Report - symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware

Report Overview

Submitted URL
symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
IP
104.22.48.215
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 03:11:48
Access
public
Website Title
Buhti: New Ransomware Operation Relies on Repurposed Payloads | Symantec Enterprise Blogs
Final URL
symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	3.1 kB	65 kB	142.250.74.132
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-02	444 B	426 kB	142.250.74.168
play.vidyard.com	11975	2011-01-27	2013-05-29	2024-05-02	429 B	50 kB	151.101.1.181
geolocation.onetrust.com	802	2004-01-12	2018-02-07	2024-05-03	519 B	293 kB	172.64.155.119
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-03	2.9 kB	674 kB	142.250.74.163
images.sw.broadcom.com	unknown	1994-05-09	2022-09-12	2024-02-21	491 B	25 kB	95.101.10.146
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-03	511 B	16 kB	216.58.207.227
cdn.cookielaw.org	502	2011-06-20	2013-12-28	2024-05-02	4.6 kB	160 kB	104.19.178.52
symantec-enterprise-blogs.security.com	unknown	1994-05-12	2020-04-09	2024-03-03	29 kB	4.2 MB	104.22.48.215
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-05-03	542 B	20 kB	104.16.79.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	geolocation.onetrust.com/cookieconsentpub/v1/geo/location	Detects strings found in Runspace Post Exploitation Toolkit
2024-05-04	medium	geolocation.onetrust.com/cookieconsentpub/v1/geo/location	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (30)

	URL	Size	First Seen	Last Seen
	cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/OtAutoBlock.js	10 kB	2023-06-28	2024-05-04
Pretty URL cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/OtAutoBlock.js IP 104.19.178.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-28 18:46:31 Last Seen2024-05-04 05:11:51 Times Seen86 Hash bba5d6221859442e67b8729564922a5a df5c989dc5b9dc7826b2a268f90dcfb77beb02db 1016b240b80b66865a6697004dd6c411863ab6872f773fa53e3be5c72424d800 Loading...

	symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware	37 B	2023-03-07	2024-05-14
Pretty URL symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware IP 104.22.48.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:13:21 Last Seen2024-05-14 00:28:39 Times Seen126 Hash 6432390340ff19c49336c1a02996c56f 15fe25af1903467a37c6fa95fcd7f63170e2c9ce 1c1752dc13e8291d0b5d22b045d8c8804af1821c392ce1f56b2ca6fc37ea7142 Loading...

	www.google.com/recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded	913 B	2024-05-04	2024-05-07
Pretty URL www.google.com/recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 05:11:51 Last Seen2024-05-07 21:27:51 Times Seen4 Hash 0f698a12f8b480d8e3e254fcc4541e29 e6f034aa0818727e01d23504ffc0a119d9cf7f2b f8ddfa46e497ed54787f10f391f2e2521e6412e1c19592bb143982a7467c4153 Loading...

	images.sw.broadcom.com/Web/CAInc2/%7B0dd907c3-1965-4a46-8bd9-d2137213dc4e%7D_blocked-emails.js	91 kB	2023-12-08	2024-05-04
Pretty URL images.sw.broadcom.com/Web/CAInc2/%7B0dd907c3-1965-4a46-8bd9-d2137213dc4e%7D_blocked-emails.js IP 95.101.10.146 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 11:49:04 Last Seen2024-05-04 05:11:52 Times Seen21 Hash 52bf2f76d2561185dc2ed1c2a8d69001 7bad75269a246c6172e967caf94e0e15217caf94 e2cfb1a29f60db9cfb63e1ced78f32a0630facfa984ed0f07a16e697b691163a Loading...

	unknown	10 kB	2023-10-15	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 19:27:59 Last Seen2024-05-04 05:11:51 Times Seen37 Hash 09048ca858870a0016c07d94cdddcaa8 490a492cd32eab9a927041960a478f8801e2567d a00df98af43cf6c0f794a4f74ed6c84c2abd65b31c5f5522cd1ce16eceb7771c Loading...

	www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js	518 kB	2024-04-24	2024-05-15
Pretty URL www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP 142.250.74.163 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 09:18:30 Last Seen2024-05-15 19:10:18 Times Seen9003 Hash e2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6	69 B	2023-03-07	2024-05-18
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:05 Last Seen2024-05-18 08:59:17 Times Seen102404 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	www.google.com/js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js	18 kB	2024-04-27	2024-05-06
Pretty URL www.google.com/js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:59:03 Last Seen2024-05-06 06:50:01 Times Seen458 Hash 040162f6da25c64feaaed69abc0ac96b 818d0d73c7efdeafe6898255d407c519173a5131 7f2085de59a8fce6270bff6b196505f82790bed38428aad350afd75d2d45775b Loading...

	cdn.cookielaw.org/scripttemplates/otSDKStub.js	21 kB	2024-04-16	2024-05-18
Pretty URL cdn.cookielaw.org/scripttemplates/otSDKStub.js IP 104.19.178.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 08:31:16 Last Seen2024-05-18 03:07:35 Times Seen4963 Hash 0cd317a7b9c520801230e944f7d50e41 e3985ff0c2e8b1eaacb617c7c5af5bebfcbceda6 6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544 Loading...

	symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware	348 B	2023-05-09	2024-05-04
Pretty URL symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware IP 104.22.48.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-09 14:09:02 Last Seen2024-05-04 05:11:51 Times Seen44 Hash 860e95cd75ae6f2fd2bb687768dd4091 3e607fb739639bd8a73bfeb8b6c849ee4ae700fc b3a435605d0a0a10bcd5c4984da9bb50d64b863bbeceee5ea57c9cdeb9ea5d64 Loading...

	symantec-enterprise-blogs.security.com/blogs/polyfills.824ad2d7c1c36d3a.js	34 kB	2023-10-21	2024-05-04
Pretty URL symantec-enterprise-blogs.security.com/blogs/polyfills.824ad2d7c1c36d3a.js IP 104.22.48.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 20:59:41 Last Seen2024-05-04 05:11:52 Times Seen33 Hash 4b37288c01eb499b9b11c0adb25546c9 37549b2e66998591f9cf249901596162e980a30a 71c2626c47223b87c8cff1b086a97937f28512991812b3edfd79eb157dd232ff Loading...

	unknown	12 kB	2024-03-03	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-03 21:47:14 Last Seen2024-05-04 05:11:51 Times Seen5 Hash 8d4d406f0a57d5c7cc72c55d9a7123a6 16a3672bbaa6995d6d5fa39fdf0c0a8dc789bb43 8b9313b6a0852633e9bc3b46c220381ab8a3f92ea871a9b70b8ddf61fdeaea41 Loading...

	www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j	0 B	2023-03-07	2024-05-18
Pretty URL www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 09:00:52 Times Seen37777196 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	348 B	2023-03-09	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 06:30:11 Last Seen2024-05-04 05:11:51 Times Seen61 Hash 0b7baa8611bdfa5a22c3d138b92af511 c3bdafef821ed5f5f02ceea3698d0886020050d7 e1ab63fb9e41832212275a7b9e4642888471c6ec15bcb6dd15c2dfd86705fe3a Loading...

	static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387	19 kB	2024-04-24	2024-05-18
Pretty URL static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:56:41 Last Seen2024-05-18 08:38:17 Times Seen2412 Hash 4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KF7XWD	426 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KF7XWD IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 05:11:51 Last Seen2024-05-04 05:11:51 Times Seen1 Hash 05d09f183704d58a22bc88dac93f86ca e41912fe7e49e58bea0e42192241307c162accd0 3f1f0514ff5a55e493ee81508438df92830dc76a278b18bec6bd1f6c2c266957 Loading...

	unknown	3.1 kB	2024-03-03	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-03 21:47:13 Last Seen2024-05-04 05:11:51 Times Seen4 Hash c0508de15caadc6b6e3e9768f079f05a 0db3ea7e9033ed23faab68d1485052e1b6f1fbf8 94b6d539f3a4b86df74d9da71153dd0daf91c94132129dfb04ce7b9fe7b26c65 Loading...

	unknown	9.2 kB	2024-03-03	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-03 21:47:14 Last Seen2024-05-04 05:11:51 Times Seen2 Hash 2bbd4e1bf908c1769f8fcac94e3fc82c c8b22e6ecd41a0392cb8af4f4a1cc3d489d8c262 c2a62afb520c3c5ec73dccdf02ba4e16dae86f11cdd40ddbbd48f0240921240c Loading...

	symantec-enterprise-blogs.security.com/blogs/runtime.3d45dbe3cf1c9b60.js	2.8 kB	2023-10-21	2024-05-04
Pretty URL symantec-enterprise-blogs.security.com/blogs/runtime.3d45dbe3cf1c9b60.js IP 104.22.48.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-21 20:59:41 Last Seen2024-05-04 05:11:51 Times Seen22 Hash 47bec3f67eb21441d8d2f5d4416798ba 6f7d68fe12878a8879d7206022e31d12a7a5abc1 fbfd5c7bca2ee9b74e6d834c5ad4f415ededde8d43948fb155018601e755e6b0 Loading...

	symantec-enterprise-blogs.security.com/blogs/main.ddb008685495cc54.js	628 kB	2024-05-04	2024-05-04
Pretty URL symantec-enterprise-blogs.security.com/blogs/main.ddb008685495cc54.js IP 104.22.48.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 05:11:51 Last Seen2024-05-04 05:11:52 Times Seen2 Hash 10d58afa0e6a1dd771ca3c02c7645a16 47ddd1fe1b5a7c1c9ac47d0759529a18530e814c 4e841299c022f88b66091ad23f31cc1619a313443e1832f416c8fc9de490a1ba Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6	37 kB	2024-05-04	2024-05-04
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 05:11:51 Last Seen2024-05-04 05:11:51 Times Seen1 Hash 4fccb6a4cab7a3d3e943ad4940e26782 0e359e50333c27c54307cdb3491164309840c0ce 8238b0c78a2102ba8683f82fd6b74292a9c3ddfc7cd4fee8655f6312f76c8fa3 Loading...

	unknown	666 B	2024-02-12	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-12 06:07:05 Last Seen2024-05-04 05:11:51 Times Seen6 Hash f338c7e18f403b1cd3f31c5d12ae30cd 7c02162c2055f8368849c3a806feef53d08f8e0a 4d05418431deeb49dfc995874ac83f477bb4940a066eb36cea8540b924776858 Loading...

	play.vidyard.com/embed/v4.umd.js	194 kB	2023-08-28	2024-05-04
Pretty URL play.vidyard.com/embed/v4.umd.js IP 151.101.1.181 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-28 21:24:04 Last Seen2024-05-04 05:11:51 Times Seen60 Hash b2cf0ae82877a6b8089df7a8af44e179 b0bff41d498a4250b9108e8706d03a6b5a1fcd79 92d255119405f06a0c8f0cf18f2c9941acfcac8d941cd5ae40bd5fea7834f484 Loading...

	cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js	411 kB	2023-05-07	2024-05-16
Pretty URL cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js IP 104.19.178.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-07 18:37:18 Last Seen2024-05-16 20:07:05 Times Seen3657 Hash 13ec06e463a617bab57f67a359d65b73 9ab224d5073e03300b1816a81dd50a0339ad2fe7 1114132a79b42ce8e5064f57a1560a3b3f0e1659afc33e4698bab53e1301fbfd Loading...

	unknown	963 B	2024-03-03	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-03 21:47:14 Last Seen2024-05-04 05:11:51 Times Seen5 Hash d616965cfceda87fd9c09027f498ba75 584fd2890b2d7993ad1890b6ddc9f6ed0825d59b 2fbd4b119d242cc856a25d9722a36b2f69805bcd9a6f77395f01e9c68099b61d Loading...

	unknown	668 B	2023-10-15	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 19:27:59 Last Seen2024-05-04 05:11:51 Times Seen37 Hash a3c52aaae75c1302de6bf5d346e478b5 aae97145b56ff01d5538870a0328a82bce6e77cf df12b402c509f4efec5df81db32cb98e5ff383bc874f2d342accfca5cce4d9d5 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 18dfd52127b356c3dddf00f8371ef765	25 kB	2024-05-04	2024-05-04
Pretty Observations First Seen2024-05-04 05:11:51 Last Seen2024-05-04 05:11:51 Times Seen1 Hash 18dfd52127b356c3dddf00f8371ef765 01665ba3960df6c0d06c425152ab4d7d6228e942 590058a7e1d3bcd90a8faeb53852b0aca23def77e981a95e71e56cfafc3a1110 Loading...

	#2 Eval - 082a52c05eea6787ba699ff89fb0976a	22 B	2024-04-27	2024-05-06
Pretty Observations First Seen2024-04-27 09:59:04 Last Seen2024-05-06 06:50:01 Times Seen205 Hash 082a52c05eea6787ba699ff89fb0976a 8b94e04205aa757cfe3584f2b39846d1949019bf 1f1dfcf2bd3c3f18e17e4f8270d17610c0c8dd648a46eb5d7d2f99810b33b45e Loading...

	#3 Eval - d9e35c2efcb7cc9175a029ea36a0fc03	22 B	2024-04-27	2024-05-06
Pretty Observations First Seen2024-04-27 09:59:04 Last Seen2024-05-06 06:50:01 Times Seen202 Hash d9e35c2efcb7cc9175a029ea36a0fc03 d509b773833167268ce159a9aa1cec2b66bbaade 3224ac29c9b9ae1df69da061c76b3b8f753e63eda41cd56d984b823b7a2c03f2 Loading...

	#4 Eval - a22acf42c34df68d6068204184c4d70b	64 B	2024-04-27	2024-05-06
Pretty Observations First Seen2024-04-27 09:59:04 Last Seen2024-05-06 06:50:01 Times Seen206 Hash a22acf42c34df68d6068204184c4d70b f2243b2b3554d90dbef6126d7240383316b8ca81 85b592cd7beae3e895f3d3d70ab35e21b38becd37775a635a5d277032f6d22c2 Loading...

HTTP Transactions (69)

URL IP Response Size

cdn.cookielaw.org/scripttemplates/otSDKStub.js

104.19.178.52

200 OK

6.9 kB

URL GET HTTP/2
cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP
104.19.178.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21229)
Size
6.9 kB (6882 bytes)
Hash
0cd317a7b9c520801230e944f7d50e41
e3985ff0c2e8b1eaacb617c7c5af5bebfcbceda6
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544

HTTP Headers

GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: application/javascript
content-length: 6882
content-encoding: gzip
content-md5: cfMMgqnnnYda745QhUdJrw==
last-modified: Thu, 02 May 2024 18:04:40 GMT
etag: 0x8DC6AD2569D1DB7
x-ms-request-id: 81aa8688-601e-0010-3e74-9d778f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 39225
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d853ebd1c06-OSL
X-Firefox-Spdy: h2

cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/OtAutoBlock.js

104.19.178.52

200 OK

2.8 kB

URL GET HTTP/2
cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/OtAutoBlock.js
IP
104.19.178.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (5950)
Size
2.8 kB (2778 bytes)
Hash
bba5d6221859442e67b8729564922a5a
df5c989dc5b9dc7826b2a268f90dcfb77beb02db
1016b240b80b66865a6697004dd6c411863ab6872f773fa53e3be5c72424d800

HTTP Headers

GET /consent/301196e0-93ad-473e-a572-975514574496/OtAutoBlock.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: application/x-javascript
content-length: 2778
cf-ray: 87e54d852ebc1c06-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 27663
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DB50F082DD0023
expires: Sun, 05 May 2024 03:11:19 GMT
last-modified: Wed, 10 May 2023 00:50:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: CGDeVeN5aK2NbJIer7+4YQ==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: f03e9e25-801e-006c-4258-79d214000000
x-ms-version: 2009-09-19
server: cloudflare
X-Firefox-Spdy: h2

play.vidyard.com/embed/v4.umd.js

151.101.1.181

200 OK

50 kB

URL GET HTTP/2
play.vidyard.com/embed/v4.umd.js
IP
151.101.1.181:443
ASN
#54113 FASTLY

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerGlobalSign nv-sa
Subject*.vidyard.com
FingerprintF7:F4:86:A4:A5:E7:07:A0:46:0E:25:68:1D:D7:2B:F9:99:1A:9A:23
ValidityWed, 03 Apr 2024 22:58:22 GMT - Mon, 05 May 2025 22:58:21 GMT

File type
JavaScript source, ASCII text, with very long lines (317)
Size
50 kB (49451 bytes)
Hash
b2cf0ae82877a6b8089df7a8af44e179
b0bff41d498a4250b9108e8706d03a6b5a1fcd79
92d255119405f06a0c8f0cf18f2c9941acfcac8d941cd5ae40bd5fea7834f484

HTTP Headers

GET /embed/v4.umd.js HTTP/1.1
Host: play.vidyard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Mon, 28 Aug 2023 17:07:01 GMT
etag: "b2cf0ae82877a6b8089df7a8af44e179"
x-amz-server-side-encryption: AES256
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-type: application/javascript
x-china: 0
content-encoding: gzip
accept-ranges: bytes
age: 338894
date: Sat, 04 May 2024 03:11:19 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 0
vary: X-China, accept-language, Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 49451
X-Firefox-Spdy: h2

cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/301196e0-93ad-473e-a572-975514574496.json

104.19.178.52

200 OK

1.7 kB

URL GET HTTP/2
cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/301196e0-93ad-473e-a572-975514574496.json
IP
104.19.178.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
1.7 kB (1663 bytes)
Hash
6db984c1dd86725ac1472f3f1718539b
f41543ab9281eb2adbc0e54f0954f7770d8267f2
38e9e0666c68724a3502469d910dfdd11af87774d130ff0ed8f79bb435ee1413

HTTP Headers

GET /consent/301196e0-93ad-473e-a572-975514574496/301196e0-93ad-473e-a572-975514574496.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/x-javascript
content-length: 1663
cf-ray: 87e54d867f051c06-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DB50F082B532A5
expires: Sun, 05 May 2024 03:11:20 GMT
last-modified: Wed, 10 May 2023 00:50:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: vtmWoJnwtP91hXYO8KdagQ==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 190705c4-501e-009b-3372-79f886000000
x-ms-version: 2009-09-19
server: cloudflare
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js

104.19.178.52

200 OK

99 kB

URL GET HTTP/2
cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js
IP
104.19.178.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
99 kB (99020 bytes)
Hash
13ec06e463a617bab57f67a359d65b73
9ab224d5073e03300b1816a81dd50a0339ad2fe7
1114132a79b42ce8e5064f57a1560a3b3f0e1659afc33e4698bab53e1301fbfd

HTTP Headers

GET /scripttemplates/202304.1.0/otBannerSdk.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/javascript
content-length: 99020
content-encoding: gzip
content-md5: f9AvZgohx9TU9t078cCRXA==
last-modified: Thu, 11 May 2023 06:31:14 GMT
etag: 0x8DB51E951BA9202
x-ms-request-id: 2aef2bd7-901e-004f-134e-7948d7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 39195
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d877f3e1c06-OSL
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/assets/icomoon/globe-americas.svg

104.22.48.215

200 OK

123 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/icomoon/globe-americas.svg
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
gzip compressed data, from Unix
Size
123 kB (123297 bytes)
Hash
13c1496d59651b8dcd52e01489e550f4
d42b4fe0546e99385b621982d48434305e56e768
9d3a973ba137a925f22e5d7d785265c24a4b983af1c13fc80b5815ff6302ff03

HTTP Headers

GET /blogs/assets/icomoon/globe-americas.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d867f3f56cc-OSL
cf-cache-status: HIT
age: 61007
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"17f4-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: 5aefGPcvGLlyXjl_YoYM0bl1fRYm0WyS1-iy3iGCfXZ_BhZxRcoSKA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=U0Eeei9v

104.22.48.215

200 OK

13 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=U0Eeei9v
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 310x207, Scaling: [none]x[none], YUV color, decoders should clamp
Size
13 kB (13086 bytes)
Hash
e842e110fd1bc57f0ea06848036f0347
3e2cbccd6aee2b2890054d2f8edff67825db0fc8
628bd387872882ad0fcbb86b506bd56592522594bb2a582e50666e5e3a183c09

HTTP Headers

GET /sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=U0Eeei9v HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/webp
content-length: 13086
cf-ray: 87e54d84de7756cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1435355598.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Wed, 06 Mar 2024 11:02:09 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=28522
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: NPEusCBNgd5wvz6kileAwfH1C76JfDsrMNLzsMqdqpi_JX-M5hXDaw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-46xpw
x-served-by: cache-chi-klot8100049-CHI, cache-osl6540-OSL
x-styx-req-id: 06391749-0875-11ef-bb7d-5289f04663d8
x-timer: S1714648418.975951,VS0,VE681
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=mXPtF7Ot

104.22.48.215

200 OK

20 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=mXPtF7Ot
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 310x207, components 3
Size
20 kB (20174 bytes)
Hash
7047292113ade661ed2f6a0256e09dfa
fbb598e55a905904e11e52bce5ee8daf2e77b88e
56a1df9e7f4505d4a8a901ab5125268df949109e026956390fd0ece49ca5ae63

HTTP Headers

GET /sites/default/files/styles/blogs_hero_related_large/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=mXPtF7Ot HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/jpeg
content-length: 20174
cf-ray: 87e54d84de7556cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 02 May 2024 10:01:55 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=41382, status=webp_bigger
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: qWGPn-8u6ssnBe0R4JVoSTF5vqH2SWaSIyVISVy-DqiREWjgV3I4UA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-h6zmh
x-served-by: cache-chi-klot8100066-CHI, cache-osl6550-OSL
x-styx-req-id: 78367c56-0936-11ef-a242-e63821734780
x-timer: S1714731502.086806,VS0,VE313
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_bio_large/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=0czhl3gL

104.22.48.215

200 OK

21 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_bio_large/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=0czhl3gL
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 425x425, Scaling: [none]x[none], YUV color, decoders should clamp
Size
21 kB (20884 bytes)
Hash
cfae1f593d83f1b74fa10cb6fa6b02b2
811ee9bd76159d459a6fcd3c787a9627a0108786
33d65af5ebd52c9304d5460f0e3b68efad901ffebb61327e261b0e69509875c5

HTTP Headers

GET /sites/default/files/styles/blogs_author_bio_large/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=0czhl3gL HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/webp
content-length: 20884
cf-ray: 87e54d84de7456cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="author-profile-default.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 19 Oct 2021 20:38:45 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=57437
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 4oQ_rCnZJcY1JMbfYvRe76z3fyMVWgw_Pn93Bp97wBkJKvurrlg9fw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-wv4nf
x-served-by: cache-chi-klot8100042-CHI, cache-osl6549-OSL
x-styx-req-id: 0632cff6-0875-11ef-a58a-3efa0f61bc29
x-timer: S1714648418.934023,VS0,VE440
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_medium/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=BVxNwMSN

104.22.48.215

200 OK

36 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_medium/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=BVxNwMSN
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
PNG image data, 555 x 646, 8-bit/color RGBA, non-interlaced
Size
36 kB (36535 bytes)
Hash
a324f46230bf0fe2f91e59bd77cefa8b
d70e0589b7cbfd072c6e540d1a2ec7ee451c7aa5
103d41a6faa2678cbd1c874066f35c99ea9481677030426db0337c07d20ee773

HTTP Headers

GET /sites/default/files/styles/blogs_inline_medium/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=BVxNwMSN HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/png
content-length: 36535
cf-ray: 87e54d84de6d56cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 08:26:57 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 66yN5qyAgE-FYptFJHuBtCpujvMqlDu_cxWu6Eavle7309XO8PJIiQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-frdkr
x-served-by: cache-chi-klot8100143-CHI, cache-osl6525-OSL
x-styx-req-id: fa9b59a7-09c3-11ef-bde0-ce5285527fa2
x-timer: S1714792280.890760,VS0,VE440
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=HfhI5i6b

104.22.48.215

200 OK

20 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=HfhI5i6b
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 310x207, components 3
Size
20 kB (20074 bytes)
Hash
8a9c80158fc05d9d1fd3ce4bbbd36ae1
b64ab00f5235d9e079ce5f4b5fb280c57461c14a
1bd128cc127a15e09d343743ff00c722ea9874c0bca6b9cb3706307f8084dfc2

HTTP Headers

GET /sites/default/files/styles/blogs_hero_related_large/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=HfhI5i6b HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/jpeg
content-length: 20074
cf-ray: 87e54d84ee7856cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Fri, 16 Feb 2024 11:02:50 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=42952, status=webp_bigger
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: N08HzUJXoZUIHDJdAo7HJFwepbD2P72LVCSlxN_7gLY7ERAfbu9oZQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-wv4nf
x-served-by: cache-chi-klot8100114-CHI, cache-osl6544-OSL
x-styx-req-id: 0632182c-0875-11ef-a58a-3efa0f61bc29
x-timer: S1714648418.931139,VS0,VE322
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=zejIZxsA

104.22.48.215

200 OK

15 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=zejIZxsA
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 310x207, Scaling: [none]x[none], YUV color, decoders should clamp
Size
15 kB (14816 bytes)
Hash
6b990f4f533dd531e92a8517761e2daf
0e359b5d7e984e880edaf47685ccb7d1a775cca6
012bf83fc9440a70611dd32c99538e1120e621bd270b59e37df6c168fabb11c4

HTTP Headers

GET /sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=zejIZxsA HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/webp
content-length: 14816
cf-ray: 87e54d84de7656cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1420039900.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 12 Mar 2024 10:02:07 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=31406
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: uIRy6Eos-UrKiWPpIrxJse9iR1hMtPNEiN78ODrJ_sMe990DWS9IOA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-qqghr
x-served-by: cache-chi-kigq8000104-CHI, cache-osl6538-OSL
x-styx-req-id: 0638e35d-0875-11ef-b4bb-ce23f976d9cb
x-timer: S1714648418.975412,VS0,VE449
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_medium/public/2023-05/Fig2_0.png.webp?itok=IJQuf-HF

104.22.48.215

200 OK

56 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_medium/public/2023-05/Fig2_0.png.webp?itok=IJQuf-HF
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
PNG image data, 1076 x 508, 8-bit/color RGBA, non-interlaced
Size
56 kB (56081 bytes)
Hash
e17534d61fd2a4451895edb03fb26ffb
509388f8ceed66c92a60de2da3d1de39205f0ada
9f585f25faa1413819bcd9c78d11ec389dca1e663b0e325196498db8110ad439

HTTP Headers

GET /sites/default/files/styles/blogs_inline_medium/public/2023-05/Fig2_0.png.webp?itok=IJQuf-HF HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/png
content-length: 56081
cf-ray: 87e54d84de6e56cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 08:30:39 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 6pMoWJ2mBiEwlqAHy4Fup4q7YdRxUfnrGq6GxaVn2tDF1kgVbW69Hg==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-6q4h9
x-served-by: cache-chi-kigq8000134-CHI, cache-osl6526-OSL
x-styx-req-id: fa994464-09c3-11ef-b435-ae3e18cea8aa
x-timer: S1714792280.869825,VS0,VE520
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/0a09381f-7ddd-4fa4-ad16-4a1f1c355336/en.json

104.19.178.52

200 OK

15 kB

URL GET HTTP/2
cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/0a09381f-7ddd-4fa4-ad16-4a1f1c355336/en.json
IP
104.19.178.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
15 kB (14734 bytes)
Hash
33e7ed6aeb2228f4c2d59351bd2e8be5
bc9124bf3d0b763effcc93002d2f79c4c31bd934
4221092d89b21d0ac7819483b5607078370751a987814f0a39cf23f2e618dbd7

HTTP Headers

GET /consent/301196e0-93ad-473e-a572-975514574496/0a09381f-7ddd-4fa4-ad16-4a1f1c355336/en.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/x-javascript
content-length: 14734
cf-ray: 87e54d882f5a1c06-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DB50F086239A0D
expires: Sun, 05 May 2024 03:11:20 GMT
last-modified: Wed, 10 May 2023 00:50:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: vSO421RrIp9RvYN1fLhvxA==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 04a5581d-401e-0063-3274-79a478000000
x-ms-version: 2009-09-19
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_avatar_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=yMcB1DYB

104.22.48.215

200 OK

3.9 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_avatar_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=yMcB1DYB
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp
Size
3.9 kB (3918 bytes)
Hash
bdeadc8e1a6c3dd010db187b2e4d0666
27da76a1b4ed079ce202ffe6f47e5327c8202c7a
55818b3f3213279b9a13f0c9a32f807c423021b843f52105860c9b0ad4ed7574

HTTP Headers

GET /sites/default/files/styles/blogs_author_avatar_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=yMcB1DYB HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/webp
content-length: 3918
cf-ray: 87e54d84ce6b56cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="author-profile-default.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 19 Oct 2021 20:36:25 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8273
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: dD9sHO0OCgDqvYAKTpB1m16pr_jAaoONGZfFOBHCpYJnzPZQBbrB8w==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-kpcfq
x-served-by: cache-chi-klot8100166-CHI, cache-osl6539-OSL
x-styx-req-id: 0632483d-0875-11ef-828f-c2ab3e6ad4e3
x-timer: S1714648418.931584,VS0,VE432
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_large/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=jqwmEquJ

104.22.48.215

200 OK

586 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_large/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=jqwmEquJ
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 1600x1000, components 3
Size
586 kB (585854 bytes)
Hash
291237c8ef88c690e9509f75d3467597
9dbd72f09a7aa1c83d920c0a461fad66c6bbdfcc
2782ae0cab81e13e8e0ed318de09aba12b85e9e8fb3c34c0d12f548e833bcdc3

HTTP Headers

GET /sites/default/files/styles/blogs_hero_large/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=jqwmEquJ HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/jpeg
content-length: 585854
cf-ray: 87e54d84ce6a56cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 10:02:46 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: nz41vwyaKYWsl1LXAQcg4ZR1QhgwcVtwpVsIfShE1P8Ny2wdLKrr1Q==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-m8bzf
x-served-by: cache-chi-kigq8000033-CHI, cache-osl6528-OSL
x-styx-req-id: fa998deb-09c3-11ef-8a3a-46d7ef274356
x-timer: S1714792280.878114,VS0,VE697
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/Metropolis-Medium.2d9d39a57d953c79.woff2

104.22.48.215

200 OK

17 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/Metropolis-Medium.2d9d39a57d953c79.woff2
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17168, version 1.65
Size
17 kB (17168 bytes)
Hash
06aacf43ff669cc3c07bd58a152849e9
d40447d9ea9d7165f4acb97b878608f6113b95bc
3dafa70d34901c0463ebba024717533901e99004ab9fa187d705f3443e35b01a

HTTP Headers

GET /blogs/Metropolis-Medium.2d9d39a57d953c79.woff2 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://symantec-enterprise-blogs.security.com/blogs/styles.977874cdc9c632a6.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: font/woff2
content-length: 17168
cf-ray: 87e54d8a288a56cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
etag: W/"4310-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: ZXEvg8icRkFb6A0w4gbAWpFI_9FdWnjVD0aTtMLMzEbtX2jloaAZuQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/Metropolis-SemiBold.d2e20fff26a63d07.woff2

104.22.48.215

200 OK

17 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/Metropolis-SemiBold.d2e20fff26a63d07.woff2
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17332, version 1.65
Size
17 kB (17332 bytes)
Hash
6d304e33a52ad940313c77638be880ba
52264f6c5ff7348ffe1bbb113c84311fafe399e2
1363e65c2a4b91299ffb8abacd9ead54fdadcdb972a3e4b2227f29684fe2469b

HTTP Headers

GET /blogs/Metropolis-SemiBold.d2e20fff26a63d07.woff2 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://symantec-enterprise-blogs.security.com/blogs/styles.977874cdc9c632a6.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: font/woff2
content-length: 17332
cf-ray: 87e54d8a589456cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
etag: W/"43b4-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: KoIuaSJsZ3sQUhL43ga-CIyS5ogJ-jPPstIpgBaj1qaFgki-LR9noA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/api/v1/blogs/announcement?aid=IOTVy1&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226

104.22.48.215

200 OK

59 B

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/api/v1/blogs/announcement?aid=IOTVy1&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
JSON text data
Size
59 B (59 bytes)
Hash
c2e81ba4e235e8347b6346eb35053b0a
c4ab545d48c4760d5b3c3de906f83265c8c281a9
2d5de519d6ec314d664a272eb96cbc6b1cd36e995a3de2fe545568dfc099ac6d

HTTP Headers

GET /blogs/api/v1/blogs/announcement?aid=IOTVy1&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/json
content-length: 59
cf-ray: 87e54d89785856cc-OSL
cf-cache-status: EXPIRED
accept-ranges: bytes
cache-control: max-age=600, public
content-encoding: gzip
content-language: en
etag: W/"1714790282"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Sat, 04 May 2024 02:38:02 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding,Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: NXJmX11jMw6jt3O51h-POd3izpKwr9F4jY2qIXT9yS8sAbb4REheFA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 9, 0
x-content-type-options: nosniff
x-drupal-cache: HIT
x-drupal-dynamic-cache: HIT
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-t5pnx
x-served-by: cache-chi-klot8100093-CHI, cache-osl6542-OSL
x-styx-req-id: 1c96ce17-09c3-11ef-a314-d679a79d35f7
x-timer: S1714792281.589609,VS0,VE122
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/Metropolis-Bold.95361de5b5275a58.woff2

104.22.48.215

200 OK

17 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/Metropolis-Bold.95361de5b5275a58.woff2
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17204, version 1.65
Size
17 kB (17204 bytes)
Hash
c65085073b6f361cd2a2c0a32f4aeb11
29d8af164c7ec0dcd69e37c4419070a10a7969a3
9f2a86c4f77b646ebc98e8bdadcafd73f9057a1c8ef3a0c605adfe9859169ac4

HTTP Headers

GET /blogs/Metropolis-Bold.95361de5b5275a58.woff2 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://symantec-enterprise-blogs.security.com/blogs/styles.977874cdc9c632a6.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: font/woff2
content-length: 17204
cf-ray: 87e54d8a689a56cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
etag: W/"4334-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: Y_wH1oibhiCnXg6IeN8pcYvJ8js9pvJu56m5vJpNcRydMc3zufWHzQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/assets/logo.20230425.svg

104.22.48.215

200 OK

6.5 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/logo.20230425.svg
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
gzip compressed data, from Unix
Size
6.5 kB (6538 bytes)
Hash
ffc587347b96054f778d5d7b5bc2c4d6
640b7635a8fcd85b59301d5df1d116b0ecba2782
a4a861e6fc5e75ff82120194813373e905da84f89ef9b739bf841ee51026e06d

HTTP Headers

GET /blogs/assets/logo.20230425.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d84ce6956cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"3650-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: STpB_BvrT4LTSYcpEViPI1xmtCGC55L06JKy_xahTxkx3Gz9EmNInA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

geolocation.onetrust.com/cookieconsentpub/v1/geo/location

172.64.155.119

200 OK

293 kB

URL GET HTTP/2
geolocation.onetrust.com/cookieconsentpub/v1/geo/location
IP
172.64.155.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerCloudflare, Inc.
Subjectonetrust.com
Fingerprint9B:BC:B4:A8:C7:6C:6C:02:0F:FD:9F:06:F2:67:FB:DD:A1:E0:3F:47
ValidityMon, 13 Nov 2023 00:00:00 GMT - Tue, 12 Nov 2024 23:59:59 GMT

File type
New Line Delimited JSON text data
Size
293 kB (293054 bytes)
Hash
0a248a442c17e5c3c12feadeea6d1f37
314581dbe3d6abb9d52ae882be11b5093b51df06
7f4662a08526970f51d781a64c2ea6b2547728fe51249024f07c5805d77f87db

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects strings found in Runspace Post Exploitation Toolkit
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

HTTP Headers

GET /cookieconsentpub/v1/geo/location HTTP/1.1
Host: geolocation.onetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e54d870f39568a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog/threat-intelligence&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226

104.22.48.215

200 OK

37 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog/threat-intelligence&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
JSON text data
Size
37 kB (36681 bytes)
Hash
07ac2c3519307a82683e31a2a6054107
ed3d16464c447bda1713c5b6e81b4b7b3a551783
4451a2aadd27787f85092478603fe721c3c9a3ca3e9b2b76d242ca21b7c85a70

HTTP Headers

GET /blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog/threat-intelligence&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/json
content-length: 36681
cf-ray: 87e54d8a288756cc-OSL
cf-cache-status: EXPIRED
accept-ranges: bytes
cache-control: max-age=600, public
content-encoding: gzip
content-language: en
etag: W/"1714790307"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Sat, 04 May 2024 02:38:27 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding,Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: LWwkIEKiypXcU-mtHEUN10FB4ISOdQIOzOMdeWfwxBTGtM00ZzHMmQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 2, 0
x-content-type-options: nosniff
x-drupal-cache: HIT
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-h6zmh
x-served-by: cache-chi-klot8100061-CHI, cache-osl6525-OSL
x-styx-req-id: b4c4e52f-09c3-11ef-845e-e63821734780
x-timer: S1714792281.692457,VS0,VE123
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/Metropolis-Medium.2d9d39a57d953c79.woff2

104.22.48.215

200 OK

17 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/Metropolis-Medium.2d9d39a57d953c79.woff2
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17168, version 1.65
Size
17 kB (17168 bytes)
Hash
06aacf43ff669cc3c07bd58a152849e9
d40447d9ea9d7165f4acb97b878608f6113b95bc
3dafa70d34901c0463ebba024717533901e99004ab9fa187d705f3443e35b01a

HTTP Headers

GET /blogs/Metropolis-Medium.2d9d39a57d953c79.woff2 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: font/woff2
content-length: 17168
cf-ray: 87e54d8b78f056cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
etag: W/"4310-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: ZXEvg8icRkFb6A0w4gbAWpFI_9FdWnjVD0aTtMLMzEbtX2jloaAZuQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/assets/icomoon/envelope.svg

104.22.48.215

200 OK

894 B

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/icomoon/envelope.svg
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
gzip compressed data, from Unix
Size
894 B (894 bytes)
Hash
4c42e75baa8b0364f478de24083c44de
e7f8d8fed068ab606b3669b9f7d8a20c7597cab5
29d7d4a5da3bec8dee34189bfb7ca63713050cf9e73a6a345a53e9b60cdc2c38

HTTP Headers

GET /blogs/assets/icomoon/envelope.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d867f4256cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"2a1-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: UKMrqbGJQiJVCJz9JEUR1lMZqzS-rgH-3NSXq9hbe34sTS03Npm9FA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/assets/favicon/apple-touch-icon.png

104.22.48.215

200 OK

4.7 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/favicon/apple-touch-icon.png
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image
Size
4.7 kB (4718 bytes)
Hash
cda5b7d6800dcd26fb2a04f680cca6d3
c3e8aca9e50189eec4dcc4319ff17e6813bd8d8e
14eb93fb5a0bbc58e35e0bfd2ec3c4e7b018ba3e4bfe387bdf27705abf316b02

HTTP Headers

GET /blogs/assets/favicon/apple-touch-icon.png HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: image/webp
content-length: 4718
cf-ray: 87e54d8cd96556cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
content-disposition: inline; filename="apple-touch-icon.webp"
etag: W/"2124-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=8484
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: _H_6c5nZLlm8tc63F9hn43nNKR6F0hab_g8R7AHCNtabdDKM3Oba0g==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otFloatingFlat.json

104.19.178.52

200 OK

2.7 kB

URL GET HTTP/2
cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otFloatingFlat.json
IP
104.19.178.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
2.7 kB (2700 bytes)
Hash
997d5992ec1b940287911db0370bf2ed
2a79628eae4dcf5484315999db38077342f34b59
0d6a316993e74e58abc10e08adf78c437a8a6b4681bdc08b3dde0587a0eb3176

HTTP Headers

GET /scripttemplates/202304.1.0/assets/otFloatingFlat.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: application/json
content-length: 2700
content-encoding: gzip
content-md5: 0n+3VGdW2op3e0CnKIlgXA==
last-modified: Thu, 11 May 2023 06:31:09 GMT
etag: 0x8DB51E94E9A8614
x-ms-request-id: b603e72f-501e-008b-464f-793dee000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d8cf8511c06-OSL
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCookieSettingsButton.json

104.19.178.52

200 OK

1.8 kB

URL GET HTTP/2
cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCookieSettingsButton.json
IP
104.19.178.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
1.8 kB (1762 bytes)
Hash
8bec04f783195a93e6f1e9b6560cf2d3
7cec7b3ec7f1ccca2ca8767c91edf5459f991291
1fec5c08703b96cc02619b88d090f9835b8b51e6d4ca2c74658d2443e739937b

HTTP Headers

GET /scripttemplates/202304.1.0/assets/otCookieSettingsButton.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: application/json
content-length: 1762
content-encoding: gzip
content-md5: XOE37UhksLgCWIl0MIJwPw==
last-modified: Thu, 11 May 2023 06:31:10 GMT
etag: 0x8DB51E94F3BB8FA
x-ms-request-id: b1860ffc-e01e-0045-40d1-9b9cf8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d8cf8521c06-OSL
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog-post/buhti-ransomware&display-context=221&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226

104.22.48.215

200 OK

42 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog-post/buhti-ransomware&display-context=221&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
JSON text data
Size
42 kB (41893 bytes)
Hash
7d045035fbff32284a2cd46c86ac418f
f84636b68535632f69156558367e980662d4a692
597705740f16c54b83c160ddfa796a7e3d5ff576c7c3caa4b86dab7c2595ca3f

HTTP Headers

GET /blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog-post/buhti-ransomware&display-context=221&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: application/json
content-length: 41893
cf-ray: 87e54d8d89a056cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: max-age=600, public
content-encoding: gzip
content-language: en
etag: W/"1714792269"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Sat, 04 May 2024 03:11:09 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding,Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: esNYW_sToZSNk_S-KNLgqzdSEsRuIpUmV3rKA1TMlCz0g8GUjYFbEw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 1, 0
x-content-type-options: nosniff
x-drupal-cache: MISS
x-drupal-dynamic-cache: HIT
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-2x6gn
x-served-by: cache-chi-kigq8000108-CHI, cache-osl6525-OSL
x-styx-req-id: f4a03389-09c3-11ef-9f30-f2148a5a0d9b
x-timer: S1714792281.235543,VS0,VE119
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/assets/icomoon/compass.svg

104.22.48.215

200 OK

695 B

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/icomoon/compass.svg
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
gzip compressed data, from Unix
Size
695 B (695 bytes)
Hash
0ee4ac424f48e76a13f22005e817d0c1
8d4d43978a02a259d059797e2678b782ffdf723f
82c1260795daee07caed1819cf3dc15024267503aff1cf6a1cbe959f487dfce4

HTTP Headers

GET /blogs/assets/icomoon/compass.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4756cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"139-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: wkScMii08xKcCnT-9Pzc3OmW_6XqAvv5WMP9M6rehsJcVegMN7zfQw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js

142.250.74.163

200 OK

206 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
JavaScript source, ASCII text, with very long lines (631)
Size
206 kB (205803 bytes)
Hash
e2e79d6b927169d9e0e57e3baecc0993
1299473950b2999ba0b7f39bd5e4a60eafd1819d
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b

HTTP Headers

GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:59:48 GMT
expires: Fri, 02 May 2025 01:59:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 177093
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

images.sw.broadcom.com/Web/CAInc2/%7B0dd907c3-1965-4a46-8bd9-d2137213dc4e%7D_blocked-emails.js

95.101.10.146

200 OK

24 kB

URL GET HTTP/1.1
images.sw.broadcom.com/Web/CAInc2/%7B0dd907c3-1965-4a46-8bd9-d2137213dc4e%7D_blocked-emails.js
IP
95.101.10.146:443
ASN
#20940 Akamai International B.V.

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerDigiCert Inc
Subjectimages.sw.broadcom.com
FingerprintB8:E1:F7:9C:A2:0F:AC:FB:9B:4A:44:40:CA:36:50:56:31:E4:34:2E
ValidityMon, 21 Aug 2023 00:00:00 GMT - Tue, 20 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
24 kB (23463 bytes)
Hash
52bf2f76d2561185dc2ed1c2a8d69001
7bad75269a246c6172e967caf94e0e15217caf94
e2cfb1a29f60db9cfb63e1ced78f32a0630facfa984ed0f07a16e697b691163a

HTTP Headers

GET /Web/CAInc2/%7B0dd907c3-1965-4a46-8bd9-d2137213dc4e%7D_blocked-emails.js HTTP/1.1
Host: images.sw.broadcom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/x-javascript
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
Content-Security-Policy: worker-src 'self' 'unsafe-inline' * blob:; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob data: *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.broadcom.com *.adroll.com *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.crazyegg.com *.cdnfonts.com *.bidswitch.net *.doubleclick.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.taboola.com *.analytics.yahoo.com *.3lift.com *.adnxs.com *.pubmatic.com *.google.com *.knak.io *.googleapis.com *.hubspotusercontent-na1.net *.gstatic.com *.fakeimg.pl *.rlcdn.com knak-client-data.imgix.net *.youtube.com *.youtu.be *.jsdelivr.net *.brightcove.net *.brightcove.com *.brightcovecdn.com *.boltdns.net *.pippio.com *.adsrvr.org *.amazon-adsystem.com *.demdex.net *.krxd.net *.sharethis.com
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: no-store
Expires: Sat, 04 May 2024 03:11:21 GMT
Date: Sat, 04 May 2024 03:11:21 GMT
Content-Length: 23463
Connection: keep-alive

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_bio_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=w8Rg1PQZ

104.22.48.215

200 OK

3.9 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_bio_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=w8Rg1PQZ
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp
Size
3.9 kB (3918 bytes)
Hash
bdeadc8e1a6c3dd010db187b2e4d0666
27da76a1b4ed079ce202ffe6f47e5327c8202c7a
55818b3f3213279b9a13f0c9a32f807c423021b843f52105860c9b0ad4ed7574

HTTP Headers

GET /sites/default/files/styles/blogs_author_bio_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=w8Rg1PQZ HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: image/webp
content-length: 3918
cf-ray: 87e54d902a6756cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="author-profile-default.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 19 Oct 2021 20:39:49 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8273
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: XpTuwhNryelVaYQaaGWyJJuy6aw-tfI_zOWzjes0G8_42ZhEsIFmGA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-kpcfq
x-served-by: cache-chi-kigq8000027-CHI, cache-osl6542-OSL
x-styx-req-id: 3aa23df2-087b-11ef-828f-c2ab3e6ad4e3
x-timer: S1714651083.885393,VS0,VE513
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_tiny/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=ZEHkw7hU

104.22.48.215

200 OK

73 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_tiny/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=ZEHkw7hU
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 420x350, components 3
Size
73 kB (72971 bytes)
Hash
30c493f68588253757e9f93f07854117
995d2eabcdeb453c241640e982690ac51ac30319
3d6493c263c64bd6d7b35fbe222eae7a155ef5f7513c32c11bdd7ee5b2c726ee

HTTP Headers

GET /sites/default/files/styles/blogs_hero_tiny/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=ZEHkw7hU HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/jpeg
content-length: 72971
cf-ray: 87e54d901a6256cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 10:01:50 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 9Grp_y7hE1u2cE8sGGrC6hRBVRYQayXBd58LrQJeWJQ3r89xCLKUJA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-6j6r4
x-served-by: cache-chi-klot8100028-CHI, cache-osl6544-OSL
x-styx-req-id: fba6c25b-09c3-11ef-ba2a-1eefb784956d
x-timer: S1714792282.643973,VS0,VE354
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_small/public/2023-05/Fig2_0.png.webp?itok=Oz5yS8sc

104.22.48.215

200 OK

33 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_small/public/2023-05/Fig2_0.png.webp?itok=Oz5yS8sc
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
PNG image data, 720 x 340, 8-bit/color RGBA, non-interlaced
Size
33 kB (32929 bytes)
Hash
704c094e0259f329bf7c31da5bcb181d
e541aa57f20684b7000f37f5e805ba43fccf29b6
3fbaa05908a206f51b9324866980abd815d9286d5d7bb0d9467086ec1ae8a86f

HTTP Headers

GET /sites/default/files/styles/blogs_inline_small/public/2023-05/Fig2_0.png.webp?itok=Oz5yS8sc HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/png
content-length: 32929
cf-ray: 87e54d902a6656cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 10:01:49 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: uSzodpMmO-x7vNcEmTPzReN_kbhziXamWV7p_rZYvzlhzsv4VUeYcw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-6q4h9
x-served-by: cache-chi-klot8100161-CHI, cache-osl6528-OSL
x-styx-req-id: fba71bc5-09c3-11ef-b435-ae3e18cea8aa
x-timer: S1714792282.646132,VS0,VE365
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_small/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=eF3inXrV

104.22.48.215

200 OK

36 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_small/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=eF3inXrV
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
PNG image data, 555 x 646, 8-bit/color RGBA, non-interlaced
Size
36 kB (36535 bytes)
Hash
a324f46230bf0fe2f91e59bd77cefa8b
d70e0589b7cbfd072c6e540d1a2ec7ee451c7aa5
103d41a6faa2678cbd1c874066f35c99ea9481677030426db0337c07d20ee773

HTTP Headers

GET /sites/default/files/styles/blogs_inline_small/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=eF3inXrV HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/png
content-length: 36535
cf-ray: 87e54d902a6556cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 10:01:49 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: X6ZYcc23r-SX7ro4VkaEYIDnhnXwEHKV99637zNdrz1E1B2uJWKnzQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-2x6gn
x-served-by: cache-chi-klot8100119-CHI, cache-osl6542-OSL
x-styx-req-id: fba72c9f-09c3-11ef-9f30-f2148a5a0d9b
x-timer: S1714792282.644942,VS0,VE384
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=5CogppJH

104.22.48.215

200 OK

32 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=5CogppJH
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 690x460, Scaling: [none]x[none], YUV color, decoders should clamp
Size
32 kB (31618 bytes)
Hash
2bd32126ab0c9d4a5e7acaaf2b98e216
5341e47c43d6e49f3708cb195a8490f6dbf43c1e
d42ce29d2f1ccc483edc534455c6da345ed943b44fb7a2f6454954b535183dea

HTTP Headers

GET /sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=5CogppJH HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/webp
content-length: 31618
cf-ray: 87e54d902a6a56cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1435355598.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Wed, 06 Mar 2024 11:06:45 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=88395
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: LEsjfPikYFKzyl_9MkVufpOsksFLLJpWFarbHRYNH8yCkJ06IS8luQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-xghfc
x-served-by: cache-chi-kigq8000155-CHI, cache-osl6536-OSL
x-styx-req-id: a89deef7-08a1-11ef-aa48-a624d610b8ef
x-timer: S1714667588.284008,VS0,VE427
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=40ITqY5Z

104.22.48.215

200 OK

63 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=40ITqY5Z
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 690x460, Scaling: [none]x[none], YUV color, decoders should clamp
Size
63 kB (62672 bytes)
Hash
99f59ca5da5087d44e96f1dd6554224c
3fda32932efe9602c1d7be08d2d143387695adf2
89125739b29034c9b59d728b23d2d0067d4f12d71914d0d51edae68ed74611fa

HTTP Headers

GET /sites/default/files/styles/blogs_hero_related_small/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=40ITqY5Z HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/webp
content-length: 62672
cf-ray: 87e54d902a6b56cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1467227409.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Fri, 16 Feb 2024 11:03:21 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=151314
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 48Y3SmKC8aWFJw3OatldA3sYiCMFm4KLZB2OksV9FNCixSqVkzZoZg==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-w65w5
x-served-by: cache-chi-kigq8000120-CHI, cache-osl6551-OSL
x-styx-req-id: a89cc4e4-08a1-11ef-876b-46066773fe20
x-timer: S1714667588.277469,VS0,VE418
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=TQiMybkN

104.22.48.215

200 OK

48 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=TQiMybkN
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 690x460, Scaling: [none]x[none], YUV color, decoders should clamp
Size
48 kB (48064 bytes)
Hash
2dbef6eddacbfa2df7e5b0608ff965fd
dc83ca0b07d51be309ab8ed89c22c59c23746b03
c96607d36a19586497f89f6a6f02b34a2c947ca3657aa4074ec1957cc458b33d

HTTP Headers

GET /sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=TQiMybkN HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/webp
content-length: 48064
cf-ray: 87e54d902a6956cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1420039900.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 12 Mar 2024 10:02:16 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=110318
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: QwojQboWrhy5xVmCdIm1yhG7pj8zZI0O7G4398ndj5uZ4gU5LHSqDg==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-czkvc
x-served-by: cache-chi-kigq8000125-CHI, cache-osl6545-OSL
x-styx-req-id: a89d57cd-08a1-11ef-a67d-2280619819ed
x-timer: S1714667588.278841,VS0,VE392
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=Fl-lmH-T

104.22.48.215

200 OK

71 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=Fl-lmH-T
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 690x460, Scaling: [none]x[none], YUV color, decoders should clamp
Size
71 kB (71000 bytes)
Hash
7e5a6978d7d1375e2c70f7ad64d5a73f
0f8461c00ade57475e83ce8562c9084895819648
ef42b45df5418ac6ae76bfdb84acbd4d33743f77662a1d5e9c648207924caa6e

HTTP Headers

GET /sites/default/files/styles/blogs_hero_related_small/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=Fl-lmH-T HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/webp
content-length: 71000
cf-ray: 87e54d902a6856cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1007981330.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 02 May 2024 10:01:56 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=150180
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: q-ZhrkbP4Si062sN8TFJkAZQjSGHRg1bSgnGIgIdtdgaaMr4XL6ezQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-2x6gn
x-served-by: cache-chi-klot8100048-CHI, cache-osl6523-OSL
x-styx-req-id: 96fe5e95-08c4-11ef-8294-f2148a5a0d9b
x-timer: S1714682591.102372,VS0,VE488
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css

142.250.74.163

200 OK

25 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
ASCII text, with very long lines (56412), with no line terminators
Size
25 kB (24617 bytes)
Hash
2c00b9f417b688224937053cd0c284a5
17b4c18ebc129055dd25f214c3f11e03e9df2d82
1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed

HTTP Headers

GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24617
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 23:24:54 GMT
expires: Fri, 02 May 2025 23:24:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/css
vary: Accept-Encoding
age: 99988
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js

142.250.74.163

200 OK

206 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
JavaScript source, ASCII text, with very long lines (631)
Size
206 kB (205803 bytes)
Hash
e2e79d6b927169d9e0e57e3baecc0993
1299473950b2999ba0b7f39bd5e4a60eafd1819d
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b

HTTP Headers

GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:59:48 GMT
expires: Fri, 02 May 2025 01:59:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 177094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:04 GMT
expires: Sat, 03 May 2025 16:31:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 38418
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js

142.250.74.163

200 OK

206 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
JavaScript source, ASCII text, with very long lines (631)
Size
206 kB (205803 bytes)
Hash
e2e79d6b927169d9e0e57e3baecc0993
1299473950b2999ba0b7f39bd5e4a60eafd1819d
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b

HTTP Headers

GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:59:48 GMT
expires: Fri, 02 May 2025 01:59:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 177094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js

142.250.74.132

200 OK

7.5 kB

URL GET HTTP/3
www.google.com/js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
JavaScript source, ASCII text, with very long lines (17691)
Size
7.5 kB (7490 bytes)
Hash
040162f6da25c64feaaed69abc0ac96b
818d0d73c7efdeafe6898255d407c519173a5131
7f2085de59a8fce6270bff6b196505f82790bed38428aad350afd75d2d45775b

HTTP Headers

GET /js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 7490
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:12:08 GMT
expires: Fri, 02 May 2025 02:12:08 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Apr 2024 17:30:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 176354
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.163

200 OK

2.2 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 00:37:29 GMT
expires: Fri, 10 May 2024 00:37:29 GMT
cache-control: public, max-age=604800
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
age: 95633
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

symantec-enterprise-blogs.security.com/cdn-cgi/rum?

104.22.48.215

204 No Content

0 B

URL POST HTTP/2
symantec-enterprise-blogs.security.com/cdn-cgi/rum?
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
content-type: application/json
Content-Length: 1168
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Sat, 04 May 2024 03:11:22 GMT
access-control-allow-origin: https://symantec-enterprise-blogs.security.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87e54d95cc4f56cc-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css

142.250.74.163

200 OK

25 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
ASCII text, with very long lines (56412), with no line terminators
Size
25 kB (24617 bytes)
Hash
2c00b9f417b688224937053cd0c284a5
17b4c18ebc129055dd25f214c3f11e03e9df2d82
1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed

HTTP Headers

GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24617
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 23:24:54 GMT
expires: Fri, 02 May 2025 23:24:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/css
vary: Accept-Encoding
age: 99989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

symantec-enterprise-blogs.security.com/blogs/assets/icomoon/share-alt.svg

104.22.48.215

200 OK

207 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/icomoon/share-alt.svg
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
SVG Scalable Vector Graphics image
Size
207 kB (207306 bytes)
Hash
1dd4444ea66edd06172e9ef7645ff177
c0a053dd6bb9035fafa1f37ddcca4ffebd6e22d5
f43ec60f8ea0e21b49073ca64d09c9269a015e3127ab0c9e407c5feb50b8456d

HTTP Headers

GET /blogs/assets/icomoon/share-alt.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d867f4156cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"226-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: s6IVbU-4hL1l018YF0nRk5VC5oovhepIXa1MZYbDuIA0X1EyB5_ySA==
x-amz-cf-pop: OSL50-C1
x-cache: RefreshHit from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/assets/favicon/favicon-16x16.png

104.22.48.215

200 OK

496 B

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/favicon/favicon-16x16.png
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
RIFF (little-endian) data, Web/P image
Size
496 B (496 bytes)
Hash
b2bcc6de8cb4b24bc765c3d5e8eb75b6
cf503829d1573137ea66bcdf24712d40cd62ceae
45891ffe11376db3654e8b08386a7ba253732a1485da69a999a9274c2bbbf789

HTTP Headers

GET /blogs/assets/favicon/favicon-16x16.png HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: image/webp
content-length: 496
cf-ray: 87e54d8cd96756cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
content-disposition: inline; filename="favicon-16x16.webp"
etag: W/"48a-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=1162
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: CRp74J3fLYAFo-zAMHAI3cYUxosDjgguGt7jvQnlbot5c40LCr6i_A==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6

142.250.74.132

200 OK

46 kB

URL GET HTTP/3
www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
HTML document, ASCII text, with very long lines (37165)
Size
46 kB (45891 bytes)
Hash
d842ee87184dd0c82e8cfc2043e2bf09
9a9203986e6c66d7b41e8114af61ebbf201f1eee
71838046379e0937f2562d60837c17bbbf16149d8ca714b0ea2819331e862558

HTTP Headers

GET /recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 03:11:21 GMT
content-security-policy: script-src 'nonce-TmrcN92WX8jmi3EdX0VysA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j

142.250.74.132

200 OK

7.4 kB

URL GET HTTP/3
www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
HTML document, ASCII text, with very long lines (7675), with no line terminators
Size
7.4 kB (7444 bytes)
Hash
b1a878c732d0e71ed2c4591e5d19fd66
314ff365fbaeabf189385cd905a2ad057336a1ca
dcb23d2bca77fd7f4d9099e85b3e8250e1ea3d7816420f57907b9e360254d8b0

HTTP Headers

GET /recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 03:11:23 GMT
content-security-policy: script-src 'nonce-e14DYtNa6Hw_cW-zeV0IqA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

symantec-enterprise-blogs.security.com/blogs/styles.977874cdc9c632a6.css

104.22.48.215

200 OK

170 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/styles.977874cdc9c632a6.css
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
170 kB (169880 bytes)
Hash
1e7957a48fbf988e78fa5e7871537d56
d8cabf42c912ce9182fe8487f500618413c9ff3d
29d907b62c0b2e8fef6b1c9dee02ce97f48d6ebcfa923f1dd0bc4ec55a567145

HTTP Headers

GET /blogs/styles.977874cdc9c632a6.css HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: text/css; charset=UTF-8
cf-ray: 87e54d84ce6756cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"29798-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: PagdFXw7dJOZ_e9W6tghoCMVsgOj6qIiCd_CCrP9n5xKys9GADWKPw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCommonStyles.css

104.19.178.52

200 OK

22 kB

URL GET HTTP/2
cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCommonStyles.css
IP
104.19.178.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (21608), with no line terminators
Size
22 kB (21608 bytes)
Hash
a169014cb8030d7beb52c77ddf2fd9c6
fbe4667b4f8f01cd6c4dd2f9c9cacfb389cb54e1
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

HTTP Headers

GET /scripttemplates/202304.1.0/assets/otCommonStyles.css HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: text/css
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
last-modified: Thu, 11 May 2023 06:31:18 GMT
x-ms-request-id: c3b4d130-201e-004a-3e58-799a0c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d8cf8541c06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/assets/icomoon/check.svg

104.22.48.215

200 OK

502 B

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/icomoon/check.svg
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
SVG Scalable Vector Graphics image
Size
502 B (502 bytes)
Hash
ac179d94127a57d7a9e8da8859453325
c4efeefb97a304ca2a6bf946616d9388c70dfd08
fb23590a947c5699e58ed984fd40c2a9c7d26160b931b7717aea142dd62d1450

HTTP Headers

GET /blogs/assets/icomoon/check.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4656cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"1f6-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: 8k3LJGgSmyJTNZl5Eyh-_qUmrhMcyQhARBYD2zzDJ5Mfv1pskrEoLA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/main.ddb008685495cc54.js

104.22.48.215

200 OK

628 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/main.ddb008685495cc54.js
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
628 kB (628063 bytes)
Hash
10d58afa0e6a1dd771ca3c02c7645a16
47ddd1fe1b5a7c1c9ac47d0759529a18530e814c
4e841299c022f88b66091ad23f31cc1619a313443e1832f416c8fc9de490a1ba

HTTP Headers

GET /blogs/main.ddb008685495cc54.js HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 87e54d84ee7f56cc-OSL
cf-cache-status: HIT
age: 61008
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"9955f-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: BHgJdtb_0R-HuLKNjRQT2rUgcF6U4yfAavr9KQsxQXZvLOlQXegrIw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

cdn.cookielaw.org/logos/static/ot_close.svg

104.19.178.52

200 OK

651 B

URL GET HTTP/2
cdn.cookielaw.org/logos/static/ot_close.svg
IP
104.19.178.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
651 B (651 bytes)
Hash
775913dc8267eb216d54c1e1dfe467b1
c6c68dea713afbe52666360532140507347a5d10
7f95ae3119579940ba6840a95abc442065d3a8412a8f6aff872ffdf86bcc8240

HTTP Headers

GET /logos/static/ot_close.svg HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: image/svg+xml
content-md5: pcXWFGpuVeSg/jVnYCseRg==
last-modified: Thu, 02 May 2024 18:04:42 GMT
x-ms-request-id: 249bc3d1-401e-006a-2509-9d1dc2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 39226
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d8e18811c06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/runtime.3d45dbe3cf1c9b60.js

104.22.48.215

200 OK

2.8 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/runtime.3d45dbe3cf1c9b60.js
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
JavaScript source, ASCII text, with very long lines (2828), with no line terminators
Size
2.8 kB (2775 bytes)
Hash
07b2b9e6f316b0976c35573a92f9fe4f
720dd8c1004cbe20eb4facddc10e0accbd305a1f
1acb2a690eae0c3d373f26a1c6422c61bb062effb8927d4eddb9453fa42721d5

HTTP Headers

GET /blogs/runtime.3d45dbe3cf1c9b60.js HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 87e54d84ee7956cc-OSL
cf-cache-status: HIT
age: 61008
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"ad7-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: st4lF9mKNxe-4yeRwK1tnM-UOrgKNsmwJRjIXZeSI9WebjjW5GteAw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

104.16.79.73

200 OK

19 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19189), with no line terminators
Size
19 kB (19189 bytes)
Hash
4c980ee97cb5c001b4d19e2895fa5603
2c6fe998aa7486c4becd74cf253bdd82666a64c3
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

HTTP Headers

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e54d853b8256be-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded

142.250.74.132

200 OK

913 B

URL GET HTTP/2
www.google.com/recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
JavaScript source, ASCII text, with very long lines (913), with no line terminators
Size
913 B (913 bytes)
Hash
0f698a12f8b480d8e3e254fcc4541e29
e6f034aa0818727e01d23504ffc0a119d9cf7f2b
f8ddfa46e497ed54787f10f391f2e2521e6412e1c19592bb143982a7467c4153

HTTP Headers

GET /recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 04 May 2024 03:11:20 GMT
date: Sat, 04 May 2024 03:11:20 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware

104.22.48.215

200 OK

66 kB

URL User Request GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type

Size
66 kB (66109 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /blogs/threat-intelligence/buhti-ransomware HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: text/html; charset=utf-8
cf-ray: 87e54d793a6c56cc-OSL
cf-cache-status: MISS
cache-control: public, max-age=60, s-maxage=600
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: QCF9Bx7vGEUikWhXX73GX6d8oUI3E2wCrU_yEK2O1JKFGmfRPtyGjA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KF7XWD

142.250.74.168

200 OK

426 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KF7XWD
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
426 kB (425881 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gtm.js?id=GTM-KF7XWD HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 03:11:20 GMT
expires: Sat, 04 May 2024 03:11:20 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 121432
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/assets/icomoon/linkedin.svg

104.22.48.215

200 OK

667 B

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/icomoon/linkedin.svg
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
SVG Scalable Vector Graphics image
Size
667 B (667 bytes)
Hash
0edf4d9089f1d43ca9a1e491f9a1c16d
a653f883395a176f6756ddec16ab9bf73d265140
89bd204642d0f2c7046a98c19c22c297397e0ec7fbc02bee252026f0167f0396

HTTP Headers

GET /blogs/assets/icomoon/linkedin.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4356cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"29b-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: biKf1ejqhPvECP9aGKU099BQv2vHpuNHPnSGJopUrP6ekOrgr1e4Vw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m

142.250.74.132

200 OK

102 B

URL GET HTTP/3
www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
ASCII text, with no line terminators
Size
102 B (102 bytes)
Hash
284b36421a1cf446f32cb8f7987b1091
eb14d6298c9da3fb26d75b54c087ea2df9f3f05f
94ab2be973685680d0be9c08d4e1a7465f3c09053cf631126bd33f49cc2f939b

HTTP Headers

GET /recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 04 May 2024 03:11:22 GMT
date: Sat, 04 May 2024 03:11:22 GMT
cache-control: private, max-age=300
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

symantec-enterprise-blogs.security.com/blogs/assets/icomoon/twitter.svg

104.22.48.215

200 OK

801 B

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/icomoon/twitter.svg
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
SVG Scalable Vector Graphics image
Size
801 B (801 bytes)
Hash
dd14e937b1634a10b8ff531ee850bb79
fe717ead6f1302b0bfb2e26ec114cd7f6c03e755
70a2e46488893803660fe9c3a2e59e5848a7277ba9dbe8b4a3beff95afdab111

HTTP Headers

GET /blogs/assets/icomoon/twitter.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4556cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"321-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: PBymZhIehAo5MMEpy6TcOvNuJmegyZsEaq2YmkKXVXwO8vjcEByQyg==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/polyfills.824ad2d7c1c36d3a.js

104.22.48.215

200 OK

34 kB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/polyfills.824ad2d7c1c36d3a.js
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
JavaScript source, ASCII text, with very long lines (34014), with no line terminators
Size
34 kB (34014 bytes)
Hash
4b37288c01eb499b9b11c0adb25546c9
37549b2e66998591f9cf249901596162e980a30a
71c2626c47223b87c8cff1b086a97937f28512991812b3edfd79eb157dd232ff

HTTP Headers

GET /blogs/polyfills.824ad2d7c1c36d3a.js HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 87e54d84ee7e56cc-OSL
cf-cache-status: HIT
age: 61007
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"84de-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: x1yl9f-iOgm0vHF-icInagQMLC6bXJLNZLuiGGMzi6L_c0v5PqIs4Q==
x-amz-cf-pop: OSL50-C1
x-cache: RefreshHit from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/assets/icomoon/home.svg

104.22.48.215

200 OK

688 B

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/icomoon/home.svg
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
SVG Scalable Vector Graphics image
Size
688 B (688 bytes)
Hash
1e2f8bbfb8568bf79b95cb2ffc54aff2
9348bcc2e1b8349d36b2fb41e77699d9180ed2ea
1bf9fb40c057ba43797bf75d4d8808570a8f3b7931f5526dc5c9db262e25ba67

HTTP Headers

GET /blogs/assets/icomoon/home.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4a56cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"2b0-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: LX_VWwSxKqOEBhwI18lFgV_B8EjU1Fwiis9S2AwIzYkmmeHVd6nm-Q==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/api/v1/blogs?aid=IOTVy1&division=fea23926-b4f8-4c9c-9161-6951442b2e6c&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226

104.22.48.215

200 OK

1.5 MB

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/api/v1/blogs?aid=IOTVy1&division=fea23926-b4f8-4c9c-9161-6951442b2e6c&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type

Size
1.5 MB (1545681 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /blogs/api/v1/blogs?aid=IOTVy1&division=fea23926-b4f8-4c9c-9161-6951442b2e6c&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/json
content-length: 292966
cf-ray: 87e54d89785356cc-OSL
cf-cache-status: EXPIRED
accept-ranges: bytes
cache-control: max-age=600, public
content-encoding: gzip
content-language: en
etag: W/"1714789812"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Sat, 04 May 2024 02:30:12 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding,Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 6aNmiL7RMq5KCiZl19e9LapfjOLTtmu-RC3jfICjoELT-ZybWtScvA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 9, 0
x-content-type-options: nosniff
x-drupal-cache: HIT
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-nxcmk
x-served-by: cache-chi-klot8100068-CHI, cache-osl6528-OSL
x-styx-req-id: 1c96b244-09c3-11ef-b1e2-1e2a493875f4
x-timer: S1714792281.582220,VS0,VE114
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2

symantec-enterprise-blogs.security.com/blogs/assets/icomoon/search.svg

104.22.48.215

200 OK

407 B

URL GET HTTP/2
symantec-enterprise-blogs.security.com/blogs/assets/icomoon/search.svg
IP
104.22.48.215:443
ASN
#13335 CLOUDFLARENET

Requested by
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
Certificate
IssuerLet's Encrypt
Subjectsymantec-enterprise-blogs.security.com
FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79
ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT

File type
SVG Scalable Vector Graphics image
Size
407 B (407 bytes)
Hash
e5661d77571d44b2a9a3240a599ab8da
83b83a0b97cc6256a98ba4929ab20980ee732e63
b9748dee2101a1b2e0503ca90f30e0a4eeb016be0167621e40be85ad1e6b4318

HTTP Headers

GET /blogs/assets/icomoon/search.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4456cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"197-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: GbUpMh1_ZVuDP_JyD8YYi3oG013ySyR-rm6_qHhJ0jQVm6qPcS7azw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (30)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL