
origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
xCDhIWpBzbsqxgnqK8jsUmPM_UWe2ml.
x-amz-cf-pop
IAD89-C1
x-hubspot-correlation-id
37796c96-5e20-4cf0-88ad-bf5811a7b1dd
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
129
alt-svc
h3=":443"; ma=86400
x-amz-id-2
m9+ocZVcws9zVZDj0asaWb2T2WcBVAAlFwgzs44Z/7I2fAiOy64BXwLTSyeghS5WQ1QgGQzQIX/uWPwNrGrtQdsCi2wmCjHH9qCmcqIO7Ew=
x-request-id
37796c96-5e20-4cf0-88ad-bf5811a7b1dd
x-evy-trace-route-configuration
listener_https/all
last-modified
Mon, 30 Sep 2019 05:35:31 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IhygyPuvpRSFSX3pntuuUKhWILItwnSOmGVEFPJKCYnYMRzX07feKHKLF%2BLu9Wif9Ld3y4NWRc4wa1AsOY%2BpilT05zf8%2FAGZn1e2%2FGxRqseSmh%2FWL%2BdC7uYb5e%2B1BrZtnn6KjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials
false
cf-ray
8bf8cc33cfbbd246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
4ItJp3PfHLfMrhvGpK4oO20n1LEC4fWIBJndtnCWoMnuubn3twUl6w==
magnificpopup.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/ 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/magnificpopup.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
JZ4R1M0XEN59HA08
x-evy-trace-route-service-name
envoyset-translator
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"ba6cf724c8bb1cf5b084e79ff230626e"
vary
origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
AenlXmDNTXiJmWpCG4hF_X9US4k8ofw.
x-amz-cf-pop
IAD89-C1
x-hubspot-correlation-id
400f9d7d-f0e8-4a64-9652-58f168564b84
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
168
alt-svc
h3=":443"; ma=86400
x-amz-id-2
0cA0WNlFy3YqnV/Wwyzzevo6F5wNRCbNKerUxaoWEKoMN2yGcOHMM/QaCZWwxlIxC7cl2qMMGv3IaLeeGb6048ASKAg58gtLLcpYn7wT4uw=
x-request-id
400f9d7d-f0e8-4a64-9652-58f168564b84
x-evy-trace-route-configuration
listener_https/all
last-modified
Mon, 30 Sep 2019 05:35:31 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uRGIgXR26o%2FWPPS4fTXLdyT7TvNUIUC7Mve0IbofZ7yq3LfGvu6c67HMJr3yPOf8FobF6mLv3sY8AZ7MbtPjX%2FFibLHC0PHmryzKhwLak5i%2F8GDYWm6yky7g2tN42i0jL%2BPmZg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials
false
cf-ray
8bf8cc33cfbed246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
kvL9MeMyffF68A12pT9uh7ugo0WYPyoQY4vzKZuFAg7tZiNBoPBtww==
Morphisec_Sept2018_script.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/ 		166 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/Morphisec_Sept2018_script.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
05HFDXQACQVE2B7R
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"f7327c38d9f5aeef245b0ee300152178"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1671716922383
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 281687fdef6568ba75a1a090e3b48e2a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
YMjvkoc5EhQ12za.7KqifcSwG8LKYS3S
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
88aa4c7f-b0cb-4822-b1e2-c96817bb4c95
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
143
alt-svc
h3=":443"; ma=86400
x-amz-id-2
62Hdv0hS1Gdom23p8bdVYKUGo+lPPq61WBUPfWSswTkFCYS/mKJhQ6kzUEqzB0ji0UKnATDQLCI=
x-evy-trace-route-configuration
listener_https/all
x-request-id
88aa4c7f-b0cb-4822-b1e2-c96817bb4c95
last-modified
Thu, 22 Dec 2022 13:48:43 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PoMeROKykGLsbGpXe7Dr%2FPo9WkrHdohzdf5RsxK1k6JWZVe4VK%2BbA%2FRBsNg5nOnocAHv8VHsTavYYYa%2BrBg%2BA82o3mIPevOUgQ2mylPGq6XIzonIpBZqjF2n9ctjUrsMogoJSw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-vj5j8
access-control-allow-credentials
false
cf-ray
8bf8cc33cfc1d246-FRA
timing-allow-origin
blog.morphisec.com
x-amz-cf-id
3xK2UoqrHaC-0frIP2wYWwJORWrBjkorFzKCyEjIA1hHOF2rK5qpfQ==
1534169.js
blog.morphisec.com/hs/scriptloader/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/scriptloader/1534169.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f58a1e13d92ede8811d5fda062de5e517fea3b6b2456426e70bbc55caf54c9d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
047e4377-36e5-418d-8c31-3242996fa949
content-security-policy
upgrade-insecure-requests
x-envoy-upstream-service-time
6
alt-svc
h3=":443"; ma=86400
content-length
703
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
047e4377-36e5-418d-8c31-3242996fa949
last-modified
Sat, 07 Sep 2024 18:35:16 GMT
server
cloudflare
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-58bbf9c46c-9rlnn
cache-control
public, max-age=90
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7dpfu5q%2BVBHAVYVteEOk6fAU9AaonyqnU22D31VVJxF9G6aq4q%2BBAHZOIPw51hM5K1PghSt%2Ftggm8y%2B0sZuCLMHbukYHpfvNICBTudxB8HUc6il6JTNc9HrSaXKEukuTPaAkCA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8bf8cc33cfc3d246-FRA
expires
Sat, 07 Sep 2024 18:36:46 GMT
index.js
blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
content-encoding
gzip
via
1.1 b2340053ff948864db4d5e3c0ab3f3ea.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
1379838
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
content-security-policy
upgrade-insecure-requests
x-cache
Miss from cloudfront
x-amz-version-id
O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 21 Aug 2024 20:24:20 GMT
server
cloudflare
etag
W/"3ef0deda0631561665e95645daf500a2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XIKTffUvcIVBJIfr2y0VtH9t7EOZbOHoVhziaCWdTA6TW%2Bvqr4gzxTI9p9DHccuA%2B6SWNb%2Fa6ojKamfWMqu3otz3lgwzESyTEXRIsZCwYrTs0qiaTeuF%2BcCCzi2BuRR3KuxBqw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8bf8cc33cfc4d246-FRA
x-amz-cf-id
XkjYDcbQn4Wnk7ON60BrRI9ITI9ADYYIjU_nGEphN4iS_-uzV9NnvA==
expires
Sun, 07 Sep 2025 18:35:16 GMT
gtm.js
www.googletagmanager.com/ 		326 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
86edbb9bcaeb16e5c5eebf6a276d512fb36f174ae2158876937d79beb2377616
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110212
x-xss-protection
0
last-modified
Sat, 07 Sep 2024 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 07 Sep 2024 18:35:16 GMT
css2
fonts.googleapis.com/ 		57 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1724090786853/2023/CSS/old-style.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.170 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f10.1e100.net
Software
ESF /
Resource Hash
f322afdaf7184e4ddd7fca589f89cdd7e2e2721dffbf8abed7cb1eca88b0915f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1724090786853/2023/CSS/old-style.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 07 Sep 2024 18:35:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 07 Sep 2024 16:51:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 07 Sep 2024 18:35:16 GMT
Montserrat-Regular.woff2
www.morphisec.com/hubfs/fonts/ 		64 KB
66 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-Regular.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
Origin
https://blog.morphisec.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-109620535302,FD-109627043208,P-1534169,FLS-ALL
age
1108925
x-amz-request-id
QF752DVVXMH3NC9N
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109620535302,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
"6b8307d4d485772acfa7afe8265fb942"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680693119101
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 2ca4ccff3a1366a36e81c34e56cb1296.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
nSDGlIqPXu9uV3l2fdqqNA5m3fzDIOo2
x-amz-cf-pop
TLV50-C2
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109620535302,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
65900
x-amz-id-2
WR1ap5OBLTt8YbkvW9NcdxI+WRHojo0h9IoBpXzWYhNHXtBITHuFcIdRyyAT/d9Px/SMVWok1sk=
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Msz8kvCWArBJYZNy9ltP6CIizKQ%2BxVyNe8hMFQF5Cy4QJcRZx6tflR7oAIkD9JaB3WklbOFyYGQNaLVm0FupSU4AX1RsCmxrKLTXCcoTjzHgiiFHEBRp2IbUNRdBA3UFA%2BPp"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8bf8cc36d97392ab-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
M0dh9sbmRC2ljELj0ebGZafoyWubU8dgAwlp67Wy7Vpc6imBijPWTg==
3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
no-cache.hubspot.com/cta/default/1534169/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
x-amz-version-id
ulKQMNoMzME6ZWTBPDeq_A_qJjzsu_Xz
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
1P6TR384WRV27Q6E
x-amz-server-side-encryption
AES256
content-length
1631
x-amz-id-2
K1YQLviB2TXWBFmg1X1kNPyi54d1zuZV0vfpzrNaEgLoNyyWFnIuCYM7UkNTno6/zGhx78CChmk=
last-modified
Wed, 05 Apr 2023 16:30:06 GMT
server
cloudflare
etag
"3d5f63abc7db36507720723f2c0d0e15"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66ahoJBptmAFTfsh%2BlpQUzr%2Befltfug4GlER8Qg2%2BkSeQuKVjAzYQx67YAUNgBiDg1AA4wx8lMHn9dGyrWfrfUFp3WVjGWDkGe0CcuUhjeKwqepezti2uFj2yVYckYleZ5BNdGRp"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc361bdc907c-FRA
d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
no-cache.hubspot.com/cta/default/1534169/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
x-amz-version-id
null
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
1P6SFESG9CWQXQFC
x-amz-server-side-encryption
AES256
content-length
1384
x-amz-id-2
uTWtx8JtJt6dpU+DmDYroHiWw3O1QT6KyECurFYJ2bSePOWEtHBKV29wVxXBq9Wh4Du+pJqFzEk=
last-modified
Fri, 18 Nov 2022 14:30:06 GMT
server
cloudflare
etag
"eacaba2cc1bbf4de2a43469ab485d45e"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ktSIHLvErfB5wHmD%2BlqhoDsmERXQQiPpSofo6jONmPTdKo%2FCAboI3Fp6Mx7b3AGU9G25MoY0bsR5we4kIeQ35wBRCfZ3T0wkvVVGGwDBAIrUaDQRi38nu4tcYEQS3DI2BX%2FOnlGB"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc361bde907c-FRA
arrow.svg
www.morphisec.com/hubfs/ 		271 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.morphisec.com/hubfs/arrow.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/module_109590708858_Header_-_Global.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109679247133,P-1534169,FLS-ALL
age
2577416
x-amz-request-id
DGM3C20P5M81091V
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109679247133,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"4e0f4888e02de418e83ed88b0fb6b77b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680710835406
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
NbewtlYhb0U79FAEY4s37zmrf8HRhCTq
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109679247133,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
XznczusmuAeeXUaQgOg1drfIEq5byIySL5eGWswE9FnFmYlHUWAEVKrIv9CGA1goyNmGGf3r6kk=
last-modified
Wed, 05 Apr 2023 16:07:16 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wXPqAtYKgxiQxR8VWq7jL2X1foHYWYGkqrJSesrTEOfm36I8Z85S%2BdTFvYgOsbufcq87BnDgHQ59euvH1MRTEEuDduM9KhVAWUXQGdTujrAEdVn6d5pfZokG0hNJn3tkQjeP"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc36dd4d30f0-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
0ZGbNRrvf5m8dtY7Gkh-MqbRc0Tk2bLAyicnKGsPQWZxVK4dchyNaw==
arrow-white.svg
blog.morphisec.com/hubfs/ 		349 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/arrow-white.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109627044436,P-1534169,FLS-ALL
age
1126513
x-amz-request-id
B993ACPCBVFYZX7M
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680694543135
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 88fd4dc311317996718ed4ed98e5cbda.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
DhmZon6VXdqvv20hJ5XyMNhwviLhGkZ2NzUJrzHDTT7zWaUogc+VWm8/GhMMIhWNn+1TKqwZrxs=
last-modified
Wed, 05 Apr 2023 11:35:44 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eQqa0q%2BVDmmtJ5VO8L4aFdZgV%2FEiHyDaFiaoiXuP5cW0aDUGj%2F3FPx2lAFPYewwnbOaWKC%2F%2FN14wy%2BLIoIQE4%2B4VGL%2Bg3WsRFsTKWAG3g2eP79I96x8jbBI9SEwwP0Q8AXlc3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3629b1d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
wokRsTvy2Ql4pMcMO4UvxE9gm0t0o4cKhsALaeAoq-JNicDXKp3GAg==
cybersecurity%20threat%20research%20blog.jpg
blog.morphisec.com/hubfs/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/cybersecurity%20threat%20research%20blog.jpg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-129397473892,P-1534169,FLS-ALL
age
510403
x-amz-request-id
D52Y33DEVT0DYBFC
x-amz-server-side-encryption
AES256
edge-cache-tag
F-129397473892,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="cybersecurity%20threat%20research%20blog.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"2b7b7ed7eb036c12623f2218a7bab31b"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1691668529263
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 a5607d37f6322bee208b762f730550a0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
c0ZTjM3EuQi57sUJlqRjc9N65oFUDRbx
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=26491
x-cache
Miss from cloudfront
cache-tag
F-129397473892,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
3770
x-amz-id-2
IfTa2ffBEa/F+VthK+DahqEgGZUNkOtZ38Hs7Lb7TlZZ3IA+aW6pe9hLxqCLz+YwHXtz5c9L33wYWtrIh3ofjA3QUboVj73p
last-modified
Thu, 10 Aug 2023 11:55:30 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vDKFEmUWkPZZCpDj1xcOj3eh9P%2BswzpGoTfYC2vy%2B6qDsl5P5wOid7oWZu%2FpLVldrUtO89jFrMscRweRmS2Mo6%2Fvw2sedrJVzCpBwmq2RU4HrdT%2FreaK30QwOY299iTTmBrlWw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8bf8cc3629b4d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
UrEaiZdDtfQBMMTofmXAxrykcBnoBkdq5FxjTs0eminDRYELz-hjHQ==
footer-bg-01.svg
blog.morphisec.com/hubfs/ 		1010 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/footer-bg-01.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-110476466060,P-1534169,FLS-ALL
age
719259
x-amz-request-id
RT29ECE2Z0YNT0NH
x-amz-server-side-encryption
AES256
edge-cache-tag
F-110476466060,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"2ede0c7ada32266a0c611cfc210050ce"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1681221340353
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 6dcc6937cfa978a65f9d5d75296b24a6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
_gIdfKK3n3930Ooq3mAnm0BVYetLtdSX
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-110476466060,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
QsIkAYdDcAZv/HMahu2ayW/F4YcrfUL5AcXxyNfBXKZKwYUpqQAoiLPGDIXkFlXpblUBkN1OYfA=
last-modified
Tue, 11 Apr 2023 13:55:41 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tMLIR92vHTs4zrcEt1xwO1VKgxOX6W8qNFUlCqr81YgSDyDVgulvLuP8Te4sQ9PHkKNdT51hbX%2FTqcOxm3V7JoNlWFNvezo62WNS3VNNruB5OapWzB7cUNLtyi9VViWcKktZow%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3629b6d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
d5DdplYvxWAKqnA_r0f_s_iPojBkULKGA-SEwq-gedP_qo5yBcEFYA==
Montserrat-SemiBold.woff2
www.morphisec.com/hubfs/fonts/ 		65 KB
66 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-SemiBold.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
Origin
https://blog.morphisec.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-109621325689,FD-109627043208,P-1534169,FLS-ALL
age
1108925
x-amz-request-id
B8MT4E33ER83MRE1
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109621325689,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
"09e9af57c990afbf2833f00d90880b6b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680693119436
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 d0a36dbd6f5cc87855296f2852cab3ec.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
N4AY2AcWVnuw91nHKeLaBhsvto1u2FqE
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109621325689,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
66104
x-amz-id-2
Bx6GwT9mYLhuv62Sa3bGCvlpCGg87eOQFGZ+ecaQmWtEU/vWQeSUSD3KpnDJ/GsRi805wrDIvg0=
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZVomzM0ilD8Gg6m5LM7oQWsMG%2Fv45LnEg8SLpPbYvSLemNk%2F1PCofPEySnfK3%2FXvyOqFXm3FhGR8Zfbm9bHZot3BcEQQpsGxT5U7WkFHcNdTzLL4p8UhtPbICA70LIo5Lvd%2F"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8bf8cc36d96f92ab-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
f99STKip3cvnyReb6t884zAvgXGoXQ0V5P2DzuxEUJZGpwHlmF2R9w==
Montserrat-Light.woff2
www.morphisec.com/hubfs/fonts/ 		64 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-Light.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
Origin
https://blog.morphisec.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-109627043216,FD-109627043208,P-1534169,FLS-ALL
age
113016
x-amz-request-id
CRGBZ51FD0DJ6GPR
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109627043216,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
"aab897981ce728bf9faaf8d7e9273e82"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680693119255
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 d0a36dbd6f5cc87855296f2852cab3ec.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
pc80gFZ4d8MJD6P02C8Utp.DAeRoai1s
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109627043216,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
65268
x-amz-id-2
HN5+vB5pdlECNfPiIf/NmpNKNd0TGXblLxw5cJQ9HbiTazf0VtoGTf+XUDSZP7rMyso5rMbC4zk=
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=axbFbNwjqgA5dC1DqV8YrdWTa0MDt32PIAbMGDmLSLBx3DqpIEgpSU2Sq2h8l9VR8gf6RffJ9QUwiDcnjDD3uCu6A8HFxalwTEpUDHvgFedNTsB3mDdnXPDn5X877gZL7uY3"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8bf8cc36d97192ab-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
Xa51RDjpTu1V8GdmFfN0qi9W5tbgFFuDeh5RJKHgaUYaaEptFyIVzQ==
Montserrat-Medium.woff2
www.morphisec.com/hubfs/fonts/ 		64 KB
66 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-Medium.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
Origin
https://blog.morphisec.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-109620535301,FD-109627043208,P-1534169,FLS-ALL
age
547748
x-amz-request-id
0E8C2Y0VAZ8QCQJE
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
"16c1a5b7a2037ec2bad9740c8b0ff8ee"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680693119004
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 dceb2203c0e4cc18a811828605c8767a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
FUjuK6I4k.9p.Gx8MyhsJW6pvpTlo4q4
x-amz-cf-pop
TLV50-C2
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
66036
x-amz-id-2
0FyMxgXj76emgltAdDrLYael/qvWQjuE07x0+zwXW1E1nowqa2s6fWsvmSr8bSD7CKiUJUSbJ2DScDKm323Q6A==
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bmed8Fyk1uC4Wnim9IJLwIKWZNftuvTYLk0Oy40BGo%2FtnHErCE5VPpW8pf2W4Yh%2FmEqIq%2Fmbk9J8x8jvoYIk5iXFeA08i9CsitXbuO7eWvqXGoqClvrv%2BFw%2FwGCRKPHHpXMM"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8bf8cc36d96d92ab-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
AZ6NJSLL2b0HgEugq8azQp82ROYT7dQfZlOH03ViTM2rblRym_6gxg==
Montserrat-ExtraBold.woff2
www.morphisec.com/hubfs/fonts/ 		65 KB
67 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-ExtraBold.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
Origin
https://blog.morphisec.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-109628007973,FD-109627043208,P-1534169,FLS-ALL
age
560541
x-amz-request-id
JY868YA2DM0R30MR
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
"4e861b47db165af12ec0447c91b0167f"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680693119362
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Ai1BLbuGpLfH9Dc8qMneVI9MZINf4ZFA
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
66876
x-amz-id-2
PSBRwsznxLqY7ZO6gem7gOq5a5ct5LDBvJXNrnFxoCpgZXUH4ojT3ya0/6vx4iXBfHNrYdq93jrgL2okyC1h1d+K2SccjkuTGxntQv1iZ/0=
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ImQKfxt1VrRlrT%2FAeTk89CpcdDJhUZJ245vjNaLDueJLbxsM8HXrDgu1E77avApZptshDjdi0uUVrarcJs17WRjhQ4bhK2%2Fru0jJU8gF58hf8E3f%2BxhztquF16%2Bb0lXBxzfW"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8bf8cc36d96a92ab-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
r7WAG0TSPiHT6MebdPhg-iGXL8LTG1DKCUliBIdp3KmdTG0q5Gajcw==
search_icon.svg
blog.morphisec.com/hubfs/ 		350 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/search_icon.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109619762806,P-1534169,FLS-ALL
age
824711
x-amz-request-id
T7NYZ48ZAVEBCQHR
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"3d95f4288550b5cf8de25c3fedbd715b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680691466397
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 98845fbd1cb14abbe9d464a4caf17976.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
7HVBQx6wigYnqpbVzLxHr1a1BnyeY9+d3QZ7GxvTmXJOCJLop0q7NgiOOFPk0owusyqdxVKIgAA=
last-modified
Wed, 05 Apr 2023 10:44:27 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4zZC%2Brjnw20Km%2B2PXy5Igp%2BVwBHgcdNTuE1nAXUGOaQEaWz%2BXyskJv65cCbNBzqZJtcAPAwjtvXZ0%2BT4Ys94oYssstJdj7YeO4I8aivSzY1trDEDYj%2F477klHvFEATcJPUyiKA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3639cad246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
eqyILfumYEYt6yQ8oA6W8tyTGZMBsQVGy-ysSwIAQ_b6Fw8HY2j7tw==
blog.svg
blog.morphisec.com/hubfs/ 		797 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/blog.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109682604959,P-1534169,FLS-ALL
age
1126513
x-amz-request-id
B993HD26H9BFG5P2
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680711424510
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 e7901684d85170d527aec3a64956def6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
7wGF+tCyV+ABrQCiNiOeZcPimbokIgoNTIRmTx2/3nAZjv3Tf+gwsXOd4YsjXgWRvw+/5WFwR/Y=
last-modified
Wed, 05 Apr 2023 16:17:05 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=npMyn0UEWEfeeOQNUj6bLsOdu9g2%2FpXWUPICtgMWVdKJitlzEQwgQQ88inoDxLtQr3bi0M5tsN9ER%2FvQzzeVfD9xy9AyTd%2FyrjguIC59EXYIhptsOMWb5x05LW%2BPZjtyuZ51Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3639ccd246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
CLJG7_tBXiK4NFwnP8LcVwgF33Dig40rjKU1RqX6LvEdj4LqMeKUWA==
Cicada3301%20Ransomware_1200x628_v.1.0%20(1).png
blog.morphisec.com/hs-fs/hubfs/ 		175 KB
176 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hs-fs/hubfs/Cicada3301%20Ransomware_1200x628_v.1.0%20(1).png?width=1200&height=628&name=Cicada3301%20Ransomware_1200x628_v.1.0%20(1).png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
af7dd046368b5af76d606a0d986a21ec8bf987b968ed73f638427e95fb792d26
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 b77e6c4c926acdb5c1a30b7465e6750e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-177274770203,P-1534169,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
178856
cf-resized
internal=ok/m q=0 n=854+134 c=0+0 v=2024.8.1 l=178856 f=false
last-modified
Sun, 01 Sep 2024 13:06:27 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfy9OQ9RGCMgd_nbJFT3tAtN8xP85LQoHV409H_JZsDQ:190fb9bccb5863069578a84644d96c6f"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jCQoD6Xbbxqf2RwOCz6shdOOCR0T4iVpZNP8AAjjUCVD%2BIrqRUwU32BK%2F5tBkjxAVjh%2BkXdQuTanofSvRtma34YZwFWHzYC6OeTtbPqGMoN5nWIggb4KoZyVLUBbam3l0mh68g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
8bf8cc3639cfd246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
Welcome-to-Cicada3301.png
blog.morphisec.com/hs-fs/hubfs/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hs-fs/hubfs/Welcome-to-Cicada3301.png?width=683&height=199&name=Welcome-to-Cicada3301.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f4e0fe15923669c401019d7a3d796f1ae840e5727cf10add444d7e507f6be14
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 a991dcd8f589d8cb7c64929ec2a499b2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-177263451736,P-1534169,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
37364
cf-resized
internal=ok/h q=0 n=17+31 c=1+30 v=2024.9.1 l=37364 f=false
last-modified
Sun, 01 Sep 2024 08:24:25 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cff6cgVh_qFn7a6ApzYWBUkGdMVqqU5SK_04DCr-aADQ:4593a7456eea52362f6eef923c4aed9d"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2BN%2FmQDYulMCak%2FxmZvlYTzbSipCaBvaE4Smb7GC%2FdNKxY4NdGt%2F2Nwh8LIQgT2UcKXTS0mjWMlIg1XS75a7xHROS3LXwVELQkDIdDTblRDo3X9NQeSsHteyMqd7JCbE38L5sw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
8bf8cc3639d0d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
Cicada3301Message-ezgif.com-png-to-webp-converter.webp
blog.morphisec.com/hs-fs/hubfs/ 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hs-fs/hubfs/Cicada3301Message-ezgif.com-png-to-webp-converter.webp?width=780&height=520&name=Cicada3301Message-ezgif.com-png-to-webp-converter.webp
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f36c754ab4ef940685e8c1ae109278b2650dacd780224f7da02d6da0d9aaa64
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 1903071a927324e2fb28199ee96c4bb2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-177081999793,P-1534169,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
42844
cf-resized
internal=ok/h q=0 n=36+9 c=9+0 v=2024.9.1 l=42844 f=false
last-modified
Thu, 29 Aug 2024 18:51:19 GMT
cf-bgj
imgq:0,h2pri
server
cloudflare
etag
"cfYNn_mmEuhGJhALedfHjvtcXX77r0ZmzPgUg5xrqjDQ:35c864b1c8e40a1daad168d814de5c8f"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CujVOcsKgcqinqwRtJyF5g5WCg3UiFu7adj6AwMksqCeIkqRk7akfpfj%2FfhrbONGvIWLcROHcWQy852ojLVCwfyCJfODXqtLwNjwqhIzxCjG8GWW1WM3gu76eSLgeVNavXWmuw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
8bf8cc3639d2d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
json
blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/ 		11 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/json?hs_static_app=forms-embed&hs_static_app_version=1.5999&X-HubSpot-Static-App-Info=forms-embed-1.5999
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c582122fe84d98e7ea5d09a33753359544b2cfb4e0e169e6ad72b92435c8c86
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
0dd3f296-9b36-49c9-a649-4166c528496c
content-encoding
br
x-envoy-upstream-service-time
25
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0dd3f296-9b36-49c9-a649-4166c528496c
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-max-age
180
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-99dcv
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X92gOaJtaQLOXq0D%2BZMmtvPtSNt%2FwZfTjma7DsiFW2sa9yAtDCeNWREEYdDavte%2B6%2FAyRyzUAceebf5MEalU%2BPfRSZ9pXfIpTpT1rmKN1deMtCNp9eaDiQWGnvR5QlWpsNOdtg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc367a0ed246-FRA
access-control-allow-headers
*
x-robots-tag
none
insight.min.js
snap.licdn.com/li.lms-analytics/ 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.155 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-155.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 22 Aug 2024 11:06:54 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=55302
accept-ranges
bytes
content-length
14628
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
content-encoding
gzip
last-modified
Thu, 04 Apr 2024 00:26:35 GMT
x-amz-server-side-encryption
AES256
etag
"bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15412
x-served-by
cache-iad-kcgs7200164-IAD, cache-fra-etou8220076-FRA
sl.js
scout-cdn.salesloft.com/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.71.105 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-request-id
B3176Z78EANBPVQH
age
801
alt-svc
h3=":443"; ma=86400
x-amz-id-2
apHh79nw7eX9iv/HSLSUn6lPecFQGfyUiL/VFJCZHUaqku8XlPk5GsazVs2NoBil/ckI1wvUwLo=
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
server
cloudflare
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
8bf8cc380acf3a7f-FRA
expires
Sat, 07 Sep 2024 22:35:17 GMT
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra5.fbcdn.net
Software
/
Resource Hash
9de5761fc6870deefd28dc5df2f67f6eacbc99bb2a04a8e3f6eaee3620bcdba0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 07 Sep 2024 18:35:16 GMT
content-md5
jLH3lZwhLrX4tFh8gctioA==
document-policy
force-load-at-top
x-fb-server-load
38
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1685
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=107, rtx=0, c=23, mss=1232, tbw=4278, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug
2ClzUDykAPMzzRDf9DAnbEqOuCdaTqGSJIz4eYieOw8ByxMzr+weVEZDbujhEL18O5IB/IAbpTmp/3/umowZcQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
3e9cf7e9a65bfd0a0f1297d711782a31
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
etag
"2a77e6e43bc630143f30907c2657cbf3"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options
DENY
timing-allow-origin
*
priority
u=3,i
expires
Sat, 07 Sep 2024 18:46:17 GMT
widgets.js
platform.twitter.com/ 		91 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668A) /
Resource Hash
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Sat, 07 Sep 2024 18:35:17 GMT
Content-Encoding
gzip
Age
1283
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
27597
Last-Modified
Mon, 11 Dec 2023 17:20:28 GMT
Server
ECS (frb/668A)
Etag
"824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=1800
Vary
Accept-Encoding
has-permission-json
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
701 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=1534169
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
no-sniff
cf-cache-status
DYNAMIC
x-hs-worker-debug-mode
false
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
9f8c5c36-a781-4768-b883-b5c1b1b7ecf6
x-envoy-upstream-service-time
4
x-evy-trace-route-configuration
listener_https/all
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=8bf8cc369c3c907c&resource=unknown"
x-evy-trace-listener
listener_https
x-request-id
9f8c5c36-a781-4768-b883-b5c1b1b7ecf6
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-nvswq
cache-control
max-age=0
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
cf-ray
8bf8cc369c3c907c-FRA
postlisting
blog.morphisec.com/_hcms/ 		11 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/_hcms/postlisting?blogId=3742504875&maxLinks=10&listingType=recent&orderByViews=false&hs-expires=1756904475&hs-version=2&hs-signature=AJ2IBuGbBz451qo_7MS1P3r_vQcVnCtxJw&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a35a931442b38053d80e19c7725fcdc8bbadd1924f074d1481cb5220d638f23b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
39c9ffd4-203d-482a-90e5-f00e11be5e8d
content-security-policy
upgrade-insecure-requests
x-envoy-upstream-service-time
22
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
39c9ffd4-203d-482a-90e5-f00e11be5e8d
last-modified
Sat, 07 Sep 2024 17:43:50 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MlkDN2jqRp3XyD0PWsLt%2BDzW8RjyOJpPsZoLUY7sMMFETrCc2bOOgz03EMA0jg2J2BO8%2FH25AlXck%2BOFBKtwcRMiTE4ruqRHf1Gd4VkyPfVeeRjZegRKeHi7qNvrGW1aAWuWjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
x-evy-trace-served-by-pod
iad02/cms-10-19-td/envoy-proxy-cc6445dd6-82mjj
x-evy-trace-virtual-host
all
access-control-allow-credentials
false
cf-ray
8bf8cc368a21d246-FRA
x-robots-tag
none
arrow-white.svg
blog.morphisec.com/hubfs/ 		349 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/arrow-white.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109627044436,P-1534169,FLS-ALL
age
1126513
x-amz-request-id
B993ACPCBVFYZX7M
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680694543135
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
via
1.1 88fd4dc311317996718ed4ed98e5cbda.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
DhmZon6VXdqvv20hJ5XyMNhwviLhGkZ2NzUJrzHDTT7zWaUogc+VWm8/GhMMIhWNn+1TKqwZrxs=
last-modified
Wed, 05 Apr 2023 11:35:44 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eQqa0q%2BVDmmtJ5VO8L4aFdZgV%2FEiHyDaFiaoiXuP5cW0aDUGj%2F3FPx2lAFPYewwnbOaWKC%2F%2FN14wy%2BLIoIQE4%2B4VGL%2Bg3WsRFsTKWAG3g2eP79I96x8jbBI9SEwwP0Q8AXlc3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3629b1d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
wokRsTvy2Ql4pMcMO4UvxE9gm0t0o4cKhsALaeAoq-JNicDXKp3GAg==
arrow-white.svg
blog.morphisec.com/hubfs/ 		349 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/arrow-white.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109627044436,P-1534169,FLS-ALL
age
1126513
x-amz-request-id
B993ACPCBVFYZX7M
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680694543135
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
via
1.1 88fd4dc311317996718ed4ed98e5cbda.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
DhmZon6VXdqvv20hJ5XyMNhwviLhGkZ2NzUJrzHDTT7zWaUogc+VWm8/GhMMIhWNn+1TKqwZrxs=
last-modified
Wed, 05 Apr 2023 11:35:44 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eQqa0q%2BVDmmtJ5VO8L4aFdZgV%2FEiHyDaFiaoiXuP5cW0aDUGj%2F3FPx2lAFPYewwnbOaWKC%2F%2FN14wy%2BLIoIQE4%2B4VGL%2Bg3WsRFsTKWAG3g2eP79I96x8jbBI9SEwwP0Q8AXlc3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3629b1d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
wokRsTvy2Ql4pMcMO4UvxE9gm0t0o4cKhsALaeAoq-JNicDXKp3GAg==
close.svg
blog.morphisec.com/hubfs/ 		543 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/close.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109618525080,P-1534169,FLS-ALL
age
1126513
x-amz-request-id
B999D9TBW1CVMKM4
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109618525080,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"613d5e657a45fdd73680a2a43b1810a9"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680690377289
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 85b175d782816d34ed73f9ca030bf062.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ojcPDMW2kfX705kNgng7YRySVuOGEcf5
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109618525080,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
TvGjQwLuQPmViRFIFefJHvnJL/ARN+mc5tXGOtEkcBL8f8A3b+ouS7hdKD9bTrOqlOzgSlQdKLI=
last-modified
Wed, 05 Apr 2023 10:26:18 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FEOe1xx8tnF7mWd1ptwB921e9rdLxg6E4cgvm%2BK1KVuDsTyWEjDpm7URaiZZCN3E0%2Bkzm5RUjTco%2FeGYQNIHFSrAMoCSEqIUZkcW832U87BlJLi%2FbQ86ijfJySwVrPUAX8z7uw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc368a26d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
NvvYJ6zObwqdS7vdu0FgDR5pbslo3mWR6ANnUJjnk0WGY09IEDVWtQ==
search_icon.svg
blog.morphisec.com/hubfs/ 		350 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/search_icon.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109619762806,P-1534169,FLS-ALL
age
824711
x-amz-request-id
T7NYZ48ZAVEBCQHR
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"3d95f4288550b5cf8de25c3fedbd715b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680691466397
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
via
1.1 98845fbd1cb14abbe9d464a4caf17976.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
7HVBQx6wigYnqpbVzLxHr1a1BnyeY9+d3QZ7GxvTmXJOCJLop0q7NgiOOFPk0owusyqdxVKIgAA=
last-modified
Wed, 05 Apr 2023 10:44:27 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4zZC%2Brjnw20Km%2B2PXy5Igp%2BVwBHgcdNTuE1nAXUGOaQEaWz%2BXyskJv65cCbNBzqZJtcAPAwjtvXZ0%2BT4Ys94oYssstJdj7YeO4I8aivSzY1trDEDYj%2F477klHvFEATcJPUyiKA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3639cad246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
eqyILfumYEYt6yQ8oA6W8tyTGZMBsQVGy-ysSwIAQ_b6Fw8HY2j7tw==
blog.svg
blog.morphisec.com/hubfs/ 		797 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/blog.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109682604959,P-1534169,FLS-ALL
age
1126513
x-amz-request-id
B993HD26H9BFG5P2
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680711424510
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
via
1.1 e7901684d85170d527aec3a64956def6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
7wGF+tCyV+ABrQCiNiOeZcPimbokIgoNTIRmTx2/3nAZjv3Tf+gwsXOd4YsjXgWRvw+/5WFwR/Y=
last-modified
Wed, 05 Apr 2023 16:17:05 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=npMyn0UEWEfeeOQNUj6bLsOdu9g2%2FpXWUPICtgMWVdKJitlzEQwgQQ88inoDxLtQr3bi0M5tsN9ER%2FvQzzeVfD9xy9AyTd%2FyrjguIC59EXYIhptsOMWb5x05LW%2BPZjtyuZ51Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3639ccd246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
CLJG7_tBXiK4NFwnP8LcVwgF33Dig40rjKU1RqX6LvEdj4LqMeKUWA==
search_icon.svg
blog.morphisec.com/hubfs/ 		350 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/search_icon.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109619762806,P-1534169,FLS-ALL
age
824711
x-amz-request-id
T7NYZ48ZAVEBCQHR
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"3d95f4288550b5cf8de25c3fedbd715b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680691466397
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
via
1.1 98845fbd1cb14abbe9d464a4caf17976.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
7HVBQx6wigYnqpbVzLxHr1a1BnyeY9+d3QZ7GxvTmXJOCJLop0q7NgiOOFPk0owusyqdxVKIgAA=
last-modified
Wed, 05 Apr 2023 10:44:27 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4zZC%2Brjnw20Km%2B2PXy5Igp%2BVwBHgcdNTuE1nAXUGOaQEaWz%2BXyskJv65cCbNBzqZJtcAPAwjtvXZ0%2BT4Ys94oYssstJdj7YeO4I8aivSzY1trDEDYj%2F477klHvFEATcJPUyiKA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3639cad246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
eqyILfumYEYt6yQ8oA6W8tyTGZMBsQVGy-ysSwIAQ_b6Fw8HY2j7tw==
blog.svg
blog.morphisec.com/hubfs/ 		797 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/blog.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109682604959,P-1534169,FLS-ALL
age
1126513
x-amz-request-id
B993HD26H9BFG5P2
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680711424510
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:16 GMT
via
1.1 e7901684d85170d527aec3a64956def6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
7wGF+tCyV+ABrQCiNiOeZcPimbokIgoNTIRmTx2/3nAZjv3Tf+gwsXOd4YsjXgWRvw+/5WFwR/Y=
last-modified
Wed, 05 Apr 2023 16:17:05 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=npMyn0UEWEfeeOQNUj6bLsOdu9g2%2FpXWUPICtgMWVdKJitlzEQwgQQ88inoDxLtQr3bi0M5tsN9ER%2FvQzzeVfD9xy9AyTd%2FyrjguIC59EXYIhptsOMWb5x05LW%2BPZjtyuZ51Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3639ccd246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
CLJG7_tBXiK4NFwnP8LcVwgF33Dig40rjKU1RqX6LvEdj4LqMeKUWA==
cta-json
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 		14 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&pageId=177081907483&pid=1534169&sv=cta-embed-js-static-1.313&rdy=1&cos=1&df=t&pg=6359793e-b232-4b79-9da5-b929fc3dc7aa&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab&pg=e098d357-1710-4cfe-8901-19c93de122f4
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cc69af154ebf95f51b22e07d9b6f193a271ee3c164581959c640d64594f6583
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Sat, 07 Sep 2024 18:35:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
fcb6aca5-1fbd-4b46-8a35-e08eef14d772
x-envoy-upstream-service-time
109
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
fcb6aca5-1fbd-4b46-8a35-e08eef14d772
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-9nz4q
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XzInJIcVdy4y4wFzyJ4ezNVbVp%2FQQq9PG1u0SHbhjPiS3MxbLcux43O5oXquJUyUjzsiiXk6WZTF1oEE%2FeW8h0O9jdyeN0CbISo0oNRtddM5RpRHjq3zkA0dyDvuaLNIFESYxfYY9HGgWA2mtSk%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
8bf8cc36ac4c907c-FRA
consent.js
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/consent.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
8a9f4bd4531c1e4f5525230daac9d7d25923de3ea367659f8b008d60f96ac167

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
content-encoding
br
cdn-edgestorageid
1081
cdn-storageserver
DE-587
cdn-cachedat
09/03/2024 02:36:57
cdn-pullzone
236985
visitor-location
IL
last-modified
Mon, 02 Sep 2024 20:33:00 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
750
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"66d620fc-a30"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
REVALIDATED
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=30
cdn-requestid
ad88a893c13b25cb65dd26f1554b4c53
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
js
www.googletagmanager.com/gtag/ 		299 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
c1ec6cc9298abfd5f55733391e1b5d79023905f4c06a4864aad3f3411b201796
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
103647
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 07 Sep 2024 18:35:17 GMT
js
www.googletagmanager.com/gtag/ 		231 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-784310031&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
2a1fdc11e71ad7a498f640aa38861340d5a0e0c2b3d87b411b441094879781b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85102
x-xss-protection
0
last-modified
Sat, 07 Sep 2024 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 07 Sep 2024 18:35:17 GMT
web-interactives-embed.js
js.hubspot.com/ 		83 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hubspot.com/web-interactives-embed.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Origin
https://blog.morphisec.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1426/bundles/project.js&cfRay=8bf8cc394863366c-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"edf91c1320ba2916398ed791b63187bc"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
web-interactives-embed/static-2.1426/bundles/project.js
date
Sat, 07 Sep 2024 18:35:17 GMT
x-amz-version-id
7DwgQA9YoOwDB6Raj9_RIwKNzf1Sd5R0
x-content-type-options
nosniff
cf-cache-status
EXPIRED
via
1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
0551f9ca-57c0-4d5e-8fce-7b9512edd154
x-cache
Hit from cloudfront
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
5
x-evy-trace-route-configuration
listener_https/all
x-request-id
0551f9ca-57c0-4d5e-8fce-7b9512edd154
last-modified
Wed, 28 Aug 2024 20:01:26 UTC
server
cloudflare
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2YjU0P33C2wweUj4bZPfYCHFtx5Cb5dJPFVRiLzLUvgNSYQwuHUCKJ2HFeFBRXzEldui88isVsYGkox2FVbWTx8fv2bO%2FUMQac0WqGpzH8NlhrbnoElvGR%2BTpXzXvbh4"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-hsdvc
cf-ray
8bf8cc394863366c-FRA
x-amz-cf-id
WQHw5onRg8WvclX5N8_1dRSvHlSj3_wscrhGCrrRGSxjDaNmcXg2Rg==
leadflows.js
js.hsleadflows.net/ 		551 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.139.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03acc5c7069d79f53c0902c716cc6c6f1463d8ebb87724d39e5cb03f3f9d7890
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Origin
https://blog.morphisec.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
age
19307
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1436/bundle/main/lead-flows-release.js&cfRay=8b2157015dd418c3-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"b6c788efa3b3fd53687b2c92c85a5a5f"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1436/bundle/main/lead-flows-release.js
date
Sat, 07 Sep 2024 18:35:17 GMT
x-amz-version-id
TIDmoMti0Vib7LJNFwT63dnpWuuDUZfu
x-content-type-options
nosniff
cf-cache-status
HIT
via
1.1 36b04143ac1626bb30bb225fb2cccb1e.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
7e2d2d00-e867-4340-9036-b04b87fb30f3
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-request-id
7e2d2d00-e867-4340-9036-b04b87fb30f3
last-modified
Tue, 23 Jul 2024 12:57:23 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-vn9j6
cf-ray
8bf8cc3939e59737-FRA
x-amz-cf-id
otEqK2u5X-yXPhuTBJazVe3DFuWqkPnizezvbNWOSjSYWMvhp0LusA==
banner.js
js.hs-banner.com/v2/1534169/ 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/1534169/banner.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae0393f48f5412e3124cafc47dd3e8b7bd39a6eb1f2517883c8b175df4df6334

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
x-amz-version-id
JBubI2iZXhfvR9NjtL2LPV82OaUIjqI9
content-encoding
gzip
cf-cache-status
REVALIDATED
x-amz-request-id
14DBK5GSVW1766D0
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
dc90babd-2c05-4308-9b78-5c5c5b1b045d
x-envoy-upstream-service-time
35
x-amz-id-2
fNtaD2/+CL16j47yKcag64bZEShqo0t6JNu02ODWsuAqnqErevo/tDO6KKR4VZMTyoazReDLw80=
x-evy-trace-listener
listener_https
x-request-id
dc90babd-2c05-4308-9b78-5c5c5b1b045d
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 24 Apr 2024 13:11:59 GMT
server
cloudflare
etag
W/"850933666a1091136679efb21afc00bc"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-vhl7w
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
8bf8cc393cb63635-FRA
expires
Sat, 07 Sep 2024 18:40:17 GMT
1534169.js
js.hs-analytics.net/analytics/1725734100000/ 		75 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1725734100000/1534169.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.160.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f249a1513e0583c985b16df9fc5c772b676efb5e44fff5d801cf575cfb819dc2

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
MISS
x-amz-request-id
Y3QH79FDBSAM7JKA
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
6bd65761-66d9-4fb8-bad4-dcce8a6056be
x-envoy-upstream-service-time
54
x-amz-id-2
F8zKL5H9qH+pZgknfeUtBgY+8fiaIMtsFkEmUIrT0j47JyZW4guY686tz9GTZQpBQNljXYVGHJccYbHBamrlEI+01XM55/K9
x-evy-trace-listener
listener_https
x-request-id
6bd65761-66d9-4fb8-bad4-dcce8a6056be
x-evy-trace-route-configuration
listener_https/all
last-modified
Fri, 23 Aug 2024 13:35:42 GMT
server
cloudflare
etag
W/"5cab52819cd924654f21a20b1e15afae"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-88n5w
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
8bf8cc393aa63604-FRA
expires
Sat, 07 Sep 2024 18:40:17 GMT
fb.js
js.hsadspixel.net/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.128.172 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eeecc1c14b175e0226295f130c6121ddf605878b3489fd61181911c17c9b2a74
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
content-encoding
gzip
via
1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
x-amz-version-id
CKdUucj42qReK_MB.X3dwG61CXEt1Id2
cf-cache-status
HIT
x-content-type-options
nosniff
x-amz-cf-pop
IAD12-P3
age
458
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.595/bundles/pixels-release.js&cfRay=8bf8c1096e21691f-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
1e023ffd-d1f0-4184-9126-8915deb7547f
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
5
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
1e023ffd-d1f0-4184-9126-8915deb7547f
last-modified
Thu, 05 Sep 2024 14:32:20 UTC
server
cloudflare
etag
W/"ba2542491f85a69ea1e0553167ab5227"
vary
accept-encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
MISS
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-mzzwb
cf-ray
8bf8cc395c1a2bfa-FRA
x-amz-cf-id
MJ0YVy6E6Ye1MqW3s6NU_2BX3lGUJcz5jvXGJ0IS0Pnk7Kp95vn34w==
x-hs-target-asset
adsscriptloaderstatic/static-1.595/bundles/pixels-release.js
collectedforms.js
js.hscollectedforms.net/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.111.254 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c78fab07d4ee469def66170220968c4e790992e5adc971a34edc7eabc695e79f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Origin
https://blog.morphisec.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.586/bundles/project.js&cfRay=8b21b73d09e59f45-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"ac41634810840adc02ea51748cb19c2f"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
collected-forms-embed-js/static-1.586/bundles/project.js
date
Sat, 07 Sep 2024 18:35:17 GMT
x-amz-version-id
FCxgV_B3nWescR00el0uV0Hdj2lazDBZ
x-content-type-options
nosniff
cf-cache-status
EXPIRED
via
1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
6b91df42-d00b-4eed-a36f-2b5f8268c2d9
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
10
x-evy-trace-route-configuration
listener_https/all
x-request-id
6b91df42-d00b-4eed-a36f-2b5f8268c2d9
last-modified
Tue, 23 Jul 2024 12:55:20 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-td246
cf-ray
8bf8cc3a3895d216-FRA
x-amz-cf-id
iS7d3UtjkbC4DBXVyvkvY1e7CL6TCRxRIOHrxbTYtUiIZdAUYJoLjQ==
sdk.js
connect.facebook.net/en_US/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=9429e3d3eae3e5d2511fdd6d77ffe09c
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra5.fbcdn.net
Software
/
Resource Hash
93e85be27eea7299d8af517f64e6bb38425373b848ffb3dae3c13806ee67f5e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Origin
https://blog.morphisec.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 07 Sep 2024 18:35:17 GMT
content-md5
tVwCkcdNGjEdJ4nSDlC4Pg==
document-policy
force-load-at-top
x-fb-server-load
58
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
89217
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=110, rtx=0, c=23, mss=1232, tbw=4281, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug
9xGXa+s+ISe71SuaCj/NnX+9FXCn671d0up893YbqRSKXTXFnRAF6oRCvxZscaectk4Kimc/AmclkLkjc0aAXg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
5d763b8ef5d0a9d35028b6ddfb8116d1
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
etag
"4aeef640d63d0705df56703cac8f7ffd"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options
DENY
timing-allow-origin
*
priority
u=3,i
expires
Sun, 07 Sep 2025 16:16:22 GMT
counters.gif
forms-na1.hsforms.com/embed/v3/ 		35 B
848 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
09bb29a5-88ca-47e6-88a7-58ddceddafb5
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
09bb29a5-88ca-47e6-88a7-58ddceddafb5
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-hcsh5
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
8bf8cc39cb06d270-FRA
counters.gif
forms-na1.hsforms.com/embed/v3/ 		35 B
886 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c5def0e0-1cd8-4a60-967b-89ac94dfd3fa
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c5def0e0-1cd8-4a60-967b-89ac94dfd3fa
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-x4ldt
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
8bf8cc39cb00d270-FRA
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1725734116756&dt=1725734116757&at=1725734117190&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5f61a419-8bed-4840-afb4-9ba4e52d4fd2
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5f61a419-8bed-4840-afb4-9ba4e52d4fd2
last-modified
Sat, 07 Sep 2024 18:35:17 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yK9JP%2FhhRPC1cm5T%2FqSpFIQmqfAbhgDLzP3S1fyo4PmXgKNuWV7B2m%2FCvYoeaw9X3VlVbSRUyIfg7dNxGdgenQrrEZQ3MobT2R4%2FJ9yypJE0pxlUFcvmY9di0eQSVHs1uIJU%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-kc5kv
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc38cc09d246-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1725734116756&dt=1725734116757&at=1725734117191&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
afd830cd-6a09-4b16-af47-11b6d8c46768
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
afd830cd-6a09-4b16-af47-11b6d8c46768
last-modified
Sat, 07 Sep 2024 18:35:17 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RaaDeVqWA4dJWfDVhp2ckOuHFpkmCAkzRYFCzB9qjAcivw1MV413c9aCI9TY6RGjbry3tuoGwx4Z%2F1Z9Cab41qZTCCyhlpk8kYGc7G1HVA%2BrNmQBmJ2SIt3vTzinhVo4iR9jqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-57rnd
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc38cc0ad246-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=e098d357-1710-4cfe-8901-19c93de122f4&lt=1725734116759&dt=1725734116759&at=1725734117191&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c61ab2b7-7201-4e37-952f-65462a09aa1c
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c61ab2b7-7201-4e37-952f-65462a09aa1c
last-modified
Sat, 07 Sep 2024 18:35:17 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xbdCm2WV7ZFQXUcsLB%2BWo5%2BlzAk8SxNSkEU98l3ExYdwyEC877cSdvWuEncV7%2F%2B0j7%2B5OrFrnhvWShQ1JcaatWk9p%2FTrEf%2FP%2Feh9no2bhTB4mP5Vi4G%2BiE9HkAoXnqQAFjhEJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-sqcq8
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc38cc0cd246-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&lt=1725734116756&dt=1725734116757&at=1725734117192&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
0402dc52-eeae-4ff1-858b-b8ad9a662e78
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0402dc52-eeae-4ff1-858b-b8ad9a662e78
last-modified
Sat, 07 Sep 2024 18:35:17 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYCYXcscFKShX21I8kVlvlujJe%2FZr2xBWWegYBfhMibkpGuAt6gxL0RrbZ06N7rzjWnjI8vS%2F0RHGVl6M6Abueq2ht1Bb7FtiGfsVXiBzaRXjh%2F0PKJvIW6L%2F3lhwLLHgASPXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-x4xnr
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc38cc0dd246-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab&lt=1725734116758&dt=1725734116758&at=1725734117192&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
61c9426e-0317-4130-bc3a-f694b019305a
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
61c9426e-0317-4130-bc3a-f694b019305a
last-modified
Sat, 07 Sep 2024 18:35:17 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FANvWZI7cnClpbuiZ5bLaNAzr3twSHyTFR6nokUGCfiWqDKXtsnz8eYz9xZhsX23wFYzk0KpaRjVZrks2RmIXjrF1oPdlVLPXHUJKHOHfWElnFbVUXVB9JM425o0PFGwxBZm0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-9nz4q
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc38cc0ed246-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=6359793e-b232-4b79-9da5-b929fc3dc7aa&lt=1725734116754&dt=1725734116754&at=1725734117193&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c8e9503f-aa23-4d79-b95f-477e07fffcb1
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c8e9503f-aa23-4d79-b95f-477e07fffcb1
last-modified
Sat, 07 Sep 2024 18:35:17 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FUvAo%2F3ytPCjduM9i%2B8H4zLCgcB2%2Br0YHIX0uR3EEQA9Ql015lTO8t3gyfLPvGVvowqJy%2F%2B%2FBeEK3rfNfWLPeY1VbTeie2TUfiNCT5FH9KMoh6sjW5tcNoD02515TmXPqMRrXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-vmskt
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8bf8cc38cc10d246-FRA
x-robots-tag
noindex, follow
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
892 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
bd7b2936-1fef-44f6-b473-d419215c3252
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
bd7b2936-1fef-44f6-b473-d419215c3252
last-modified
Sat, 07 Sep 2024 18:35:17 GMT
server
cloudflare
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-fp4ls
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
8bf8cc3a7dfb8fe8-FRA
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
928 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e1eac5d8-79a3-4984-a3a8-0fa9bda6e790
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e1eac5d8-79a3-4984-a3a8-0fa9bda6e790
last-modified
Sat, 07 Sep 2024 18:35:17 GMT
server
cloudflare
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-wbnbr
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
8bf8cc3a7dfd8fe8-FRA
CYBER%20RESILIENCY-280x280%D6%B9_v1.1.png
www.morphisec.com/hs-fs/hubfs/ 		67 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.morphisec.com/hs-fs/hubfs/CYBER%20RESILIENCY-280x280%D6%B9_v1.1.png?height=280&width=280
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c66f537de497e2306014e30c269b7d65e0671eec4b25e53120de90d627100f5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 56b03146829c02df871975da5cf2300e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-171610370224,P-1534169,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
68558
cf-resized
internal=ok/m q=0 n=793+175 c=2+173 v=2024.8.1 l=68558 f=false
last-modified
Fri, 28 Jun 2024 20:35:53 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfxjpKy-LQDu2K5cATPBvf7WurkryKNOHkFkb-FTMTDQ:a015821c789fe4047a66a1cb79283ff8"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XR7ku6WYUgZRRtWySCUop0%2FER%2BQT4JXncUxxSa5zw7alffrJF%2FQpc1dsur%2BsQxgS1Fe7thz0CJvYjmKFWkNW9z2sjv9PRWqoFUKC4TWw52Dw2N0ab7GasUHIwF2fMhNrdcWJ"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
8bf8cc38cefb30f0-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
a8b85f6e-5b92-440b-9490-8f52fe151636.png
1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/ 		34 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/a8b85f6e-5b92-440b-9490-8f52fe151636.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
648318e55febdac418f0f8a23db309f81c273a66c5eb41a8aab85b29bebcdc9f

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-meta-cache-tag
P-1534169,FLS-ALL
age
361277
x-amz-request-id
S9TQF30K0RYT5W82
x-amz-server-side-encryption
AES256
edge-cache-tag
P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="a8b85f6e-5b92-440b-9490-8f52fe151636.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"52f2133547882c1af4bd99b776191ea7"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1704491705781
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:17 GMT
via
1.1 f2a51982e289d888963f4f93b48c5f22.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-version-id
aXW8S0NNcXgP1skXixHskKHTqJIbr4lJ
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=42909
x-cache
RefreshHit from cloudfront
cache-tag
P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
content-length
34660
x-amz-id-2
W9o8X4ZFc0Uwwy0Q99B6cRTtsbEiWkf9ACHuo8jdPqLM5KuF2+Ollk+9TEWbbTGex0Df5/sqz1c=
last-modified
Fri, 05 Jan 2024 21:55:06 GMT
server
cloudflare
accept-ranges
bytes
cf-ray
8bf8cc3b9b934d6e-FRA
timing-allow-origin
1534169.fs1.hubspotusercontent-na1.net
x-amz-cf-id
4a4QiXhlL_IOhJieJ6Di37IWkjxSXB0gO-ONn76mmxX2uqlkeUM18g==
arrow-white-1.svg
www.morphisec.com/hubfs/ 		393 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.morphisec.com/hubfs/arrow-white-1.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/module_109590708858_Header_-_Global.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109682673984,P-1534169,FLS-ALL
age
674622
x-amz-request-id
8VEWXVZAH80N964B
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109682673984,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"f6b8983a7a9f44be13760be2a7d47927"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680712961922
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 3108b3c3c306768051fa0658c0445308.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ZWYxcYkJ3fJQSXhQh1nDTahxfuzH5ivg
x-amz-cf-pop
AMS1-C1
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109682673984,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
A/LqP8D5zDZxZIzjND+eCOMQ+v8Jm17C2wJqRtzMuxaz01QWVzbTpsMwtcA7kIjFmI6AP2lwawE=
last-modified
Wed, 05 Apr 2023 16:42:42 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7V7jvmkeHeMljzkTE%2BIQneXQVqMx61vxOfDYbc5oU0sFAYSYVlMiwVGlcobqkSgVPPb0kEWB1cRAFeOC3w5g9tu8ShvacGFLZvznzOBPBmxuHFJpu1bz1STV%2FcPKgTCb90ka"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc38cf0030f0-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
BH4OGuYSDpllOVOU7GcdLl8FtnEQW5w1Kcc9_1YEzZ1-fxZ4D4hzlg==
r
scout.salesloft.com/ 		41 B
359 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDQ1MTF9.eiHnDZAhBhx__pSttlATzaQdSltPIpahvpYGdr_Bfrg
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.159.40.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-159-40-228.compute-1.amazonaws.com
Software
/
Resource Hash
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
bcd44004f5597952f8bbb7627613b2cd
attribution_trigger
px.ads.linkedin.com/ 		2 B
764 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=32136&time=1725734117226&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept
*
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:16 GMT
content-encoding
gzip
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 986BF35E0C83454DB53FAD44408505B8 Ref B: TLV30EDGE0307 Ref C: 2024-09-07T18:35:17Z
access-control-allow-methods
GET, OPTIONS
x-li-fabric
prod-ltx1
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
content-type
application/json
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-li-uuid
AAYhi8kMU0JP+W87DOuY0A==
x-fs-uuid
0006218bc90c53424ff96f3b0ceb98d0
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1725734117226&li_adsId=744d8848-bc4d-4bee-aae4-07ec56932810&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1725734117226&li_adsId=744d8848-bc4d-4bee-aae4-07ec56932810&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysi...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32136%26time%3D1725734117226%26li_adsId%3D744d8848-bc4d-4bee-aae4-07ec56932810%26...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1725734117226&li_adsId=744d8848-bc4d-4bee-aae4-07ec56932810&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysi...
0
383 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1725734117226&li_adsId=744d8848-bc4d-4bee-aae4-07ec56932810&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cookiesTest=true&liSync=true
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 20C9E4F2C79D4C7694838BC44C1352FD Ref B: TLV30EDGE0408 Ref C: 2024-09-07T18:35:18Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYhi8kbY9KIU20dgU3ftA==

Redirect headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self'
x-content-type-options
nosniff
date
Sat, 07 Sep 2024 18:35:17 GMT
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-length
0
x-li-uuid
AAYhi8kXO+dTPWvAD/TKgw==
pragma
no-cache
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 1E69C674292E40EC8534D9FF9D490968 Ref B: TLV30EDGE0408 Ref C: 2024-09-07T18:35:18Z
x-frame-options
sameorigin
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1725734117226&li_adsId=744d8848-bc4d-4bee-aae4-07ec56932810&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cookiesTest=true&liSync=true
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
adsct
t.co/i/ 		43 B
623 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=b3925a1e-644a-45c2-a8c9-4951731ecf13&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ba3f3f22-112b-4dc9-a629-d8407d53ea60&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.30
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time
104
date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=0
cf-cache-status
DYNAMIC
server
cloudflare
content-type
image/gif;charset=utf-8
x-transaction-id
85927a13f600b638
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
2dc6fafbd29a32c84133ec26002a10ebc7b906c944bb9d959bdcaeb83708f06c
cf-ray
8bf8cc3c58a9d292-FRA
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
396 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=b3925a1e-644a-45c2-a8c9-4951731ecf13&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ba3f3f22-112b-4dc9-a629-d8407d53ea60&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.30
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time
179
date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
defd0143de7117d2
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
97fcb80bc5235770ea68a5b6fd464b836476233937983aeac5e1732609485bf0
content-length
43
banner.no-autoblock.js
consent.cookiefirst.com/ 		98 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/banner.no-autoblock.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/consent.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
d55c5c087b78d0a3bad3c12d42deeb4b2b6db8927ef017a8ebdc54867ce7a39a

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
content-encoding
br
cdn-edgestorageid
1081
cdn-storageserver
DE-51
cdn-cachedat
09/04/2024 10:30:42
cdn-pullzone
236985
visitor-location
IL
last-modified
Wed, 04 Sep 2024 09:08:10 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
588
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"66d8237a-18968"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=1200
cdn-requestid
13bc0f8d1fccc0b6229cb1c970468230
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 7224 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.morphisec.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BA) /
Resource Hash

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
14391786
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105429
Content-Type
text/html; charset=utf-8
Date
Sat, 07 Sep 2024 18:35:17 GMT
Etag
"81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified
Mon, 11 Dec 2023 17:19:49 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67BA)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
version.json
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/ 		44 B
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/version.json?v=1725734117527
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
a9846ccc91a3e474d8722126691222710c4fbc17e360ea540db5841a8917818d

Request headers

Accept
application/json
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
cdn-edgestorageid
1080
cdn-storageserver
DE-634
cdn-cachedat
09/07/2024 18:35:17
cdn-pullzone
236985
content-length
44
visitor-location
IL
last-modified
Mon, 02 Sep 2024 20:33:00 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
588
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
"66d620fc-2c"
content-type
application/json
access-control-allow-origin
*
cdn-cache
MISS
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=10
cdn-requestid
3b77928b22d4dd9dc238417d42526756
accept-ranges
bytes
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
combinedConfigs
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 		95 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=1534169&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&contentId=177081907483
Requested by
Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
2d755f91-10c5-4f70-b134-482928f9c9f4
content-encoding
br
x-envoy-upstream-service-time
7
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
2d755f91-10c5-4f70-b134-482928f9c9f4
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
true
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HMXSFnLK6szcNRDEi%2Fcjpz2HIaa0SO7IaaMFsskS3axXBVMDTnwouuV7Mh1S9Oa8B%2BxsotbmlCq6uY%2BuMHkjGIGhVIJHBGh4DVzSKVItl4u9vCLP6iJB3jAWqXB79vnMy3yBd5g2ubhPAerh%2FTU%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
8bf8cc3b5ae7366c-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-fjpmw
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 		114 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=1534169
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.244.108 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf1cb8930dbca6515121d94c81df4c6b2567c5021435ab4ac683abfc51768ec5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5dfcecaa-b15c-4207-9319-6547035ded5e
content-encoding
br
x-envoy-upstream-service-time
6
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5dfcecaa-b15c-4207-9319-6547035ded5e
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-58bbf9c46c-nvj4v
access-control-max-age
180
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O5Z%2BlWs1aapa3UqmcdMaYarpCpRXFpmt6fpeReyBGqncTRZiGe5VJh7wWIR5wB1tsXtNh6bHQVRIxboV4gm%2BfpjllUTm6iz4EShrl92%2FwcwVAuXKESHR9WIZjB5c6aPG"}],"group":"cf-nel","max_age":604800}
cf-ray
8bf8cc3ddad79a17-FRA
access-control-allow-headers
*
i
scout.salesloft.com/ 		48 B
467 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.159.40.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-159-40-228.compute-1.amazonaws.com
Software
/
Resource Hash
4bfb1f000c6d71d1b6517f4c810e2bb7ba285847908130417c2327cdc90dd1a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
b5f637d2e1d5603b64bcf342928fabc6
json
forms.hscollectedforms.net/collected-forms/v1/config/ 		133 B
430 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=1534169&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.111.254 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fbec94ad9621a43267c401bb53db7e0605c1a5fb4b666a613356bee7cb84d81
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
4c94e878-9a8d-4111-be40-51e1d84a4ee0
x-envoy-upstream-service-time
7
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
4c94e878-9a8d-4111-be40-51e1d84a4ee0
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-5f4dcb8bc8-924n8
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
8bf8cc3c9a7cd216-FRA
counters.gif
perf-na1.hsforms.com/embed/v3/ 		35 B
580 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
db0934d4-050b-40a3-ba68-7468a3d2166f
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
db0934d4-050b-40a3-ba68-7468a3d2166f
last-modified
Sat, 07 Sep 2024 18:35:18 GMT
server
cloudflare
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-9nz4q
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
8bf8cc3cd80e8fe8-FRA
location
edge.cookiefirst.com/prod/ 		66 B
472 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://edge.cookiefirst.com/prod/location?origin=blog.morphisec.com
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-37.bunnyinfra.net
Software
BunnyCDN-DE1-1080 /
Resource Hash
29708f28a3bb895bfaeee4301b119d6010da1194cc92791cefacfd8aee2ac61c

Request headers

Accept
application/json
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
cdn-edgestorageid
1082
cdn-cachedat
09/07/2024 18:35:18
cdn-pullzone
717911
content-length
66
server
BunnyCDN-DE1-1080
cdn-proxyver
1.04
cdn-requestpullcode
200
content-type
application/json; charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
cdn-cache
BYPASS
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cache-control
public, max-age=1200
cdn-requestid
b258e68e1a8c7441ce67d2622e0ce5ff
cdn-requestcountrycode
IL
cdn-status
200
cdn-requestpullsuccess
True
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
540 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
83171fbb-82dc-43b7-b6b5-3b4a52984986
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
83171fbb-82dc-43b7-b6b5-3b4a52984986
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-x4ldt
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
8bf8cc3e090a8fe8-FRA
/
px.ads.linkedin.com/wa/ 		0
198 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: D48D1069B1F84E2BA3C23A848BEC436F Ref B: TLV30EDGE0408 Ref C: 2024-09-07T18:35:18Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
access-control-allow-origin
https://blog.morphisec.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYhi8kadg3U1jE2J0bavA==
cf-bc-handler.html
www.morphisec.com/ Frame BF62 		360 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/cf-bc-handler.html
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8f61ff99bdb7078fb9a587059822d308fa9f3e5f9765101876426ab9c4363cc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-methods
GET
access-control-allow-origin
*
age
143729
alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cache-tag
F-95081226133,P-1534169,FLS-ALL
cf-cache-status
HIT
cf-ray
8bf8cc3f8eba30f0-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Sat, 07 Sep 2024 18:35:18 GMT
edge-cache-tag
F-95081226133,P-1534169,FLS-ALL
last-modified
Mon, 12 Dec 2022 16:53:21 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wOfGDNel0jVIrdbOqUWV5xanYZ4GQUPEZamnVmxwvJHJ3gxFexIGf%2BCQ%2BWyCHWk%2F%2BIowEDGwP0rLlCrphuitEtm3FA3S9lqNT11EZyYd%2BMIGEqDCoAlwtzHfJ0OUzkTBzJr1"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
vary
Accept-Encoding
via
1.1 c0db8c417b5a375429fc7f3c54841604.cloudfront.net (CloudFront)
x-amz-cf-id
2g6CsJkIlaVzF_xGi29wb7p2o_rDq7TZuBA68aVm2zafcF0kZyH_7Q==
x-amz-cf-pop
FRA60-P7
x-amz-id-2
z9cSU1VQW0Et/Bdzg9aIa3k2GjHX5w4dxHKpXa7Dk7qVyYdmHzu5K/R3Pl48DNb8BP4xsYt/7Y4=
x-amz-meta-cache-tag
F-95081226133,P-1534169,FLS-ALL
x-amz-meta-created-unix-time-millis
1670864000194
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
x-amz-request-id
M4MDAPXJPRSR303E
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-version-id
6goLS1KRlaJxTu_k6uCFvNA00uRjo5Yl
x-cache
Miss from cloudfront
x-hs-alternate-content-type
text/plain
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-robots-tag
all
button.856debeac157d9669cf51e73a08fbc93.js
platform.twitter.com/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668A) /
Resource Hash
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Sat, 07 Sep 2024 18:35:18 GMT
Content-Encoding
gzip
Age
14401752
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
2620
Last-Modified
Mon, 11 Dec 2023 17:19:47 GMT
Server
ECS (frb/668A)
Etag
"fdf02dd038ed38dbf3c240d56262af0c+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=315360000
bc-handler.min.js
consent.cookiefirst.com/bulk/ Frame BF62 		577 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/bulk/bc-handler.min.js?v=1725734118443
Requested by
Host: www.morphisec.com
URL: https://www.morphisec.com/cf-bc-handler.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
d27825196ad091987820f3ead157595d5a5e482b8849982da00b9395a6f590bb

Request headers

Referer
https://www.morphisec.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
content-encoding
br
cdn-edgestorageid
1082
cdn-storageserver
DE-633
cdn-cachedat
09/07/2024 18:35:18
cdn-pullzone
236985
visitor-location
IL
last-modified
Wed, 22 May 2024 14:47:51 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
599
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"664e0597-241"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
MISS
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=31919000
cdn-requestid
7c700374c5b570e7b6ee1c3f61a21a6e
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
platform.twitter.com/widgets/ Frame 70CD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668B) /
Resource Hash

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
14401747
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
12332
Content-Type
text/html; charset=utf-8
Date
Sat, 07 Sep 2024 18:35:18 GMT
Etag
"e29e65db7bf0a096587728e1faacfd9c+gzip"
Last-Modified
Mon, 11 Dec 2023 17:19:48 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/668B)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
embeds
syndication.twitter.com/i/jot/ 		43 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22morphisec%22%2C%22widget_creator_screen_name%22%3A%22smgoreli%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1725734118550%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=805d9be255156268bd80f652129ab49da7a5c1d5
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time
107
date
Sat, 07 Sep 2024 18:35:18 GMT
strict-transport-security
max-age=631138519
last-modified
Sat, 07 Sep 2024 18:35:18 GMT
server
tsa_o
vary
Origin
content-type
image/gif
x-transaction-id
ccd34909e03599a5
cache-control
must-revalidate, max-age=600
perf
7402827104
x-connection-hash
068fd68d8795c45ef4bf6a51b97f6e516d56364b50fc2061b9b6310be259973a
content-length
43
lang-widget-en.json
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/ 		13 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/lang-widget-en.json?v=e44e5bbe-28d5-4f6a-9213-791893655be6
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
0ac1ff3518711e400d359a747573b1093b7999a6d346e30229de52eb04c7bc9a

Request headers

Accept
application/json
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
content-encoding
br
cdn-edgestorageid
1079
cdn-storageserver
DE-677
cdn-cachedat
09/03/2024 02:37:00
cdn-pullzone
236985
visitor-location
IL
last-modified
Mon, 02 Sep 2024 20:33:00 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
588
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"66d620fc-34a8"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=31919000
cdn-requestid
fbdb0a9ad0f66907e8fe246ebf5fb5eb
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
hotjar-3506314.js
static.hotjar.com/c/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-3506314.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.32 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-32.muc50.r.cloudfront.net
Software
/
Resource Hash
cf0051e031a4e1698368f5c5b4830043d09485a122338d44c8cca443664116a9
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:19 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 89efe3a7854e47cf7f1fe47e28e39348.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
etag
W/f0ed7fbc70c55ea4fbf8269d246f56c8
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
GmSY-Q6yu6n3mnZVUcrEpYfTVLIthLpeyDBvichGm1DKVuIRyaSKtA==
fbevents.js
connect.facebook.net/en_US/ 		225 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra5.fbcdn.net
Software
/
Resource Hash
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 07 Sep 2024 18:35:18 GMT
document-policy
force-load-at-top
x-fb-server-load
24
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58953
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=107, rtx=0, c=26, mss=1232, tbw=8150, tp=15, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
Il092XY5n/jF+ONQVoKTzpsnqzil6PPPQcxaFYW+LOiM9Yma8Mzd3/fSS2BFTkfcuLR1xzcYBoZ4N5QBCiL0xg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
8424750.js
snid.snitcher.com/ 		24 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snid.snitcher.com/8424750.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.89.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-89-46.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
30d9352dba9e93229b1c8498825e7530a5ff88c0fcf9a8af9aadabf7bd1946d3

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
x-vapor-base64-encode
True
date
Sat, 07 Sep 2024 18:35:19 GMT
cache-control
max-age=1800, private
content-length
24918
apigw-requestid
dv10JifCliAEPIg=
content-type
application/javascript
tags.js
tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-126.muc50.r.cloudfront.net
Software
Clearbit /
Resource Hash
3fc6f43f8d589a8e68a0242c1b868cc5219f5bd368d1b960af52716a8541dfec
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
via
1.1 4b3ef7616dbf62f98d54524f0218face.cloudfront.net (CloudFront)
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P5
etag
W/"4dc4ea822cc55aa67719411f6076fcbc"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript;charset=utf-8
cache-control
private, max-age=600
x-amz-cf-id
QEbC5ash5oAle8oSpmQnT-QODy3Or6r2Nml5SvPHnXO0QP-5yMmvNw==
lt-v3.js
lltrck.com/scripts/ 		0
0
tracking.js
trk.techtarget.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.71 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:19 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
age
9780
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1200
cf-ray
8bf8cc43fce99f1e-FRA
expires
Sat, 07 Sep 2024 18:55:19 GMT
162.13f2.c.js
consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/162.13f2.c.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
bdd1d266ae01452fc70f49bd77332953f6c48465656b6060852062924a0f7e6f

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
content-encoding
br
cdn-edgestorageid
1081
cdn-storageserver
DE-679
cdn-cachedat
09/04/2024 09:08:11
cdn-pullzone
236985
visitor-location
IL
last-modified
Wed, 04 Sep 2024 09:08:10 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
861
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"66d8237a-1804"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=31919000
cdn-requestid
a4f0bdb4baf8dc739fa7eb7323a79b05
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
345.e308.c.css
consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/ 		19 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/345.e308.c.css
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
ba7dc0cc2741341a8134b4446d67e2068ac2c211a9f774c92d55ce3a6b32220d

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
content-encoding
br
cdn-edgestorageid
1081
cdn-storageserver
DE-679
cdn-cachedat
09/04/2024 09:08:11
cdn-pullzone
236985
visitor-location
IL
last-modified
Wed, 04 Sep 2024 09:08:09 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
861
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"66d82379-4db7"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=31919000
cdn-requestid
5eb794458a48fda3dd87df19983d1d03
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
345.f38b.c.js
consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/ 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/345.f38b.c.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
76a0ba788a9e1c9a498af794e2cb82d3133d31b4492540c0f7984e1c74421669

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
content-encoding
br
cdn-edgestorageid
1079
cdn-storageserver
DE-51
cdn-cachedat
09/04/2024 09:08:11
cdn-pullzone
236985
visitor-location
IL
last-modified
Wed, 04 Sep 2024 09:08:09 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
599
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"66d82379-3b13"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=31919000
cdn-requestid
dd8eefd012cd66979a7e96e6f7ad725c
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
ui.fa74.c.css
consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/ 		15 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/ui.fa74.c.css
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
64721567e86287f60059bec2e86aabc56a0e03a8ddb3004fc69d62ca0ef9ab3f

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
content-encoding
br
cdn-edgestorageid
1079
cdn-storageserver
DE-661
cdn-cachedat
09/04/2024 09:08:11
cdn-pullzone
236985
visitor-location
IL
last-modified
Wed, 04 Sep 2024 09:08:08 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
588
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"66d82378-3bb4"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=31919000
cdn-requestid
3233fff7dee324685fea1c1ed631a866
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
ui.d7ea.c.js
consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/ui.d7ea.c.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
4c9858389f5a19c38096fadcfdcb27093e6171ae07d9eee8e7889be147d912ab

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
content-encoding
br
cdn-edgestorageid
1079
cdn-storageserver
DE-383
cdn-cachedat
09/04/2024 09:08:11
cdn-pullzone
236985
visitor-location
IL
last-modified
Wed, 04 Sep 2024 09:08:08 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
862
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"66d82378-b588"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=31919000
cdn-requestid
d35498cad38d0289404771f5d1ab7ecb
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
233.362b.c.css
consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/ 		127 B
881 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/233.362b.c.css
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
e7902b56545718b3f9dcc015b4acab60270239d559b0adaae9e5c81dd95a89a1

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
cdn-edgestorageid
1082
cdn-storageserver
DE-633
cdn-cachedat
09/04/2024 09:08:11
cdn-pullzone
236985
content-length
127
visitor-location
IL
last-modified
Wed, 04 Sep 2024 09:08:09 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
587
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
"66d82379-7f"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=31919000
cdn-requestid
46627e86ac6153b2b5214f49637a054f
accept-ranges
bytes
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
233.8420.c.js
consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/ 		96 B
859 B 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/banner/v2.14.43/static-main-no-autoblock/233.8420.c.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
b364babb52cb930beb7e5e61f549d739c155b2f8a24415bb8b401b0d6cb3eddb

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
cdn-edgestorageid
1082
cdn-storageserver
DE-588
cdn-cachedat
09/04/2024 09:08:11
cdn-pullzone
236985
content-length
96
visitor-location
IL
last-modified
Wed, 04 Sep 2024 09:08:09 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
861
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
"66d82379-60"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=31919000
cdn-requestid
95610c4e1b7f2d3757e51a48c379106c
accept-ranges
bytes
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
inspectlet.js
cdn.inspectlet.com/ 		188 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=479370
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.10.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:19 GMT
via
1.1 vegur
content-encoding
br
cf-cache-status
MISS
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
last-modified
Sat, 07 Sep 2024 18:35:19 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725734119&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=MVx9vQEN%2BjVLpxK3G7MXEoPqy3j7Jdf0MlqkTU0HQxI%3D"}]}
content-type
text/javascript;charset=UTF-8
cache-control
s-maxage=60, max-age=14400
cf-ray
8bf8cc435b228eb7-FRA
alt-svc
h3=":443"; ma=86400
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1725734119&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=MVx9vQEN%2BjVLpxK3G7MXEoPqy3j7Jdf0MlqkTU0HQxI%3D
styles.css
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/styles.css?v=e44e5bbe-28d5-4f6a-9213-791893655be6
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
Cookie First CDN-DE1-1082 /
Resource Hash
cf1d86ae566e620f5f69c4627e1859d61567555afbc78c397876cde4760c7dad

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-383
cdn-cachedat
09/03/2024 04:35:00
cdn-pullzone
236985
visitor-location
IL
last-modified
Mon, 02 Sep 2024 20:32:59 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
588
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"66d620fb-5e1"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=31919000
cdn-requestid
0c101b6c99c736780f6b1e815f1e1e1b
cdn-requestcountrycode
IL
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
885880844953016
connect.facebook.net/signals/config/ 		72 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/885880844953016?v=2.9.167&r=stable&domain=blog.morphisec.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra5.fbcdn.net
Software
/
Resource Hash
5d35e4ed0a281a038c44026cd726b9565c816e71f7110d504e74b55ede14f40e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 07 Sep 2024 18:35:19 GMT
document-policy
force-load-at-top
x-fb-server-load
34
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=106, rtx=0, c=61, mss=1232, tbw=69142, tp=67, tpl=0, uplat=113, ullat=0
pragma
public
x-fb-debug
bsuw5s09MPiNImIqQU3eDy390n5/gWkfQ2AG9cmt+llcYBR74/Cd4HvwP+zPPG/C4Z/U7lc8ETgyIrNT3ak2rQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
gif.gif
ibc-flow.techtarget.com/a/ 		43 B
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17762897&r=1725734119139&ref=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier
17762897
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:19 GMT
via
1.1 google
x-guploader-uploadid
AD-8ljvdi19cNr7s4PzHJ3nZR9CzrjxFD_sfinm7Mv2HWO7jX-M9REVp3OfBFRGWOnL28t9N9A
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
server
nginx/1.20.2
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
vary
Origin
x-goog-generation
1670534369365034
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control
public, max-age=3600
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-length
43
accept-ranges
bytes
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires
Sat, 07 Sep 2024 19:35:19 GMT
gif.gif
ibc-flow.techtarget.com/a/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17762897&r=1725734119139&ref=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://blog.morphisec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 07 Sep 2024 18:35:19 GMT
expires
Sat, 07 Sep 2024 18:35:19 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
AD-8lju4PG5QFHbey3xTNsHKn0_Oknmo4_Lk8O5JJ3-8bsOfVEbpaT7gVA_D-5VKG1N0UgFS8w
modules.8da33a8f469c3b5ffcec.js
script.hotjar.com/ 		223 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3506314.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-76.muc50.r.cloudfront.net
Software
/
Resource Hash
76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 30 Jul 2024 14:23:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2be8016001d2c9c5362b82e28629d2d6.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P5
age
3384733
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56385
last-modified
Tue, 30 Jul 2024 14:22:40 GMT
etag
"0728625a147ca79276a1790b9cf3175d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
8nYHEgGyLuBVhYxdyjtOIsgW_5YETYiWadOD-eO6Oyura8a9HVsrxg==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/784310031/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/784310031/?random=1725734117166&cv=11&fst=1725734117166&bg=ffffff&guid=ON&async=1&gtm=45be4940z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&hn=www.googleadservices.com&frm=0&tiba=Decoding%20the%20Puzzle%3A%20Cicada3301%20Ransomware%20Threat%20Analysis&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=511159890.1725734119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-784310031&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
1110e873faaf8587fec6ea16890b1dafb9f8eb032c3cd97c325da63dabe2366f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:19 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2365
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
784310031
td.doubleclick.net/td/rul/ Frame 2E67 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/784310031?random=1725734117166&cv=11&fst=1725734117166&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4940z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&hn=www.googleadservices.com&frm=0&tiba=Decoding%20the%20Puzzle%3A%20Cicada3301%20Ransomware%20Threat%20Analysis&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=511159890.1725734119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-784310031&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 07 Sep 2024 18:35:19 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
landing
googleads.g.doubleclick.net/pagead/
Redirect Chain
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=44836810.1725734119&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&dma=0&npa=0&gtm=45He49...
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=44836810.1725734119&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&dma=0&npa...
42 B
66 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=44836810.1725734119&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&dma=0&npa=0&gtm=45He4940n81PQBJZ8Kv897572158za200&auid=511159890.1725734119
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:19 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:19 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=44836810.1725734119&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&dma=0&npa=0&gtm=45He4940n81PQBJZ8Kv897572158za200&auid=511159890.1725734119
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-HFVX4VZHCS&gtm=45je4940v897583451z8897572158za200zb897572158&_p=1725734116299&_gaz=1&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=0&gdid=dNjAwYj&cid=1833227746.1725734119&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1725734117&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&dt=Decoding%20the%20Puzzle%3A%20Cicada3301%20Ransomware%20Threat%20Analysis&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4550
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.206 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f14.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:19 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.morphisec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
256 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HFVX4VZHCS&cid=1833227746.1725734119&gtm=45je4940v897583451z8897572158za200zb897572158&aip=1&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.71.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wn-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:19 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.morphisec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rul
td.doubleclick.net/td/ga/ Frame B336 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-HFVX4VZHCS&gacid=1833227746.1725734119&gtm=45je4940v897583451z8897572158za200zb897572158&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1300606155
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 07 Sep 2024 18:35:19 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ga-audiences
www.google.co.il/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.il/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HFVX4VZHCS&cid=1833227746.1725734119&gtm=45je4940v897583451z8897572158za200zb897572158&aip=1&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=1163967829
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
269 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&rl=&if=false&ts=1725734119231&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1725734119229.454955028283884483&cs_est=true&ler=empty&cdl=API_unavailable&it=1725734118978&coo=false&exp=f0&rqm=GET
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-fra5.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=59, rtx=0, c=10, mss=1380, tbw=2770, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 07 Sep 2024 18:35:19 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&rl=&if=false&ts=1725734119231&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1725734119229.454955028283884483&cs_est=true&ler=empty&cdl=API_unavailable&it=1725734118978&coo=false&exp=f0&rqm=FGET
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-fra5.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Sat, 07 Sep 2024 18:35:19 GMT
document-policy
force-load-at-top
x-fb-server-load
29
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7411971603014839507", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=59, rtx=0, c=10, mss=1380, tbw=3083, tp=-1, tpl=-1, uplat=121, ullat=0
pragma
no-cache
x-fb-debug
a9S+DiIFyH9pIERy561p0tgHXIO99VwEXCv6ebN+F01BXIdkiXJ/8/sRAwhMMfqtqarEoZnF1w2RIs3xF6bk4Q==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7411971603014839507"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
destinations.min.js
x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/ 		0
21 B 		Script
General
Check archive.org
Download Go to
Full URL
https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/destinations.min.js
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-196-46.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:19 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
content-type
application/javascript;charset=utf-8
cache-control
private, max-age=600
content-length
0
tracking.min.js
x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/ 		168 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/tracking.min.js
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-196-46.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
e87be82092a8e1a5544ef566ba1a636162eecb31e33095c6f17eb06c87cc2efb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
private, max-age=600
forms.js
x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/forms.js?page_path=%2Fcicada3301-ransomware-threat-analysis
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-196-46.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:19 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
content-length
0
content-type
application/javascript;charset=utf-8
verify
snid.snitcher.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://snid.snitcher.com/verify
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.89.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-89-46.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://blog.morphisec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
0
apigw-requestid
dv10PgBuFiAEPDg=
cache-control
no-cache, private
date
Sat, 07 Sep 2024 18:35:19 GMT
vary
Access-Control-Request-Method, Access-Control-Request-Headers
verify
snid.snitcher.com/ 		6 B
148 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://snid.snitcher.com/verify
Requested by
Host: snid.snitcher.com
URL: https://snid.snitcher.com/8424750.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.89.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-89-46.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Sat, 07 Sep 2024 18:35:19 GMT
cache-control
no-cache, private
content-length
6
apigw-requestid
dv10QjMHliAEPkQ=
content-type
application/json
/
www.google.com/pagead/1p-user-list/784310031/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/784310031/?random=1725734117166&cv=11&fst=1725732000000&bg=ffffff&guid=ON&async=1&gtm=45be4940z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&hn=www.googleadservices.com&frm=0&tiba=Decoding%20the%20Puzzle%3A%20Cicada3301%20Ransomware%20Threat%20Analysis&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=511159890.1725734119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfKsdYGse36nCZcVtVcQBk0S_Yva3xqA&random=2582732476&rmt_tld=0&ipr=y
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:19 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.co.il/pagead/1p-user-list/784310031/ 		42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.il/pagead/1p-user-list/784310031/?random=1725734117166&cv=11&fst=1725732000000&bg=ffffff&guid=ON&async=1&gtm=45be4940z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&hn=www.googleadservices.com&frm=0&tiba=Decoding%20the%20Puzzle%3A%20Cicada3301%20Ransomware%20Threat%20Analysis&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=511159890.1725734119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfKsdYGse36nCZcVtVcQBk0S_Yva3xqA&random=2582732476&rmt_tld=1&ipr=y
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:19 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
content.hotjar.io/ 		56 B
171 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.hotjar.io/?site_id=3506314&gzip=1
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.210.223.39 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-223-39.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
d8f88f75eb42a91ff0f03b4c7f97d4419170d7bfc371e57a37884c0903e46640

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 07 Sep 2024 18:35:20 GMT
content-length
56
access-control-max-age
86400
content-type
application/json
4345439c-a40e-40fc-a906-c81623ffc085
https://blog.morphisec.com/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://blog.morphisec.com/4345439c-a40e-40fc-a906-c81623ffc085
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Length
43
Content-Type
image/gif
3274945
hn.inspectlet.com/ginit/ 		26 B
681 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hn.inspectlet.com/ginit/3274945
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=479370
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.10.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d0b1cb1455ecf8ab5a7eb203460cc7ff790df097c5907eb3d27ff7344282517e

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sat, 07 Sep 2024 18:35:20 GMT
via
1.1 vegur
cf-cache-status
DYNAMIC
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-powered-by
Express
alt-svc
h3=":443"; ma=86400
content-length
26
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1725734119&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=cp%2BRKhBYKldMMmgj1U5lBU3a7tkLzogsDVRZvj%2FNVog%3D
server
cloudflare
etag
W/"1a-SbP85p8orEJpLUh6vRJ6Iw"
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725734119&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=cp%2BRKhBYKldMMmgj1U5lBU3a7tkLzogsDVRZvj%2FNVog%3D"}]}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
access-control-allow-methods
GET, POST
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
8bf8cc48d9298eb7-FRA
access-control-allow-headers
X-Requested-With, Content-Type
p
app.clearbit.com/v1/ 		16 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.clearbit.com/v1/p
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=479370
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-196-46.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 07 Sep 2024 18:35:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding, Origin
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://blog.morphisec.com
access-control-expose-headers
content-security-policy-report-only
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
access-control-allow-credentials
true
content-type
application/json
share_button.php
www.facebook.com/v3.0/plugins/ Frame 0BB5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df41e52d5339aaf39d%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ffc644f85beb3e1f67%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&layout=button_count&locale=en_US&sdk=joey
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=9429e3d3eae3e5d2511fdd6d77ffe09c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-fra5.facebook.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
zstd
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html; charset="utf-8"
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
cross-origin-resource-policy
cross-origin
date
Sat, 07 Sep 2024 18:35:20 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version
v14.0
origin-agent-cluster
?0
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma
no-cache
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7411971608290178203"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7411971608290178203", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-connection-quality
GOOD; q=0.7, rtt=50, rtx=0, c=10, mss=1380, tbw=2756, tp=-1, tpl=-1, uplat=245, ullat=0
x-fb-debug
8rFBOW6MLvpdIvV1DfS2DLTLPqXy7NBlQt7h1p661pdI1S8RNh4E4XvYenzmypV8KaGkwZBRQyxltlTf1p36Dg==
x-fb-server-load
28
x-xss-protection
0
__ptq.gif
track.hubspot.com/ 		45 B
459 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=he-il&bfp=3755041163&v=1.1&a=1534169&pi=177081907483&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cpi=177081907483&cgi=3742504875&lpi=177081907483&lvi=177081907483&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&t=Decoding+the+Puzzle%3A+Cicada3301+Ransomware+Threat+Analysis&cts=1725734120013&vi=c3edc106a44a1f3013f1188d805ec797&nc=true&u=182053752.c3edc106a44a1f3013f1188d805ec797.1725734120010.1725734120010.1725734120010.1&b=182053752.1.1725734120010&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
554d0aab-d2dd-4a49-a3a2-297923387f88
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
4
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
554d0aab-d2dd-4a49-a3a2-297923387f88
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WaYHny38vJv%2BSy3EUypePA5czkV5A5qFUir0gP0cN5gPMJOYzYFwVblr%2Bcb1QVoAka%2BfLpWdGZ0Jv3%2B9uwnJ%2Fwej1YQf1o5yd79o7ypJSubEY3GRSadQjftx%2Bhp1fz4akEvR"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-9zkd8
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8bf8cc4a8bcb907c-FRA
x-robots-tag
none
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
580 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
fa4efe84-e417-4323-88a6-61a3d35dc3ce
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
fa4efe84-e417-4323-88a6-61a3d35dc3ce
last-modified
Sat, 07 Sep 2024 18:35:20 GMT
server
cloudflare
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-fjpmw
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
8bf8cc4a7b6a8fe8-FRA
__ptq.gif
track.hubspot.com/ 		45 B
418 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=117f8346-1aa3-415a-89c7-c126861680ce&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=he-il&bfp=3755041163&v=1.1&a=1534169&pi=177081907483&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cpi=177081907483&cgi=3742504875&lpi=177081907483&lvi=177081907483&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&t=Decoding+the+Puzzle%3A+Cicada3301+Ransomware+Threat+Analysis&cts=1725734120015&vi=c3edc106a44a1f3013f1188d805ec797&nc=true&u=182053752.c3edc106a44a1f3013f1188d805ec797.1725734120010.1725734120010.1725734120010.1&b=182053752.1.1725734120010&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
36ccddf9-d691-4f86-be4d-4458d2b52696
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
36ccddf9-d691-4f86-be4d-4458d2b52696
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0NgpIH5prAOOZIIRO9Vd9YOTyjvKyAsgTzol8P2mnDp45CBEJFyPDTNrcXPl5ulJLBeqKrOVFctdfYouW5pA98LyEJWqNKNZUUWEHY8dqKJ5r4vWqx%2Bgyw8ehAatKKZJVMZM"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-9flgl
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8bf8cc4a8bcf907c-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
532 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=17&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=117f8346-1aa3-415a-89c7-c126861680ce&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=he-il&bfp=3755041163&v=1.1&a=1534169&pi=177081907483&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cpi=177081907483&cgi=3742504875&lpi=177081907483&lvi=177081907483&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&t=Decoding+the+Puzzle%3A+Cicada3301+Ransomware+Threat+Analysis&cts=1725734120015&vi=c3edc106a44a1f3013f1188d805ec797&nc=true&u=182053752.c3edc106a44a1f3013f1188d805ec797.1725734120010.1725734120010.1725734120010.1&b=182053752.1.1725734120010&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
0f13b7c2-4932-45a4-940d-65cd563b1835
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
5
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0f13b7c2-4932-45a4-940d-65cd563b1835
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aFMTzSxszLK1TGgk1RbKGbj1v0lmM8kkwbPVglYEWTAy%2FilXJ3puhuqudirup%2BEn9nVraTO3%2F2W5%2B9YBCIE%2Bf6cVsLVJ3W73jNi8pAxDRZ%2BeHcL7bS8AG5%2FiqymwaUp%2Fxdj7"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-9flgl
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8bf8cc4a8bd1907c-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3%22%2C%22c5b10fd2-1f83-4c8f-b33b-106296dbd6da%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=he-il&bfp=3755041163&v=1.1&a=1534169&pi=177081907483&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cpi=177081907483&cgi=3742504875&lpi=177081907483&lvi=177081907483&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&t=Decoding+the+Puzzle%3A+Cicada3301+Ransomware+Threat+Analysis&cts=1725734120017&vi=c3edc106a44a1f3013f1188d805ec797&nc=true&u=182053752.c3edc106a44a1f3013f1188d805ec797.1725734120010.1725734120010.1725734120010.1&b=182053752.1.1725734120010&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
9c9c8644-6747-4094-b116-9083420ae409
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
9c9c8644-6747-4094-b116-9083420ae409
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UOBY4tIEj90%2FgL337OWjtjgP7CsHpbpYFz4vfBogaELsT8vtNVbZdNGMW7FuFXe7DlAa%2BKHzzfm3Qtn9svMPij8DGrYGBH08zbZlJeoTnGiU841qOsN0YYJPcpfkYlcDZozD"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-vr928
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8bf8cc4aabe3907c-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22e098d357-1710-4cfe-8901-19c93de122f4%22%2C%22f5374243-2466-4afb-8700-3d366c63bdf6%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=he-il&bfp=3755041163&v=1.1&a=1534169&pi=177081907483&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cpi=177081907483&cgi=3742504875&lpi=177081907483&lvi=177081907483&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&t=Decoding+the+Puzzle%3A+Cicada3301+Ransomware+Threat+Analysis&cts=1725734120017&vi=c3edc106a44a1f3013f1188d805ec797&nc=true&u=182053752.c3edc106a44a1f3013f1188d805ec797.1725734120010.1725734120010.1725734120010.1&b=182053752.1.1725734120010&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
afda993c-3c37-4690-9f82-f1cd1763d34b
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
5
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
afda993c-3c37-4690-9f82-f1cd1763d34b
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T2WYWu4sNBtCsvKVEzfe14jFCGgFN7uc92jP5Mn6yJztSM6AlbFAprpO67N2Eg%2BF4Dd0mldXcUn9oslVlhc9kn4pr8jQ2XHR1lLpJqcVhjgGq%2FbHI4fG9Mln%2FIfG15JN86Hk"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-vr928
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8bf8cc4aabe4907c-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
420 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%223c83d6d5-0c56-47b7-8aee-ae6edf73c360%22%2C%2264affa5c-d696-47c5-9e88-09336d256046%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=he-il&bfp=3755041163&v=1.1&a=1534169&pi=177081907483&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cpi=177081907483&cgi=3742504875&lpi=177081907483&lvi=177081907483&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&t=Decoding+the+Puzzle%3A+Cicada3301+Ransomware+Threat+Analysis&cts=1725734120018&vi=c3edc106a44a1f3013f1188d805ec797&nc=true&u=182053752.c3edc106a44a1f3013f1188d805ec797.1725734120010.1725734120010.1725734120010.1&b=182053752.1.1725734120010&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
d228259c-ede1-40c8-880a-833cca300444
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
5
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d228259c-ede1-40c8-880a-833cca300444
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BzMIctOu5ICtxnW%2BNo%2BZDdGTuR2Mz2N7dx5gTdZetA3cUQt4tjcHencuX7TY%2FfV4u6jd%2FKGU6mqxkbGu1QUz0HZ86d2XLuXVb0XU3izYVTz1kMSXkTCP49ebJivfCI4NaQVU"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-67rnt
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8bf8cc4aabe5907c-FRA
x-robots-tag
none
json
forms.hubspot.com/lead-flows-config/v1/config/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1534169&utk=c3edc106a44a1f3013f1188d805ec797&__hstc=182053752.c3edc106a44a1f3013f1188d805ec797.1725734120010.1725734120010.1725734120010.1&__hssc=182053752.1.1725734120010&contentId=177081907483&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=479370
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca9452f5b6246415f240f8e0a83fa4dcb6433a0d4797da3860366e706c331954
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5d97ced7-50cf-411c-ab8c-9bf23e28c052
x-envoy-upstream-service-time
35
content-length
1067
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5d97ced7-50cf-411c-ab8c-9bf23e28c052
server
cloudflare
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-virtual-host
all
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-xq7tw
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5mgIWqbKxYVfveEc1MRAZckhW4cH3FP%2F3GglmaMzvkDrACQegmzjfapfU9VzYkpDo%2BhuqvGaTkjH%2F4p2Rs12W00tk5oOGtkpaX%2FkD3lPfGQHf8yYLSRSYF7rg4CmHs%2Bp4a2k"}],"group":"cf-nel","max_age":604800}
x-robots-tag
none
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
8bf8cc4abd19366c-FRA
trends.min.js
assets.trendemon.com/tag/ 		301 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.trendemon.com/tag/trends.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-8.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f2efbfc76e8bafe6af1f50dc8a7df65df9e914529403bfa8d1decb18c3f42975

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 09:38:58 GMT
content-encoding
gzip
via
1.1 ba1081cbdcd39cc4928b65493cb81558.cloudfront.net (CloudFront)
last-modified
Wed, 04 Sep 2024 08:26:07 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
32182
x-amz-server-side-encryption
AES256
etag
"b6b4a654339e07c10b18f61f61763140"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
61261
x-amz-cf-id
GstGDm_eFiUfvPjB4Q4i6_82sl41BatqvZefrtgavxPJj0_2y22c0w==
__ptq.gif
track.hubspot.com/ 		45 B
555 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=16&fi=793c7b55-5354-40a5-a09f-5c8f3e0c1a23&lfi=147151&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=he-il&bfp=3755041163&v=1.1&a=1534169&pi=177081907483&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&cpi=177081907483&cgi=3742504875&lpi=177081907483&lvi=177081907483&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcicada3301-ransomware-threat-analysis&t=Decoding+the+Puzzle%3A+Cicada3301+Ransomware+Threat+Analysis&cts=1725734120342&vi=c3edc106a44a1f3013f1188d805ec797&nc=true&u=182053752.c3edc106a44a1f3013f1188d805ec797.1725734120010.1725734120010.1725734120010.1&b=182053752.1.1725734120010&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 18:35:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b138896d-3713-46c4-be59-3a094e021b12
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
8
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b138896d-3713-46c4-be59-3a094e021b12
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6c4yVG8WljDVQUXKSgtH91CMMg7%2F34eKzjRU2QgG0i7e37HpsWs9Q%2FWeotVAkis73dJzrZ6guU2dcGAx8DaNvngJWTI9xtazMsftkbDfcylKWf0xqF%2FitpjziE5OGMud%2FKhe"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-6wfx4
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8bf8cc4c7d50907c-FRA
x-robots-tag
none
2552
trackingapi.trendemon.com/api/settings/ 		642 B
781 B 		Script
General
Check archive.org
Download Go to
Full URL
https://trackingapi.trendemon.com/api/settings/2552?callback=jsonp840291&vid=
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.209.4.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-209-4-234.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
731c83ae09a31a77f42aecbd9890afd9ad0a7df71e997136de72b5fc0aebb54d

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:21 GMT
cache-control
no-store,no-cache
server
Kestrel
content-length
642
content-type
application/x-javascript; charset=UTF-8
identity.min.js
assets.trendemon.com/global/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.trendemon.com/global/identity.min.js
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-8.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 07 Sep 2024 10:30:40 GMT
content-encoding
gzip
via
1.1 ba1081cbdcd39cc4928b65493cb81558.cloudfront.net (CloudFront)
last-modified
Wed, 04 Sep 2024 08:26:11 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
29151
x-amz-server-side-encryption
AES256
etag
W/"3f44b799c727cbac65d90f0779b8eb4e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
UtpwYVQAIv9sMQsPxUB9NF2dxmtziL7tsqxuORlVDUH4AcQ5klWjQw==
me
trackingapi.trendemon.com/api/Identity/ 		94 B
507 B 		Script
General
Check archive.org
Download Go to
Full URL
https://trackingapi.trendemon.com/api/Identity/me?accountId=2552&DomainCookie=17257341213529732&fingerPrint=a37d2630c0725e979fbd3c77ae59a710&callback=jsonp517699&vid=
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.209.4.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-209-4-234.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
29d75c11c817e84879c2a9e14fe064ed93a1836237ef52bade04498a2c491887

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:21 GMT
cache-control
no-store,no-cache
server
Kestrel
content-length
94
content-type
application/x-javascript; charset=UTF-8
favicon.png
blog.morphisec.com/hubfs/ 		6 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
21b4725e42948eeab21e8cf6f0affb63ebc065012b4c7dff779e428ebd33a814
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-3821681143,P-1534169,FLS-ALL
age
1126516
x-amz-request-id
QJ924AXWRR4BAM19
x-amz-server-side-encryption
AES256
edge-cache-tag
F-3821681143,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="favicon.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag
public-indexable
cf-bgj
imgq:85,h2pri
etag
"ea24d021ea3624ea4b240968cf888698"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1453980185925
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Sat, 07 Sep 2024 18:35:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 3e28473376ca49b2cafcfef86a39cf34.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Cnv3wBnNrZaYmPSr18E5pTmPg2lCgt7t
x-amz-cf-pop
FRA60-P7
cf-polished
origFmt=png, origSize=8707
x-cache
RefreshHit from cloudfront
cache-tag
F-3821681143,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
5908
x-amz-id-2
Bf4j2J6MSkVkcihUnlHBqKB1h0NiiFneIuzlJOMpEVcRLDcW4U1kHqlAmMm2fc5aQ9rdwvhrLlv/s3qvLc0ygUGAsDhtdCoEgR7WDHG6rcE=
last-modified
Wed, 03 Apr 2024 17:46:43 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2F5LqiWO5C4rznxIHIud4d9J0qFRxy5d9QXJDO3rKWLgf414dEKw1W1A0ol52Up9h5PyGxe%2F%2FYfAOQCWzJF%2FAX1MuYquuP2alGj6AIc%2Bt%2F1pOZeXDXJqcPoNAW9oEmO1yaLR5w%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8bf8cc53ebe5d246-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
jlpv8QSMoCc8b5U0LNVOJ1rbvZku9Rcix5z6GVkp25jxrjtQ6fhe_Q==
marketingautomation
trackingapi.trendemon.com/api/ 		94 B
231 B 		Script
General
Check archive.org
Download Go to
Full URL
https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2552&ClientUrl=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vY2ljYWRhMzMwMS1yYW5zb213YXJlLXRocmVhdC1hbmFseXNpcw%3D%3D&CookieId=17257341213529732&MaCookie=YzNlZGMxMDZhNDRhMWYzMDEzZjExODhkODA1ZWM3OTc%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp170274&vid=2552:17257341213529732
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.209.4.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-209-4-234.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
3f41279cf520aec3c46e0453fb74fd89d817f435b93a2a817e0e62e22f86fef2

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:21 GMT
cache-control
no-store,no-cache
server
Kestrel
content-length
94
content-type
application/x-javascript; charset=UTF-8
pageview
trackingapi.trendemon.com/api/events/ 		43 B
234 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trackingapi.trendemon.com/api/events/pageview?accountId=2552&url=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vY2ljYWRhMzMwMS1yYW5zb213YXJlLXRocmVhdC1hbmFseXNpcw%3D%3D&cookie=17257341213529732&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2552:17257341213529732&r=1725734121735
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.209.4.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-209-4-234.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Sep 2024 18:35:21 GMT
server
Kestrel
age
1691358
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
content-length
43
expires
Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
lltrck.com
URL
https://lltrck.com/scripts/lt-v3.js?llid=35958

Verdicts & Comments Add Verdict or Comment

215 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 function| $ function| jQuery object| dataLayer object| __core-js_shared__ object| Sslac object| IN object| _hsq object| hbspt object| hsVars function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage object| lottie-player object| reactiveElementVersions object| litHtmlVersions object| litElementVersions object| hubspot object| HubSpotForms object| hsFormsOnReady object| options object| hsPostListings function| hsPopulateListingFeed function| hsOnReadyPopulateListingFeed_1511797933_1725368475341 string| _linkedin_partner_id object| _linkedin_data_partner_ids function| twq string| SLScoutObject function| slscout function| LazyLoad object| imgLazy function| stickyHeader function| playVid function| pauseVid function| setHeight function| mixitup object| google_tag_manager object| google_tag_data object| _hsp object| FB function| onYouTubeIframeAPIReady function| lintrk boolean| _already_called_lintrk object| regeneratorRuntime object| twttr string| src object| s object| __COOKIE_BANNER_SETTINGS__ object| __twttrll object| __twttr boolean| PIXELS_RAN object| enabledEventSettings object| __buffer object| chunkCB function| addCFGTMConsentListener number| __COOKIE_BANNER_INIT_TIME__ object| globalRoot function| bindToWindowOnError object| leadflows function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| hsCallsToActionsReady object| __hsWebInteractiveInstance object| hsConversationsOnReady object| HubSpotCallsToActions boolean| hubspot_web_interactives_running function| sanitizeKey boolean| _hstc_loaded object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran object| __hsCollectedFormsDebug object| ORIBILI function| gtag function| hj object| _hjSettings function| fbq function| _fbq string| SnitchObject function| snid number| TRD_ACC_ID object| formalyze object| techtargetic object| __insp boolean| CF_visiblity object| CookieFirst function| cookiefirst_show_settings number| __inspld object| hjSiteSettings object| hjLazyModules function| hjBootstrap object| hjBootstrapCalled object| GooglebQhCsO object| gaGlobal boolean| __clearbit_tagsjs object| clearbit function| parcelRequire object| ClearbitForms string| snWid string| snSnid string| snHost object| snGaConnections number| pagetime_count string| page_uuid string| prevLocation string| session_uuid string| snid_id object| Base64i function| $i function| __insp_ object| __inspcr object| __inspm object| __inspq function| setZeroTimeout object| __inspels object| clearbitsq object| args string| method function| normalize boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| LEAD_FLOW_DOCUMENT_READY_RAN function| $Trd_Base64 function| $Trd_i18n function| __awaiter function| __generator function| $Trd_Utils function| $Trd_Tools function| RecordsService function| __extends function| $Trd_UserPageHistory_Cook object| enRenderModes object| $Trd_InternalEventsTypes object| $Trd_TriggersEventsTypes function| mapBackendTriggers function| $Trd_Context function| $Trd_EnvironmentSettings function| $Trd_ClientCookie function| $Trd_CtaClientCookie function| $Trd_ButtonSelector object| Frequency object| UnitVisibiltyType object| UnitTypeId object| AceVariantType object| AceElementAction object| AceElementAddPosition object| AceElementAddType object| ElementReplaceType object| AceImageReplaceMode object| AceImageObjectFit object| CssSizeUnits object| AceTextAlign object| AcePosition object| AceElementDisplay object| AceBackgroundImageFit object| StreamContentType object| StreamContentDesktopPosition object| StreamContentThumbnailType object| StreamLayoutAutoLoadTrigger function| $Trd_Logger object| COOKIE_NAMES function| $Trd_Visitor string| LOCAL_STORAGE_ITEM_NAME function| $Trd_FormListener function| $Trd_UrlGrabber function| $Trd_Events function| $Trd_Pageview string| $TRD_MA_COOKIE_NAME object| $TRD_MA_COOKIE_NAME_MAP function| $Trd_MarketingAutomation function| $TRD_CtaComponent function| $TRD_CtaContentComponent function| $TRD_GenericLayoutComponent function| $TRD_FormLayoutComponent function| $TRD_RecommendationLayoutComponent function| $TRD_RecommendCarouselLayoutComponent function| $TRD_GenericScriptComponent function| $TRD_FastTextLayoutComponent function| __assign function| __spreadArray function| $Trd_StreamManager function| $TRD_SurveyLayoutComponent number| COOLOFF_DAYS_AFTER_CLOSE number| COOLOFF_MS_AFTER_CLOSE function| $Trd_ExperienceManager function| $TRD_ClientAppFactory function| $TRD_ClientApp function| $TRD_ClientAppDrift function| $TRD_ClientAppSixSense object| trdContext function| $Trd_AceManager string| TRD_HIDER_STYLE_ID function| $Trd_NApi object| TrendemonContext object| $trd_Context object| trd_api object| IdentityConfig function| $Trd_Identity

49 Cookies

Domain/Path Name / Value
.blog.morphisec.com/ Name: __cf_bm
Value: m4tXwVGohBHwP6nbZQQgLs4z0MnDx11QIr6TTVGTP2c-1725734115-1.0.1.1-bGbxOUQQYyBVMvQ.0UWRc7YfwJ.gOjpbAsZwWPLTP3pbbSPeA6KXP9pv104oTHJLaUFehrQ_ZjJOCX9E1yT4Jg
.blog.morphisec.com/ Name: __cfruid
Value: 6eae9a7b8e01e98251ca9c130dd87264925d64d1-1725734115
.hubspot.com/ Name: __cf_bm
Value: RZaHxrCo8Mip8Lo8PCTBpIAS.V24lGMKuV9xGP5SJVI-1725734116-1.0.1.1-NEMq1ae6JxALQTxuOCP.UnZSH27FCFS.5.13l2YZskunZTMvKqA7dhG461dR_bTjEh_gReFuXJHi5duiNDzCKQ
.hubspot.com/ Name: _cfuvid
Value: Hj938QEcgdPcIY1mfYBWhRzFA3BQVJfo22qeB23KlLw-1725734116619-0.0.1.1-604800000
.www.morphisec.com/ Name: __cf_bm
Value: Hsmhg.RIY9b0f_9Saz0V5O7vvEKGA6ypro8R3VicCGE-1725734116-1.0.1.1-ZTR6uQ0QZLv9FLbwJdaUjHbFqlq3BVbkv5nN2AxKpMMHqjB09j7P.Gn6WGo.PEsLSt52zpcnfvMpuQD1mggW6g
.www.morphisec.com/ Name: __cfruid
Value: 4bec809e955c7bf57def84b5afdf15916dcea4d1-1725734116
.hsforms.com/ Name: __cf_bm
Value: YfuaSPgbYiEJY4V7374tvbwe9xkMTKqvUUdHryEMoZU-1725734117-1.0.1.1-RMkJbNCfuCtdBaErZZRqTuHF4dmYgrTb0dzaEiQyolOMKzeFGJTjQBmwLFBUuHT34ZJG2fB3UTKphuPZeSEMYA
.hsforms.com/ Name: _cfuvid
Value: HnsHqdywKcjbFyYpUDg00nDsp8MeABPn.i67zu7Rs3c-1725734117627-0.0.1.1-604800000
.linkedin.com/ Name: li_sugr
Value: 4132474d-0d8e-420c-ba28-461decfa479a
.linkedin.com/ Name: bcookie
Value: "v=2&7b100c40-4320-4b29-84f2-2c18c10f20c2"
.linkedin.com/ Name: lidc
Value: "b=OGST01:s=O:r=O:a=O:p=O:g=3387:u=1:x=1:i=1725734117:t=1725820517:v=2:sig=AQEwwJJgOtWZZS_TflvtJQkiCqCHFDBA"
blog.morphisec.com/ Name: slireg
Value: https://scout.us2.salesloft.com
blog.morphisec.com/ Name: sliguid
Value: 82ab017a-41d7-4d9f-bc87-ae6d61968424
blog.morphisec.com/ Name: slirequested
Value: true
.t.co/ Name: muc_ads
Value: c15121f5-ad92-4249-8ac8-ec35095f5e79
.t.co/ Name: __cf_bm
Value: FzCL_TExqlJnpLvIZFC.tmQigbwefFWeV6UYU5R.jdw-1725734117-1.0.1.1-LoK3It.3gYG5W6gimR1yZEGlyd4IwgUPL8BwwQs5qzdzN97oKBggKhpK_zmbk6UgfnfuI..EfI2TP768Tm1lLg
.linkedin.com/ Name: UserMatchHistory
Value: AQKRomQ-Ok69cgAAAZHNxOIfqm_nQFBPTkUeFJGSq5txDM2I4S_CX_aZAbrw9oNxa_eGqW8Ar4Z8Ag
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLq5xJPl_1LvgAAAZHNxOIfZ_ObhFCEteb8AMfiqCPhSR6xPTv1BjD4iBlIqBX1KW2vtxoPNreDyV1aBF-Pcw
.twitter.com/ Name: personalization_id
Value: "v1_VZ1VxwHU/AY27YDU+UuTVA=="
.www.linkedin.com/ Name: bscookie
Value: "v=1&202409071835180d33620c-4f5b-415d-803b-c53bde32ebf5AQHoH5-cIyWU5Bo1qvQwVDWPlCjCugmf"
.techtarget.com/ Name: __cf_bm
Value: BIgbOSZHruB4Vufg6ulCLYz_o9YdiNHZf5BPiTO63cU-1725734119-1.0.1.1-IWcwBNclLqsz.7RJnZ6qj5V_.BKA24JaMTCmT98hLbVaJOsoSPQQBFvM9JPFKQ2asO771GQjkHzCTmebAsKV9w
.morphisec.com/ Name: _gcl_au
Value: 1.1.511159890.1725734119
.morphisec.com/ Name: _ga
Value: GA1.1.1833227746.1725734119
.morphisec.com/ Name: _fbp
Value: fb.1.1725734119229.454955028283884483
snid.snitcher.com/ Name: SNID
Value: eyJpdiI6IlBxU0ZYTXlCNGNNZGxzVCtYOEJqT0E9PSIsInZhbHVlIjoiYUZLUW5aUTdXNS8rVURBdk9lYmNRV1p3YVdObFJDYTF4WW5NZ1k2VHd3elE1Z0daZElNam1PRTZiVDBUWnplTW9tTG9SWmMweHBwazZjSUo5NWp1MU94aXpHdlNUeDdLaXJzVHhGR0FEdGJYUytMQ2YwNC9WVDVtVlp4MVJJNXMiLCJtYWMiOiIwNzM3OTI2YWNjNjFlODZjNzgzNzE5MjNmY2UyZTA4YTI3OGYyMzdmODgxY2Y4NzUyNzM3ZDVhY2FiMzEyODFlIiwidGFnIjoiIn0%3D
.doubleclick.net/ Name: IDE
Value: AHWqTUm2dIpdPcAnGIosK48UZE1W5_YuUW2MQw0S6CaqrYClqrGlFps_0A6q_29U
.morphisec.com/ Name: _hjSessionUser_3506314
Value: eyJpZCI6ImYxMGVjNWZjLWIzMzQtNTk4NS05YmExLWFmMTAxYTliNzViZSIsImNyZWF0ZWQiOjE3MjU3MzQxMTk2NzAsImV4aXN0aW5nIjp0cnVlfQ==
.morphisec.com/ Name: _hjSession_3506314
Value: eyJpZCI6IjJiMDk4NzI3LWQ1NjQtNDE3Ni1hYjJiLWE3ZWNmZGU1MDViNCIsImMiOjE3MjU3MzQxMTk2NzEsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.morphisec.com/ Name: __insp_wid
Value: 3274945
.morphisec.com/ Name: __insp_slim
Value: 1725734119748
.morphisec.com/ Name: __insp_nv
Value: true
.morphisec.com/ Name: __insp_targlpu
Value: aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vY2ljYWRhMzMwMS1yYW5zb213YXJlLXRocmVhdC1hbmFseXNpcw%3D%3D
.morphisec.com/ Name: __insp_targlpt
Value: RGVjb2RpbmcgdGhlIFB1enpsZTogQ2ljYWRhMzMwMSBSYW5zb213YXJlIFRocmVhdCBBbmFseXNpcw%3D%3D
.morphisec.com/ Name: cb_user_id
Value: null
.morphisec.com/ Name: cb_group_id
Value: null
.morphisec.com/ Name: cb_anonymous_id
Value: %22a6f719d5-e6e3-4162-9caa-025803c17026%22
.morphisec.com/ Name: __hstc
Value: 182053752.c3edc106a44a1f3013f1188d805ec797.1725734120010.1725734120010.1725734120010.1
.morphisec.com/ Name: hubspotutk
Value: c3edc106a44a1f3013f1188d805ec797
.morphisec.com/ Name: __hssrc
Value: 1
.morphisec.com/ Name: __hssc
Value: 182053752.1.1725734120010
.morphisec.com/ Name: _ga_HFVX4VZHCS
Value: GS1.1.1725734117.1.0.1725734120.57.0.0
.morphisec.com/ Name: __insp_norec_sess
Value: true
.morphisec.com/ Name: trd_cid
Value: 17257341213529732
trackingapi.trendemon.com/ Name: trd_gavid_2552
Value: 17257341213529732
trackingapi.trendemon.com/ Name: trd_gvid
Value: 17257341213529732
trackingapi.trendemon.com/ Name: trd_vid_2552
Value: 2552%3A17257341213529732
.morphisec.com/ Name: trd_vid_l
Value: 2552%3A17257341213529732
.morphisec.com/ Name: trd_vuid_l
Value: 2307606217567917817
.morphisec.com/ Name: trd_ma_cookie
Value: YzNlZGMxMDZhNDRhMWYzMDEzZjExODhkODA1ZWM3OTc%3D

1 Console Messages

Source Level URL
Text
network error URL: https://x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/forms.js?page_path=%2Fcicada3301-ransomware-threat-analysis
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1534169.fs1.hubspotusercontent-na1.net
analytics.google.com
analytics.twitter.com
api.hubapi.com
app.clearbit.com
app.hubspot.com
assets.trendemon.com
blog.morphisec.com
cdn.inspectlet.com
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
consent.cookiefirst.com
content.hotjar.io
cta-service-cms2.hubspot.com
edge.cookiefirst.com
fonts.googleapis.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
hn.inspectlet.com
ibc-flow.techtarget.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
lltrck.com
no-cache.hubspot.com
perf-na1.hsforms.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
snap.licdn.com
snid.snitcher.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
tag.clearbitscripts.com
td.doubleclick.net
track.hubspot.com
trackingapi.trendemon.com
trk.techtarget.com
u33254697.ct.sendgrid.net
www.facebook.com
www.google.co.il
www.google.com
www.googletagmanager.com
www.linkedin.com
www.morphisec.com
x.clearbitjs.com
lltrck.com
104.16.111.254
104.16.117.116
104.16.118.116
104.16.160.168
104.16.71.105
104.17.128.172
104.17.173.91
104.17.24.14
104.18.139.17
104.18.18.71
104.18.244.108
104.18.41.124
104.18.80.204
104.18.91.62
104.19.175.188
104.244.42.67
104.244.42.8
108.138.36.8
13.107.42.14
142.250.184.195
142.250.185.100
142.250.185.98
142.250.186.170
142.250.186.34
142.250.74.206
146.75.120.157
157.240.251.35
157.240.251.9
162.159.140.229
167.89.115.147
169.150.247.37
169.150.247.39
172.64.147.16
172.67.10.172
18.66.192.32
192.229.233.25
199.60.103.225
2.21.20.141
2.21.20.155
216.58.206.72
3.127.196.46
3.127.89.46
3.209.4.234
34.111.208.231
52.210.223.39
54.159.40.228
54.230.228.126
54.230.228.76
74.125.71.155
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
03acc5c7069d79f53c0902c716cc6c6f1463d8ebb87724d39e5cb03f3f9d7890
059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21
0ac1ff3518711e400d359a747573b1093b7999a6d346e30229de52eb04c7bc9a
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
1110e873faaf8587fec6ea16890b1dafb9f8eb032c3cd97c325da63dabe2366f
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c
1fb9092683cdc84ad2d4099ca958bb2dd1e102a8e754f503e997cc95ff5d4b11
1fbec94ad9621a43267c401bb53db7e0605c1a5fb4b666a613356bee7cb84d81
21b4725e42948eeab21e8cf6f0affb63ebc065012b4c7dff779e428ebd33a814
29708f28a3bb895bfaeee4301b119d6010da1194cc92791cefacfd8aee2ac61c
29d75c11c817e84879c2a9e14fe064ed93a1836237ef52bade04498a2c491887
2a1fdc11e71ad7a498f640aa38861340d5a0e0c2b3d87b411b441094879781b8
2cc69af154ebf95f51b22e07d9b6f193a271ee3c164581959c640d64594f6583
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f58a1e13d92ede8811d5fda062de5e517fea3b6b2456426e70bbc55caf54c9d
30d9352dba9e93229b1c8498825e7530a5ff88c0fcf9a8af9aadabf7bd1946d3
3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1
3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117
3c66f537de497e2306014e30c269b7d65e0671eec4b25e53120de90d627100f5
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
3dd258baa6cbc14c2a6a22803337f584d9fd08907952e766c0d33527d9ae302c
3f41279cf520aec3c46e0453fb74fd89d817f435b93a2a817e0e62e22f86fef2
3fc6f43f8d589a8e68a0242c1b868cc5219f5bd368d1b960af52716a8541dfec
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56
40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786
46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4bfb1f000c6d71d1b6517f4c810e2bb7ba285847908130417c2327cdc90dd1a9
4c1113b143de12d58d3771cbddb3a4e7c76580a89ea241479cc9bd5288fd2fd0
4c9858389f5a19c38096fadcfdcb27093e6171ae07d9eee8e7889be147d912ab
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e0a2edf9cc6b61a6576a95fe791ac7b4470577d68e0cc738a2f90d2d6416589
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
4f36c754ab4ef940685e8c1ae109278b2650dacd780224f7da02d6da0d9aaa64
4f4e0fe15923669c401019d7a3d796f1ae840e5727cf10add444d7e507f6be14
5ad1bae6d460c542914e6daf142d4bdcbd71aabebe3c551ac3cb82408e71a77c
5d35e4ed0a281a038c44026cd726b9565c816e71f7110d504e74b55ede14f40e
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5
60bd6bad64c21fc8b1d3f6bf3fa261780974e6b0489a67a1d02db33fb4c9b7b6
636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8
64721567e86287f60059bec2e86aabc56a0e03a8ddb3004fc69d62ca0ef9ab3f
648318e55febdac418f0f8a23db309f81c273a66c5eb41a8aab85b29bebcdc9f
69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72
6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545
71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
731c83ae09a31a77f42aecbd9890afd9ad0a7df71e997136de72b5fc0aebb54d
7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3
76a0ba788a9e1c9a498af794e2cb82d3133d31b4492540c0f7984e1c74421669
76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2
76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14
7c582122fe84d98e7ea5d09a33753359544b2cfb4e0e169e6ad72b92435c8c86
8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded
863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4
86edbb9bcaeb16e5c5eebf6a276d512fb36f174ae2158876937d79beb2377616
87d049fc6d16da1f81063235c0e3d31a4656800cbbdca8277d6ae56614a52aba
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
8a9f4bd4531c1e4f5525230daac9d7d25923de3ea367659f8b008d60f96ac167
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
93e85be27eea7299d8af517f64e6bb38425373b848ffb3dae3c13806ee67f5e6
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
9de5761fc6870deefd28dc5df2f67f6eacbc99bb2a04a8e3f6eaee3620bcdba0
9ec3c84e8019f979befe03094b124908c617d66036668dade9e8edf77b239924
9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b
a35a931442b38053d80e19c7725fcdc8bbadd1924f074d1481cb5220d638f23b
a9846ccc91a3e474d8722126691222710c4fbc17e360ea540db5841a8917818d
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd611420c0557b18c6fbd0dd66eb643fc3298fbaccd15e0a2ba9fdf78f2ca72
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65
ae0393f48f5412e3124cafc47dd3e8b7bd39a6eb1f2517883c8b175df4df6334
af7dd046368b5af76d606a0d986a21ec8bf987b968ed73f638427e95fb792d26
afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b28f2758dd0c48fa0e8e33ccfee02f1b581b93484aae2af63190df3d4bcc068f
b364babb52cb930beb7e5e61f549d739c155b2f8a24415bb8b401b0d6cb3eddb
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
ba7dc0cc2741341a8134b4446d67e2068ac2c211a9f774c92d55ce3a6b32220d
bdd1d266ae01452fc70f49bd77332953f6c48465656b6060852062924a0f7e6f
be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
c1ec6cc9298abfd5f55733391e1b5d79023905f4c06a4864aad3f3411b201796
c78fab07d4ee469def66170220968c4e790992e5adc971a34edc7eabc695e79f
c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453
c8f61ff99bdb7078fb9a587059822d308fa9f3e5f9765101876426ab9c4363cc
c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca9452f5b6246415f240f8e0a83fa4dcb6433a0d4797da3860366e706c331954
cf0051e031a4e1698368f5c5b4830043d09485a122338d44c8cca443664116a9
cf1cb8930dbca6515121d94c81df4c6b2567c5021435ab4ac683abfc51768ec5
cf1d86ae566e620f5f69c4627e1859d61567555afbc78c397876cde4760c7dad
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9
d0b1cb1455ecf8ab5a7eb203460cc7ff790df097c5907eb3d27ff7344282517e
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
d27825196ad091987820f3ead157595d5a5e482b8849982da00b9395a6f590bb
d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c
d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24
d55c5c087b78d0a3bad3c12d42deeb4b2b6db8927ef017a8ebdc54867ce7a39a
d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461
d8f88f75eb42a91ff0f03b4c7f97d4419170d7bfc371e57a37884c0903e46640
d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5b1ceffda14543118fcc1d2d886fa5049d579ef1d139a7e94efbe9368fa9235
e717c1d53f9598b02a6a3ccb937d61989af5ae4af0ef0627b922aca16dd460c7
e7902b56545718b3f9dcc015b4acab60270239d559b0adaae9e5c81dd95a89a1
e87be82092a8e1a5544ef566ba1a636162eecb31e33095c6f17eb06c87cc2efb
eeecc1c14b175e0226295f130c6121ddf605878b3489fd61181911c17c9b2a74
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
f249a1513e0583c985b16df9fc5c772b676efb5e44fff5d801cf575cfb819dc2
f2efbfc76e8bafe6af1f50dc8a7df65df9e914529403bfa8d1decb18c3f42975
f322afdaf7184e4ddd7fca589f89cdd7e2e2721dffbf8abed7cb1eca88b0915f
f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5