| cdn.cookielaw.org/scripttemplates/otSDKStub.js | 104.19.178.52 | 200 OK | 6.9 kB |
URL GET HTTP/2cdn.cookielaw.org/scripttemplates/otSDKStub.js IP104.19.178.52:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (21229) Hash0cd317a7b9c520801230e944f7d50e41 e3985ff0c2e8b1eaacb617c7c5af5bebfcbceda6 6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: application/javascript
content-length: 6882
content-encoding: gzip
content-md5: cfMMgqnnnYda745QhUdJrw==
last-modified: Thu, 02 May 2024 18:04:40 GMT
etag: 0x8DC6AD2569D1DB7
x-ms-request-id: 81aa8688-601e-0010-3e74-9d778f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 39225
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d853ebd1c06-OSL
X-Firefox-Spdy: h2
|
|
| cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/OtAutoBlock.js | 104.19.178.52 | 200 OK | 2.8 kB |
URL GET HTTP/2cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/OtAutoBlock.js IP104.19.178.52:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (5950) Hashbba5d6221859442e67b8729564922a5a df5c989dc5b9dc7826b2a268f90dcfb77beb02db 1016b240b80b66865a6697004dd6c411863ab6872f773fa53e3be5c72424d800
GET /consent/301196e0-93ad-473e-a572-975514574496/OtAutoBlock.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: application/x-javascript
content-length: 2778
cf-ray: 87e54d852ebc1c06-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 27663
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DB50F082DD0023
expires: Sun, 05 May 2024 03:11:19 GMT
last-modified: Wed, 10 May 2023 00:50:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: CGDeVeN5aK2NbJIer7+4YQ==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: f03e9e25-801e-006c-4258-79d214000000
x-ms-version: 2009-09-19
server: cloudflare
X-Firefox-Spdy: h2
|
|
| play.vidyard.com/embed/v4.umd.js | 151.101.1.181 | 200 OK | 50 kB |
URL GET HTTP/2play.vidyard.com/embed/v4.umd.js IP151.101.1.181:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerGlobalSign nv-sa Subject*.vidyard.com FingerprintF7:F4:86:A4:A5:E7:07:A0:46:0E:25:68:1D:D7:2B:F9:99:1A:9A:23 ValidityWed, 03 Apr 2024 22:58:22 GMT - Mon, 05 May 2025 22:58:21 GMT
File typeJavaScript source, ASCII text, with very long lines (317) Hashb2cf0ae82877a6b8089df7a8af44e179 b0bff41d498a4250b9108e8706d03a6b5a1fcd79 92d255119405f06a0c8f0cf18f2c9941acfcac8d941cd5ae40bd5fea7834f484
GET /embed/v4.umd.js HTTP/1.1
Host: play.vidyard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Mon, 28 Aug 2023 17:07:01 GMT
etag: "b2cf0ae82877a6b8089df7a8af44e179"
x-amz-server-side-encryption: AES256
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-type: application/javascript
x-china: 0
content-encoding: gzip
accept-ranges: bytes
age: 338894
date: Sat, 04 May 2024 03:11:19 GMT
via: 1.1 varnish
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 0
vary: X-China, accept-language, Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 49451
X-Firefox-Spdy: h2
|
|
| cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/301196e0-93ad-473e-a572-975514574496.json | 104.19.178.52 | 200 OK | 1.7 kB |
URL GET HTTP/2cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/301196e0-93ad-473e-a572-975514574496.json IP104.19.178.52:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hash6db984c1dd86725ac1472f3f1718539b f41543ab9281eb2adbc0e54f0954f7770d8267f2 38e9e0666c68724a3502469d910dfdd11af87774d130ff0ed8f79bb435ee1413
GET /consent/301196e0-93ad-473e-a572-975514574496/301196e0-93ad-473e-a572-975514574496.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/x-javascript
content-length: 1663
cf-ray: 87e54d867f051c06-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DB50F082B532A5
expires: Sun, 05 May 2024 03:11:20 GMT
last-modified: Wed, 10 May 2023 00:50:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: vtmWoJnwtP91hXYO8KdagQ==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 190705c4-501e-009b-3372-79f886000000
x-ms-version: 2009-09-19
server: cloudflare
X-Firefox-Spdy: h2
|
|
| cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js | 104.19.178.52 | 200 OK | 99 kB |
URL GET HTTP/2cdn.cookielaw.org/scripttemplates/202304.1.0/otBannerSdk.js IP104.19.178.52:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hash13ec06e463a617bab57f67a359d65b73 9ab224d5073e03300b1816a81dd50a0339ad2fe7 1114132a79b42ce8e5064f57a1560a3b3f0e1659afc33e4698bab53e1301fbfd
GET /scripttemplates/202304.1.0/otBannerSdk.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/javascript
content-length: 99020
content-encoding: gzip
content-md5: f9AvZgohx9TU9t078cCRXA==
last-modified: Thu, 11 May 2023 06:31:14 GMT
etag: 0x8DB51E951BA9202
x-ms-request-id: 2aef2bd7-901e-004f-134e-7948d7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 39195
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d877f3e1c06-OSL
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/icomoon/globe-americas.svg | 104.22.48.215 | 200 OK | 123 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/icomoon/globe-americas.svg IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typegzip compressed data, from Unix Size123 kB (123297 bytes) Hash13c1496d59651b8dcd52e01489e550f4 d42b4fe0546e99385b621982d48434305e56e768 9d3a973ba137a925f22e5d7d785265c24a4b983af1c13fc80b5815ff6302ff03
GET /blogs/assets/icomoon/globe-americas.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d867f3f56cc-OSL
cf-cache-status: HIT
age: 61007
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"17f4-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: 5aefGPcvGLlyXjl_YoYM0bl1fRYm0WyS1-iy3iGCfXZ_BhZxRcoSKA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=U0Eeei9v | 104.22.48.215 | 200 OK | 13 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=U0Eeei9v IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 310x207, Scaling: [none]x[none], YUV color, decoders should clamp Hashe842e110fd1bc57f0ea06848036f0347 3e2cbccd6aee2b2890054d2f8edff67825db0fc8 628bd387872882ad0fcbb86b506bd56592522594bb2a582e50666e5e3a183c09
GET /sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=U0Eeei9v HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/webp
content-length: 13086
cf-ray: 87e54d84de7756cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1435355598.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Wed, 06 Mar 2024 11:02:09 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=28522
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: NPEusCBNgd5wvz6kileAwfH1C76JfDsrMNLzsMqdqpi_JX-M5hXDaw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-46xpw
x-served-by: cache-chi-klot8100049-CHI, cache-osl6540-OSL
x-styx-req-id: 06391749-0875-11ef-bb7d-5289f04663d8
x-timer: S1714648418.975951,VS0,VE681
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=mXPtF7Ot | 104.22.48.215 | 200 OK | 20 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=mXPtF7Ot IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 310x207, components 3 Hash7047292113ade661ed2f6a0256e09dfa fbb598e55a905904e11e52bce5ee8daf2e77b88e 56a1df9e7f4505d4a8a901ab5125268df949109e026956390fd0ece49ca5ae63
GET /sites/default/files/styles/blogs_hero_related_large/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=mXPtF7Ot HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/jpeg
content-length: 20174
cf-ray: 87e54d84de7556cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 02 May 2024 10:01:55 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=41382, status=webp_bigger
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: qWGPn-8u6ssnBe0R4JVoSTF5vqH2SWaSIyVISVy-DqiREWjgV3I4UA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-h6zmh
x-served-by: cache-chi-klot8100066-CHI, cache-osl6550-OSL
x-styx-req-id: 78367c56-0936-11ef-a242-e63821734780
x-timer: S1714731502.086806,VS0,VE313
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_bio_large/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=0czhl3gL | 104.22.48.215 | 200 OK | 21 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_bio_large/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=0czhl3gL IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 425x425, Scaling: [none]x[none], YUV color, decoders should clamp Hashcfae1f593d83f1b74fa10cb6fa6b02b2 811ee9bd76159d459a6fcd3c787a9627a0108786 33d65af5ebd52c9304d5460f0e3b68efad901ffebb61327e261b0e69509875c5
GET /sites/default/files/styles/blogs_author_bio_large/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=0czhl3gL HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/webp
content-length: 20884
cf-ray: 87e54d84de7456cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="author-profile-default.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 19 Oct 2021 20:38:45 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=57437
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 4oQ_rCnZJcY1JMbfYvRe76z3fyMVWgw_Pn93Bp97wBkJKvurrlg9fw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-wv4nf
x-served-by: cache-chi-klot8100042-CHI, cache-osl6549-OSL
x-styx-req-id: 0632cff6-0875-11ef-a58a-3efa0f61bc29
x-timer: S1714648418.934023,VS0,VE440
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_medium/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=BVxNwMSN | 104.22.48.215 | 200 OK | 36 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_medium/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=BVxNwMSN IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typePNG image data, 555 x 646, 8-bit/color RGBA, non-interlaced Hasha324f46230bf0fe2f91e59bd77cefa8b d70e0589b7cbfd072c6e540d1a2ec7ee451c7aa5 103d41a6faa2678cbd1c874066f35c99ea9481677030426db0337c07d20ee773
GET /sites/default/files/styles/blogs_inline_medium/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=BVxNwMSN HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/png
content-length: 36535
cf-ray: 87e54d84de6d56cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 08:26:57 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 66yN5qyAgE-FYptFJHuBtCpujvMqlDu_cxWu6Eavle7309XO8PJIiQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-frdkr
x-served-by: cache-chi-klot8100143-CHI, cache-osl6525-OSL
x-styx-req-id: fa9b59a7-09c3-11ef-bde0-ce5285527fa2
x-timer: S1714792280.890760,VS0,VE440
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=HfhI5i6b | 104.22.48.215 | 200 OK | 20 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=HfhI5i6b IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 310x207, components 3 Hash8a9c80158fc05d9d1fd3ce4bbbd36ae1 b64ab00f5235d9e079ce5f4b5fb280c57461c14a 1bd128cc127a15e09d343743ff00c722ea9874c0bca6b9cb3706307f8084dfc2
GET /sites/default/files/styles/blogs_hero_related_large/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=HfhI5i6b HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/jpeg
content-length: 20074
cf-ray: 87e54d84ee7856cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Fri, 16 Feb 2024 11:02:50 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=42952, status=webp_bigger
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: N08HzUJXoZUIHDJdAo7HJFwepbD2P72LVCSlxN_7gLY7ERAfbu9oZQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-wv4nf
x-served-by: cache-chi-klot8100114-CHI, cache-osl6544-OSL
x-styx-req-id: 0632182c-0875-11ef-a58a-3efa0f61bc29
x-timer: S1714648418.931139,VS0,VE322
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=zejIZxsA | 104.22.48.215 | 200 OK | 15 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=zejIZxsA IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 310x207, Scaling: [none]x[none], YUV color, decoders should clamp Hash6b990f4f533dd531e92a8517761e2daf 0e359b5d7e984e880edaf47685ccb7d1a775cca6 012bf83fc9440a70611dd32c99538e1120e621bd270b59e37df6c168fabb11c4
GET /sites/default/files/styles/blogs_hero_related_large/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=zejIZxsA HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/webp
content-length: 14816
cf-ray: 87e54d84de7656cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1420039900.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 12 Mar 2024 10:02:07 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=31406
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: uIRy6Eos-UrKiWPpIrxJse9iR1hMtPNEiN78ODrJ_sMe990DWS9IOA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-qqghr
x-served-by: cache-chi-kigq8000104-CHI, cache-osl6538-OSL
x-styx-req-id: 0638e35d-0875-11ef-b4bb-ce23f976d9cb
x-timer: S1714648418.975412,VS0,VE449
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_medium/public/2023-05/Fig2_0.png.webp?itok=IJQuf-HF | 104.22.48.215 | 200 OK | 56 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_medium/public/2023-05/Fig2_0.png.webp?itok=IJQuf-HF IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typePNG image data, 1076 x 508, 8-bit/color RGBA, non-interlaced Hashe17534d61fd2a4451895edb03fb26ffb 509388f8ceed66c92a60de2da3d1de39205f0ada 9f585f25faa1413819bcd9c78d11ec389dca1e663b0e325196498db8110ad439
GET /sites/default/files/styles/blogs_inline_medium/public/2023-05/Fig2_0.png.webp?itok=IJQuf-HF HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/png
content-length: 56081
cf-ray: 87e54d84de6e56cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 08:30:39 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 6pMoWJ2mBiEwlqAHy4Fup4q7YdRxUfnrGq6GxaVn2tDF1kgVbW69Hg==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-6q4h9
x-served-by: cache-chi-kigq8000134-CHI, cache-osl6526-OSL
x-styx-req-id: fa994464-09c3-11ef-b435-ae3e18cea8aa
x-timer: S1714792280.869825,VS0,VE520
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/0a09381f-7ddd-4fa4-ad16-4a1f1c355336/en.json | 104.19.178.52 | 200 OK | 15 kB |
URL GET HTTP/2cdn.cookielaw.org/consent/301196e0-93ad-473e-a572-975514574496/0a09381f-7ddd-4fa4-ad16-4a1f1c355336/en.json IP104.19.178.52:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hash33e7ed6aeb2228f4c2d59351bd2e8be5 bc9124bf3d0b763effcc93002d2f79c4c31bd934 4221092d89b21d0ac7819483b5607078370751a987814f0a39cf23f2e618dbd7
GET /consent/301196e0-93ad-473e-a572-975514574496/0a09381f-7ddd-4fa4-ad16-4a1f1c355336/en.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/x-javascript
content-length: 14734
cf-ray: 87e54d882f5a1c06-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DB50F086239A0D
expires: Sun, 05 May 2024 03:11:20 GMT
last-modified: Wed, 10 May 2023 00:50:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: vSO421RrIp9RvYN1fLhvxA==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 04a5581d-401e-0063-3274-79a478000000
x-ms-version: 2009-09-19
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_avatar_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=yMcB1DYB | 104.22.48.215 | 200 OK | 3.9 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_avatar_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=yMcB1DYB IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp Hashbdeadc8e1a6c3dd010db187b2e4d0666 27da76a1b4ed079ce202ffe6f47e5327c8202c7a 55818b3f3213279b9a13f0c9a32f807c423021b843f52105860c9b0ad4ed7574
GET /sites/default/files/styles/blogs_author_avatar_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=yMcB1DYB HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/webp
content-length: 3918
cf-ray: 87e54d84ce6b56cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="author-profile-default.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 19 Oct 2021 20:36:25 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8273
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: dD9sHO0OCgDqvYAKTpB1m16pr_jAaoONGZfFOBHCpYJnzPZQBbrB8w==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-kpcfq
x-served-by: cache-chi-klot8100166-CHI, cache-osl6539-OSL
x-styx-req-id: 0632483d-0875-11ef-828f-c2ab3e6ad4e3
x-timer: S1714648418.931584,VS0,VE432
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_large/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=jqwmEquJ | 104.22.48.215 | 200 OK | 586 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_large/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=jqwmEquJ IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 1600x1000, components 3 Size586 kB (585854 bytes) Hash291237c8ef88c690e9509f75d3467597 9dbd72f09a7aa1c83d920c0a461fad66c6bbdfcc 2782ae0cab81e13e8e0ed318de09aba12b85e9e8fb3c34c0d12f548e833bcdc3
GET /sites/default/files/styles/blogs_hero_large/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=jqwmEquJ HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/jpeg
content-length: 585854
cf-ray: 87e54d84ce6a56cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 10:02:46 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: nz41vwyaKYWsl1LXAQcg4ZR1QhgwcVtwpVsIfShE1P8Ny2wdLKrr1Q==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-m8bzf
x-served-by: cache-chi-kigq8000033-CHI, cache-osl6528-OSL
x-styx-req-id: fa998deb-09c3-11ef-8a3a-46d7ef274356
x-timer: S1714792280.878114,VS0,VE697
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/Metropolis-Medium.2d9d39a57d953c79.woff2 | 104.22.48.215 | 200 OK | 17 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/Metropolis-Medium.2d9d39a57d953c79.woff2 IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 17168, version 1.65 Hash06aacf43ff669cc3c07bd58a152849e9 d40447d9ea9d7165f4acb97b878608f6113b95bc 3dafa70d34901c0463ebba024717533901e99004ab9fa187d705f3443e35b01a
GET /blogs/Metropolis-Medium.2d9d39a57d953c79.woff2 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://symantec-enterprise-blogs.security.com/blogs/styles.977874cdc9c632a6.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: font/woff2
content-length: 17168
cf-ray: 87e54d8a288a56cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
etag: W/"4310-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: ZXEvg8icRkFb6A0w4gbAWpFI_9FdWnjVD0aTtMLMzEbtX2jloaAZuQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/Metropolis-SemiBold.d2e20fff26a63d07.woff2 | 104.22.48.215 | 200 OK | 17 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/Metropolis-SemiBold.d2e20fff26a63d07.woff2 IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 17332, version 1.65 Hash6d304e33a52ad940313c77638be880ba 52264f6c5ff7348ffe1bbb113c84311fafe399e2 1363e65c2a4b91299ffb8abacd9ead54fdadcdb972a3e4b2227f29684fe2469b
GET /blogs/Metropolis-SemiBold.d2e20fff26a63d07.woff2 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://symantec-enterprise-blogs.security.com/blogs/styles.977874cdc9c632a6.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: font/woff2
content-length: 17332
cf-ray: 87e54d8a589456cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
etag: W/"43b4-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: KoIuaSJsZ3sQUhL43ga-CIyS5ogJ-jPPstIpgBaj1qaFgki-LR9noA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/api/v1/blogs/announcement?aid=IOTVy1&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 | 104.22.48.215 | 200 OK | 59 B |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/api/v1/blogs/announcement?aid=IOTVy1&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
Hashc2e81ba4e235e8347b6346eb35053b0a c4ab545d48c4760d5b3c3de906f83265c8c281a9 2d5de519d6ec314d664a272eb96cbc6b1cd36e995a3de2fe545568dfc099ac6d
GET /blogs/api/v1/blogs/announcement?aid=IOTVy1&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/json
content-length: 59
cf-ray: 87e54d89785856cc-OSL
cf-cache-status: EXPIRED
accept-ranges: bytes
cache-control: max-age=600, public
content-encoding: gzip
content-language: en
etag: W/"1714790282"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Sat, 04 May 2024 02:38:02 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding,Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: NXJmX11jMw6jt3O51h-POd3izpKwr9F4jY2qIXT9yS8sAbb4REheFA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 9, 0
x-content-type-options: nosniff
x-drupal-cache: HIT
x-drupal-dynamic-cache: HIT
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-t5pnx
x-served-by: cache-chi-klot8100093-CHI, cache-osl6542-OSL
x-styx-req-id: 1c96ce17-09c3-11ef-a314-d679a79d35f7
x-timer: S1714792281.589609,VS0,VE122
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/Metropolis-Bold.95361de5b5275a58.woff2 | 104.22.48.215 | 200 OK | 17 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/Metropolis-Bold.95361de5b5275a58.woff2 IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 17204, version 1.65 Hashc65085073b6f361cd2a2c0a32f4aeb11 29d8af164c7ec0dcd69e37c4419070a10a7969a3 9f2a86c4f77b646ebc98e8bdadcafd73f9057a1c8ef3a0c605adfe9859169ac4
GET /blogs/Metropolis-Bold.95361de5b5275a58.woff2 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://symantec-enterprise-blogs.security.com/blogs/styles.977874cdc9c632a6.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: font/woff2
content-length: 17204
cf-ray: 87e54d8a689a56cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
etag: W/"4334-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: Y_wH1oibhiCnXg6IeN8pcYvJ8js9pvJu56m5vJpNcRydMc3zufWHzQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/logo.20230425.svg | 104.22.48.215 | 200 OK | 6.5 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/logo.20230425.svg IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typegzip compressed data, from Unix Hashffc587347b96054f778d5d7b5bc2c4d6 640b7635a8fcd85b59301d5df1d116b0ecba2782 a4a861e6fc5e75ff82120194813373e905da84f89ef9b739bf841ee51026e06d
GET /blogs/assets/logo.20230425.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d84ce6956cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"3650-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: STpB_BvrT4LTSYcpEViPI1xmtCGC55L06JKy_xahTxkx3Gz9EmNInA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| geolocation.onetrust.com/cookieconsentpub/v1/geo/location | 172.64.155.119 | 200 OK | 293 kB |
URL GET HTTP/2geolocation.onetrust.com/cookieconsentpub/v1/geo/location IP172.64.155.119:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerCloudflare, Inc. Subjectonetrust.com Fingerprint9B:BC:B4:A8:C7:6C:6C:02:0F:FD:9F:06:F2:67:FB:DD:A1:E0:3F:47 ValidityMon, 13 Nov 2023 00:00:00 GMT - Tue, 12 Nov 2024 23:59:59 GMT
File typeNew Line Delimited JSON text data Size293 kB (293054 bytes) Hash0a248a442c17e5c3c12feadeea6d1f37 314581dbe3d6abb9d52ae882be11b5093b51df06 7f4662a08526970f51d781a64c2ea6b2547728fe51249024f07c5805d77f87db
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | Detects strings found in Runspace Post Exploitation Toolkit | YARAhub by abuse.ch | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
GET /cookieconsentpub/v1/geo/location HTTP/1.1
Host: geolocation.onetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e54d870f39568a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog/threat-intelligence&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 | 104.22.48.215 | 200 OK | 37 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog/threat-intelligence&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
Hash07ac2c3519307a82683e31a2a6054107 ed3d16464c447bda1713c5b6e81b4b7b3a551783 4451a2aadd27787f85092478603fe721c3c9a3ca3e9b2b76d242ca21b7c85a70
GET /blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog/threat-intelligence&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/json
content-length: 36681
cf-ray: 87e54d8a288756cc-OSL
cf-cache-status: EXPIRED
accept-ranges: bytes
cache-control: max-age=600, public
content-encoding: gzip
content-language: en
etag: W/"1714790307"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Sat, 04 May 2024 02:38:27 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding,Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: LWwkIEKiypXcU-mtHEUN10FB4ISOdQIOzOMdeWfwxBTGtM00ZzHMmQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 2, 0
x-content-type-options: nosniff
x-drupal-cache: HIT
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-h6zmh
x-served-by: cache-chi-klot8100061-CHI, cache-osl6525-OSL
x-styx-req-id: b4c4e52f-09c3-11ef-845e-e63821734780
x-timer: S1714792281.692457,VS0,VE123
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/Metropolis-Medium.2d9d39a57d953c79.woff2 | 104.22.48.215 | 200 OK | 17 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/Metropolis-Medium.2d9d39a57d953c79.woff2 IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 17168, version 1.65 Hash06aacf43ff669cc3c07bd58a152849e9 d40447d9ea9d7165f4acb97b878608f6113b95bc 3dafa70d34901c0463ebba024717533901e99004ab9fa187d705f3443e35b01a
GET /blogs/Metropolis-Medium.2d9d39a57d953c79.woff2 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: font/woff2
content-length: 17168
cf-ray: 87e54d8b78f056cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
etag: W/"4310-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: ZXEvg8icRkFb6A0w4gbAWpFI_9FdWnjVD0aTtMLMzEbtX2jloaAZuQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/icomoon/envelope.svg | 104.22.48.215 | 200 OK | 894 B |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/icomoon/envelope.svg IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typegzip compressed data, from Unix Hash4c42e75baa8b0364f478de24083c44de e7f8d8fed068ab606b3669b9f7d8a20c7597cab5 29d7d4a5da3bec8dee34189bfb7ca63713050cf9e73a6a345a53e9b60cdc2c38
GET /blogs/assets/icomoon/envelope.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d867f4256cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"2a1-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: UKMrqbGJQiJVCJz9JEUR1lMZqzS-rgH-3NSXq9hbe34sTS03Npm9FA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/favicon/apple-touch-icon.png | 104.22.48.215 | 200 OK | 4.7 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/favicon/apple-touch-icon.png IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image Hashcda5b7d6800dcd26fb2a04f680cca6d3 c3e8aca9e50189eec4dcc4319ff17e6813bd8d8e 14eb93fb5a0bbc58e35e0bfd2ec3c4e7b018ba3e4bfe387bdf27705abf316b02
GET /blogs/assets/favicon/apple-touch-icon.png HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: image/webp
content-length: 4718
cf-ray: 87e54d8cd96556cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
content-disposition: inline; filename="apple-touch-icon.webp"
etag: W/"2124-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=8484
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: _H_6c5nZLlm8tc63F9hn43nNKR6F0hab_g8R7AHCNtabdDKM3Oba0g==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otFloatingFlat.json | 104.19.178.52 | 200 OK | 2.7 kB |
URL GET HTTP/2cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otFloatingFlat.json IP104.19.178.52:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hash997d5992ec1b940287911db0370bf2ed 2a79628eae4dcf5484315999db38077342f34b59 0d6a316993e74e58abc10e08adf78c437a8a6b4681bdc08b3dde0587a0eb3176
GET /scripttemplates/202304.1.0/assets/otFloatingFlat.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: application/json
content-length: 2700
content-encoding: gzip
content-md5: 0n+3VGdW2op3e0CnKIlgXA==
last-modified: Thu, 11 May 2023 06:31:09 GMT
etag: 0x8DB51E94E9A8614
x-ms-request-id: b603e72f-501e-008b-464f-793dee000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d8cf8511c06-OSL
X-Firefox-Spdy: h2
|
|
| cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCookieSettingsButton.json | 104.19.178.52 | 200 OK | 1.8 kB |
URL GET HTTP/2cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCookieSettingsButton.json IP104.19.178.52:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hash8bec04f783195a93e6f1e9b6560cf2d3 7cec7b3ec7f1ccca2ca8767c91edf5459f991291 1fec5c08703b96cc02619b88d090f9835b8b51e6d4ca2c74658d2443e739937b
GET /scripttemplates/202304.1.0/assets/otCookieSettingsButton.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: application/json
content-length: 1762
content-encoding: gzip
content-md5: XOE37UhksLgCWIl0MIJwPw==
last-modified: Thu, 11 May 2023 06:31:10 GMT
etag: 0x8DB51E94F3BB8FA
x-ms-request-id: b1860ffc-e01e-0045-40d1-9b9cf8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d8cf8521c06-OSL
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog-post/buhti-ransomware&display-context=221&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 | 104.22.48.215 | 200 OK | 42 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog-post/buhti-ransomware&display-context=221&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
Hash7d045035fbff32284a2cd46c86ac418f f84636b68535632f69156558367e980662d4a692 597705740f16c54b83c160ddfa796a7e3d5ff576c7c3caa4b86dab7c2595ca3f
GET /blogs/api/v1/content-item/by-alias?aid=IOTVy1&alias=blog-post/buhti-ransomware&display-context=221&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: application/json
content-length: 41893
cf-ray: 87e54d8d89a056cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: max-age=600, public
content-encoding: gzip
content-language: en
etag: W/"1714792269"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Sat, 04 May 2024 03:11:09 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding,Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: esNYW_sToZSNk_S-KNLgqzdSEsRuIpUmV3rKA1TMlCz0g8GUjYFbEw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 1, 0
x-content-type-options: nosniff
x-drupal-cache: MISS
x-drupal-dynamic-cache: HIT
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-2x6gn
x-served-by: cache-chi-kigq8000108-CHI, cache-osl6525-OSL
x-styx-req-id: f4a03389-09c3-11ef-9f30-f2148a5a0d9b
x-timer: S1714792281.235543,VS0,VE119
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/icomoon/compass.svg | 104.22.48.215 | 200 OK | 695 B |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/icomoon/compass.svg IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typegzip compressed data, from Unix Hash0ee4ac424f48e76a13f22005e817d0c1 8d4d43978a02a259d059797e2678b782ffdf723f 82c1260795daee07caed1819cf3dc15024267503aff1cf6a1cbe959f487dfce4
GET /blogs/assets/icomoon/compass.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4756cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"139-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: wkScMii08xKcCnT-9Pzc3OmW_6XqAvv5WMP9M6rehsJcVegMN7zfQw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.163 | 200 OK | 206 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.163:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:59:48 GMT
expires: Fri, 02 May 2025 01:59:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 177093
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| images.sw.broadcom.com/Web/CAInc2/%7B0dd907c3-1965-4a46-8bd9-d2137213dc4e%7D_blocked-emails.js | 95.101.10.146 | 200 OK | 24 kB |
URL GET HTTP/1.1images.sw.broadcom.com/Web/CAInc2/%7B0dd907c3-1965-4a46-8bd9-d2137213dc4e%7D_blocked-emails.js IP95.101.10.146:443 ASN#20940 Akamai International B.V.
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerDigiCert Inc Subjectimages.sw.broadcom.com FingerprintB8:E1:F7:9C:A2:0F:AC:FB:9B:4A:44:40:CA:36:50:56:31:E4:34:2E ValidityMon, 21 Aug 2023 00:00:00 GMT - Tue, 20 Aug 2024 23:59:59 GMT
Hash52bf2f76d2561185dc2ed1c2a8d69001 7bad75269a246c6172e967caf94e0e15217caf94 e2cfb1a29f60db9cfb63e1ced78f32a0630facfa984ed0f07a16e697b691163a
GET /Web/CAInc2/%7B0dd907c3-1965-4a46-8bd9-d2137213dc4e%7D_blocked-emails.js HTTP/1.1
Host: images.sw.broadcom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/x-javascript
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
Content-Security-Policy: worker-src 'self' 'unsafe-inline' * blob:; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob data: *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.broadcom.com *.adroll.com *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.crazyegg.com *.cdnfonts.com *.bidswitch.net *.doubleclick.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.taboola.com *.analytics.yahoo.com *.3lift.com *.adnxs.com *.pubmatic.com *.google.com *.knak.io *.googleapis.com *.hubspotusercontent-na1.net *.gstatic.com *.fakeimg.pl *.rlcdn.com knak-client-data.imgix.net *.youtube.com *.youtu.be *.jsdelivr.net *.brightcove.net *.brightcove.com *.brightcovecdn.com *.boltdns.net *.pippio.com *.adsrvr.org *.amazon-adsystem.com *.demdex.net *.krxd.net *.sharethis.com
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: no-store
Expires: Sat, 04 May 2024 03:11:21 GMT
Date: Sat, 04 May 2024 03:11:21 GMT
Content-Length: 23463
Connection: keep-alive
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_bio_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=w8Rg1PQZ | 104.22.48.215 | 200 OK | 3.9 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_author_bio_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=w8Rg1PQZ IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp Hashbdeadc8e1a6c3dd010db187b2e4d0666 27da76a1b4ed079ce202ffe6f47e5327c8202c7a 55818b3f3213279b9a13f0c9a32f807c423021b843f52105860c9b0ad4ed7574
GET /sites/default/files/styles/blogs_author_bio_small/public/2017-10/author-profile-default.jpg.webp?h=6386ac74&itok=w8Rg1PQZ HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: image/webp
content-length: 3918
cf-ray: 87e54d902a6756cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="author-profile-default.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 19 Oct 2021 20:39:49 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=8273
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: XpTuwhNryelVaYQaaGWyJJuy6aw-tfI_zOWzjes0G8_42ZhEsIFmGA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-kpcfq
x-served-by: cache-chi-kigq8000027-CHI, cache-osl6542-OSL
x-styx-req-id: 3aa23df2-087b-11ef-828f-c2ab3e6ad4e3
x-timer: S1714651083.885393,VS0,VE513
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_tiny/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=ZEHkw7hU | 104.22.48.215 | 200 OK | 73 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_tiny/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=ZEHkw7hU IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 420x350, components 3 Hash30c493f68588253757e9f93f07854117 995d2eabcdeb453c241640e982690ac51ac30319 3d6493c263c64bd6d7b35fbe222eae7a155ef5f7513c32c11bdd7ee5b2c726ee
GET /sites/default/files/styles/blogs_hero_tiny/public/2023-05/Hero%20-1322943745.jpg.webp?h=d0633ac3&itok=ZEHkw7hU HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/jpeg
content-length: 72971
cf-ray: 87e54d901a6256cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 10:01:50 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 9Grp_y7hE1u2cE8sGGrC6hRBVRYQayXBd58LrQJeWJQ3r89xCLKUJA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-6j6r4
x-served-by: cache-chi-klot8100028-CHI, cache-osl6544-OSL
x-styx-req-id: fba6c25b-09c3-11ef-ba2a-1eefb784956d
x-timer: S1714792282.643973,VS0,VE354
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_small/public/2023-05/Fig2_0.png.webp?itok=Oz5yS8sc | 104.22.48.215 | 200 OK | 33 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_small/public/2023-05/Fig2_0.png.webp?itok=Oz5yS8sc IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typePNG image data, 720 x 340, 8-bit/color RGBA, non-interlaced Hash704c094e0259f329bf7c31da5bcb181d e541aa57f20684b7000f37f5e805ba43fccf29b6 3fbaa05908a206f51b9324866980abd815d9286d5d7bb0d9467086ec1ae8a86f
GET /sites/default/files/styles/blogs_inline_small/public/2023-05/Fig2_0.png.webp?itok=Oz5yS8sc HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/png
content-length: 32929
cf-ray: 87e54d902a6656cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 10:01:49 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: uSzodpMmO-x7vNcEmTPzReN_kbhziXamWV7p_rZYvzlhzsv4VUeYcw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-6q4h9
x-served-by: cache-chi-klot8100161-CHI, cache-osl6528-OSL
x-styx-req-id: fba71bc5-09c3-11ef-b435-ae3e18cea8aa
x-timer: S1714792282.646132,VS0,VE365
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_small/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=eF3inXrV | 104.22.48.215 | 200 OK | 36 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_inline_small/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=eF3inXrV IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typePNG image data, 555 x 646, 8-bit/color RGBA, non-interlaced Hasha324f46230bf0fe2f91e59bd77cefa8b d70e0589b7cbfd072c6e540d1a2ec7ee451c7aa5 103d41a6faa2678cbd1c874066f35c99ea9481677030426db0337c07d20ee773
GET /sites/default/files/styles/blogs_inline_small/public/2023-05/Ransom_Note_Buhti_0.png.webp?itok=eF3inXrV HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/png
content-length: 36535
cf-ray: 87e54d902a6556cc-OSL
cf-cache-status: MISS
accept-ranges: bytes
cache-control: public
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 25 May 2023 10:01:49 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: X6ZYcc23r-SX7ro4VkaEYIDnhnXwEHKV99637zNdrz1E1B2uJWKnzQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-2x6gn
x-served-by: cache-chi-klot8100119-CHI, cache-osl6542-OSL
x-styx-req-id: fba72c9f-09c3-11ef-9f30-f2148a5a0d9b
x-timer: S1714792282.644942,VS0,VE384
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=5CogppJH | 104.22.48.215 | 200 OK | 32 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=5CogppJH IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 690x460, Scaling: [none]x[none], YUV color, decoders should clamp Hash2bd32126ab0c9d4a5e7acaaf2b98e216 5341e47c43d6e49f3708cb195a8490f6dbf43c1e d42ce29d2f1ccc483edc534455c6da345ed943b44fb7a2f6454954b535183dea
GET /sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1435355598.jpg.webp?h=b5e3fcd1&itok=5CogppJH HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/webp
content-length: 31618
cf-ray: 87e54d902a6a56cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1435355598.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Wed, 06 Mar 2024 11:06:45 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=88395
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: LEsjfPikYFKzyl_9MkVufpOsksFLLJpWFarbHRYNH8yCkJ06IS8luQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-xghfc
x-served-by: cache-chi-kigq8000155-CHI, cache-osl6536-OSL
x-styx-req-id: a89deef7-08a1-11ef-aa48-a624d610b8ef
x-timer: S1714667588.284008,VS0,VE427
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=40ITqY5Z | 104.22.48.215 | 200 OK | 63 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=40ITqY5Z IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 690x460, Scaling: [none]x[none], YUV color, decoders should clamp Hash99f59ca5da5087d44e96f1dd6554224c 3fda32932efe9602c1d7be08d2d143387695adf2 89125739b29034c9b59d728b23d2d0067d4f12d71914d0d51edae68ed74611fa
GET /sites/default/files/styles/blogs_hero_related_small/public/2024-02/Hero-1467227409.jpg.webp?h=cb89afd7&itok=40ITqY5Z HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/webp
content-length: 62672
cf-ray: 87e54d902a6b56cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1467227409.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Fri, 16 Feb 2024 11:03:21 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=151314
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 48Y3SmKC8aWFJw3OatldA3sYiCMFm4KLZB2OksV9FNCixSqVkzZoZg==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-w65w5
x-served-by: cache-chi-kigq8000120-CHI, cache-osl6551-OSL
x-styx-req-id: a89cc4e4-08a1-11ef-876b-46066773fe20
x-timer: S1714667588.277469,VS0,VE418
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=TQiMybkN | 104.22.48.215 | 200 OK | 48 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=TQiMybkN IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 690x460, Scaling: [none]x[none], YUV color, decoders should clamp Hash2dbef6eddacbfa2df7e5b0608ff965fd dc83ca0b07d51be309ab8ed89c22c59c23746b03 c96607d36a19586497f89f6a6f02b34a2c947ca3657aa4074ec1957cc458b33d
GET /sites/default/files/styles/blogs_hero_related_small/public/2024-03/Hero-1420039900.jpg.webp?h=cb89afd7&itok=TQiMybkN HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/webp
content-length: 48064
cf-ray: 87e54d902a6956cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1420039900.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 12 Mar 2024 10:02:16 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=110318
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: QwojQboWrhy5xVmCdIm1yhG7pj8zZI0O7G4398ndj5uZ4gU5LHSqDg==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-czkvc
x-served-by: cache-chi-kigq8000125-CHI, cache-osl6545-OSL
x-styx-req-id: a89d57cd-08a1-11ef-a67d-2280619819ed
x-timer: S1714667588.278841,VS0,VE392
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=Fl-lmH-T | 104.22.48.215 | 200 OK | 71 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/sites/default/files/styles/blogs_hero_related_small/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=Fl-lmH-T IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 690x460, Scaling: [none]x[none], YUV color, decoders should clamp Hash7e5a6978d7d1375e2c70f7ad64d5a73f 0f8461c00ade57475e83ce8562c9084895819648 ef42b45df5418ac6ae76bfdb84acbd4d33743f77662a1d5e9c648207924caa6e
GET /sites/default/files/styles/blogs_hero_related_small/public/2024-05/Hero-1007981330.jpg.webp?h=54e8f53c&itok=Fl-lmH-T HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:22 GMT
content-type: image/webp
content-length: 71000
cf-ray: 87e54d902a6856cc-OSL
cf-cache-status: REVALIDATED
accept-ranges: bytes
cache-control: public
content-disposition: inline; filename="Hero-1007981330.webp"
content-language: en
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 02 May 2024 10:01:56 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=150180
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: q-ZhrkbP4Si062sN8TFJkAZQjSGHRg1bSgnGIgIdtdgaaMr4XL6ezQ==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-b-66fc9bfc69-2x6gn
x-served-by: cache-chi-klot8100048-CHI, cache-osl6523-OSL
x-styx-req-id: 96fe5e95-08c4-11ef-8294-f2148a5a0d9b
x-timer: S1714682591.102372,VS0,VE488
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css | 142.250.74.163 | 200 OK | 25 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css IP142.250.74.163:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeASCII text, with very long lines (56412), with no line terminators Hash2c00b9f417b688224937053cd0c284a5 17b4c18ebc129055dd25f214c3f11e03e9df2d82 1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24617
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 23:24:54 GMT
expires: Fri, 02 May 2025 23:24:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/css
vary: Accept-Encoding
age: 99988
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.163 | 200 OK | 206 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.163:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:59:48 GMT
expires: Fri, 02 May 2025 01:59:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 177094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15344, version 1.0 Hash5d4aeb4e5f5ef754e307d7ffaef688bd 06db651cdf354c64a7383ea9c77024ef4fb4cef8 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:04 GMT
expires: Sat, 03 May 2025 16:31:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 38418
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.163 | 200 OK | 206 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.163:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:59:48 GMT
expires: Fri, 02 May 2025 01:59:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 177094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.google.com/js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js | 142.250.74.132 | 200 OK | 7.5 kB |
URL GET HTTP/3www.google.com/js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js IP142.250.74.132:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeJavaScript source, ASCII text, with very long lines (17691) Hash040162f6da25c64feaaed69abc0ac96b 818d0d73c7efdeafe6898255d407c519173a5131 7f2085de59a8fce6270bff6b196505f82790bed38428aad350afd75d2d45775b
GET /js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 7490
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:12:08 GMT
expires: Fri, 02 May 2025 02:12:08 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Apr 2024 17:30:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 176354
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.gstatic.com/recaptcha/api2/logo_48.png | 142.250.74.163 | 200 OK | 2.2 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/api2/logo_48.png IP142.250.74.163:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typePNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced Hashef9941290c50cd3866e2ba6b793f010d 4736508c795667dcea21f8d864233031223b7832 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 00:37:29 GMT
expires: Fri, 10 May 2024 00:37:29 GMT
cache-control: public, max-age=604800
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
age: 95633
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| symantec-enterprise-blogs.security.com/cdn-cgi/rum? | 104.22.48.215 | 204 No Content | 0 B |
URL POST HTTP/2symantec-enterprise-blogs.security.com/cdn-cgi/rum? IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
content-type: application/json
Content-Length: 1168
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+May+04+2024+03%3A11%3A21+GMT%2B0000+(GMT)&version=202304.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=2cb1bc1b-7bf0-410f-953e-81617cf7b5bf&interactionCount=0&landingPath=https%3A%2F%2Fsymantec-enterprise-blogs.security.com%2Fblogs%2Fthreat-intelligence%2Fbuhti-ransomware&groups=1%3A1%2C3%3A1%2C2%3A0%2C4%3A0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 04 May 2024 03:11:22 GMT
access-control-allow-origin: https://symantec-enterprise-blogs.security.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87e54d95cc4f56cc-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css | 142.250.74.163 | 200 OK | 25 kB |
URL GET HTTP/3www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css IP142.250.74.163:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeASCII text, with very long lines (56412), with no line terminators Hash2c00b9f417b688224937053cd0c284a5 17b4c18ebc129055dd25f214c3f11e03e9df2d82 1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24617
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 23:24:54 GMT
expires: Fri, 02 May 2025 23:24:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/css
vary: Accept-Encoding
age: 99989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/icomoon/share-alt.svg | 104.22.48.215 | 200 OK | 207 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/icomoon/share-alt.svg IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeSVG Scalable Vector Graphics image Size207 kB (207306 bytes) Hash1dd4444ea66edd06172e9ef7645ff177 c0a053dd6bb9035fafa1f37ddcca4ffebd6e22d5 f43ec60f8ea0e21b49073ca64d09c9269a015e3127ab0c9e407c5feb50b8456d
GET /blogs/assets/icomoon/share-alt.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d867f4156cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"226-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: s6IVbU-4hL1l018YF0nRk5VC5oovhepIXa1MZYbDuIA0X1EyB5_ySA==
x-amz-cf-pop: OSL50-C1
x-cache: RefreshHit from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/favicon/favicon-16x16.png | 104.22.48.215 | 200 OK | 496 B |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/favicon/favicon-16x16.png IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeRIFF (little-endian) data, Web/P image Hashb2bcc6de8cb4b24bc765c3d5e8eb75b6 cf503829d1573137ea66bcdf24712d40cd62ceae 45891ffe11376db3654e8b08386a7ba253732a1485da69a999a9274c2bbbf789
GET /blogs/assets/favicon/favicon-16x16.png HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: image/webp
content-length: 496
cf-ray: 87e54d8cd96756cc-OSL
cf-cache-status: HIT
accept-ranges: bytes
age: 61006
cache-control: public, max-age=86400
content-disposition: inline; filename="favicon-16x16.webp"
etag: W/"48a-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept, Accept-Encoding
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=1162
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: CRp74J3fLYAFo-zAMHAI3cYUxosDjgguGt7jvQnlbot5c40LCr6i_A==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 | 142.250.74.132 | 200 OK | 46 kB |
URL GET HTTP/3www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 IP142.250.74.132:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeHTML document, ASCII text, with very long lines (37165) Hashd842ee87184dd0c82e8cfc2043e2bf09 9a9203986e6c66d7b41e8114af61ebbf201f1eee 71838046379e0937f2562d60837c17bbbf16149d8ca714b0ea2819331e862558
GET /recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 03:11:21 GMT
content-security-policy: script-src 'nonce-TmrcN92WX8jmi3EdX0VysA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j | 142.250.74.132 | 200 OK | 7.4 kB |
URL GET HTTP/3www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j IP142.250.74.132:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeHTML document, ASCII text, with very long lines (7675), with no line terminators Hashb1a878c732d0e71ed2c4591e5d19fd66 314ff365fbaeabf189385cd905a2ad057336a1ca dcb23d2bca77fd7f4d9099e85b3e8250e1ea3d7816420f57907b9e360254d8b0
GET /recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 03:11:23 GMT
content-security-policy: script-src 'nonce-e14DYtNa6Hw_cW-zeV0IqA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| symantec-enterprise-blogs.security.com/blogs/styles.977874cdc9c632a6.css | 104.22.48.215 | 200 OK | 170 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/styles.977874cdc9c632a6.css IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size170 kB (169880 bytes) Hash1e7957a48fbf988e78fa5e7871537d56 d8cabf42c912ce9182fe8487f500618413c9ff3d 29d907b62c0b2e8fef6b1c9dee02ce97f48d6ebcfa923f1dd0bc4ec55a567145
GET /blogs/styles.977874cdc9c632a6.css HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: text/css; charset=UTF-8
cf-ray: 87e54d84ce6756cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"29798-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: PagdFXw7dJOZ_e9W6tghoCMVsgOj6qIiCd_CCrP9n5xKys9GADWKPw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCommonStyles.css | 104.19.178.52 | 200 OK | 22 kB |
URL GET HTTP/2cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCommonStyles.css IP104.19.178.52:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (21608), with no line terminators Hasha169014cb8030d7beb52c77ddf2fd9c6 fbe4667b4f8f01cd6c4dd2f9c9cacfb389cb54e1 d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
GET /scripttemplates/202304.1.0/assets/otCommonStyles.css HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: text/css
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
last-modified: Thu, 11 May 2023 06:31:18 GMT
x-ms-request-id: c3b4d130-201e-004a-3e58-799a0c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d8cf8541c06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/icomoon/check.svg | 104.22.48.215 | 200 OK | 502 B |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/icomoon/check.svg IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeSVG Scalable Vector Graphics image Hashac179d94127a57d7a9e8da8859453325 c4efeefb97a304ca2a6bf946616d9388c70dfd08 fb23590a947c5699e58ed984fd40c2a9c7d26160b931b7717aea142dd62d1450
GET /blogs/assets/icomoon/check.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4656cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"1f6-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: 8k3LJGgSmyJTNZl5Eyh-_qUmrhMcyQhARBYD2zzDJ5Mfv1pskrEoLA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/main.ddb008685495cc54.js | 104.22.48.215 | 200 OK | 628 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/main.ddb008685495cc54.js IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size628 kB (628063 bytes) Hash10d58afa0e6a1dd771ca3c02c7645a16 47ddd1fe1b5a7c1c9ac47d0759529a18530e814c 4e841299c022f88b66091ad23f31cc1619a313443e1832f416c8fc9de490a1ba
GET /blogs/main.ddb008685495cc54.js HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 87e54d84ee7f56cc-OSL
cf-cache-status: HIT
age: 61008
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"9955f-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: BHgJdtb_0R-HuLKNjRQT2rUgcF6U4yfAavr9KQsxQXZvLOlQXegrIw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| cdn.cookielaw.org/logos/static/ot_close.svg | 104.19.178.52 | 200 OK | 651 B |
URL GET HTTP/2cdn.cookielaw.org/logos/static/ot_close.svg IP104.19.178.52:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash775913dc8267eb216d54c1e1dfe467b1 c6c68dea713afbe52666360532140507347a5d10 7f95ae3119579940ba6840a95abc442065d3a8412a8f6aff872ffdf86bcc8240
GET /logos/static/ot_close.svg HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:21 GMT
content-type: image/svg+xml
content-md5: pcXWFGpuVeSg/jVnYCseRg==
last-modified: Thu, 02 May 2024 18:04:42 GMT
x-ms-request-id: 249bc3d1-401e-006a-2509-9d1dc2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 39226
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87e54d8e18811c06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/runtime.3d45dbe3cf1c9b60.js | 104.22.48.215 | 200 OK | 2.8 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/runtime.3d45dbe3cf1c9b60.js IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeJavaScript source, ASCII text, with very long lines (2828), with no line terminators Hash07b2b9e6f316b0976c35573a92f9fe4f 720dd8c1004cbe20eb4facddc10e0accbd305a1f 1acb2a690eae0c3d373f26a1c6422c61bb062effb8927d4eddb9453fa42721d5
GET /blogs/runtime.3d45dbe3cf1c9b60.js HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 87e54d84ee7956cc-OSL
cf-cache-status: HIT
age: 61008
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"ad7-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: st4lF9mKNxe-4yeRwK1tnM-UOrgKNsmwJRjIXZeSI9WebjjW5GteAw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 | 104.16.79.73 | 200 OK | 19 kB |
URL GET HTTP/2static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP104.16.79.73:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerGoogle Trust Services LLC Subjectcloudflareinsights.com Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00 ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT
File typeJavaScript source, ASCII text, with very long lines (19189), with no line terminators Hash4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192
GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
Origin: https://symantec-enterprise-blogs.security.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e54d853b8256be-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded | 142.250.74.132 | 200 OK | 913 B |
URL GET HTTP/2www.google.com/recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded IP142.250.74.132:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99 ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT
File typeJavaScript source, ASCII text, with very long lines (913), with no line terminators Hash0f698a12f8b480d8e3e254fcc4541e29 e6f034aa0818727e01d23504ffc0a119d9cf7f2b f8ddfa46e497ed54787f10f391f2e2521e6412e1c19592bb143982a7467c4153
GET /recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 04 May 2024 03:11:20 GMT
date: Sat, 04 May 2024 03:11:20 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware | 104.22.48.215 | 200 OK | 66 kB |
URL User Request GET HTTP/2symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware IP104.22.48.215:443
CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /blogs/threat-intelligence/buhti-ransomware HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: text/html; charset=utf-8
cf-ray: 87e54d793a6c56cc-OSL
cf-cache-status: MISS
cache-control: public, max-age=60, s-maxage=600
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: QCF9Bx7vGEUikWhXX73GX6d8oUI3E2wCrU_yEK2O1JKFGmfRPtyGjA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KF7XWD | 142.250.74.168 | 200 OK | 426 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KF7XWD IP142.250.74.168:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Size426 kB (425881 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /gtm.js?id=GTM-KF7XWD HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 03:11:20 GMT
expires: Sat, 04 May 2024 03:11:20 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 121432
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/icomoon/linkedin.svg | 104.22.48.215 | 200 OK | 667 B |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/icomoon/linkedin.svg IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeSVG Scalable Vector Graphics image Hash0edf4d9089f1d43ca9a1e491f9a1c16d a653f883395a176f6756ddec16ab9bf73d265140 89bd204642d0f2c7046a98c19c22c297397e0ec7fbc02bee252026f0167f0396
GET /blogs/assets/icomoon/linkedin.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4356cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"29b-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: biKf1ejqhPvECP9aGKU099BQv2vHpuNHPnSGJopUrP6ekOrgr1e4Vw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m | 142.250.74.132 | 200 OK | 102 B |
URL GET HTTP/3www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m IP142.250.74.132:443
Requested byhttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6 CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeASCII text, with no line terminators Hash284b36421a1cf446f32cb8f7987b1091 eb14d6298c9da3fb26d75b54c087ea2df9f3f05f 94ab2be973685680d0be9c08d4e1a7465f3c09053cf631126bd33f49cc2f939b
GET /recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfqk1EUAAAAALmZHlI0mPZOiPIdZ6gu_91-A49j&co=aHR0cHM6Ly9zeW1hbnRlYy1lbnRlcnByaXNlLWJsb2dzLnNlY3VyaXR5LmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=74hhsowk2ji6
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 04 May 2024 03:11:22 GMT
date: Sat, 04 May 2024 03:11:22 GMT
cache-control: private, max-age=300
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/icomoon/twitter.svg | 104.22.48.215 | 200 OK | 801 B |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/icomoon/twitter.svg IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeSVG Scalable Vector Graphics image Hashdd14e937b1634a10b8ff531ee850bb79 fe717ead6f1302b0bfb2e26ec114cd7f6c03e755 70a2e46488893803660fe9c3a2e59e5848a7277ba9dbe8b4a3beff95afdab111
GET /blogs/assets/icomoon/twitter.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4556cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"321-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: PBymZhIehAo5MMEpy6TcOvNuJmegyZsEaq2YmkKXVXwO8vjcEByQyg==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/polyfills.824ad2d7c1c36d3a.js | 104.22.48.215 | 200 OK | 34 kB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/polyfills.824ad2d7c1c36d3a.js IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeJavaScript source, ASCII text, with very long lines (34014), with no line terminators Hash4b37288c01eb499b9b11c0adb25546c9 37549b2e66998591f9cf249901596162e980a30a 71c2626c47223b87c8cff1b086a97937f28512991812b3edfd79eb157dd232ff
GET /blogs/polyfills.824ad2d7c1c36d3a.js HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:19 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 87e54d84ee7e56cc-OSL
cf-cache-status: HIT
age: 61007
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"84de-18f2adb1d10"
last-modified: Mon, 29 Apr 2024 17:15:54 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: x1yl9f-iOgm0vHF-icInagQMLC6bXJLNZLuiGGMzi6L_c0v5PqIs4Q==
x-amz-cf-pop: OSL50-C1
x-cache: RefreshHit from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/icomoon/home.svg | 104.22.48.215 | 200 OK | 688 B |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/icomoon/home.svg IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeSVG Scalable Vector Graphics image Hash1e2f8bbfb8568bf79b95cb2ffc54aff2 9348bcc2e1b8349d36b2fb41e77699d9180ed2ea 1bf9fb40c057ba43797bf75d4d8808570a8f3b7931f5526dc5c9db262e25ba67
GET /blogs/assets/icomoon/home.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4a56cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"2b0-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: LX_VWwSxKqOEBhwI18lFgV_B8EjU1Fwiis9S2AwIzYkmmeHVd6nm-Q==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/api/v1/blogs?aid=IOTVy1&division=fea23926-b4f8-4c9c-9161-6951442b2e6c&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 | 104.22.48.215 | 200 OK | 1.5 MB |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/api/v1/blogs?aid=IOTVy1&division=fea23926-b4f8-4c9c-9161-6951442b2e6c&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
Size1.5 MB (1545681 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /blogs/api/v1/blogs?aid=IOTVy1&division=fea23926-b4f8-4c9c-9161-6951442b2e6c&sid=0ea78691-3b54-45e2-bd5f-b45ee9a86226 HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: application/json
content-length: 292966
cf-ray: 87e54d89785356cc-OSL
cf-cache-status: EXPIRED
accept-ranges: bytes
cache-control: max-age=600, public
content-encoding: gzip
content-language: en
etag: W/"1714789812"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Sat, 04 May 2024 02:30:12 GMT
strict-transport-security: max-age=1000; includeSubDomains, max-age=300; includeSubDomains
vary: Accept-Encoding,Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self'; upgrade-insecure-requests
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'
referrer-policy: same-origin
x-amz-cf-id: 6aNmiL7RMq5KCiZl19e9LapfjOLTtmu-RC3jfICjoELT-ZybWtScvA==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-cache-hits: 9, 0
x-content-type-options: nosniff
x-drupal-cache: HIT
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe4-a-5669f89d84-nxcmk
x-served-by: cache-chi-klot8100068-CHI, cache-osl6528-OSL
x-styx-req-id: 1c96b244-09c3-11ef-b1e2-1e2a493875f4
x-timer: S1714792281.582220,VS0,VE114
x-xss-protection: 1
server: cloudflare
X-Firefox-Spdy: h2
|
|
| symantec-enterprise-blogs.security.com/blogs/assets/icomoon/search.svg | 104.22.48.215 | 200 OK | 407 B |
URL GET HTTP/2symantec-enterprise-blogs.security.com/blogs/assets/icomoon/search.svg IP104.22.48.215:443
Requested byhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware CertificateIssuerLet's Encrypt Subjectsymantec-enterprise-blogs.security.com FingerprintC0:27:69:2E:4D:1D:7E:33:AF:61:4E:44:80:AF:2E:94:DA:AA:FD:79 ValidityTue, 09 Apr 2024 03:24:04 GMT - Mon, 08 Jul 2024 03:24:03 GMT
File typeSVG Scalable Vector Graphics image Hashe5661d77571d44b2a9a3240a599ab8da 83b83a0b97cc6256a98ba4929ab20980ee732e63 b9748dee2101a1b2e0503ca90f30e0a4eeb016be0167621e40be85ad1e6b4318
GET /blogs/assets/icomoon/search.svg HTTP/1.1
Host: symantec-enterprise-blogs.security.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/buhti-ransomware
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 03:11:20 GMT
content-type: image/svg+xml
cf-ray: 87e54d868f4456cc-OSL
cf-cache-status: REVALIDATED
cache-control: public, max-age=86400
etag: W/"197-18f2adb20f8"
last-modified: Mon, 29 Apr 2024 17:15:55 GMT
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none'
referrer-policy: strict-origin-when-cross-origin
x-amz-cf-id: GbUpMh1_ZVuDP_JyD8YYi3oG013ySyR-rm6_qHhJ0jQVm6qPcS7azw==
x-amz-cf-pop: OSL50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
|
|