urlscan.io logo urlscan.io
SecurityTrails logo

blog.minerva-labs.com Open in urlscan Pro
2606:2c40::c73c:67e2  Public Scan

Go To Rescan Add Verdict Report
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Submission: On May 31 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 31 IPs in 4 countries across 27 domains to perform 88 HTTP transactions. The main IP is 2606:2c40::c73c:67e2, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.minerva-labs.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 16th 2021. Valid for: a year.
This is the only time blog.minerva-labs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
30 2606:2c40::c7... 209242 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 2606:2800:233... 15133 (EDGECAST)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:215... 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
6 2a03:2880:f01... 32934 (FACEBOOK)
4 2606:2800:234... 15133 (EDGECAST)
5 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 142.250.186.162 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 143.204.101.136 16509 (AMAZON-02)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 44.239.68.10 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f11... 32934 (FACEBOOK)
2 104.244.42.136 13414 (TWITTER)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
88 31
30    2606:2c40::c73c:67e2 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
blog.minerva-labs.com
1    2606:4700:3037::ac43:d586 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.popt.in
1    2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
1    2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)
platform.linkedin.com
2    2606:4700::6811:f3cc (United States)

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
3    2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)
ws.zoominfo.com
3    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2600:9000:2156:f000:11:3b84:d200:93a1 (United States)

ASN16509 (AMAZON-02, US)
assets.website-files.com
3    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
6    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
static.xx.fbcdn.net
4    2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
5    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
app.hubspot.com
track.hubspot.com
1    2606:4700::6811:cacc (United States)

ASN13335 (CLOUDFLARENET, US)
api-na1.hubapi.com
1    2606:4700::6811:43b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700:4400::6812:21ab (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
www.googleadservices.com
3    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    143.204.101.136 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-136.fra50.r.cloudfront.net
cdn.amplitude.com
2    2606:4700:10::6816:38f5 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.inspectlet.com
hn.inspectlet.com
1    44.239.68.10 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-68-10.us-west-2.compute.amazonaws.com
api.amplitude.com
1    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    104.244.42.136 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
3    2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
30 minerva-labs.com
blog.minerva-labs.com
662 KB
6 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 643
syndication.twitter.com — Cisco Umbrella Rank: 881
149 KB
5 hubspot.com
app.hubspot.com — Cisco Umbrella Rank: 5898
track.hubspot.com — Cisco Umbrella Rank: 2049
2 KB
5 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 3007
px.ads.linkedin.com — Cisco Umbrella Rank: 320
www.linkedin.com — Cisco Umbrella Rank: 560
px4.ads.linkedin.com — Cisco Umbrella Rank: 5318
162 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 144
200 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 6117
674 B
3 google.com
www.google.com — Cisco Umbrella Rank: 2
674 B
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 97
16 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
2 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
20 KB
3 gstatic.com
fonts.gstatic.com
84 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 42
2 KB
2 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 611
138 KB
2 inspectlet.com
cdn.inspectlet.com — Cisco Umbrella Rank: 9583
hn.inspectlet.com — Cisco Umbrella Rank: 9356
63 KB
2 amplitude.com
cdn.amplitude.com — Cisco Umbrella Rank: 2592
api.amplitude.com — Cisco Umbrella Rank: 1305
22 KB
2 hubspot.net
cdn2.hubspot.net — Cisco Umbrella Rank: 6870
92 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 114
15 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 1967
16 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 1960
20 KB
1 hubapi.com
api-na1.hubapi.com — Cisco Umbrella Rank: 21997
792 B
1 website-files.com
assets.website-files.com — Cisco Umbrella Rank: 11796
173 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 206
28 KB
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 5462
2 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
70 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 760
3 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 624
79 KB
1 popt.in
cdn.popt.in — Cisco Umbrella Rank: 25606
display.popt.in Failed
42 KB
88 27
Domain Requested by
30 blog.minerva-labs.com blog.minerva-labs.com
cdn.inspectlet.com
4 track.hubspot.com
4 platform.twitter.com blog.minerva-labs.com
platform.twitter.com
4 connect.facebook.net blog.minerva-labs.com
connect.facebook.net
3 www.google.de blog.minerva-labs.com
3 www.google.com blog.minerva-labs.com
3 www.facebook.com blog.minerva-labs.com
connect.facebook.net
3 www.google-analytics.com www.googletagmanager.com
cdn.inspectlet.com
3 fonts.gstatic.com fonts.googleapis.com
3 fonts.googleapis.com blog.minerva-labs.com
2 stats.g.doubleclick.net cdn.inspectlet.com
2 static.xx.fbcdn.net www.facebook.com
2 syndication.twitter.com platform.twitter.com
2 px.ads.linkedin.com 2 redirects
2 cdn2.hubspot.net blog.minerva-labs.com
1 hn.inspectlet.com cdn.inspectlet.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 api.amplitude.com cdn.amplitude.com
1 cdn.inspectlet.com blog.minerva-labs.com
1 cdn.amplitude.com blog.minerva-labs.com
1 www.googleadservices.com www.googletagmanager.com
1 js.hs-banner.com blog.minerva-labs.com
1 js.hs-analytics.net blog.minerva-labs.com
1 api-na1.hubapi.com blog.minerva-labs.com
1 app.hubspot.com blog.minerva-labs.com
1 assets.website-files.com blog.minerva-labs.com
1 cdnjs.cloudflare.com cdn.popt.in
1 px4.ads.linkedin.com blog.minerva-labs.com
1 www.linkedin.com 1 redirects
1 ws.zoominfo.com blog.minerva-labs.com
1 www.googletagmanager.com blog.minerva-labs.com
1 snap.licdn.com blog.minerva-labs.com
1 platform.linkedin.com blog.minerva-labs.com
1 code.jquery.com blog.minerva-labs.com
1 cdn.popt.in blog.minerva-labs.com
0 display.popt.in Failed cdnjs.cloudflare.com
88 36
Subject Issuer Validity Valid
blog.minerva-labs.com
Cloudflare Inc ECC CA-3		 2021-07-16 -
2022-07-15		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-17 -
2022-07-16		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-09-10 -
2022-09-10		 a year crt.sh
hubspot.net
Cloudflare Inc ECC CA-3		 2022-05-06 -
2023-05-06		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3		 2022-05-04 -
2023-05-04		 a year crt.sh
*.website-files.com
Amazon		 2021-11-12 -
2022-12-10		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-03-10 -
2022-06-08		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-10-19		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2022-03-08 -
2023-03-07		 a year crt.sh
hubapi.com
Cloudflare Inc ECC CA-3		 2022-05-07 -
2023-05-07		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
cdn.amplitude.com
Amazon		 2021-12-17 -
2023-01-14		 a year crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA		 2022-01-28 -
2023-02-28		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Frame ID: 2B29E9DE00733D76DF7AAA7ED625ACD5
Requests: 82 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fblog.minerva-labs.com
Frame ID: 441C3C363EC9E182BDFCE9BF1151E57F
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df259136e390824c%26domain%3Dblog.minerva-labs.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.minerva-labs.com%252Ff31b734b0cfe91c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 701ACCF3905D29115F63DC498A8D08DF
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.bbd13993eb53d3a11ac08f5e8cf9d6a4.en.html
Frame ID: CA0DF0B1912F7CBB579C993247693221
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

New Black Basta Ransomware Hijacks Windows Fax Service

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • cdn\.amplitude\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • cdn\.inspectlet\.com
Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

88
Requests

98 %
HTTPS

84 %
IPv6

27
Domains

36
Subdomains

31
IPs

4
Countries

2061 kB
Transfer

5202 kB
Size

33
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=179060&time=1654014314378&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D179060%26time%3D1654014314378%26url%3Dhttps%253A%252F%252Fblog.minerva-labs.com%252Fnew-black-basta-ransomware-hijacks-windows-fax-service%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=179060&time=1654014314378&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=179060&time=1654014314378&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&liSync=true&e_ipv6=AQIWyuMyrKfXWwAAAYEa74mYoENTWGr7RgbAKL_154dehBYEQEn89mJPN570B4GCFzoL3qkg

88 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request new-black-basta-ransomware-hijacks-windows-fax-service
blog.minerva-labs.com/ 		107 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
fdc7719d769d652c706bba003eaff72320f96cd24f6496149624174512bbdfd0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
s-maxage=14400, max-age=0
cf-h2-pushed
</hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>,</hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js>,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>,</_hcms/forms/v2.js>
cf-ray
7141107649819bb2-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Tue, 31 May 2022 16:25:13 GMT
edge-cache-tag
CT-72428371346,CG-5277286107,P-1903456,L-45789125893,L-5280864655,L-5280864657,W-24913933598,E-5280864650,E-5281005048,E-5546480399,MENU-24913933598,PGS-ALL,SW-0,B-5277286107,GC-39066173458,GC-39683429323
etag
W/"6f23cbc0390c717913f4d58099022e76"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Tue, 31 May 2022 14:32:14 GMT
link
</hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js>; rel=preload; as=script,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TVyyErnpml%2B7q02Jw2K0mqODpGcNM3TjRBagiZ6n0vt8%2BKXKWTCqnxyb%2FiL0OCqdbZzwcYA%2B29EYn7waBt5jmqWLEB%2BLicv6T042OxiQq2vmZ75R%2BpnjdsVGZ03%2FHSW3lbjkNBkxE2BUFHx92TNJD9HMKg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=14400, max-age=0
x-hs-cf-cache-status
HIT
x-hs-combine-css
Disabled
x-hs-content-id
72428371346
x-hs-hub-id
1903456
x-hs-prerendered
Tue, 31 May 2022 14:32:14 GMT
x-powered-by
HubSpot
comment_listing_asset.js
blog.minerva-labs.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 656be55f933cf25841b96f9c9070a178.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7959995
x-amz-server-side-encryption
AES256
cf-ray
714110767a399bb2-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 17 Dec 2021 15:26:09 GMT
server
cloudflare
etag
W/"2455723721db341ff86a4f64384a9c0d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z9uHq3QoOTnXyQxrIfqZ%2BFkLJKA6PGoU0LRyIpKRQ%2BadXBWurc0%2BotZVCbO5nf6AC%2FWBqmSN95ZCYSAEkx8VE%2FRwgw%2Bkf2%2FGOuXeCSoglT%2FtTccBeorCAEr9EtlkiMhXWTy31WrkNZY4P7HroInAIU2y%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
4D3b_.jtdSCbU1XTktruWk73HT0wxWk7
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
application/javascript
x-amz-cf-id
pxp6jAMa8Ftejwma1eFbS1trg1-UMoViD_rjEjDQwZK9AYtQS4mCTw==
expires
Wed, 31 May 2023 16:25:14 GMT
project.js
blog.minerva-labs.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 		2 KB
956 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
10919818
x-amz-server-side-encryption
AES256
cf-ray
714110767a509bb2-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Wed, 19 Aug 2020 22:24:11 GMT
server
cloudflare
etag
W/"ef84f26c310485299d6b75777414eddb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5h938%2FBlMEn8uNebvvxysihqeLAvsqybRhm84AfhkZJpT%2BF1RdiMBybEaQhj19kDHS7D2GAKkouV8D4dKKADEuzLLROEJ7eYZ%2FB%2B4YBRegiO8%2FzvZDfVK0uEBZlHWAB%2Bp7fc%2FllDwXHdcs6GS%2FulR9l%2FSw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA56-P2
content-type
application/javascript
x-amz-cf-id
s9YXYYo1XktpHLSZh7eiF5Tx-K7qGHbI6vNyjbm_5y5nJQLhANDTdQ==
expires
Wed, 31 May 2023 16:25:14 GMT
index.js
blog.minerva-labs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 9f6a623c512f1a1b6fd6b2d4bd697472.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4936258
x-amz-server-side-encryption
AES256
cf-ray
714110767a569bb2-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 25 Mar 2022 12:04:14 GMT
server
cloudflare
etag
W/"fabb1243bed29fd93cc5e0ce02ce9114"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K51TGNXA844SsSQ6f9DYfLdjCNTUaz7tQjs2kBShLQ%2FRI5z%2F3sjdT1W7eUXyQPea0f%2Fp5x2XK0UYyx8ZIk7Dl8FeJ9tItxNjBgaSCfBWBgJysYgwoq3Wjc9C8x%2Fymr5acmGBukqq%2FWk03U6GZfINeDFQ7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
ye98kzU383wl95_ydpYD.3IraNY6l134
cache-control
public, max-age=31536000
x-amz-cf-pop
HEL50-C1
content-type
application/javascript
x-amz-cf-id
n2z6T0-l1TVENVytbPy8Yb3-9nbkvhf6DhMzteLEvPGjXDYbQ1ov8g==
expires
Wed, 31 May 2023 16:25:14 GMT
project.js
blog.minerva-labs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7958161
x-amz-server-side-encryption
AES256
cf-ray
714110767a5c9bb2-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vexxTRePv3gsEXy5vdkjcYo2q8wItbxBvV%2Bg66dw%2BBX0W%2BHyzABmHwK039kYeOO%2Ba7TcOnBLg9og7UJ6UspAqiZejB6Z1Bx7ryDJ4Q764CQ831UQ8Vj52B5AnTXUq9fc0HO%2BaR3Zv0oU8%2BslmzdXs8%2FnTA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
application/javascript
x-amz-cf-id
lW4qF689P3Dc0HMw43ovy8wjZ74uhX_Wh4bq4rNr2huIwgx-yNd3Uw==
expires
Wed, 31 May 2023 16:25:14 GMT
v2.js
blog.minerva-labs.com/_hcms/forms/ 		585 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
99b339bc73a2fc0d4b5d522d9ea92e14cbcc7fd6d09c01d0468ee8ff3f5d76c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 126bc2e5c4c1b9ac0ffa004edc6f02c4.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
23
x-amz-server-side-encryption
AES256
cf-ray
714110767a649bb2-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Thu, 26 May 2022 10:16:33 UTC
server
cloudflare
etag
W/"8e787568a774ef6576b357a500149886"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N8plo3XFR5hziikPkABu2ciI8Lg%2B19Hp%2BtEWwP3qG5HY507OVaqqfiqM9sLaidKttqVraZnjLm1MZztC8tKGr4JkqevbaQNP3ftM1hC0jtyd6UoZdXaD1uTYDxW2cScZ%2Ba72yBKIOUILRubaVANZXdy4dg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
p6q9N0Kk3x.Xx1vsG_I4Xpq2EH4VShWu
access-control-allow-origin
*
cache-control
s-maxage=600, max-age=0
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-P1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
8oe5QxlgqplDVgNd0Z8JHE9QVwPdzhCFtc_6aqDqNTU16RjtEGGl3g==
x-hs-target-asset
FormsNext/static-5.502/bundles/project_with_deps.js
jquery-1.7.1.js
blog.minerva-labs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 		92 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7941082
cf-ray
71411076aabc9bb2-FRA
x-cache
Hit from cloudfront
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QsAsxVstDy8en%2BhUq9r2QHYPJKa9ngBu3jiXP%2FL9QMDbS3EN7R6QwwIjLjrHMmE%2Bc%2FE5I3Xo8xKWEV9kuXP9FZEj8zPPvn87qqUSHc%2FTXzoQMt1ro%2BCEAsutTCovWz%2Frl2Y8FsGzUBIDRJeEjqy323sAYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
i44cm0oGwhEhbb1Ts0RFB35EBFsTsnExeW87nuouoe1GM0_CQJ-O4Q==
expires
Wed, 31 May 2023 16:25:14 GMT
project.css
blog.minerva-labs.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/ 		720 B
811 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
10919818
x-amz-server-side-encryption
AES256
cf-ray
71411076aabe9bb2-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Wed, 19 Aug 2020 22:47:10 GMT
server
cloudflare
etag
W/"a81c70764750950eb72d4537c41e781f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MzhXiughur8NP6KRSUwbX25J4%2FFpKxP9y6sAXHAM%2Fro8VR63Rgwp2eZYt%2BpieHeLXKQEVCt%2BRyJ9iXSST%2BEGN209573TjBEzJNOCgYXq2cip7O2sCeNKuDIjmk44esg%2FxiZlEZ4%2B5THvIyxaa2N3pE7lZw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
7bzlyDLBPgFUhJmnx6rYCRN4B2XAfbkA
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA56-P2
content-type
text/css
x-amz-cf-id
dgo92CP0AeFfn2L5OZcyNdbmuH94F1TjBHAkhginHFogS31QQ9pbbA==
expires
Wed, 31 May 2023 16:25:14 GMT
comments_listing_asset.css
blog.minerva-labs.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs/hsstatic/AsyncSupport/static-1.122/sass/comments_listing_asset.css
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7955233
x-amz-server-side-encryption
AES256
cf-ray
71411076bac19bb2-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"6b1d31d121f4c84e5ee3b7d7446495d8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8IgkNw3Q9tDBLYSjZ%2BGFQaHHZz2X4T%2BjaGo1I79sDTAjXWZlqJ7ubuFl94sJmNviIU0HURxHTSKXTCmLf8vJiep8BJkWsVHmRPA5Gkvle6wWAZs19Zq1ovhPhK%2FejP36JXVxfEBX28sjmLV%2FQ98jKVMccA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
LQgaE1SSZjkxZtePb5jE9vLc6kDw7LTx
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
text/css
x-amz-cf-id
8sbSr9NMcHawNHMO0mxh4b20f5Gjo-AibhTwXlORcSGierYGNJAEJg==
expires
Wed, 31 May 2023 16:25:14 GMT
pixel.js
cdn.popt.in/ 		197 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.popt.in/pixel.js?id=40658aeee0114
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:d586 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9c785e1cf09c0144ae04b8ba3bc440a3dda64ab7d22e7da3c4df81448a8a343

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 b628053fca1386b0c2ba37163842b26e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5684
x-cache
Hit from cloudfront
content-type
text/javascript
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 31 May 2022 10:50:21 GMT
server
cloudflare
etag
W/"91357b99df25c697d2f6a1f0e118120d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P4V3qRJJhIHit4PXjmv%2FlgvwTnXTibVfbZhNfkES5WeFpdYM2XGfKK6BNFYJjxSOkPr5DRfMc9eCxCLSuD1Dfwl1toKIHeIA23grlujZ6z7bXGHKW4txiEvfjZ%2F0QPaAZsfGurnFEp29HQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
l1yE5dSdV6.GUPlzE5CPjOgd8WMwCrPq
cache-control
max-age=1800
x-amz-cf-pop
DUS51-P1
cf-ray
71411078fb8568f7-FRA
x-amz-cf-id
xAenZ0h-UFmbT4nK45zcmKXFch9SebxDQcs5cx6gRwDLzZY71lSBYg==
jquery-3.3.1.js
code.jquery.com/ 		265 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Origin
https://blog.minerva-labs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-42587"
vary
Accept-Encoding
x-hw
1654014314.dop203.am5.t,1654014314.cds300.am5.hn,1654014314.cds146.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
80268
in.js
platform.linkedin.com/ 		507 KB
159 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F0A) /
Resource Hash
442ca14e2177535f499cc256c1a56c4b449a91e2054f4cb86f91f658eb3ed182

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
gzip
x-cdn-client-ip-version
IPV6
x-cdn
ECST
age
484
x-cache
HIT
x-cdn-proto
HTTP2
content-length
162501
x-li-uuid
AAXgURrO1n81W2+rvuf8DA==
server
ECAcc (frc/8F0A)
last-modified
Tue, 31 May 2022 16:17:10 GMT
x-li-pop
prod-lva1-x
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
accept-ranges
bytes
x-li-proto
http/1.1
x-li-fabric
prod-lva1
expires
Tue, 31 May 2022 17:17:10 GMT
layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1653990627818/hubspot/hubspot_default/shared/responsive/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1653990627818/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9939d9d43758f96973864a4523afd259232ea6e8eb0a3ff56efe835df25a9648

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1653990629079
date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
23657
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9dCVbYGzRbHzpIr%2BK%2Burnk0yp1GGRPkMG4q%2FSXDmdGMMna5hgITRLhiTrS608oeX0zBtcPsHyw5LTXuo71WH%2BsFn9KCy1FE0Y8oPqj1BZu%2FNEQ6ay8JPizCrg5QI%2BEvyw7xILAPRZEfkOq6PZek%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
last-modified
Tue, 31 May 2022 09:50:30 GMT
server
cloudflare
etag
W/"6a0c6f0f4801ffb2c2d0e4ae19852d07"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop
IAD89-P1
cf-ray
71411076ef00918f-FRA
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Minerva_August2017-modules.min.css
blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5280864650/1569743981118/Coded_files/Custom/page/Minerva_August2017-theme/ 		14 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5280864650/1569743981118/Coded_files/Custom/page/Minerva_August2017-theme/Minerva_August2017-modules.min.css
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
53d029c7cdb394d5e7c0f1a50af69d2b2e07c144dd103dabab8a46ac9c73514a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 de349bd2105a0a744704f391ff854e62.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2171
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
5VZWD9GXR58KJ3EJ
x-amz-id-2
RsRzwk3Uo40R/xcWt0cu8xPQcisiXiM/JpCsmRYtf59MG3EBXCPQ/z/YUi891kRXoS2zx7/WDjU=
last-modified
Sun, 29 Sep 2019 07:59:42 GMT
server
cloudflare
etag
W/"75def65e552cc49ce9c9c442f1062a88"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FhKH4dhzK9Qgp51cAHgtpX8J7aza9AREdcXcsP2cQxDp1qDpGBnN2ZWc%2FmCZgl6TgAymlZKjfNchbWYiC3h5fZgnJpeSRG4fQl5HD9Yn2icAVqO3h7MnsjXXYscj3cUT4uVW2EclWVTRFI5e8UANbz5obw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
dqYWjpfFLuVozFQQxGUx9I4qGJMb9qrk
x-amz-cf-pop
IAD89-P1
cf-ray
71411076baca9bb2-FRA
x-amz-cf-id
VgVjcARQnlhZ60Vf3WBxiU5tIiSg6xr7k3J8ZnAHHpdrg3QxRwMwpA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Minerva_August2017-style_ClonedbyHSSupport.min.css
blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5546480399/1569743982562/Coded_files/Custom/page/Minerva_August2017-theme/ 		46 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5546480399/1569743982562/Coded_files/Custom/page/Minerva_August2017-theme/Minerva_August2017-style_ClonedbyHSSupport.min.css
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
28779629990a8be847b5813125962616ef6fb1c0c8980e50f76ab2a66612b92e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 920629f47fa586ce02a1a1af8b626578.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2171
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
MTVZJSQ7F8V10X5Z
x-amz-id-2
tIWIGl+ChNGPBovfTGNVn3PVo0LV95SeBeEm7RJXtlR7/t1ZuZlgvtX+IMaWAQQvkOHRJ4Yfuzc=
last-modified
Sun, 29 Sep 2019 07:59:43 GMT
server
cloudflare
etag
W/"ba51103a3a7817e94df7e6ebf23d3a73"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OBjd6F5gjjgKqj7TCBe8xkb8ZJ1Yiem7p4QezecjDYtcL88OASXA7rVe5iIvCTsOZRMbR6WIJRl1Z1PWF2Govdc7gwa2CIjhU22%2Bzd7nweRe01PQXNncVTRCnV%2FhA1QWKuQBZed%2BUOZD0X90xV9f%2BprQ%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
Ny3l3K6ecG0uEkX4VMB6n6x6qekINxuL
x-amz-cf-pop
IAD89-P1
cf-ray
71411076bacd9bb2-FRA
x-amz-cf-id
eh3wkBGKicKhDcceUaSNiYR2YKI4UOKOUefa4kff06QTsBhCo94mBQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
css
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:400,600,700&display=swap
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1d1c9bc6f9d52ed8f452bafb66bbfa138f0c01a3bdc9779440eda71895bd8b07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 31 May 2022 15:54:17 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 31 May 2022 16:25:14 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 31 May 2022 16:25:14 GMT
Minerva.png
blog.minerva-labs.com/hubfs/Minerva%20August2017/image/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hubfs/Minerva%20August2017/image/Minerva.png
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
474e34e3f4e3c8ac272374debd1bbff52680b9d99d613b545a27a3b9c01898de

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 80c1ad5f9352d00b95a9da73eb6b6be4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-5281039506,P-1903456,FLS-ALL
age
262578
cf-polished
origFmt=png, origSize=7544
edge-cache-tag
F-5281039506,P-1903456,FLS-ALL
content-disposition
inline; filename="Minerva.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
S054THNJJ21VWDRX
x-amz-id-2
Q6kRG4beS0o3/AcOjzkUA7urCV6Gi4+rPLqw2heOTY1P1mC9z7fW709+1OlG8X9XJi5TMa2HQyg=
x-cache
RefreshHit from cloudfront
accept-ranges
bytes
last-modified
Sun, 08 Oct 2017 16:35:18 GMT
server
cloudflare
etag
"9f12d4a1cd612a88653561184f5279c8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9TDxxof%2BDHH7u56aBnXlodr6JiLTRv0GwouCExjHLv1oIb3J7rba%2Bk%2F4treibK73pmHZ2eOQ3n%2Bk8%2FzrVY%2BG58zFDBtoRU8HcaLmGy9R36uqR0RzkeDTnaG%2BL1QLe31d6T2A%2BM3CU5BjcbIB%2F3%2BtlI6yAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
vXQDomk5wiz94X7v9NY4cWUuE1EfiDhM
x-amz-cf-pop
FRA50-C1
content-length
4656
cf-ray
71411078b8299bb2-FRA
x-amz-cf-id
-do6UK-rhfCgXKp9n7kV4NkfXgLegKbOyJpTX_oN1M_RAg7smRvewA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Black%20basta2.jpg
blog.minerva-labs.com/hubfs/ 		134 KB
136 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hubfs/Black%20basta2.jpg
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d86f41ac5b0e42d19f37f94091d5df2634b3fa83efd25b907105ba2ef9a4e17

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-72435579162,P-1903456,FLS-ALL
age
108355
x-amz-server-side-encryption
AES256
edge-cache-tag
F-72435579162,P-1903456,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Black%20basta2.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
8ZPB57ZSBWE7E8F4
cf-bgj
imgq:85,h2pri
etag
"1ecfd7d8c8101c8a09facd030a5f7ebc"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis
1651485092664
date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 5317564e96c9dceb46123f6c5f149a02.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=252863
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
137718
x-amz-id-2
b/ESq0mszap4DxuAaxi9lvSBnyzUQvyy/lALdNUUYqoNANpvOacJuIrGuHHCUFeYngz6YrHHiIs=
last-modified
Mon, 02 May 2022 09:51:33 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Loyf6oIqCxZDSG5w5O8fySqJyC7gAkDEKHvSqDaHJEaYUnFmSy%2FTYmmvnyhcbJ62fTIlYCq5AwgFqQ9O2D%2FEDFE0u%2FRPN26htlpZUDNrCAH1ddMH%2Fu9DUNo0Y2kqaSY0XabmalTV6PNBLdKQfjDkzwsyeA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
85eGkdvTw61nisMASZDB5Qxc8OCSfs.U
accept-ranges
bytes
cf-ray
71411078b82b9bb2-FRA
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
YU_J--e9QYpKHUZnx-bpjCXZvBQJ1e5FoQ5X386y8v01JC3m3SVZYA==
office-header%5B1%5D.jpg
blog.minerva-labs.com/hubfs/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hubfs/office-header%5B1%5D.jpg
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8afed56d9230a927539efebbb4dd3c6f80c344aac335e981b0affbba216746fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-74972357511,P-1903456,FLS-ALL
age
1676
x-amz-server-side-encryption
AES256
edge-cache-tag
F-74972357511,P-1903456,FLS-ALL
x-amz-replication-status
PENDING
content-disposition
inline; filename="office-header[1].webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
ARDF6EPCBR8T33C9
cf-bgj
imgq:85,h2pri
etag
"da2f01a5be7e542fd1e8e6b5282a16f9"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis
1654007014712
date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 48c20cb247b267a59a8191c4d3bd787c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
MUC50-C1
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=53718
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
19750
x-amz-id-2
ObqMHU4XPeoAWHy6ZA6VQa98aXKfayjatY/TWP5hXqtNeZ5aoJrPxqUx7eC0/fRQCyebY50Upj8=
last-modified
Tue, 31 May 2022 14:23:35 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hS8XuIC3Nn1%2FwgBpIehoeIVLabBaYRX%2FfW9NT35mKBJUtOQbMLk0Tb55iPuuyT%2FYuIXOe8JswDB9OruYdqP%2BPAO4cFa8fpTef%2B3PB2%2FH3NoqLCzlMi9r5IOLhxZQMbRanD4T6rWBsKH7yqDTKkfbO74Qsw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
5WeWPTorrwQKEyNe9zW30pxCXho25AK9
accept-ranges
bytes
cf-ray
71411078b82f9bb2-FRA
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
6hursE-kEi2yCUU3ESf0J2kODYn7COlsofuoZPTrMZQpKtJtlJpB6g==
Ransomware%20evolution2-03%20%281%29.jpg
blog.minerva-labs.com/hubfs/ 		71 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hubfs/Ransomware%20evolution2-03%20%281%29.jpg
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddd2a2af5c5276629fe1608ebf424fbf58a3db1fed37f06881d6d8702ee16615

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-74013684803,P-1903456,FLS-ALL
age
262578
x-amz-server-side-encryption
AES256
edge-cache-tag
F-74013684803,P-1903456,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Ransomware%20evolution2-03%20(1).webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
6T0BKXBVPA75CACN
cf-bgj
imgq:85,h2pri
etag
"6823e3d68c506b38513b9bbc4e876014"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis
1652979219726
date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=152380
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
72734
x-amz-id-2
DCFn3Ay19NHdw1C9ns+Cb9obeNQ1fWRl67mu3s1OuEHakbTNIb8XNj3mg82zfIpXQQgtZ0zeu7I=
last-modified
Thu, 19 May 2022 16:53:40 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7tr1PgHR0GMUf2CIUmtArj94YxAF9o3hH%2BkIBniQ5xnlN1BPxP2P9v4qlzMCUTReAVMKZXadbu5xVIQRy9%2BiZeJuKeE%2BbQ1BofjoH3MB%2FYzCKl4JLisODzWHT83mYX2jCFF372YgjcK5HsrHKCPGNhIIA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
hI0.xSxcc3OZWjztL1Ivc4VQxTEHULfH
accept-ranges
bytes
cf-ray
71411078b8339bb2-FRA
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
bx_ZOMAZJUnq_J87uafEHMoy2HFnbZUXXWkYFp0Y8_NhtJNhMwg-zg==
lockbit%20header.jpg
blog.minerva-labs.com/hubfs/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hubfs/lockbit%20header.jpg
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5672b14992cec343354779d4954dc139ea902713238e5e80fa28947e29daa8e1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-68025612621,P-1903456,FLS-ALL
age
262578
x-amz-server-side-encryption
AES256
edge-cache-tag
F-68025612621,P-1903456,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="lockbit%20header.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
B26RWCENM7WH457S
cf-bgj
imgq:85,h2pri
etag
"e2ec3c99de969fa8b1214478112114d3"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis
1646752667734
date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=124318
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
37416
x-amz-id-2
BNpUij+HI/Z/7wz1G4sGyWxBNMdZB3ncCdPrt/AuegK2+9lePSlQqi2SlK94XFY4wZFXnscWHBY=
last-modified
Tue, 08 Mar 2022 15:17:48 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rwIYghz2slMllwWTxqlvLjK3L5GN%2BImm30k8lUZlorpZ8UGjBZk0SN9%2F8MG2YjE2iV1tFgYSUaTBk8WUT5KSq2RkkOXIlHYxzD1ZtG2EHLw1F7Xc9WYz729BdzqVdpGvNNhoQvT3%2B7MjEACeKQX8r1Y4Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
xry2FiSX5k9xDf4k_oDOZrimHLo9.h3_
accept-ranges
bytes
cf-ray
71411078b8379bb2-FRA
x-amz-cf-id
Z0eDOKHKg3PVnI_FQ3rIyWbbReUPdqcQuxx0aPXfIN7kQN01oYk7oA==
Ransomware%20Protection%20Accelerates%20Enterprise%20Security%20Maturity%20Feature.webp
blog.minerva-labs.com/hubfs/ 		34 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hubfs/Ransomware%20Protection%20Accelerates%20Enterprise%20Security%20Maturity%20Feature.webp
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d96220660f58aba59a014d68de89ac2d8c035a0dbd1195bb83b2447b8ee3892

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-62809372077,P-1903456,FLS-ALL
age
262578
x-amz-server-side-encryption
AES256
edge-cache-tag
F-62809372077,P-1903456,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
B26K29S04C0Q5S4J
etag
"f4c75af460edc406f1f8f578e1d8118b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis
1640782434184
date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
34748
x-amz-id-2
oXE3D/gORTwLRyW61L48/g95zblGY4ZKZef9sYf1W3BP1hzwWISYK3PJJGb/wrDXgifI/MbfE4I=
last-modified
Wed, 29 Dec 2021 12:53:55 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vR9MztbzU5x8uD%2FrJtQftfxvzlbQ3JbK8Z3UVRWfdXGH1BnaYvT0ny25hYHJAETzq73cbguis2NmaMaP6SBD4MIkDgZxKKvmiH27PHw81zKmKIw8BLUwMdjSUeY9V%2BJUe1mbnkIjkE6qq%2B3swJYBFk29lg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
Gc485YkGhe9eNAUGYy1tTBECu_RkctO3
accept-ranges
bytes
cf-ray
71411078b83a9bb2-FRA
x-amz-cf-id
tmqg8oxsteJ6GsxnKYsfM3o0QZGrGCwAnoQRmPGNvObyZPNa-JeOgA==
Minerva_August2017-main.js
blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5281005048/1569743983571/Coded_files/Custom/page/Minerva_August2017-theme/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5281005048/1569743983571/Coded_files/Custom/page/Minerva_August2017-theme/Minerva_August2017-main.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d45f76d9e4e9283793f7616d307807155fbb15f5a6f9973ede8d5e115066b605

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 0459f0f7053eeb224fd9fe0f5db5970a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2171
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
0Y07ZB0A462TGTG5
x-amz-id-2
RBdjp2xI7NbRh8qej98myHUe6ShgDvfr7ojto1vHdhPh/DLDhz6WafwYCHxp16VDQHptxHVIF+8=
last-modified
Sun, 29 Sep 2019 07:59:44 GMT
server
cloudflare
etag
W/"094184da1ceeafb6d1b27217c51b8eb0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Df%2Fy0uQBILbpoC%2BYd2AEAZJFPPwMdsOF9VuRSGMt9srW3WJC4IMRssolVqmbLU0g9izCBPLS7D2JR7GgPxjUYm5omkNUJO12Q1Y2dneccIEX8Y31ECJEdmUhe9Xkicc4jwFlZxSD29R9FqE1gsmZcY1YKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
EesKWbhqo9wsEDgeRnHnJ2YRpFNYlVYN
x-amz-cf-pop
IAD89-P2
cf-ray
714110787f9b9bb2-FRA
x-amz-cf-id
toc5-oby1CG0xyToIlJKt7qhdnA9TeaKMz2FXcAZjtRIjtb9zbBGnw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
1903456.js
blog.minerva-labs.com/hs/scriptloader/ 		964 B
1021 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/hs/scriptloader/1903456.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2e80e28607d8a574e44f77601ec1a449b1c4cd7c10c8a41a054a1258670be41

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
4c5ff499-5aa2-412a-8f63-b63a501a44ef
last-modified
Tue, 31 May 2022 15:57:17 GMT
server
cloudflare
x-trace
2B2AB84727C31302555039B97A939CB5AD56884160000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WvhrwRItusGB%2BUxtmCVhZJxcnKubFZ41p4hIdrkc1ET62E7hPEQPiSEBksU1mPt7BmtxKTsxhXO7UVpmblbgYcPRUKYYMfUO9vJUgJ419hfPPvEUBQyKBSznpoWtQvHieFMNKcOM%2Fk0Itlgs4kGCnDRFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://blog.minerva-labs.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
71411078b83d9bb2-FRA
expires
Tue, 31 May 2022 16:26:14 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 31 May 2022 16:25:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=78300
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
gtm.js
www.googletagmanager.com/ 		196 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WJ4TZK
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
df364e359bbb1cb6c6ad9c08eaf8960f8b27da4c636f5bc08a9b782c0c03f4dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
71247
x-xss-protection
0
last-modified
Tue, 31 May 2022 16:02:53 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 31 May 2022 16:25:14 GMT
jtzQQ0sIQBy7PU3724A6
ws.zoominfo.com/pixel/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/jtzQQ0sIQBy7PU3724A6
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
02992586f5ff5a190eb66f34759fa5cd86ba2ccb7c754534fc836c04ae71b302
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
71411078fe7b913a-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
via
1.1 google
css
fonts.googleapis.com/ 		6 KB
606 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Asap:400,400i,500,500i,700,700i&subset=latin-ext,vietnamese
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5546480399/1569743982562/Coded_files/Custom/page/Minerva_August2017-theme/Minerva_August2017-style_ClonedbyHSSupport.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9826f69e38a24546b53854b766c0e904ac9f62e8bb376dcadb40bfb28b170bda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5546480399/1569743982562/Coded_files/Custom/page/Minerva_August2017-theme/Minerva_August2017-style_ClonedbyHSSupport.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 31 May 2022 16:25:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 31 May 2022 16:25:14 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 31 May 2022 16:25:14 GMT
css
fonts.googleapis.com/ 		2 KB
551 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Ubuntu
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5546480399/1569743982562/Coded_files/Custom/page/Minerva_August2017-theme/Minerva_August2017-style_ClonedbyHSSupport.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cdb47a4dd6d4123cf2de3d2dbf2452c94e769d545ae676eb121b87e5474ac275
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5546480399/1569743982562/Coded_files/Custom/page/Minerva_August2017-theme/Minerva_August2017-style_ClonedbyHSSupport.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 31 May 2022 16:23:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 31 May 2022 16:25:14 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 31 May 2022 16:25:14 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=179060&time=1654014314378&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D179060%26time%3D1654014314378%26url%3Dhttps%253A%252F%252Fblog.minerva-labs.com%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=179060&time=1654014314378&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=179060&time=1654014314378&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&liSync=true&e_ipv6=AQI...
0
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=179060&time=1654014314378&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&liSync=true&e_ipv6=AQIWyuMyrKfXWwAAAYEa74mYoENTWGr7RgbAKL_154dehBYEQEn89mJPN570B4GCFzoL3qkg
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 64FBEF77B0C7431A82401B1EEE32B0E1 Ref B: FRAEDGE1512 Ref C: 2022-05-31T16:25:15Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXgUTe0YIzILr39XRaz+A==
x-li-fabric
prod-ltx1

Redirect headers

date
Tue, 31 May 2022 16:25:14 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: CF9BEF034E434CA9B199A139E908377C Ref B: FRAEDGE1412 Ref C: 2022-05-31T16:25:14Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=179060&time=1654014314378&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&liSync=true&e_ipv6=AQIWyuMyrKfXWwAAAYEa74mYoENTWGr7RgbAKL_154dehBYEQEn89mJPN570B4GCFzoL3qkg
x-li-proto
http/2
content-length
0
x-li-uuid
AAXgUTexVYezGGTvDvIzzg==
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js
Requested by
Host: cdn.popt.in
URL: https://cdn.popt.in/pixel.js?id=40658aeee0114
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
441045
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27964
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-15d95"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kEWvKZaPERfJ826%2BlAO2uD2KoK2edf0mfMNm%2BuBjQMgaqS0SiyTo7986AQ%2BTmUqXVz8LXlGlEqxv4ABZ83pF0%2BwGdr%2Fz9BGNu3tgXh8dfSFZ8%2FznyQZR1CEsFv1SxAYE2%2FPgw8H1zGJ7Nno7RjvYjN0X"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
714110798c895c7a-FRA
expires
Sun, 21 May 2023 16:25:14 GMT
5dde9441c643865f2689c6f1_1.jpg
assets.website-files.com/5dcc6049e62de13a0b4c43b6/ 		172 KB
173 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.website-files.com/5dcc6049e62de13a0b4c43b6/5dde9441c643865f2689c6f1_1.jpg
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:f000:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a8d8f3cddc625b9ef8a7d497f16233703262992f85525fad5e589b94b6ac133

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 17 May 2022 08:40:43 GMT
via
1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified
Wed, 27 Nov 2019 15:20:35 GMT
server
AmazonS3
age
1237472
etag
"380c2c7677388460471dc059bc17b493"
x-cache
Hit from cloudfront
x-amz-version-id
UjKmxUFJrqd1FnfakojVHe815qwkDSs0
cache-control
max-age=31536000, must-revalidate
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
image/jpeg
content-length
176031
x-amz-cf-id
YmSE1e-QsRfpnpEAXMvQ9aymw_UZv3rvdA7LpxM5GpaKjikBbrESNw==
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v24/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v24/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.minerva-labs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 24 May 2022 17:07:05 GMT
x-content-type-options
nosniff
age
602289
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30876
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 14:37:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 May 2023 17:07:05 GMT
KFOoCniXp96ayzse4A.woff2
fonts.gstatic.com/s/asap/v22/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/asap/v22/KFOoCniXp96ayzse4A.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Asap:400,400i,500,500i,700,700i&subset=latin-ext,vietnamese
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96e66f6b27f3c4ed5a608b6b12497549605b2a0dad869890dd2d316aa10505d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.minerva-labs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 24 May 2022 23:44:28 GMT
x-content-type-options
nosniff
age
578446
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25308
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:48:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 May 2023 23:44:28 GMT
KFOmCniXp96ayz4u4mxK.woff2
fonts.gstatic.com/s/asap/v22/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/asap/v22/KFOmCniXp96ayz4u4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Asap:400,400i,500,500i,700,700i&subset=latin-ext,vietnamese
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb45b7dbc7623304e02f12df189625e2edf717fe584719ec5543a847be6d0f88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.minerva-labs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 24 May 2022 22:51:43 GMT
x-content-type-options
nosniff
age
581611
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28576
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:14:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 May 2023 22:51:43 GMT
Fontawesome.ttf
cdn2.hubspot.net/hubfs/1903456/Minerva%20August2017/fonts/Fontawesome/ 		149 KB
90 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hubfs/1903456/Minerva%20August2017/fonts/Fontawesome/Fontawesome.ttf
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/hs-fs/hub/1903456/hub_generated/template_assets/5546480399/1569743982562/Coded_files/Custom/page/Minerva_August2017-theme/Minerva_August2017-style_ClonedbyHSSupport.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8630313bee77f64206067ed80eb6a7c721b0bbfc91c94210966969d4dcc43ba7

Request headers

Referer
https://blog.minerva-labs.com/
Origin
https://blog.minerva-labs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 58a361324cd2b1576fcc05c5471b9b12.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-5284308514,P-1903456,FLS-ALL
age
1201190
edge-cache-tag
F-5284308514,P-1903456,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 14
content-encoding
br
x-amz-request-id
0DMJ5E341FZY3RDZ
x-amz-id-2
lSkJt7zfkwoFk/vlpb3kEtReNfAT6yZhkWwY8IBEAK4ciojCuq6RJ9V5uiM6HhKh4nzUIYgYNhU=
last-modified
Sun, 08 Oct 2017 16:35:20 GMT
server
cloudflare
etag
W/"9f5388fac608dfe77f4343d38abf122f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WAEdPki4YRsD35Ax6GB2j%2BV1Ojn501V1pceXyFNfgsrA%2By9TZRM6GcUFw%2FfcgfKypyId6HaJSjTzMcPm%2BCOHwvJSA5krsTc9HtvBGtMCxRIuCb4b40a7c5urM3p31eZ%2FcUGymgJ1dbaVTdqSOQY%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
lmgscFHTLdESj4w8MfNCYUjXRAoLCWnf
x-amz-cf-pop
AMS54-C1
cf-ray
7141107a2fff5cb0-FRA
x-amz-cf-id
6Alut8VnnwNyIAZvdKjX-kKO8dyMTVP1mi-if6BeNA7Ot4Z-jawy-g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 14
set%20wallpaper.png
blog.minerva-labs.com/hs-fs/hubfs/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hs-fs/hubfs/set%20wallpaper.png?width=315&name=set%20wallpaper.png
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
29383c3bfcabaef6ab73715605e7663f26a618720cba85946421cfd1570cac25

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1651477917327
date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 bfba2464a75a65b0c6568afe15f68b4c.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
cf-ray
7141107a5c799bb2-FRA
edge-cache-tag
F-72428497409,P-1903456,FLS-ALL
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
1903
last-modified
Mon, 02 May 2022 07:51:58 GMT
server
cloudflare
etag
"364d95a06b6e7cda9e9ab424b77a1c15"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pa6BBsULWQCGGQ3QM4LYJyHkpsgDYpeZocD4pgqHJ2TiHVAXILM0UEYNsqG7oftpXKl4HLw6s8RgaHWyX3H5u6LeBphQc%2BSoJ43arFNHsIMlH6iqwYhz6w8k1zuGmoDtlvCA3HZkFcoRFTIkLVGZxqL0wQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
em8MQhU1O_YfVr6tfZQQP9qDyyUKOXYu-KjLH0WV7OBhABOE9M9Sdw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
wallpaper.png
blog.minerva-labs.com/hs-fs/hubfs/ 		52 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hs-fs/hubfs/wallpaper.png?width=1446&name=wallpaper.png
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bed7b73c89c71907e7f72dbde9d77241daa342ef33856104133476b0a092e75

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1651477917518
date
Tue, 31 May 2022 16:25:15 GMT
via
1.1 979084a90b32fe3f5fdc377fb6e67b76.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
cf-ray
7141107a5c7b9bb2-FRA
edge-cache-tag
F-72428497411,P-1903456,FLS-ALL
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
53519
last-modified
Mon, 02 May 2022 07:51:58 GMT
server
cloudflare
etag
"6eca5e6fa82a8a6f3661308f2aecaf37"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xK427duIXBqLQzlltIxGf0LOQcNKP5wzIMTwxMdEshfsYL4Sx4gtXuqDUxtuiTFWmTBCUWc%2BWRBOrHLOL4D9W9IfmrYoR3cR7r1KLIPV9JUlZz7x%2BX%2Fk%2BThMOY1gQ7NwGZBC3MoYMykfTjeZAB9b4rUyng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
cjl_w5K1BZ6TImB4kA8hiYuWwcb2EOuI-AKTpWZxCJVVroa6rBrPeQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
icon%20for%20basta%20extension%20files.png
blog.minerva-labs.com/hs-fs/hubfs/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hs-fs/hubfs/icon%20for%20basta%20extension%20files.png?width=844&name=icon%20for%20basta%20extension%20files.png
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa1346d6d87043ff828b3a2ce3fdd101bc9a1a0bc5ef8efb939d20ed8ef2cff4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1651477917385
date
Tue, 31 May 2022 16:25:15 GMT
via
1.1 470d4277236d0557f3e42c6bfe9dac78.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
cf-ray
7141107a5c989bb2-FRA
edge-cache-tag
F-72428370827,P-1903456,FLS-ALL
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
5540
last-modified
Mon, 02 May 2022 07:51:58 GMT
server
cloudflare
etag
"f98789a4d364b97aa3e5c5b1691317ab"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EJqgU1WNyeBykqVFD9clBYKmlfzw3Gq%2BUwaR5MOrtxcWmjv6BBU%2BdjdRo8MAmAKGbNOE%2FF4aLcuzozx9Yzp6WwLqT%2BsIqPJi6K5KSAkR3akZNXb6UdpAsi1dLCSuiUGAzpTiQ7NCBXPY1gbtG2Lq%2BNBdjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
yvdNhhfdBA-7ri7Gfwk5zjmROMs_Qu0dTfHp0BDhzVmCl-U1nk7UJw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
new%20service.png
blog.minerva-labs.com/hs-fs/hubfs/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hs-fs/hubfs/new%20service.png?width=524&name=new%20service.png
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
df49227cb2309877ec1e6809f6798375520828fbf628579bdfb42d18d8f451a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1651477917450
date
Tue, 31 May 2022 16:25:15 GMT
via
1.1 349b149961d8d2361c29d4be4b5847f2.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
cf-ray
7141107a6c9f9bb2-FRA
edge-cache-tag
F-72428519607,P-1903456,FLS-ALL
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
14476
last-modified
Mon, 02 May 2022 07:51:58 GMT
server
cloudflare
etag
"0a3c180e5af8f1189f42dc43b5d0a61e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WVXNT6eq%2BDIyqmAtNXAnORvhGR9qLQr50sZ5MS4ho8i8JMTvzwYGlB4wgUp2R0Qw9S2BlGwypJ7mEqQEYOzT%2FD6PiO3jkNIWkMhbj3fj4Sb%2BAyMyaNsAfkxdCcaFN8IghYY3jIskP5yBASR%2FJC2TOWZRsw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
4DO_-POdv9kX09ZlQCtKQ5bEEpSx1OJHpJkEuyKEMaYfK0EvP9p21g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
set%20fax%20service%20at%20safeboot.png
blog.minerva-labs.com/hs-fs/hubfs/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hs-fs/hubfs/set%20fax%20service%20at%20safeboot.png?width=961&name=set%20fax%20service%20at%20safeboot.png
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
21bd1259243696693903903a16dc847ca2957d74bc40ae76133efc95061caf76

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1651477917407
date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 615f410a3a080a335933e9fa08c15260.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
cf-ray
7141107a6ca29bb2-FRA
edge-cache-tag
F-72428497410,P-1903456,FLS-ALL
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
11160
last-modified
Mon, 02 May 2022 07:51:58 GMT
server
cloudflare
etag
"76336004927503652d8463fc3d0cd94a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NF2Gs41xlTrm%2By7Hp63UK6IWQ1sVeBrArASYkwRq6WrlnqSuUpgA%2BmRP6vAlgvTD1PSlPtpCV5BE4DP0uGiOOSbYjT6sBJshyK8DxhJh%2BULViM7iR7posPYMpa9xrDX4A8eCD3uyq3wArROYDPepJArhnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
bWK1NFmmpAQdkxalGlfyWNBUc-VJgBpuuKezuvQREH6FN5r4e-Iocg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
run%20command%20line.png
blog.minerva-labs.com/hs-fs/hubfs/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hs-fs/hubfs/run%20command%20line.png?width=585&name=run%20command%20line.png
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b4f5de8e77b879633a4beda09db8f3a1b9b0581ce8c12bf87d218520374d7b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1651477917444
date
Tue, 31 May 2022 16:25:15 GMT
via
1.1 7afe17509cf46af31fd4ba3c3d932fa6.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
cf-ray
7141107a6ca99bb2-FRA
edge-cache-tag
F-72428527921,P-1903456,FLS-ALL
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
2872
last-modified
Mon, 02 May 2022 07:51:58 GMT
server
cloudflare
etag
"22d073fca63fc4a5ac97ea3d002199b4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EjnKhwUwwZOftZjPbJ6VmNxwMg42xkYWMGb2Jor0OXa9fcQHzahZqkAc9sX8tAQpvz4Rj5t8QXZPvzGy7A5SysmJH%2BEFPLtLuV2j6%2Bxdii0J9Xwr4XJmBXSMryd1DEhIVSdXvUt7A1M7J%2BO8KYuz7Cl31A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
XztviPuGU4g2y07V-chxERkOORaO0juXfZCtldHi9AQoVI7E9X_6hw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
ransom_note.png
blog.minerva-labs.com/hs-fs/hubfs/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hs-fs/hubfs/ransom_note.png?width=696&name=ransom_note.png
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
66e7d9881ce7b7820777cec4222fa572e078f6de49eab270a7ec9fae2aea8218

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1651477917493
date
Tue, 31 May 2022 16:25:15 GMT
via
1.1 9557da2570df16242f84a67f254d7f30.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
cf-ray
7141107a6cab9bb2-FRA
edge-cache-tag
F-72428519608,P-1903456,FLS-ALL
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
23275
last-modified
Mon, 02 May 2022 07:51:58 GMT
server
cloudflare
etag
"f2b56cff4b2685a52e6f3109ace29257"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZSsKdctqwZqwcX76k5wxnZiRpmshEKCpXLqVMRlAigYWTa7L37CF%2BsLPwJS%2FTlQBC%2FS64vMk7pPJdZLU1Pka4xJBXtSuwczh8YvT9m1phKONvoPP1iudJASPkmswhrA3do8cSqxCdnD7WmWr6VWltzNlDg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
z6zRlHZFlxBpeYc8QocKQov67Ky19YjMsnW1XohgJ0DML5dpQO6lXA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
cpu%20usage.png
blog.minerva-labs.com/hs-fs/hubfs/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.minerva-labs.com/hs-fs/hubfs/cpu%20usage.png?width=517&name=cpu%20usage.png
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9413bfe06c2a1c196a8ee24dbbc7fcad0e62c92c027bfae445514a3089e2d52e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1651477917327
date
Tue, 31 May 2022 16:25:15 GMT
via
1.1 cea67f5ca1b497624430e599aa6b7c62.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
cf-ray
7141107a6cb49bb2-FRA
edge-cache-tag
F-72428527010,P-1903456,FLS-ALL
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
4236
last-modified
Mon, 02 May 2022 07:51:58 GMT
server
cloudflare
etag
"05f56d91a441743bdabb0eb83eb734d6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OpG%2FSQCpIG1fkCjhOyouZHB3W1hXYczx9LuUBPRUY5P1PEfSkDssnA7UuYZ7WOitbTJijwJtNupWsTVspf6RG0MVAnrYeu1jPPV82J1DI4oPzU1opPxK%2FEf%2FubpprM2Ul9WZn5tsiklZ8EduqyUohM6LQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
HWof7hXwjfi_FZIw5Xly5C8L9gJOk8a7GcvZPXNm9GN_Bhv1uykSGA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
json
blog.minerva-labs.com/_hcms/forms//embed/v3/form/1903456/f9af80dc-2f7c-42b0-bff2-c78565d18e42/ 		10 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/_hcms/forms//embed/v3/form/1903456/f9af80dc-2f7c-42b0-bff2-c78565d18e42/json?hutk=
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7aeb8d89da6c2171a50f79dd2c22557c3112d9a2145211fabdd0e799a16116a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/javascript
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-origin-hublet
na1
date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
290e1d26-a2eb-4250-b1a1-d0564abec043
cf-ray
7141107a8d179bb2-FRA
access-control-allow-methods
OPTIONS, GET
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
cloudflare
x-trace
2BFBBE8CCBC0158B8F6B61B7120BF38DDCBBAB7BAF000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DOK245H1PpTQxjHtL%2F0AcyjysF6mLpnc5113b6CwdUkJ7epB%2BZfjSs4d%2B5VvgtR5gQTOZj0lQnZnrctTezl7wvsCLP5qsAxslnycO1K62vqdNRk0J3rVZYu1%2FXtqIRNfkW1qX5v8hK%2BESI%2BD0hi9akjr1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
access-control-allow-headers
*
json
blog.minerva-labs.com/_hcms/forms//embed/v3/form/1903456/32e6cc55-79e9-48c8-ab17-6c8df464e74e/ 		20 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/_hcms/forms//embed/v3/form/1903456/32e6cc55-79e9-48c8-ab17-6c8df464e74e/json?hutk=
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b7270476c4cf4c942a34cb94839f88e1a175fdfab66de16e5f988edd35ef4bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/javascript
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-origin-hublet
na1
date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
737604a0-7fab-48c2-b52b-066fffe93c95
cf-ray
7141107a8d1e9bb2-FRA
access-control-allow-methods
OPTIONS, GET
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
cloudflare
x-trace
2BD25F210FD85ADF8082C50061EBD3367A507E9131000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GDjXGxGRuibiPxpw1CPPDmcFRUyQX6dRz0hZzfWOxBj3bh%2Bcc%2FQwW7vrtKqycOq4FCAQXi63majL7wWgoteDD4gE0erZphIU2ZwIGOXGobe%2BBZj0yIshWzkJD8O5KxS0ROEm0X0eBpD7rKD40VNVFgCxMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
access-control-allow-headers
*
all.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
fdff7ac3be986a85b233f664b05a3b0bd5a6b1a78727fa4f23bb5453ea4db04b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
uRQfKZ+jm13jvD1D4E3MWA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Tue, 31 May 2022 16:34:00 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1687
x-fb-rlafr
0
x-fb-debug
FucctJjcM5zJ4We7HfuOtClSsWuo+6zWcQjRpVJHSIb+qQW8jc4worpspaekTMqS6t1M8oufDa235pm+c0nvww==
x-fb-trip-id
686109401
x-fb-content-md5
e99954cd0ba2ce817b83f69a14b50bb0
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Tue, 31 May 2022 16:25:14 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"63c8242782b7647a3bcad2bb0b521105"
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
widgets.js
platform.twitter.com/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6723) /
Resource Hash
2b37b00f9400fedda05e3feb73c40b2a19af5fbd2d2d327c39e9476cff3dd9c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 31 May 2022 16:25:14 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Age
926
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=",edge;dur=2
Content-Length
29461
x-tw-cdn
VZ
Last-Modified
Sun, 15 May 2022 20:06:46 GMT
Server
ECS (frb/6723)
Etag
"f1369725ba22125b0df0251e74090aa0+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
has-permission
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
761 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1903456&callback=jsonpHandler
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-hs-worker-debug-mode
false
server
cloudflare
x-hubspot-correlation-id
e338d86c-ccd3-42e2-a76c-80bcef2444d9
x-trace
2B9633639A4E67A572CB719D792D89F11B9357A8F9000000000000000000
date
Tue, 31 May 2022 16:25:14 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
cf-cache-status
DYNAMIC
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports?cfRay=7141107b0b589956&resource=unknown"}]}
cache-control
max-age=0
access-control-allow-credentials
true
cf-ray
7141107b0b589956-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
public
api-na1.hubapi.com/comments/v3/comments/thread/ 		75 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=1903456&offset=0&limit=1000&contentId=72428371346&collectionId=5277286107&callback=jsonp_1654014314658_17330
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8da12642511272d02eda4a0107225bf5432c4cd701b2231811a2a2fd57bf1fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
ef012ba4-d15e-4e46-a9a9-226464f67230
x-trace
2BA7124396E203D9E8412EFA159A8D273758AF6195000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2BZg60DCo1DLH0cwLXsxVDxS4m0SDoSBHtfn3ulUeqW4yIGnr%2FXV6mamsQnr%2BI901yWK1rNTjcvx0lyDfp1lWGoUad0XJz0m9mDacaQkASAc72hNmn65dNcb3ZJ6qQUBRFBdUdYyTMl8mMrZrnI%2Bdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
7141107b19c4906d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
1903456.js
js.hs-analytics.net/analytics/1654014300000/ 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1654014300000/1903456.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/hs/scriptloader/1903456.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a1f4c4256945b084e80bf3eb8bf788f3bbc6a30912240b639bf49496da85c19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
6FS3RWFQ3MDHDQ3E
x-amz-server-side-encryption
AES256
cf-ray
7141107b09949c06-FRA
x-amz-id-2
KOv8QZhOL7NM0zvoRNy2inV3ppMZd2559JmGTuf9A/aAx0PRCAQuzLJjmqc/ojpM6hGLWX9Mhfs=
last-modified
Thu, 14 Apr 2022 15:11:39 GMT
server
cloudflare
etag
W/"8f91f7141eaf604738ee01f4524155af"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Tue, 31 May 2022 16:30:14 GMT
1903456.js
js.hs-banner.com/ 		60 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/1903456.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/hs/scriptloader/1903456.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8558b4c82025aba9ec56c0e1d600d8be2b0e15bd687718de7af8e56b887aa15b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
6FS3QF1RJQSYCJHC
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-id-2
ci6KyzLGF9owffpDqaZTFefV3r48LYRTgJKccOyLqNoY3bFzDrLMerqT73jSbhhAFYqlf4rzAOM=
timing-allow-origin
*
last-modified
Fri, 27 May 2022 15:31:13 GMT
server
cloudflare
etag
W/"cd64f149a8c899a47fdcfcf371fd19f3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
widxLdxsGwotTVqDci1FPgNJtg6N3qKy
access-control-allow-origin
https://blog.minerva-labs.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
7141107b0bd3901f-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Tue, 31 May 2022 16:30:14 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJ4TZK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
439bb68e4b99a7037363e3c9671380459a2e0aa1c8276fb1c68823da04608a3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14847
x-xss-protection
0
server
cafe
etag
14193202862953550909
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 31 May 2022 16:25:14 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJ4TZK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
3029
date
Tue, 31 May 2022 15:34:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 31 May 2022 17:34:46 GMT
fbevents.js
connect.facebook.net/en_US/ 		99 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4a9a6afeba8624295a87efaf0d3c76fa7a55271f310adffcfa683bccacc0fc5d
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26310
x-xss-protection
0
pragma
public
x-fb-debug
ibIgPsU9F50q7GBM+HUWzpTR6Eqe9FysN1Ao0YfTxjxyBMzrLEeSch6bYNXR2wUMeH57GKzutq2pGuiPR40Rqg==
x-fb-trip-id
686109401
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Tue, 31 May 2022 16:25:14 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
amplitude-8.5.0-min.gz.js
cdn.amplitude.com/libs/ 		68 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-136.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Origin
https://blog.minerva-labs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 20 May 2022 09:36:27 GMT
content-encoding
gzip
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age
974928
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22154
access-control-allow-origin
*
last-modified
Fri, 13 Aug 2021 22:37:42 GMT
server
AmazonS3
etag
"660c3b546f2a131de50b69b91f26c636"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
via
1.1 ad46d498157a92ab1076f74db460670c.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
8AIz39ruOk6x7M2qOygsfiYjEyDGVHqGr-Te3fHSc8f2yrqaCOEPQw==
40658aeee0114
display.popt.in/APIRequest/ 		0
0
inspectlet.js
cdn.inspectlet.com/ 		188 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.inspectlet.com/inspectlet.js?wid=215293609&r=459448
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:38f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

cf-ray
7141107b9ea19bb9-FRA
date
Tue, 31 May 2022 16:25:14 GMT
via
1.1 vegur
cf-cache-status
HIT
last-modified
Tue, 31 May 2022 16:24:19 GMT
server
cloudflare
age
55
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
s-maxage=60, max-age=14400
content-encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
all.js
connect.facebook.net/en_US/ 		296 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js?hash=c2209382c4ed6d2174a21bc75b4209ce
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
64d8a0fdaa4295db33cc2ed07deee58a34084cb3e65164e87b22d60eae1fb99f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Origin
https://blog.minerva-labs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
2bGuKq1JEKyYGG8gpvdX9A==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
85665
x-fb-rlafr
0
x-fb-debug
Q0m1u/xG/gVEe7iWdQyk5YdjTFm/6FV82VS4LatY9WqDnhWdRVfEDw+1shg2Ce/kjtKEOCL5zrZh3eMUlXHc5Q==
x-fb-content-md5
03b76c154821b1e4c82dc8ecc23dbcef
x-frame-options
DENY
date
Tue, 31 May 2022 16:25:14 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"0d1292d1113695da9c1eaa39d017c880"
timing-allow-origin
*
priority
u=3,i
expires
Wed, 31 May 2023 10:04:58 GMT
638458200092220
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/638458200092220?v=2.9.61&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b129b8f0ad48406adda1fb182e83af8c7ab1465e92306ebdd86a4e0b120aa3d1
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
+q/W5/vPScWOIns94iBe+K9BNOP9CRDo78J3KrLmtf/UC380yssQDvzz8MpX9WchbD0bRbDff/aVdx7gsN86/A==
x-fb-trip-id
686109401
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Tue, 31 May 2022 16:25:14 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts
1654014314831
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
api.amplitude.com/ 		7 B
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.amplitude.com/
Requested by
Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.68.10 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-68-10.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 31 May 2022 16:25:15 GMT
content-length
7
strict-transport-security
max-age=15768000
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/645485640/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/645485640/?random=1654014314909&cv=9&fst=1654014314909&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5p1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&tiba=New%20Black%20Basta%20Ransomware%20Hijacks%20Windows%20Fax%20Service&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f06c434232dfa8c63251eb1555f6cfa455c114110e6482fcf58e356c6f5a91b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 16:25:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1068
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=638458200092220&ev=PageView&dl=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&rl=&if=false&ts=1654014314930&sw=1600&sh=1200&v=2.9.61&r=stable&ec=0&o=30&fbp=fb.1.1654014314928.41823616&it=1654014314768&coo=false&rqm=GET
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:14 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Tue, 31 May 2022 16:25:14 GMT
widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html
platform.twitter.com/widgets/ Frame 441C 		319 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fblog.minerva-labs.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6711) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
418077
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105433
Content-Type
text/html; charset=utf-8
Date
Tue, 31 May 2022 16:25:14 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Sun, 15 May 2022 20:03:39 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/6711)
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=",edge;dur=1
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
settings
syndication.twitter.com/ Frame 441C 		278 B
461 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=622dc7a0250050a34e48108a88471a92239dd38d
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fblog.minerva-labs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.136 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
d342be7b065b36dd1e6856bcf5a432b5d2c277d27555391ddefbf1df3edb0fc4
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time
117
date
Tue, 31 May 2022 16:25:15 GMT
content-encoding
gzip
last-modified
Tue, 31 May 2022 16:25:15 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
8bdf315023b4c1f5a6ceb85381df0afb2d666d28747e61cf45c19a78e353687b
content-length
179
215293609
hn.inspectlet.com/ginit/ 		194 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hn.inspectlet.com/ginit/215293609
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=215293609&r=459448
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:38f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
9077d52ea5ab15b7d215563619df8bb71c78ad1126ee9280e4a26363bf04b37d

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
via
1.1 vegur
cf-cache-status
DYNAMIC
x-powered-by
Express
content-encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
etag
W/"c2-gAnUr3E9Wxhei4rTZrIBDg"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://blog.minerva-labs.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7141107d1b3a9bb9-FRA
access-control-allow-headers
X-Requested-With, Content-Type
/
www.google.com/pagead/1p-user-list/645485640/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/645485640/?random=1654014314909&cv=9&fst=1654012800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5p1&sendb=1&frm=0&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&tiba=New%20Black%20Basta%20Ransomware%20Hijacks%20Windows%20Fax%20Service&async=1&fmt=3&is_vtc=1&random=1904970392&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 16:25:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/645485640/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/645485640/?random=1654014314909&cv=9&fst=1654012800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5p1&sendb=1&frm=0&url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&tiba=New%20Black%20Basta%20Ransomware%20Hijacks%20Windows%20Fax%20Service&async=1&fmt=3&is_vtc=1&random=1904970392&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: blog.minerva-labs.com
URL: https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 16:25:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
211 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1415142520&t=pageview&_s=1&dl=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&ul=en-us&de=UTF-8&dt=New%20Black%20Basta%20Ransomware%20Hijacks%20Windows%20Fax%20Service&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1168334710&gjid=935993676&cid=1109432647.1654014315&tid=UA-78700336-1&_gid=709441135.1654014315&_r=1&gtm=2wg5p1WJ4TZK&z=921651011
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=215293609&r=459448
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 16:25:15 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.minerva-labs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
like.php
www.facebook.com/plugins/ Frame 701A 		49 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df259136e390824c%26domain%3Dblog.minerva-labs.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.minerva-labs.com%252Ff31b734b0cfe91c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=c2209382c4ed6d2174a21bc75b4209ce
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4d2b09d57b760dce8750f77fcb664c2465831932948b624d3bf625acb7d50217
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
date
Tue, 31 May 2022 16:25:15 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=3,i
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
oY0gVFOHpnKJLp8Aw3AoHuZs7a69iNQOwH44xOiQwb5s8CNAhM1Ul1Vq5TGx3iDXDmRvTe1awSd8reb3T8vAGw==
x-fb-rlafr
0
x-xss-protection
0
__ptq.gif
track.hubspot.com/ 		45 B
526 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=17&fi=32e6cc55-79e9-48c8-ab17-6c8df464e74e&fci=bd55c54c-2d8f-46f3-b225-f1893829d5cf&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2252185681&v=1.1&a=1903456&pi=72428371346&ct=blog-post&ccu=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&cpi=72428371346&cgi=5277286107&lpi=72428371346&lvi=72428371346&lvc=en-us&pu=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&t=New+Black+Basta+Ransomware+Hijacks+Windows+Fax+Service&cts=1654014315218&vi=6353789d3d1d39582c1b1585794640e6&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
bc1b7d50-2a36-40ed-a65c-0378e5bb2760
cf-ray
7141107e3b7d9956-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QUIT5rIL8m5tGjQZCnbHubf0r8UdB7%2BMXHPFMJoByOvPqmCdMdxPhyLqGo%2BUE4BDQEcj9%2Bwa3tL1Ai7j1okqBHExSgUh6qUa4GmQtdGRjQfeO7Nw5hVNJLmZjU0oiPDAIg%2BUL8s2tB4pUaoxL8iQ"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=32e6cc55-79e9-48c8-ab17-6c8df464e74e&fci=bd55c54c-2d8f-46f3-b225-f1893829d5cf&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2252185681&v=1.1&a=1903456&pi=72428371346&ct=blog-post&ccu=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&cpi=72428371346&cgi=5277286107&lpi=72428371346&lvi=72428371346&lvc=en-us&pu=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&t=New+Black+Basta+Ransomware+Hijacks+Windows+Fax+Service&cts=1654014315221&vi=6353789d3d1d39582c1b1585794640e6&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
5d16ad7c-0893-4d05-b785-b250c681b939
cf-ray
7141107e3b819956-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=60NW7OJTFRVLrUYlaabIMuqBT4C2AyNG4a0P8LEsVdTuX5T4YqOS1XEbmOFhLtHWQV1HQpZy7j5LvJJcHoi5QaogtZZlUf2F6dd35ttyc4bfWoGWt4XiTlh%2FA8Q1R6%2FIG39435hj3gbaaAQenERq"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=f9af80dc-2f7c-42b0-bff2-c78565d18e42&fci=2673dadc-8b5e-46d5-8d01-b5b9a3cf6cff&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2252185681&v=1.1&a=1903456&pi=72428371346&ct=blog-post&ccu=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&cpi=72428371346&cgi=5277286107&lpi=72428371346&lvi=72428371346&lvc=en-us&pu=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&t=New+Black+Basta+Ransomware+Hijacks+Windows+Fax+Service&cts=1654014315224&vi=6353789d3d1d39582c1b1585794640e6&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
8217bfb9-cc40-4316-9c20-f1d7196516e1
cf-ray
7141107e3b7a9956-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2OlTcuRQI142h4GiR9Fg7L2XWJJrRH%2FAwGoGts8IBtWtlnXL8NJqXrQBAGiOamOqfH18Y%2FMWGEFZplZS4YxV7pYg9rej%2FeKYiHZMqjwrrs9LMwa0OMPhodQoJEaSyUcmCfoo5YBufzq9gxxVMe3K"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2252185681&v=1.1&a=1903456&pi=72428371346&ct=blog-post&ccu=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&cpi=72428371346&cgi=5277286107&lpi=72428371346&lvi=72428371346&lvc=en-us&pu=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&t=New+Black+Basta+Ransomware+Hijacks+Windows+Fax+Service&cts=1654014315225&vi=6353789d3d1d39582c1b1585794640e6&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
c3af1c63-709f-40a3-a20d-fa4e014e3057
cf-ray
7141107e3b859956-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2wtDp5iDgacMwJlSlxJP8FZz9pv07jrlAm8Ur4xssUTt4ozzk1NvxVhBxKMrWpkbVX0tO73FfOvYD5qSOmE5%2Bhgs4ulsWk55dGiS%2BgPBKdC4%2Fbw%2F1YiBQjkLp2o%2BulQ%2F7XmuOz3EdZ91qMx1lTzW"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1415142520&t=pageview&_s=1&dl=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&ul=en-us&de=UTF-8&dt=New%20Black%20Basta%20Ransomware%20Hijacks%20Windows%20Fax%20Service&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=476386995&gjid=694201720&cid=1109432647.1654014315&tid=UA-78700336-1&_gid=709441135.1654014315&_r=1&_slc=1&z=346610547
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=215293609&r=459448
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 31 May 2022 16:25:15 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.minerva-labs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
OqOE21UvWe3.png
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ Frame 701A 		400 B
646 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/OqOE21UvWe3.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df259136e390824c%26domain%3Dblog.minerva-labs.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.minerva-labs.com%252Ff31b734b0cfe91c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
x-content-type-options
nosniff
content-md5
uF0RL4E+h23ClLQmPOTTMw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
400
x-fb-rlafr
0
x-fb-debug
LL2jyXK2riEkbOimPqIcOr79szEqb3If43lwf+XoP+cJQyWgc7BBNQyiz8fdZyip6W6puW/EmqY/Up9+nIIf/A==
x-fb-trip-id
686109401
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sat, 27 May 2023 23:15:44 GMT
iFsyO-nrpwQ.js
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yC/l/en_US/ Frame 701A 		525 KB
137 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yC/l/en_US/iFsyO-nrpwQ.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df259136e390824c%26domain%3Dblog.minerva-labs.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.minerva-labs.com%252Ff31b734b0cfe91c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
dbd26ca5e44e86a535f76803d5b0571e6db7e8226a590d8397f9e9aad4b0bc11
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
4ZrfDvgVU+YTCgfuhmtIKw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
139816
x-fb-rlafr
0
x-fb-debug
4LndSCW7kJObymcXLtbs90y76/scsiTV1PCgDaKsvlwXQuEBqCFmxNeW5jwaWIjZkj9QQWR+eLSSct9R5bVeFg==
x-fb-trip-id
686109401
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sun, 28 May 2023 02:24:16 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=638458200092220&ev=Microdata&dl=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&rl=&if=false&ts=1654014315432&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22New%20Black%20Basta%20Ransomware%20Hijacks%20Windows%20Fax%20Service%22%2C%22meta%3Adescription%22%3A%22We%20take%20a%20deep%20dive%20into%20how%20the%20Black%20Basta%20ransomware%20works%2C%20from%20infection%20to%20decryption.%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22We%20take%20a%20deep%20dive%20into%20how%20the%20Black%20Basta%20ransomware%20works%2C%20from%20infection%20to%20decryption.%22%2C%22og%3Atitle%22%3A%22New%20Black%20Basta%20Ransomware%20Hijacks%20Windows%20Fax%20Service%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fblog.minerva-labs.com%2Fhubfs%2FBlack%2520basta2.jpg%23keepProtocol%22%2C%22og%3Aimage%3Awidth%22%3A%221200%22%2C%22og%3Aimage%3Aheight%22%3A%22675%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.61&r=stable&ec=1&o=30&fbp=fb.1.1654014314928.41823616&it=1654014314768&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Tue, 31 May 2022 16:25:15 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-78700336-1&cid=1109432647.1654014315&jid=1168334710&gjid=935993676&_gid=709441135.1654014315&_u=YEBAAEAAAAAAAC~&z=3504101
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=215293609&r=459448
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 31 May 2022 16:25:15 GMT
content-type
text/plain
access-control-allow-origin
https://blog.minerva-labs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-78700336-1&cid=1109432647.1654014315&jid=476386995&gjid=694201720&_gid=709441135.1654014315&_u=aEDAAEABAAAAAC~&z=1312083190
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=215293609&r=459448
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 31 May 2022 16:25:15 GMT
content-type
text/plain
access-control-allow-origin
https://blog.minerva-labs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-78700336-1&cid=1109432647.1654014315&jid=476386995&_u=aEDAAEABAAAAAC~&z=1165830724
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 16:25:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-78700336-1&cid=1109432647.1654014315&jid=476386995&_u=aEDAAEABAAAAAC~&z=1165830724
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 16:25:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-78700336-1&cid=1109432647.1654014315&jid=1168334710&_u=YEBAAEAAAAAAAC~&z=679971903
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 16:25:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-78700336-1&cid=1109432647.1654014315&jid=1168334710&_u=YEBAAEAAAAAAAC~&z=679971903
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 31 May 2022 16:25:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
button.e878ad6ba18f0bdda53d6861059b0edd.js
platform.twitter.com/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.e878ad6ba18f0bdda53d6861059b0edd.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6723) /
Resource Hash
bd08180ec011a2cc6a193103b8279709370cedabcafe9ea5a7dd4a6ff23541d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 31 May 2022 16:25:15 GMT
Content-Encoding
gzip
Age
418078
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=",edge;dur=1
Content-Length
2358
x-tw-cdn
VZ
Last-Modified
Sun, 15 May 2022 20:03:31 GMT
Server
ECS (frb/6723)
Etag
"3a38d3766372da05b01a88837c3af509+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
tweet_button.bbd13993eb53d3a11ac08f5e8cf9d6a4.en.html
platform.twitter.com/widgets/ Frame CA0D 		32 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.bbd13993eb53d3a11ac08f5e8cf9d6a4.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6723) /
Resource Hash
3b88d851130733719e7f882b99cffb4ebf7f24f08c1f270bd697e67ff5ba667d

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
418077
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
12240
Content-Type
text/html; charset=utf-8
Date
Tue, 31 May 2022 16:25:15 GMT
Etag
"9678cd9d5473f15fc123f41555152a6e+gzip"
Last-Modified
Sun, 15 May 2022 20:03:36 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/6723)
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=",edge;dur=1
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
jot
syndication.twitter.com/i/ 		43 B
334 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22MinervaLabs%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1654014315907%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22c8fe9736dd6fb%3A1649830956492%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=622dc7a0250050a34e48108a88471a92239dd38d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.136 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 31 May 2022 16:25:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
113
pragma
no-cache
last-modified
Tue, 31 May 2022 16:25:15 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
8bdf315023b4c1f5a6ceb85381df0afb2d666d28747e61cf45c19a78e353687b
x-transaction
51fdc613be06d560
expires
Tue, 31 Mar 1981 05:00:00 GMT
truncated
/ Frame CA0D 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
perf
blog.minerva-labs.com/_hcms/ 		2 B
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.minerva-labs.com/_hcms/perf
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=215293609&r=459448
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-type
application/json

Response headers

cf-ray
71411090cfc09bb2-FRA
date
Tue, 31 May 2022 16:25:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
31dedcb1-103f-4adb-9b96-0594467d2d22
x-trace
2BE81540FB3A8AF46AFFC08690A370893502E1438D000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mQEb72C9lPzbBGiezDxXuWJFKp1H5tpQ%2B%2F%2F3nMdfB1oN%2BvImbzrZu2fGw7Lc%2BSFh3S9QEQ%2BMH0I3LUdNgQxPHHansM0EJwyXCItbDvvCgYM5IR6R%2BBybTgcJFSr5wHU61ddEuBxugqSxPs9rnMzKDpp0rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
access-control-allow-credentials
false
x-robots-tag
none
content-length
2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
display.popt.in
URL
https://display.popt.in/APIRequest/40658aeee0114?domain=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&referrer=&previous_url=&cookies=poptin_old_user%3Dtrue%20poptin_user_id%3D0.vaby7g79nl%20poptin_new_user%3Dtrue%20poptin_viewed_session%3Dfalse%20&triggers=&cc=false&if_mobile=false&page_title=New%20Black%20Basta%20Ransomware%20Hijacks%20Windows%20Fax%20Service&origin_landing_page=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&if_page_refreshed=false&poptin_viewed_url=https%3A%2F%2Fblog.minerva-labs.com%2Fnew-black-basta-ransomware-hijacks-windows-fax-service&previous_visited_pages=&shopify_customer_id=0&cart_total_items=0&cart_total_price=0&cart_products_ids_list=

Verdicts & Comments Add Verdict or Comment

135 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery function| hsjQuery object| _hsp string| _linkedin_data_partner_id object| dataLayer object| __core-js_shared__ object| Sslac object| IN function| lintrk boolean| _already_called_lintrk object| appConfigChunkLoadingGlobal boolean| pixelAdded boolean| poptin_loadcontrol_fix boolean| poptin_disable_fa boolean| poptin_single_page_app boolean| landing_page_teaser_on object| upgrade_popup_setting object| previous_url_spa number| updateClockInterval function| jQ224 object| poptinSubmitted function| poptinVisible function| onpoptinClose function| onpoptinSubmit function| pageLoadCheck boolean| poptinAfterPageLoad function| closePoptinOnXclick function| closeTabPoptinOnXclick function| poptin_display function| poptin_display_form function| PoptinQueue function| poptinClientLimitLogStatus function| closeUpgradePopup function| poptinUpgradeDontRemindMe function| poptinUpgradeRemindMe function| poptinUpgradePopupClick object| cookies string| relevent_cookie string| poptin_viewed_session number| poptin_once string| ap_triggers object| hsVars function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage function| bindToWindowOnError object| globalRoot function| hns object| hubspot object| hbspt object| __hsRoot object| hspreserve undefined| React undefined| reqwestPatched function| OutpostErrorReporter undefined| Pikaday function| hns2 function| hmerge undefined| I18n undefined| ReactDOM undefined| require undefined| requirejs undefined| define undefined| exports undefined| module undefined| bootstrap object| options object| HSFR object| _hsq object| hsCommentListing function| hsPopulateCommentsFeed function| hsPopulateCommentFormOnFormReady function| hsPopulateCommentFormOnFormSubmitted function| hsPopulateCommentFormGetExtraMetaDataBeforeSubmit function| hsOnReadyPopulateCommentsFeed function| equalheight object| google_tag_manager function| jsonpHandler function| jsonp_1654014314658_17330 object| ziws object| google_tag_data string| GoogleAnalyticsObject function| ga function| fbq function| _fbq object| details object| amplitude object| __insp string| lp number| __inspld number| __insp_abt object| FB object| __AMPLITUDE__ function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| Base64i function| $i function| __insp_ object| __inspcr object| __inspm object| __inspq function| setZeroTimeout object| __inspels object| _paq function| sanitizeKey boolean| _hstc_loaded object| __twttrll object| twttr object| __twttr boolean| _hspb_loaded object| gaplugins object| gaGlobal object| gaData number| topPostion number| currentDiv boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| _hspb_ran

33 Cookies

Domain/Path Name / Value
.blog.minerva-labs.com/ Name: __cfruid
Value: a58d4e931149d5a418de88774e12ceb52533ec30-1654014314
blog.minerva-labs.com/ Name: poptin_old_user
Value: true
blog.minerva-labs.com/ Name: poptin_user_id
Value: 0.vaby7g79nl
.ws.zoominfo.com/ Name: visitorId
Value: c4a5b2d46f90cf2558557d0b89c1e1bc76e2518d0e05ba5429d8c41c4404ebb2
.linkedin.com/ Name: UserMatchHistory
Value: AQKxXENuZxFUMgAAAYEa74gFnVm1JLAksGxujNqqTM6KuEOu0eEMKTWM_INejAu65owX5i4GOI_nbQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLpmJg_kx2eHgAAAYEa74gFozWuhL29NCnD6v0RIdc-FbEF0epK4ZHh1hN14xf-6FY4S1o6IXZl55HXwZBcIw
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&ea79c86f-fca3-41b9-86ca-43e9c4b5f92b"
.linkedin.com/ Name: lidc
Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2317:u=1:x=1:i=1654014314:t=1654100714:v=2:sig=AQH_WtxlLzsX1G5wHOqr1JueLmLT8wo7"
.minerva-labs.com/ Name: _gcl_au
Value: 1.1.1228307236.1654014315
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&202205311625143dcae4d3-8e4f-44c0-8ec9-0114a9949da5AQEc6JkewPSkudG6v4fxYBBjKLbEgBVp"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTQwMTQzMTQ7MjswMjFLi1dqSwaj3V8kV5qGBG7bQ+rJ0g6oNKhqfv3rmMCWCA==
.minerva-labs.com/ Name: amp_26b8f3
Value: hwzaEdGs-f13WX9Qz1OCM5...1g4dev2at.1g4dev2au.1.0.1
.minerva-labs.com/ Name: _fbp
Value: fb.1.1654014314928.41823616
.hubspot.com/ Name: __cf_bm
Value: .1.msS0HMtrFVIHQwk1kco1Ga1oJJ8eUCRK__CQsTpU-1654014314-0-AQH1ZgKWLWuIWZcbuHuAZf6orwcPfDLdUx0iWxBfrKTK6CqZvTHNoVfaE+QMSXKxyZCiY5Smwj899Cjcdh2tR9Y=
.minerva-labs.com/ Name: __insp_wid
Value: 215293609
.minerva-labs.com/ Name: __insp_slim
Value: 1654014315033
.minerva-labs.com/ Name: __insp_nv
Value: true
.minerva-labs.com/ Name: __insp_targlpu
Value: aHR0cHM6Ly9ibG9nLm1pbmVydmEtbGFicy5jb20vbmV3LWJsYWNrLWJhc3RhLXJhbnNvbXdhcmUtaGlqYWNrcy13aW5kb3dzLWZheC1zZXJ2aWNl
.minerva-labs.com/ Name: __insp_targlpt
Value: TmV3IEJsYWNrIEJhc3RhIFJhbnNvbXdhcmUgSGlqYWNrcyBXaW5kb3dzIEZheCBTZXJ2aWNl
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.minerva-labs.com/ Name: _ga
Value: GA1.2.1109432647.1654014315
.minerva-labs.com/ Name: _gid
Value: GA1.2.709441135.1654014315
.minerva-labs.com/ Name: _gat_UA-78700336-1
Value: 1
.minerva-labs.com/ Name: _gat
Value: 1
.minerva-labs.com/ Name: __hstc
Value: 54658292.6353789d3d1d39582c1b1585794640e6.1654014315216.1654014315216.1654014315216.1
.minerva-labs.com/ Name: hubspotutk
Value: 6353789d3d1d39582c1b1585794640e6
.minerva-labs.com/ Name: __hssrc
Value: 1
.minerva-labs.com/ Name: __hssc
Value: 54658292.1.1654014315216
.minerva-labs.com/ Name: __insp_pad
Value: 1
.minerva-labs.com/ Name: __insp_sid
Value: 3303421244
.minerva-labs.com/ Name: __insp_uid
Value: 2157226526

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-na1.hubapi.com
api.amplitude.com
app.hubspot.com
assets.website-files.com
blog.minerva-labs.com
cdn.amplitude.com
cdn.inspectlet.com
cdn.popt.in
cdn2.hubspot.net
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
display.popt.in
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hn.inspectlet.com
js.hs-analytics.net
js.hs-banner.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
static.xx.fbcdn.net
stats.g.doubleclick.net
syndication.twitter.com
track.hubspot.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
display.popt.in
104.244.42.136
13.107.42.14
142.250.186.162
143.204.101.136
2001:4de0:ac18::1:a:2b
2600:9000:2156:f000:11:3b84:d200:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:2c40::c73c:67e2
2606:4700:10::6816:38f5
2606:4700:3037::ac43:d586
2606:4700:4400::6812:21ab
2606:4700::6810:650c
2606:4700::6811:190e
2606:4700::6811:43b0
2606:4700::6811:cacc
2606:4700::6811:f3cc
2606:4700::6813:9a53
2620:1ec:21::14
2a00:1450:4001:800::2004
2a00:1450:4001:80e::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:828::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2003
2a00:1450:400c:c00::9b
2a02:26f0:3500:16::215:149b
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
44.239.68.10
02992586f5ff5a190eb66f34759fa5cd86ba2ccb7c754534fc836c04ae71b302
043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
1b7270476c4cf4c942a34cb94839f88e1a175fdfab66de16e5f988edd35ef4bd
1d1c9bc6f9d52ed8f452bafb66bbfa138f0c01a3bdc9779440eda71895bd8b07
21bd1259243696693903903a16dc847ca2957d74bc40ae76133efc95061caf76
2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4
28779629990a8be847b5813125962616ef6fb1c0c8980e50f76ab2a66612b92e
29383c3bfcabaef6ab73715605e7663f26a618720cba85946421cfd1570cac25
2b37b00f9400fedda05e3feb73c40b2a19af5fbd2d2d327c39e9476cff3dd9c8
3a1f4c4256945b084e80bf3eb8bf788f3bbc6a30912240b639bf49496da85c19
3b88d851130733719e7f882b99cffb4ebf7f24f08c1f270bd697e67ff5ba667d
3d96220660f58aba59a014d68de89ac2d8c035a0dbd1195bb83b2447b8ee3892
439bb68e4b99a7037363e3c9671380459a2e0aa1c8276fb1c68823da04608a3d
442ca14e2177535f499cc256c1a56c4b449a91e2054f4cb86f91f658eb3ed182
474e34e3f4e3c8ac272374debd1bbff52680b9d99d613b545a27a3b9c01898de
4a9a6afeba8624295a87efaf0d3c76fa7a55271f310adffcfa683bccacc0fc5d
4d2b09d57b760dce8750f77fcb664c2465831932948b624d3bf625acb7d50217
53d029c7cdb394d5e7c0f1a50af69d2b2e07c144dd103dabab8a46ac9c73514a
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5672b14992cec343354779d4954dc139ea902713238e5e80fa28947e29daa8e1
5a8d8f3cddc625b9ef8a7d497f16233703262992f85525fad5e589b94b6ac133
5bed7b73c89c71907e7f72dbde9d77241daa342ef33856104133476b0a092e75
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5
64d8a0fdaa4295db33cc2ed07deee58a34084cb3e65164e87b22d60eae1fb99f
66e7d9881ce7b7820777cec4222fa572e078f6de49eab270a7ec9fae2aea8218
7d86f41ac5b0e42d19f37f94091d5df2634b3fa83efd25b907105ba2ef9a4e17
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8558b4c82025aba9ec56c0e1d600d8be2b0e15bd687718de7af8e56b887aa15b
8630313bee77f64206067ed80eb6a7c721b0bbfc91c94210966969d4dcc43ba7
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8afed56d9230a927539efebbb4dd3c6f80c344aac335e981b0affbba216746fc
8b4f5de8e77b879633a4beda09db8f3a1b9b0581ce8c12bf87d218520374d7b6
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
9077d52ea5ab15b7d215563619df8bb71c78ad1126ee9280e4a26363bf04b37d
9413bfe06c2a1c196a8ee24dbbc7fcad0e62c92c027bfae445514a3089e2d52e
96e66f6b27f3c4ed5a608b6b12497549605b2a0dad869890dd2d316aa10505d1
9826f69e38a24546b53854b766c0e904ac9f62e8bb376dcadb40bfb28b170bda
9939d9d43758f96973864a4523afd259232ea6e8eb0a3ff56efe835df25a9648
99b339bc73a2fc0d4b5d522d9ea92e14cbcc7fd6d09c01d0468ee8ff3f5d76c7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a8da12642511272d02eda4a0107225bf5432c4cd701b2231811a2a2fd57bf1fd
aa1346d6d87043ff828b3a2ce3fdd101bc9a1a0bc5ef8efb939d20ed8ef2cff4
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b129b8f0ad48406adda1fb182e83af8c7ab1465e92306ebdd86a4e0b120aa3d1
bb45b7dbc7623304e02f12df189625e2edf717fe584719ec5543a847be6d0f88
bd08180ec011a2cc6a193103b8279709370cedabcafe9ea5a7dd4a6ff23541d5
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c7aeb8d89da6c2171a50f79dd2c22557c3112d9a2145211fabdd0e799a16116a
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
cdb47a4dd6d4123cf2de3d2dbf2452c94e769d545ae676eb121b87e5474ac275
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
d342be7b065b36dd1e6856bcf5a432b5d2c277d27555391ddefbf1df3edb0fc4
d45f76d9e4e9283793f7616d307807155fbb15f5a6f9973ede8d5e115066b605
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
dbd26ca5e44e86a535f76803d5b0571e6db7e8226a590d8397f9e9aad4b0bc11
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
ddd2a2af5c5276629fe1608ebf424fbf58a3db1fed37f06881d6d8702ee16615
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df364e359bbb1cb6c6ad9c08eaf8960f8b27da4c636f5bc08a9b782c0c03f4dc
df49227cb2309877ec1e6809f6798375520828fbf628579bdfb42d18d8f451a0
e2e80e28607d8a574e44f77601ec1a449b1c4cd7c10c8a41a054a1258670be41
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c785e1cf09c0144ae04b8ba3bc440a3dda64ab7d22e7da3c4df81448a8a343
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f06c434232dfa8c63251eb1555f6cfa455c114110e6482fcf58e356c6f5a91b6
f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fdc7719d769d652c706bba003eaff72320f96cd24f6496149624174512bbdfd0
fdff7ac3be986a85b233f664b05a3b0bd5a6b1a78727fa4f23bb5453ea4db04b