urlscan.io logo urlscan.io
SecurityTrails logo

www.cloudsek.com Open in urlscan Pro
104.26.15.226  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-p...
Effective URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-p...
Submission Tags: 0xscam
Submission: On May 11 via api from US — Scanned from IL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 26 IPs in 3 countries across 23 domains to perform 59 HTTP transactions. The main IP is 104.26.15.226, located in and belongs to CLOUDFLARENET, US. The main domain is www.cloudsek.com.
TLS certificate: Issued by WE1 on March 19th 2025. Valid for: 3 months.
This is the only time www.cloudsek.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 104.26.15.226 13335 (CLOUDFLAR...)
8 104.18.161.117 13335 (CLOUDFLAR...)
7 142.250.185.232 15169 (GOOGLE)
2 18.245.60.82 16509 (AMAZON-02)
1 18.244.20.134 16509 (AMAZON-02)
2 104.16.139.209 13335 (CLOUDFLAR...)
1 66.33.60.67 16509 (AMAZON-02)
4 13.107.246.45 8075 (MICROSOFT...)
8 216.239.32.178 15169 (GOOGLE)
2 216.239.34.181 15169 (GOOGLE)
1 108.177.15.154 15169 (GOOGLE)
1 142.250.186.163 15169 (GOOGLE)
1 142.250.74.196 15169 (GOOGLE)
1 184.24.77.20 20940 (AKAMAI-AS...)
2 151.101.129.140 54113 (FASTLY)
1 142.250.186.42 15169 (GOOGLE)
1 104.16.160.168 13335 (CLOUDFLAR...)
1 172.64.147.16 13335 (CLOUDFLAR...)
1 104.17.223.152 13335 (CLOUDFLAR...)
3 52.152.143.207 8075 (MICROSOFT...)
2 151.101.1.140 54113 (FASTLY)
1 104.26.12.205 13335 (CLOUDFLAR...)
2 5 150.171.22.12 8075 (MICROSOFT...)
1 1 172.64.146.215 13335 (CLOUDFLAR...)
1 104.18.244.108 13335 (CLOUDFLAR...)
2 34.74.151.231 396982 (GOOGLE-CL...)
59 26
2    104.26.15.226 (None, )

ASN13335 (CLOUDFLARENET, US)
cloudsek.com
www.cloudsek.com
8    104.18.161.117 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.prod.website-files.com
7    142.250.185.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f8.1e100.net
www.googletagmanager.com
2    18.245.60.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-82.fra60.r.cloudfront.net
pxl.sprouts.ai
1    18.244.20.134 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-20-134.fra56.r.cloudfront.net
d3e54v103j8qbb.cloudfront.net
2    104.16.139.209 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
1    66.33.60.67 (United States)

ASN16509 (AMAZON-02, US)
hubspotonwebflow.com
4    13.107.246.45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
8    216.239.32.178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    216.239.34.181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    108.177.15.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wr-in-f154.1e100.net
stats.g.doubleclick.net
1    142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net
www.google.co.il
1    142.250.74.196 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f4.1e100.net
www.google.com
1    184.24.77.20 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a184-24-77-20.deploy.static.akamaitechnologies.com
snap.licdn.com
2    151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
1    142.250.186.42 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f10.1e100.net
ajax.googleapis.com
1    104.16.160.168 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    172.64.147.16 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    104.17.223.152 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
3    52.152.143.207 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
o.clarity.ms
2    151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
pixel-config.reddit.com
alb.reddit.com
1    104.26.12.205 (None, )

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
5    150.171.22.12 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    172.64.146.215 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
www.linkedin.com
1    104.18.244.108 (None, )

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
2    34.74.151.231 (North Charleston, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.151.74.34.bc.googleusercontent.com
wa.sprouts.ai
Apex Domain
Subdomains		 Transfer
8 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 59
103 KB
8 website-files.com
cdn.prod.website-files.com — Cisco Umbrella Rank: 6163
432 KB
7 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 691
o.clarity.ms — Cisco Umbrella Rank: 7222
34 KB
7 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 58
718 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 377
www.linkedin.com — Cisco Umbrella Rank: 777
4 KB
4 sprouts.ai
pxl.sprouts.ai — Cisco Umbrella Rank: 602406
wa.sprouts.ai
16 KB
3 google.com
analytics.google.com — Cisco Umbrella Rank: 167
www.google.com — Cisco Umbrella Rank: 3
2 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 1839
alb.reddit.com — Cisco Umbrella Rank: 1135
790 B
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1065
20 KB
2 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2832
1 KB
2 cloudsek.com
cloudsek.com — Cisco Umbrella Rank: 843276
www.cloudsek.com
6 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 4093
1 KB
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 1719
317 B
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3758
4 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2473
25 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2490
25 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 477
30 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1083
15 KB
1 google.co.il
www.google.co.il — Cisco Umbrella Rank: 25247
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 171
549 B
1 hubspotonwebflow.com
hubspotonwebflow.com — Cisco Umbrella Rank: 37237
3 KB
1 cloudfront.net
d3e54v103j8qbb.cloudfront.net
30 KB
0 cdn-cookieyes.com Failed
cdn-cookieyes.com Failed
59 23
Domain Requested by
8 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.cloudsek.com
8 cdn.prod.website-files.com www.cloudsek.com
cdn.prod.website-files.com
7 www.googletagmanager.com www.cloudsek.com
www.googletagmanager.com
js.hsadspixel.net
5 px.ads.linkedin.com 2 redirects snap.licdn.com
www.cloudsek.com
4 www.clarity.ms www.cloudsek.com
www.clarity.ms
3 o.clarity.ms www.clarity.ms
2 wa.sprouts.ai ajax.googleapis.com
2 www.redditstatic.com www.googletagmanager.com
www.redditstatic.com
2 analytics.google.com www.googletagmanager.com
2 js.hs-scripts.com www.cloudsek.com
2 pxl.sprouts.ai www.cloudsek.com
pxl.sprouts.ai
1 api.hubapi.com js.hsadspixel.net
1 www.linkedin.com 1 redirects
1 api.ipify.org ajax.googleapis.com
1 alb.reddit.com www.cloudsek.com
1 pixel-config.reddit.com www.redditstatic.com
1 js.hsadspixel.net js.hs-scripts.com
1 js.hs-banner.com js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 ajax.googleapis.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 www.google.com www.googletagmanager.com
1 www.google.co.il www.cloudsek.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 hubspotonwebflow.com www.cloudsek.com
1 d3e54v103j8qbb.cloudfront.net www.cloudsek.com
1 www.cloudsek.com
1 cloudsek.com 1 redirects
0 cdn-cookieyes.com Failed www.googletagmanager.com
59 29

This site contains no links.

Subject Issuer Validity Valid
cloudsek.com
WE1		 2025-03-19 -
2025-06-17		 3 months crt.sh
prod.website-files.com
WE1		 2025-04-16 -
2025-07-15		 3 months crt.sh
*.google-analytics.com
WE2		 2025-04-21 -
2025-07-14		 3 months crt.sh
pxl.sprouts.ai
Amazon RSA 2048 M03		 2024-10-12 -
2025-11-10		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
hs-scripts.com
WE1		 2025-03-22 -
2025-06-20		 3 months crt.sh
*.hubspotonwebflow.com
R10		 2025-04-02 -
2025-07-01		 3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2024-09-04 -
2025-09-04		 a year crt.sh
*.google.com
WR2		 2025-04-21 -
2025-07-14		 3 months crt.sh
*.g.doubleclick.net
WR2		 2025-04-21 -
2025-07-14		 3 months crt.sh
*.google.co.il
WE2		 2025-04-21 -
2025-07-14		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2024-12-13 -
2025-12-12		 a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-24 -
2025-08-22		 6 months crt.sh
upload.video.google.com
WE2		 2025-04-21 -
2025-07-14		 3 months crt.sh
hs-analytics.net
WE1		 2025-04-02 -
2025-07-01		 3 months crt.sh
hs-banner.com
WE1		 2025-03-20 -
2025-06-18		 3 months crt.sh
hsadspixel.net
WE1		 2025-04-05 -
2025-07-04		 3 months crt.sh
a.clarity.ms
Microsoft Azure RSA TLS Issuing CA 08		 2024-06-23 -
2025-06-18		 a year crt.sh
*.reddit.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-02-27 -
2025-08-25		 6 months crt.sh
ipify.org
WE1		 2025-05-09 -
2025-08-07		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2025-03-16 -
2025-09-16		 6 months crt.sh
hubapi.com
WE1		 2025-05-03 -
2025-08-01		 3 months crt.sh
wa.sprouts.ai
E6		 2025-03-07 -
2025-06-05		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Frame ID: 72900ED3252E4ECE748CCB80D779F822
Requests: 57 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/5570/sw_iframe.html?origin=https%3A%2F%2Fwww.cloudsek.com
Frame ID: 3CBB2FA925F6A5C3C6E518459D53774B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Not Found

Page URL History Show full URLs

  1. http://cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe... HTTP 307
    https://cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe... HTTP 301
    https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

59
Requests

97 %
HTTPS

0 %
IPv6

23
Domains

29
Subdomains

26
IPs

3
Countries

1465 kB
Transfer

4941 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group. HTTP 307
    https://cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group. HTTP 301
    https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group. Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 51
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=676963&time=1746989118445&li_adsId=6c7a58c8-b5d3-469e-ba29-e52645d8a1c8&url=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.%23ur&tm=gtmv2 HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=676963&time=1746989118445&li_adsId=6c7a58c8-b5d3-469e-ba29-e52645d8a1c8&url=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.%23ur&tm=gtmv2&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D676963%26time%3D1746989118445%26li_adsId%3D6c7a58c8-b5d3-469e-ba29-e52645d8a1c8%26url%3Dhttps%253A%252F%252Fwww.cloudsek.com%252Fthreatintelligence%252Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.%2523ur%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=676963&time=1746989118445&li_adsId=6c7a58c8-b5d3-469e-ba29-e52645d8a1c8&url=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.%23ur&tm=gtmv2&cookiesTest=true&liSync=true

59 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
www.cloudsek.com/threatintelligence/
Redirect Chain
  • http://cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
  • https://cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
  • https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.15.226 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
179a35617ff456225d5d8c2ccce4144f64bfc516ba85a5cdc2ae5a6c3612a01e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=5184000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

age
3162
alt-svc
h3=":443"; ma=86400
cache-control
max-age=43200
cf-cache-status
DYNAMIC
cf-ray
93e3d50cd9c56349-LHR
content-encoding
br
content-security-policy
frame-ancestors 'self'
content-type
text/html
date
Sun, 11 May 2025 18:45:14 GMT
last-modified
Mon, 05 May 2025 08:26:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UiXGY5I%2B2qVNkjwuhNYT6WgYLzDj5IUw38uIrPvYQW1q%2FKThIBJw8Dz4cgDMwkNQKp3X4br%2BTjfWrL0Wr8%2B53NsL5s6azFJi0flx%2B86ncu791koqFqdSCvKS0U40lWax1WY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=70076&min_rtt=69671&rtt_var=6527&sent=8&recv=14&lost=0&retrans=0&sent_bytes=5053&recv_bytes=2599&delivery_rate=54443&cwnd=237&unsent_bytes=0&cid=79d3b20efbe76f7e&ts=470&x=0"
strict-transport-security
max-age=5184000; includeSubDomains; preload
surrogate-control
max-age=432000
surrogate-key
www.cloudsek.com 634fc5026f66af518e897c77 pageId:643d86bee57109b20ce50702 643d86bee571098481e506a1 643d86bee571098481e506a1 643d86bee571096b3be5069d 643d86bee57109fb42e506a6
vary
Accept-Encoding
x-cluster-name
eu-west-1-prod-hosting-red
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-ray
93e3d50ba8b56349-LHR
content-length
167
content-type
text/html
date
Sun, 11 May 2025 18:45:14 GMT
expires
Sun, 11 May 2025 19:45:14 GMT
location
https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FLxpFsgWMMNFwHl1F%2FygqzuaavCuVSfEOfG7TjsYFaFHYPoFUJn5FlxrLbzRXwsN6WW7JejrYAoHj4aSd%2FJdn2kX3hD7qew20%2FC0Q7sWZ9LNkj9MiXY%2ByINmr%2FG1Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=70185&min_rtt=69879&rtt_var=15110&sent=5&recv=9&lost=0&retrans=0&sent_bytes=4034&recv_bytes=2409&delivery_rate=54443&cwnd=234&unsent_bytes=0&cid=79d3b20efbe76f7e&ts=173&x=0"
strict-transport-security
max-age=5184000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
cloudsek-website.webflow.shared.618f93e5e.css
cdn.prod.website-files.com/634fc5026f66af518e897c77/css/ 		731 KB
102 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/634fc5026f66af518e897c77/css/cloudsek-website.webflow.shared.618f93e5e.css
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.161.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33bdc71a28306efd4276028e91bc996c3523bd666e3572772ad7eb0cd980dc8e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"618f93e5e33319ace91c7e39603703d0"
x-amz-version-id
iz7310nt_8DHhXNcYkn9dVxpelAYfweo
age
49466
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 11 May 2025 18:45:14 GMT
content-type
text/css
last-modified
Mon, 05 May 2025 08:26:28 GMT
vary
Accept-Encoding
priority
u=0,i=?0
x-amz-id-2
dywTLTnypJK/UQaVcSwTEXVEVKFV/Vftoqq79y6obOS5H+fp+xiGk6jJjH3LUh59Ec90dTo0E/4=
cache-control
public, max-age=31536000, immutable
x-amz-request-id
1AFP4HKDHYA9RMME
cf-ray
93e3d50f5b46c227-TLV
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
js
www.googletagmanager.com/gtag/ 		248 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-132848044-1
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
35c814118f2ffe0743ba5c64b752f86644a7e9100dc01d3a026cdfdce019f766
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
expires
Sun, 11 May 2025 18:45:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:14 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 11 May 2025 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1075:0
content-length
90404
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		422 KB
139 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CVBS2RDPRJ
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
b52fa22fce527247b05c3f1891962dcca91723ff4028d101daf84f4dda1f4a81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
expires
Sun, 11 May 2025 18:45:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:15 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1075:0
content-length
142517
x-xss-protection
0
server
Google Tag Manager
pixelV3.js
pxl.sprouts.ai/latest/ 		51 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pxl.sprouts.ai/latest/pixelV3.js?id=de4742baf9ae0326740152eb49dea10c
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-82.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3c6f45b4cbbc7b6ca27080f97fbdf67fb2b080cc15e6adc0e211729631b05b65

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

vary
accept-encoding, Origin
content-encoding
br
etag
W/"fd218e10eced6dbe38889b07db770bfa"
x-amz-version-id
kHMVz5Su.05Hs3JyVewjVR8lHer.ZEqS
age
49696
via
1.1 671c13f54b1ad36c801a07e5c548b1c8.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
L83R-WbG6cLvmxGnwkxR_qKDxjn4SIspuwkyiqkUbpuwcYOReMaVJg==
date
Sun, 11 May 2025 04:57:00 GMT
content-type
application/javascript
last-modified
Tue, 11 Mar 2025 04:57:13 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
634fc9354ba9486197b82cef_CloudSEK%20Logo.svg
cdn.prod.website-files.com/634fc5026f66af518e897c77/ 		29 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.website-files.com/634fc5026f66af518e897c77/634fc9354ba9486197b82cef_CloudSEK%20Logo.svg
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.161.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfee4d66f96122fd139c7f82cbd1b8c2f81e833777222320a5a09a56ea004822

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6a765582d19b66fa26737cdb365abc8f"
x-amz-version-id
1y8m8PHlSrDC.Gjo5yeJ43vvfDPY6Ddj
age
49461
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 11 May 2025 18:45:14 GMT
content-type
image/svg+xml
last-modified
Wed, 19 Oct 2022 09:54:00 GMT
vary
Accept-Encoding
priority
u=2,i
x-amz-id-2
ciTtD/x/LlxhIDiMIBDe9XbG4GbSQBPpYP67uEV9BAqNZ3wcHdAqNWyVOxTLpzm/WWeg4cV3CnI=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
XVH5NF8BS2KZ98S8
cf-ray
93e3d50f5b48c227-TLV
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
63b9c5349d70bb8c86cbb683_line-rounded-chevron-down-black-brix-templates.svg
cdn.prod.website-files.com/634fc5026f66af518e897c77/ 		240 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.website-files.com/634fc5026f66af518e897c77/63b9c5349d70bb8c86cbb683_line-rounded-chevron-down-black-brix-templates.svg
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.161.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae4b99a94a78a1820af004cee6989dc4e641216cb10b684deef3ed11f896d612

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"23be7ec4027fee3a1a05ca5a93da7186"
x-amz-version-id
2BlGQjDdgjnNyjDgWXZjMDzN_KOfapYu
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 11 May 2025 18:45:15 GMT
content-type
image/svg+xml
last-modified
Sat, 07 Jan 2023 19:17:09 GMT
vary
Accept-Encoding
priority
u=2,i
x-amz-id-2
mYA12J8j3MEfrcUpJrUcIW0nKZYHyfYFDHO8FIcrZDoOFnNTktl4JclvmgyJ8/KpBSzFPy3VmbiupySkJ8FYcNTnOAVlkkWD
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
AAJTPHFEHYE90KMN
cf-ray
93e3d50f5b49c227-TLV
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
jquery-3.5.1.min.dc5e7f18c8.js
d3e54v103j8qbb.cloudfront.net/js/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=634fc5026f66af518e897c77
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.20.134 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-20-134.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin
https://www.cloudsek.com
Referer
https://www.cloudsek.com/

Response headers

access-control-max-age
3000
content-encoding
br
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
age
28397
access-control-allow-methods
GET
x-cache
Hit from cloudfront
x-amz-cf-id
1QAQHP2HwBrOswPKSVAvHyAFj9xfm4Z1sevDIIM71bS2pTt2j4QaMg==
date
Sun, 11 May 2025 10:51:59 GMT
content-type
application/javascript
last-modified
Mon, 20 Jul 2020 17:53:02 GMT
vary
accept-encoding
cache-control
max-age=84600, must-revalidate
via
1.1 11c65b00bf7f76c861a15dcad5558b9c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P11
server
AmazonS3
webflow.schunk.4a394eb5af8156f2.js
cdn.prod.website-files.com/634fc5026f66af518e897c77/js/ 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/634fc5026f66af518e897c77/js/webflow.schunk.4a394eb5af8156f2.js
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.161.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e227ef2ec8b04995202d6dc049168f8223255629dbb0228a69a60123fdbb6b5f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"5154e20a9d412ca0eb2175c9e8adbc17"
x-amz-version-id
Az3eIE9E7VLUK9Dmu.jvWpyuBKTl22gt
age
49467
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 11 May 2025 18:45:15 GMT
content-type
text/javascript
last-modified
Tue, 29 Apr 2025 10:27:55 GMT
vary
Accept-Encoding
priority
u=2,i=?0
x-amz-id-2
guDVeWt2tbiZJRpafX97GPfXmF8qPntCw4ARAzhKig0kqkncoZlnJOewE+AP4+r2AWqr8VFdhn8=
cache-control
public, max-age=31536000, immutable
x-amz-request-id
PZK9EZMNSTQCYP1J
cf-ray
93e3d511ce84c227-TLV
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
webflow.schunk.bf62eba97d58c901.js
cdn.prod.website-files.com/634fc5026f66af518e897c77/js/ 		899 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/634fc5026f66af518e897c77/js/webflow.schunk.bf62eba97d58c901.js
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.161.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81fe09fa1a472341278c2acf0ebc47456283009ca666bf2fadaf56dec6e584c0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"df2dec2a56430bdeb9f2ce418724e6a8"
x-amz-version-id
xJkz72ix4zvX7MqyDviipMhb8URIyDl9
age
49467
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 11 May 2025 18:45:15 GMT
content-type
text/javascript
last-modified
Tue, 29 Apr 2025 10:26:46 GMT
vary
Accept-Encoding
priority
u=2,i=?0
x-amz-id-2
viO0nONm8EShMPOVSbZLgMD4uFJeQ3wXA5ktPpWXH+kc2RFvnPDtuBrtesWpdoXh18u5bbiGF/8=
cache-control
public, max-age=31536000, immutable
x-amz-request-id
DGW5DFEXV0FNPVBF
cf-ray
93e3d511ce87c227-TLV
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
webflow.8a2260d0.50a79522c37a272c.js
cdn.prod.website-files.com/634fc5026f66af518e897c77/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/634fc5026f66af518e897c77/js/webflow.8a2260d0.50a79522c37a272c.js
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.161.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
851286f1d5b953b556aeddbf5f384b05e41253f905e4efa5c40f189c88b238d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"e8bce9b042fbab6e95df5b482fe72705"
x-amz-version-id
F94HrAtFVyFPk3E6hCUpQawJoiBttdhC
age
49467
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 11 May 2025 18:45:15 GMT
content-type
text/javascript
last-modified
Mon, 05 May 2025 08:26:28 GMT
vary
Accept-Encoding
priority
u=2,i=?0
x-amz-id-2
BDG1dUW9tMMsZMIVNLPjOql5GA+VXEI91L0pvrruANS5H6eKHxHfJfmX/KAPzbhpfgLdFB4wW1Y=
cache-control
public, max-age=31536000, immutable
x-amz-request-id
0YCVB9TT3EPDQDPA
cf-ray
93e3d511ce88c227-TLV
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
7140541.js
js.hs-scripts.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/7140541.js
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.139.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a2ab724ab7a4226a4caa8baac0fd539c9948202629a7f0aa54d23a4de38e4c1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

access-control-max-age
3600
content-encoding
gzip
cf-cache-status
EXPIRED
x-content-type-options
nosniff
expires
Sun, 11 May 2025 18:46:45 GMT
date
Sun, 11 May 2025 18:45:15 GMT
x-hubspot-correlation-id
28747d41-a8bd-4ced-94cf-831604f12e10
content-type
application/javascript;charset=utf-8
vary
origin, Accept-Encoding
last-modified
Sun, 11 May 2025 18:45:15 GMT
cache-control
public, max-age=90
access-control-allow-credentials
true
cf-ray
93e3d512e816c227-TLV
accept-ranges
bytes
access-control-allow-origin
https://www.cloudsek.com
content-length
584
server
cloudflare
form-124.js
hubspotonwebflow.com/assets/js/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hubspotonwebflow.com/assets/js/form-124.js
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.33.60.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
10ef3ba5308697292067120aee8cea7f3341a9a5e691475bc4a29805a5194939
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin
https://www.cloudsek.com
Referer
https://www.cloudsek.com/

Response headers

strict-transport-security
max-age=63072000
cache-control
public, max-age=0, must-revalidate
content-encoding
br
x-vercel-cache
HIT
etag
W/"392ca1f460caa2aa9439969a89f31c13"
age
452577
x-matched-path
/assets/js/form-124.js
access-control-allow-origin
*
date
Sun, 11 May 2025 18:45:15 GMT
content-disposition
inline; filename="form-124.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Mon, 05 May 2025 23:32:24 GMT
x-vercel-id
fra1::2c8vv-1746989115513-957a00363373
gtm.js
www.googletagmanager.com/ 		353 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PQDP7HJ
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
2320b22952c66ad704b5c2b28650611869fa5257b5965f6ce5d994ad8bcf54ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1317:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1317:0"}],}
expires
Sun, 11 May 2025 18:45:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:15 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 11 May 2025 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1317:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1317:0
content-length
124091
x-xss-protection
0
server
Google Tag Manager
frgg3qg64j
www.clarity.ms/tag/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/frgg3qg64j
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ad4a49e396b83419c96e9236ad1bd363a69888fae692f24b1c5da04716b92e6a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
no-cache, no-store
request-context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
expires
-1
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
1051
date
Sun, 11 May 2025 18:45:15 GMT
content-type
application/x-javascript
x-azure-ref
20250511T184515Z-18567c49d67dflkshC1TLVc7m400000001s00000000068k7
642561ee7bbcb7a9a37f5b45_Roboto-Regular.ttf
cdn.prod.website-files.com/634fc5026f66af518e897c77/ 		164 KB
165 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/634fc5026f66af518e897c77/642561ee7bbcb7a9a37f5b45_Roboto-Regular.ttf
Requested by
Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/634fc5026f66af518e897c77/css/cloudsek-website.webflow.shared.618f93e5e.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.161.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin
https://www.cloudsek.com
Referer
https://cdn.prod.website-files.com/634fc5026f66af518e897c77/css/cloudsek-website.webflow.shared.618f93e5e.css

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"8a36205bd9b83e03af0591a004bc97f4"
x-amz-version-id
Y8vb8dPs5LUQDeXxj3WtLYqDB1wKG.wf
age
2030063
access-control-allow-methods
GET, HEAD
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 11 May 2025 18:45:15 GMT
content-type
application/x-font-ttf
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Thu, 30 Mar 2023 10:18:26 GMT
x-amz-id-2
BeRnC2oLSMALpZV+rsmnTgvs0yH7NVUx3tC0b5z7DME+2a74dMMBUauLpBDUZmxgzxRlVpQo6s0=
priority
u=0,i=?0
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
XVHFKV900W884Q5D
cf-ray
93e3d5147d2011b1-MRS
accept-ranges
bytes
access-control-allow-origin
*
content-length
168260
server
cloudflare
x-amz-server-side-encryption
AES256
647d93f0b98efe77b93c5a8f_cloudsek---404-p-800.webp
cdn.prod.website-files.com/634fc5026f66af518e897c77/ 		58 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.website-files.com/634fc5026f66af518e897c77/647d93f0b98efe77b93c5a8f_cloudsek---404-p-800.webp
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.161.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f38c671da7e60a1155cc9f8de4ffe547899dea2f2b6eff092f30f168b9d64a19

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cf-cache-status
HIT
etag
"aaab409d33440213513a565ecf2c8f6d"
x-amz-version-id
fHHLOSu2xJmRa.tbcju66BKq.hnzO_Np
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 11 May 2025 18:45:15 GMT
content-type
image/webp
last-modified
Mon, 05 Jun 2023 07:51:17 GMT
vary
Accept-Encoding
priority
u=3,i
x-amz-id-2
Qx5Jofa6TEYs6W/X6AYsNLyq+wnHx6fyHO1MWThTnLl4nVQ8XGfmG61IwxW0jpogZSO+XguKPwA=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
1WEH5WGMGMBJ7NQF
cf-ray
93e3d511ce8dc227-TLV
accept-ranges
bytes
access-control-allow-origin
*
content-length
59650
server
cloudflare
x-amz-server-side-encryption
AES256
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-132848044-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
gzip
age
2003
report-to
{"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Sun, 11 May 2025 20:11:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:11:52 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:225:0
content-length
20994
server
Golfe2
js
www.googletagmanager.com/gtag/ 		422 KB
139 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CVBS2RDPRJ&cx=c&gtm=457e5571za200&tag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-132848044-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
491fd2502dec4e9727b33d261ec8fc9590772a2b31638f678ec85afe82f8bff9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
expires
Sun, 11 May 2025 18:45:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:15 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1075:0
content-length
142592
x-xss-protection
0
server
Google Tag Manager
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-CVBS2RDPRJ&gtm=45je5571v887596358za200&_p=1746989115117&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&gdid=dZGVlNj&cid=1449995356.1746989115&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1746989115&sct=1&seg=0&dl=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.&dt=Not%20Found&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-P8TZM5T&tfd=1687
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CVBS2RDPRJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:153:0
report-to
{"group":"ascnsrsggc:153:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:153:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.cloudsek.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:153:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:15 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
549 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-CVBS2RDPRJ&cid=1449995356.1746989115&gtm=45je5571v887596358za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CVBS2RDPRJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.177.15.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wr-in-f154.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:122:0
report-to
{"group":"ascnsrsggc:122:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:122:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.cloudsek.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:122:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:17 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.co.il/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.il/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-CVBS2RDPRJ&cid=1449995356.1746989115&gtm=45je5571v887596358za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&z=902862832
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sun, 11 May 2025 18:45:16 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
www.google.com/ccm/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.&scrsrc=www.googletagmanager.com&frm=0&rnd=1413775014.1746989115&dt=Not%20Found&auid=966769519.1746989115&navt=n&npa=0&gtm=45He5571v830341218za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116&tft=1746989115491&tfd=1712&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQDP7HJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.196 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f4.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers
analytics.js
www.google-analytics.com/ 		52 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQDP7HJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
gzip
age
2003
report-to
{"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Sun, 11 May 2025 20:11:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:11:52 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:225:0
content-length
20994
server
Golfe2
insight.min.js
snap.licdn.com/li.lms-analytics/ 		40 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQDP7HJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.24.77.20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a184-24-77-20.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a7b5e1c57e7ece60f525fb37a3e9e944d65112878b92ddfdca9c242955953b1d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
max-age=86400
content-encoding
gzip
x-cdn-proto
HTTP2
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=93600,h3-29=":443"; ma=93600,quic=":443"; ma=93600; v="43"
content-length
14643
date
Sun, 11 May 2025 18:45:18 GMT
last-modified
Thu, 24 Apr 2025 09:11:21 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
pixel.js
www.redditstatic.com/ads/ 		67 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQDP7HJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
32381af77f65ff6b4b562c4ea846edc57ae7e5b7bff1e651c7d799e4003d5929

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
public, max-age=60
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
etag
"d86b92a48ab44b31d05310ed30d35a6e"
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
18700
date
Sun, 11 May 2025 18:45:15 GMT
last-modified
Thu, 08 May 2025 17:26:41 GMT
content-type
application/javascript
vary
Accept-Encoding,Origin
server
snooserv
x-amz-server-side-encryption
AES256
script.js
cdn-cookieyes.com/client_data/18125550f3691a0126bcd541/ 		0
0
frgezfwt0f
www.clarity.ms/tag/ 		665 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/frgezfwt0f?ref=bwt
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2ca2ada06f63f91cb38a54c4aeee629f50bae22e37a7705c5e8e36407006c261

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
no-cache, no-store
request-context
appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
expires
-1
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
665
date
Sun, 11 May 2025 18:45:15 GMT
content-type
application/x-javascript
x-azure-ref
20250511T184515Z-18567c49d67dflkshC1TLVc7m400000001s00000000068kg
frgg3qg64j
www.clarity.ms/tag/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/frgg3qg64j?ref=gtm2
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ad4a49e396b83419c96e9236ad1bd363a69888fae692f24b1c5da04716b92e6a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
no-cache, no-store
request-context
appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
expires
-1
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
1051
date
Sun, 11 May 2025 18:45:15 GMT
content-type
application/x-javascript
x-azure-ref
20250511T184515Z-18567c49d67dflkshC1TLVc7m400000001s00000000068kh
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQDP7HJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.42 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f10.1e100.net
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
gzip
age
144352
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Sun, 10 May 2026 02:39:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 10 May 2025 02:39:26 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
30306
x-xss-protection
0
server
sffe
sw_iframe.html
www.googletagmanager.com/static/service_worker/5570/ Frame 3CBB 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/static/service_worker/5570/sw_iframe.html?origin=https%3A%2F%2Fwww.cloudsek.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQDP7HJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f8.1e100.net
Software
sffe /
Resource Hash
d36b373b44b77f016e4b7df913ba2da2a8025456f016bc794861f210c0e3ada3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
97686
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1482
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Sat, 10 May 2025 15:37:13 GMT
expires
Sun, 10 May 2026 15:37:13 GMT
last-modified
Wed, 07 May 2025 08:58:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
7140541.js
js.hs-analytics.net/analytics/1746989100000/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1746989100000/7140541.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7140541.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.160.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f6d5be410ca926f053d34a8cf06322234d649c146f5ddba73664915f3645b82

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

x-amz-server-side-encryption
AES256
x-request-id
a5041ff5-7cdf-4396-928c-5bb50d1701b6
content-encoding
gzip
cf-cache-status
MISS
etag
W/"c2664f5904ae4836ddfd715c7035a6b3"
x-amz-version-id
null
expires
Sun, 11 May 2025 18:50:17 GMT
x-evy-trace-listener
listener_https
date
Sun, 11 May 2025 18:45:17 GMT
x-hubspot-correlation-id
a5041ff5-7cdf-4396-928c-5bb50d1701b6
content-type
text/javascript
last-modified
Fri, 02 May 2025 21:50:49 GMT
vary
origin, Accept-Encoding
x-amz-id-2
9BaY0L8CTtW5xgXIvczc/s6RcCTi1CGfCD0ajmXCdeFht4QQSFJdkgIaFMFSzudcz9SExnLT8GKHPvEY3IkFHnIjQWfTpDhJ
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=300,public
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-fbbff5ddb-x8pgv
x-envoy-upstream-service-time
24
access-control-allow-credentials
false
x-amz-request-id
2XTQHH25ZT7QVY6P
cf-ray
93e3d51d1db17d95-TLV
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
banner.js
js.hs-banner.com/v2/7140541/ 		68 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/7140541/banner.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7140541.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b18288cd559e1a6531daee91129ce2acfd75c9000023e8f9a3ec2058a6f4092

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

x-evy-trace-virtual-host
all
access-control-max-age
604800
x-request-id
50833532-530d-40ed-9378-e2e64c3863f4
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding
gzip
cf-cache-status
HIT
etag
W/"1eac081fa348b5657574c3d1e0ec9ea5"
x-amz-version-id
5B2IU1NCOj3W1_vbuvwb_ADz95vm0.rh
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires
Sun, 11 May 2025 18:45:19 GMT
x-evy-trace-listener
listener_https
date
Sun, 11 May 2025 18:45:16 GMT
x-hubspot-correlation-id
50833532-530d-40ed-9378-e2e64c3863f4
content-type
text/javascript; charset=UTF-8
last-modified
Fri, 18 Apr 2025 15:11:33 GMT
vary
origin, Accept-Encoding
x-amz-id-2
3Kq69JFlg1w+IeeyATD7urINBm/rLx+IZ/PJOmhA/RvzlywMowpiGK0Hucqu9WENEG2QRUAZrO8=
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=300,public
timing-allow-origin
*
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-fbbff5ddb-q48mf
x-envoy-upstream-service-time
77
access-control-allow-credentials
true
x-amz-request-id
GR6YBF623MGK01XZ
cf-ray
93e3d5176a32c222-TLV
access-control-allow-origin
https://www.cloudsek.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-amz-server-side-encryption
AES256
fb.js
js.hsadspixel.net/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7140541.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.223.152 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b7cb5adc6287a6ca9601bdaa5bda25bcff5e178a09c5a495bde79b23872091
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

x-evy-trace-virtual-host
all
x-request-id
4bed04de-f7c8-49aa-b98a-fb6192ebee3c
content-encoding
gzip
cf-cache-status
HIT
etag
W/"4b9c35ed202a21a40ceaee60a9f14b0b"
x-amz-version-id
_ydU6ctpjS76W1VAP.2WZwczKvlKuoHt
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age
36
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-hs-cache-status
HIT
x-amz-cf-id
QxKeep2A4MnA5GiuoS28LovyhiOTE_-wP5owJXSQXwLUcsq87xe3fw==
date
Sun, 11 May 2025 18:45:19 GMT
x-hubspot-correlation-id
4bed04de-f7c8-49aa-b98a-fb6192ebee3c
content-type
application/javascript; charset=utf-8
last-modified
Fri, 09 May 2025 18:19:02 UTC
vary
accept-encoding
x-evy-trace-listener
listener_https
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-554d564d77-f6xtl
x-envoy-upstream-service-time
0
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.1871/bundles/pixels-release.js&cfRay=93d342bbda0ab4b5-WAW
via
1.1 76e55a2361219fb19722e949475d1844.cloudfront.net (CloudFront)
cf-ray
93e3d52e2fb97da1-TLV
x-evy-trace-route-configuration
listener_https/all
x-hs-target-asset
adsscriptloaderstatic/static-1.1871/bundles/pixels-release.js
x-amz-cf-pop
IAD12-P3
server
cloudflare
x-amz-server-side-encryption
AES256
clarity.js
www.clarity.ms/s/0.8.9/ 		71 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.8.9/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/frgg3qg64j
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
084071240372dd7551408ffeb5c5b374d183118aa1e4030419138fbea2551356

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

x-azure-ref
20250511T184515Z-18567c49d67dflkshC1TLVc7m400000001s00000000068md
cache-control
public, max-age=86400
x-ms-version
2018-03-28
content-encoding
br
etag
W/"0x8DD9085656BF5E5"
x-fd-int-roxy-purgeid
79034942
x-ms-request-id
6fa9c239-201e-0051-2b81-c2b357000000
access-control-allow-origin
*
x-cache
TCP_HIT
date
Sun, 11 May 2025 18:45:15 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
last-modified
Sun, 11 May 2025 12:14:36 GMT
7140541.js
js.hs-scripts.com/ 		1 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/7140541.js
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.139.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a2ab724ab7a4226a4caa8baac0fd539c9948202629a7f0aa54d23a4de38e4c1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

access-control-max-age
3600
content-encoding
gzip
cf-cache-status
EXPIRED
x-content-type-options
nosniff
expires
Sun, 11 May 2025 18:46:45 GMT
date
Sun, 11 May 2025 18:45:15 GMT
x-hubspot-correlation-id
28747d41-a8bd-4ced-94cf-831604f12e10
content-type
application/javascript;charset=utf-8
vary
origin, Accept-Encoding
last-modified
Sun, 11 May 2025 18:45:15 GMT
cache-control
public, max-age=90
access-control-allow-credentials
true
cf-ray
93e3d512e816c227-TLV
accept-ranges
bytes
access-control-allow-origin
https://www.cloudsek.com
content-length
584
server
cloudflare
de4742baf9ae0326740152eb49dea10c.json
pxl.sprouts.ai/config/ 		25 B
488 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pxl.sprouts.ai/config/de4742baf9ae0326740152eb49dea10c.json
Requested by
Host: pxl.sprouts.ai
URL: https://pxl.sprouts.ai/latest/pixelV3.js?id=de4742baf9ae0326740152eb49dea10c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-82.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
12f308903a78c6b2d348976a9048dae40d8eb71d1dbbb7ad2334f26080030154

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

access-control-expose-headers
*
x-amz-version-id
Y9JtfcVJUxrrXWd9tNAPXVDddDszWhAU
etag
"95acb64f8fbc3e9b3be5ddf23046c93c"
age
58560
x-cache
Hit from cloudfront
x-amz-cf-id
4oNQoQ7ZdD8KmpZSE1SsupfrnjKWbjLV7KPKccPH0e0MUn6R6ZHGoQ==
date
Sun, 11 May 2025 02:29:22 GMT
content-type
application/json
vary
accept-encoding
last-modified
Tue, 08 Oct 2024 06:07:00 GMT
via
1.1 6ce3814cb60a4c907ac701e60e4c1e5a.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
25
x-amz-cf-pop
FRA60-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
collect
o.clarity.ms/ 		0
280 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://o.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.8.9/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://www.cloudsek.com/

Response headers

Request-Context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
Access-Control-Allow-Origin
https://www.cloudsek.com
Date
Sun, 11 May 2025 18:45:16 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
js
www.google-analytics.com/gtm/ 		230 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-P8TZM5T&t=gtag_UA_132848044_1&cid=1449995356.1746989115
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ff659034f056a55f106fa6e3928c28d72508334a41b86b13477559b570937003
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1310:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1310:0"}],}
expires
Sun, 11 May 2025 18:45:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:16 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 11 May 2025 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1310:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1310:0
content-length
83560
x-xss-protection
0
server
Google Tag Manager
config
pixel-config.reddit.com/pixels/a2_ehgeu6bodaqs/ 		24 B
153 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel-config.reddit.com/pixels/a2_ehgeu6bodaqs/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
5973083c86dace45db1a3572fd6bf552af4cc9ce82729e02a9ade8195c3a94cc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
max-age=14400
content-encoding
gzip
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
48
date
Sun, 11 May 2025 18:45:16 GMT
content-type
application/json
server
snooserv
a2_ehgeu6bodaqs_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_ehgeu6bodaqs_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
max-age=300
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
98
date
Sun, 11 May 2025 18:45:18 GMT
content-type
application/json
vary
Accept-Encoding,Origin
server
snooserv
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1746989116130&id=a2_ehgeu6bodaqs&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=dca6c2d6-8259-4470-bc3e-54e3f9309431&aaid=&em=&pn=&external_id=&idfa=&integration=gtm&partner=&opt_out=0&sh=1600&sw=1200&v=rdt_00917691&dpm=&dpcc=&dprc=
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after
0
cross-origin-resource-policy
cross-origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
content-length
42
date
Sun, 11 May 2025 18:45:20 GMT
content-type
image/gif
server
Varnish
collect
www.google-analytics.com/j/ 		1 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1404335182&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.&ul=he-il&de=UTF-8&dt=Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAUADQAAAACAAI~&jid=1866591122&gjid=2022480093&cid=1449995356.1746989115&tid=UA-132848044-1&_gid=669846605.1746989116&_r=1&gtm=457e5571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&jsscut=1&z=130640471
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.cloudsek.com/

Response headers

report-to
{"group":"ascnsrsgac:175:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:16 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://www.cloudsek.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:175:0
content-length
1
server
Golfe2
collect
www.google-analytics.com/j/ 		3 B
26 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1404335182&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.&ul=he-il&de=UTF-8&dt=Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAUADQAAAACAAI~&jid=736435944&gjid=169755680&cid=1449995356.1746989115&tid=UA-132848044-1&_gid=669846605.1746989116&_r=1&_slc=1&gtm=45He5571n81PQDP7HJv830341218za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116&z=736504080
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.cloudsek.com/

Response headers

report-to
{"group":"ascnsrsgac:175:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:16 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://www.cloudsek.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:175:0
content-length
3
server
Golfe2
collect
www.google-analytics.com/ 		35 B
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1404335182&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.&ul=he-il&de=UTF-8&dt=Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Clarity&ea=1d2zudw&_u=aDDAAUADQAAAACAAI~&jid=&gjid=&cid=1449995356.1746989115&tid=UA-132848044-1&_gid=669846605.1746989116&gtm=457e5571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&cd1=https%3A%2F%2Fclarity.microsoft.com%2Fga%2Ffrgg3qg64j%2Fporkx4%2F1d2zudw&z=2038927972
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

age
9627
report-to
{"group":"ascnsrsgac:163:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 16:04:49 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:163:0
content-length
35
server
Golfe2
collect
www.google-analytics.com/ 		35 B
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1404335182&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.&ul=he-il&de=UTF-8&dt=Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Clarity&ea=1d2zudw&_u=aDDAAUADQAAAACAAI~&jid=&gjid=&cid=1449995356.1746989115&tid=UA-132848044-1&_gid=669846605.1746989116&gtm=457e5571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&cd1=https%3A%2F%2Fclarity.microsoft.com%2Fga%2Ffrgg3qg64j%2Fporkx4%2F1d2zudw&z=1490539200
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

age
9627
report-to
{"group":"ascnsrsgac:163:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 16:04:49 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsgac:163:0
content-length
35
server
Golfe2
collect
o.clarity.ms/ 		0
280 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://o.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.8.9/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://www.cloudsek.com/

Response headers

Request-Context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
Access-Control-Allow-Origin
https://www.cloudsek.com
Date
Sun, 11 May 2025 18:45:17 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-CVBS2RDPRJ&gtm=45je5571v887596358za200&_p=1746989115117&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&gdid=dZGVlNj&cid=1449995356.1746989115&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1746989115&sct=1&seg=0&dl=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.&dt=Not%20Found&en=scroll&ep.optimize_id=GTM-P8TZM5T&epn.percent_scrolled=90&_et=4&tfd=4531
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CVBS2RDPRJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:153:0
report-to
{"group":"ascnsrsggc:153:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:153:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.cloudsek.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:153:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:18 GMT
content-type
text/plain
server
Golfe2
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-CVBS2RDPRJ&gtm=45je5571v887596358z8830341218za200&_p=1746989115117&gcs=G100&gcd=13p3p3p3p5l1&npa=1&dma_cps=-&dma=0&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&gdid=dZGVlNj&cid=883088163.1746989118&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=AAAC&_s=3&sid=1746989115&sct=1&seg=0&dl=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.&dt=Not%20Found&_tu=CA&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4531
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CVBS2RDPRJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.32.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:97:0
report-to
{"group":"ascnsrsggc:97:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:97:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.cloudsek.com
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:97:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:18 GMT
content-type
text/plain
server
Golfe2
/
api.ipify.org/ 		22 B
317 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac1c96caae261089f93676bf10491732bea0993514b9e0b378afb4a113580528

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.cloudsek.com/

Response headers

cf-cache-status
DYNAMIC
cf-ray
93e3d5376fb81b35-FRA
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=52694&min_rtt=52459&rtt_var=11282&sent=9&recv=11&lost=0&retrans=0&sent_bytes=3987&recv_bytes=2235&delivery_rate=81435&cwnd=254&unsent_bytes=0&cid=7e97fd68041231e4&ts=353&x=0"
content-length
22
date
Sun, 11 May 2025 18:45:21 GMT
content-type
application/json
vary
Origin
server
cloudflare
/
px.ads.linkedin.com/wa/ 		0
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.cloudsek.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 1BF1975E5F4C4028A8DABBC23B079ABB Ref B: TLV30EDGE0420 Ref C: 2025-05-11T18:45:21Z
x-li-fabric
prod-ltx1
access-control-allow-credentials
true
x-li-uuid
AAY04JoBGLY7wqljNhPt6w==
x-li-proto
http/2
access-control-allow-origin
https://www.cloudsek.com
x-cache
CONFIG_NOCACHE
date
Sun, 11 May 2025 18:45:20 GMT
vary
Origin
attribution_trigger
px.ads.linkedin.com/ 		2 B
762 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=676963&time=1746989118445&url=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.%23ur&tm=gtmv2
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept
*
Referer
https://www.cloudsek.com/

Response headers

x-li-pop
afd-prod-lor1-x
content-encoding
gzip
x-fs-uuid
000634e09a0cfdd8b464f315618e7abe
x-msedge-ref
Ref A: 86DDF0B527674FF0BF39FA0771A9DC64 Ref B: TLV30EDGE0418 Ref C: 2025-05-11T18:45:22Z
x-li-fabric
prod-lor1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAY04JoM/di0ZPMVYY56vg==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Sun, 11 May 2025 18:45:21 GMT
content-type
application/json
access-control-allow-headers
*
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=676963&time=1746989118445&li_adsId=6c7a58c8-b5d3-469e-ba29-e52645d8a1c8&url=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=676963&time=1746989118445&li_adsId=6c7a58c8-b5d3-469e-ba29-e52645d8a1c8&url=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D676963%26time%3D1746989118445%26li_adsId%3D6c7a58c8-b5d3-469e-ba29-e52645d8a1c8%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=676963&time=1746989118445&li_adsId=6c7a58c8-b5d3-469e-ba29-e52645d8a1c8&url=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group...
0
384 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=676963&time=1746989118445&li_adsId=6c7a58c8-b5d3-469e-ba29-e52645d8a1c8&url=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.%23ur&tm=gtmv2&cookiesTest=true&liSync=true
Requested by
Host: www.cloudsek.com
URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.
Protocol
H2
Server
150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 1C136FE3BC3140C889FFD0A62B5367CD Ref B: TLV30EDGE0420 Ref C: 2025-05-11T18:45:22Z
x-li-fabric
prod-ltx1
x-li-uuid
AAY04JoWIp6y5iPx598aVg==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Sun, 11 May 2025 18:45:21 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
cf-cache-status
DYNAMIC
x-li-fabric
prod-ltx1
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto
http/2
alt-svc
h3=":443"; ma=86400
date
Sun, 11 May 2025 18:45:22 GMT
x-frame-options
sameorigin
strict-transport-security
max-age=31536000
x-li-pop
cf-prod-ltx1-x
content-security-policy
frame-ancestors 'self'
cache-control
no-cache, no-store
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=676963&time=1746989118445&li_adsId=6c7a58c8-b5d3-469e-ba29-e52645d8a1c8&url=https%3A%2F%2Fwww.cloudsek.com%2Fthreatintelligence%2Fhacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.%23ur&tm=gtmv2&cookiesTest=true&liSync=true
pragma
no-cache
cf-ray
93e3d53e8c697d9a-TLV
x-li-uuid
AAY04JoRssGvbpyikn3ugQ==
content-length
0
server
cloudflare
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 		179 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=7140541
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.244.108 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aea6d4019457bc072a286dfcd8da9a3fb95e8a6bca8fd6875243496a54f5a030
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

access-control-max-age
180
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ZjaHJl1MDONzfsveVdKHDBhS2PgzHn%2BoY4HWWDf1gWlzcFlGH24Q7mbJ41UWdC8dC5kOShbh5seqYUQIVKMsm2S%2BJPlYmxAF6pTlPpYi9TjNHqajrvxbz%2BD77MULg9K"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options
nosniff
date
Sun, 11 May 2025 18:45:22 GMT
x-hubspot-correlation-id
67e60593-9356-4711-b830-ec2644e64b59
content-type
application/json;charset=utf-8
vary
origin, Accept-Encoding
access-control-allow-headers
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
false
cf-ray
93e3d53e1efd12b4-MRS
access-control-allow-origin
https://www.cloudsek.com
server
cloudflare
collect
o.clarity.ms/ 		0
280 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://o.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.8.9/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://www.cloudsek.com/

Response headers

Request-Context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
Access-Control-Allow-Origin
https://www.cloudsek.com
Date
Sun, 11 May 2025 18:45:20 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
iplookups
wa.sprouts.ai/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://wa.sprouts.ai:3000/v1/iplookups?k=de4742baf9ae0326740152eb49dea10c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.74.151.231 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.151.74.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.cloudsek.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-requested-with, content-type, Authorization, Cache-Control, X-XSRF-TOKEN, X-FORWARDED-FOR, clientId, X-TEMP-PASSWORD, X-RE-CAPTCHA-TOKEN, secretKey, X-Login-Email, X-CUSTOMER-ID, X-DEMO-ENV
Access-Control-Allow-Methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Disposition
Access-Control-Max-Age
3600
Connection
keep-alive
Content-Length
0
Date
Sun, 11 May 2025 18:45:21 GMT
Keep-Alive
timeout=60
iplookups
wa.sprouts.ai/v1/ 		198 B
818 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wa.sprouts.ai:3000/v1/iplookups?k=de4742baf9ae0326740152eb49dea10c
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.74.151.231 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.151.74.34.bc.googleusercontent.com
Software
/
Resource Hash
cd0c845ff1b795b063e6294702ec7985dd862c7a5dea1165dc0c437aa752b68b

Request headers

Referer
https://www.cloudsek.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Content-Type
application/json; charset=UTF-8

Response headers

Transfer-Encoding
chunked
Access-Control-Max-Age
3600
Access-Control-Expose-Headers
Content-Disposition
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
Access-Control-Allow-Origin
*
Keep-Alive
timeout=60
Date
Sun, 11 May 2025 18:45:21 GMT
Content-Type
application/json
Access-Control-Allow-Headers
x-requested-with, content-type, Authorization, Cache-Control, X-XSRF-TOKEN, X-FORWARDED-FOR, clientId, X-TEMP-PASSWORD, X-RE-CAPTCHA-TOKEN, secretKey, X-Login-Email, X-CUSTOMER-ID, X-DEMO-ENV
js
www.googletagmanager.com/gtag/ 		331 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-657033178
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
94bd4de06bcad5b8b77cea2c1b51d4b054b744ee7d7e8d02b86a0eb66b6f3c59
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
expires
Sun, 11 May 2025 18:45:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:22 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 11 May 2025 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1075:0
content-length
116342
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		331 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-657033178&cx=c&gtm=457e5571za200&tag_exp=101509157~103101750~103101752~103116025~103130495~103130497~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-132848044-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
075db45d33e43ea683f8e41697de0dc776e44665d6f6ec67514a602a286508ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer
https://www.cloudsek.com/

Response headers

content-encoding
br
report-to
{"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
expires
Sun, 11 May 2025 18:45:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 11 May 2025 18:45:22 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 11 May 2025 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=ascgcycc:1075:0
content-length
116325
x-xss-protection
0
server
Google Tag Manager

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-cookieyes.com
URL
https://cdn-cookieyes.com/client_data/18125550f3691a0126bcd541/script.js

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| gtag object| dataLayer function| clarity object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| gaGlobal string| _linkedin_data_partner_id function| rdt object| _linkedin_data_partner_ids boolean| _already_called_lintrk object| _hsp function| $ function| jQuery object| webpackChunk function| tram object| Webflow function| draw object| clarityOverrides object| gaplugins object| gaData function| redditNormalizeEmail object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran object| _hsq function| sanitizeKey boolean| _hstc_loaded function| lintrk object| ORIBILI boolean| PIXELS_RAN object| enabledEventSettings

21 Cookies

Domain/Path Name / Value
.cloudsek.com/ Name: _ga_CVBS2RDPRJ
Value: GS2.1.s1746989115$o1$g0$t1746989115$j60$l0$h0
.cloudsek.com/ Name: _gcl_au
Value: 1.1.966769519.1746989115
.hs-scripts.com/ Name: __cf_bm
Value: MAKyisQQmrPAzIBy.zZcnTOwEOrlfsG4VnVLMz4hP7g-1746989115-1.0.1.1-gzTVD9a.wBduNY37ca9nO83QPNiM9m8Rfst50oZDXCWNuTUR6nwA3u_2g7m7nyM4dwog_NMs6_80anQGIziGSlJkHCfpuG8_C2K6wJ7xEjE
www.clarity.ms/ Name: CLID
Value: f3886d94937e4403a361b658064c61e0.20250511.20260511
.cloudsek.com/ Name: _clck
Value: porkx4%7C2%7Cfvt%7C0%7C1957
.cloudsek.com/ Name: _ga
Value: GA1.2.1449995356.1746989115
.cloudsek.com/ Name: _gid
Value: GA1.2.669846605.1746989116
.cloudsek.com/ Name: _rdt_uuid
Value: 1746989116127.dca6c2d6-8259-4470-bc3e-54e3f9309431
.hs-banner.com/ Name: __cf_bm
Value: 5rEMyDJGNJ7FsDOMy42Q3he0tzLl5S21Bt7xZdsuFEA-1746989116-1.0.1.1-bG9vvVmnfMNnIOPep_ZBh1cNfaD79lhj6sU3xx0VpeA3hmVSFWa2G5yoDgXxcqK0d0e.c16OzNcttteZHI61tMiESVcQ3Zo1Ct0SZvbKkio
.cloudsek.com/ Name: _gat_gtag_UA_132848044_1
Value: 1
.cloudsek.com/ Name: _gat_UA-132848044-1
Value: 1
.cloudsek.com/ Name: _clsk
Value: 1d2zudw%7C1746989116619%7C1%7C1%7Co.clarity.ms%2Fcollect
.hs-analytics.net/ Name: __cf_bm
Value: ZL_hEnxRmN2zLYcq_x_VXGOvmYpvNZzdNYmwcId1eX0-1746989117-1.0.1.1-VUWLWmZdZfzyINH5q9kVLzL4WUx.ivm7dnmFlXhY5vCW2Ugj1FMElXXVsae5CG4HUvNflXoW92m.TI3fr7giW4C4.2O_96YVYavlF9t8EmM
.hsadspixel.net/ Name: __cf_bm
Value: 8LhKPVPBeUBJQS1AHRiUZQxKHVONSNefdnwU2SWTeZM-1746989119-1.0.1.1-mLhHyUT45ue1BWi1S9c2LqEsX7iWnInTXKdh9nhRtCcA7Nz0FZaKQ.apYxyApH.7ZhN454PPNYmAN9PAEWbgVggZBERAm9g6q2sYDPVF_zg
.linkedin.com/ Name: li_sugr
Value: 45ead1ba-f850-4e98-8054-4da7041e8bbf
.linkedin.com/ Name: lidc
Value: "b=TGST03:s=T:r=T:a=T:p=T:g=3488:u=1:x=1:i=1746989121:t=1747075521:v=2:sig=AQEXjolPrXYhTrf_ErlKf6A6zySasvOC"
.linkedin.com/ Name: UserMatchHistory
Value: AQL8Z9aIJZHJKwAAAZbAqoBR7H3-5VZR66_SbFYWGoXAeJ9d3csVhcouVuC100LlgqJNfTRyaaLpww
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJlS_KRu6lBOwAAAZbAqoBREiE-Byt6vIo8hQ4Lh84On6XK6H5EhHBaRx5TGiY8tiXCX757EnSmzlvVyIUwGg
.linkedin.com/ Name: bcookie
Value: "v=2&6b88ad48-7ed5-40fb-8b6c-baefb0bf78b2"
.www.linkedin.com/ Name: bscookie
Value: "v=1&20250511184522b5a4229a-ccbd-4334-8026-d1aebbd304f6AQFqVzNkl-O-GA687-M6s1CQqSvDw8kv"
.linkedin.com/ Name: __cf_bm
Value: TFczuNf.wkMvSVJeJ.Z5.qFhIzDPrrFnGUFWUiLe4po-1746989122-1.0.1.1-tw02aP9ymONizfMIPVpqcetE1DHJVQBqIoDCpDBNLnLIOyeQoHEGc2Iw_meezJUJo4owj37ozMTG0Qh_XkRTBihF.enljxHtya1ElFFePiI

2 Console Messages

Source Level URL
Text
network error URL: https://www.cloudsek.com/threatintelligence/hacktivist-group-dragonforce-malaysia-releases-windowslpe-exploit-discloses-plans-to-evolve-into-a-ransomware-group.#ur
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://wa.sprouts.ai:3000/v1/iplookups?k=de4742baf9ae0326740152eb49dea10c
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=5184000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
alb.reddit.com
analytics.google.com
api.hubapi.com
api.ipify.org
cdn-cookieyes.com
cdn.prod.website-files.com
cloudsek.com
d3e54v103j8qbb.cloudfront.net
hubspotonwebflow.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
o.clarity.ms
pixel-config.reddit.com
px.ads.linkedin.com
pxl.sprouts.ai
snap.licdn.com
stats.g.doubleclick.net
wa.sprouts.ai
www.clarity.ms
www.cloudsek.com
www.google-analytics.com
www.google.co.il
www.google.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
cdn-cookieyes.com
104.16.139.209
104.16.160.168
104.17.223.152
104.18.161.117
104.18.244.108
104.26.12.205
104.26.15.226
108.177.15.154
13.107.246.45
142.250.185.232
142.250.186.163
142.250.186.42
142.250.74.196
150.171.22.12
151.101.1.140
151.101.129.140
172.64.146.215
172.64.147.16
18.244.20.134
18.245.60.82
184.24.77.20
216.239.32.178
216.239.34.181
34.74.151.231
52.152.143.207
66.33.60.67
075db45d33e43ea683f8e41697de0dc776e44665d6f6ec67514a602a286508ac
084071240372dd7551408ffeb5c5b374d183118aa1e4030419138fbea2551356
0b18288cd559e1a6531daee91129ce2acfd75c9000023e8f9a3ec2058a6f4092
10ef3ba5308697292067120aee8cea7f3341a9a5e691475bc4a29805a5194939
12f308903a78c6b2d348976a9048dae40d8eb71d1dbbb7ad2334f26080030154
179a35617ff456225d5d8c2ccce4144f64bfc516ba85a5cdc2ae5a6c3612a01e
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2320b22952c66ad704b5c2b28650611869fa5257b5965f6ce5d994ad8bcf54ad
2ca2ada06f63f91cb38a54c4aeee629f50bae22e37a7705c5e8e36407006c261
32381af77f65ff6b4b562c4ea846edc57ae7e5b7bff1e651c7d799e4003d5929
33bdc71a28306efd4276028e91bc996c3523bd666e3572772ad7eb0cd980dc8e
35c814118f2ffe0743ba5c64b752f86644a7e9100dc01d3a026cdfdce019f766
3c6f45b4cbbc7b6ca27080f97fbdf67fb2b080cc15e6adc0e211729631b05b65
3f6d5be410ca926f053d34a8cf06322234d649c146f5ddba73664915f3645b82
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
491fd2502dec4e9727b33d261ec8fc9590772a2b31638f678ec85afe82f8bff9
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14
5973083c86dace45db1a3572fd6bf552af4cc9ce82729e02a9ade8195c3a94cc
6a2ab724ab7a4226a4caa8baac0fd539c9948202629a7f0aa54d23a4de38e4c1
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
81fe09fa1a472341278c2acf0ebc47456283009ca666bf2fadaf56dec6e584c0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
851286f1d5b953b556aeddbf5f384b05e41253f905e4efa5c40f189c88b238d3
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
94bd4de06bcad5b8b77cea2c1b51d4b054b744ee7d7e8d02b86a0eb66b6f3c59
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
a7b5e1c57e7ece60f525fb37a3e9e944d65112878b92ddfdca9c242955953b1d
ac1c96caae261089f93676bf10491732bea0993514b9e0b378afb4a113580528
ad4a49e396b83419c96e9236ad1bd363a69888fae692f24b1c5da04716b92e6a
ae4b99a94a78a1820af004cee6989dc4e641216cb10b684deef3ed11f896d612
aea6d4019457bc072a286dfcd8da9a3fb95e8a6bca8fd6875243496a54f5a030
b52fa22fce527247b05c3f1891962dcca91723ff4028d101daf84f4dda1f4a81
bfee4d66f96122fd139c7f82cbd1b8c2f81e833777222320a5a09a56ea004822
cd0c845ff1b795b063e6294702ec7985dd862c7a5dea1165dc0c437aa752b68b
d36b373b44b77f016e4b7df913ba2da2a8025456f016bc794861f210c0e3ada3
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e227ef2ec8b04995202d6dc049168f8223255629dbb0228a69a60123fdbb6b5f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b7cb5adc6287a6ca9601bdaa5bda25bcff5e178a09c5a495bde79b23872091
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f38c671da7e60a1155cc9f8de4ffe547899dea2f2b6eff092f30f168b9d64a19
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
ff659034f056a55f106fa6e3928c28d72508334a41b86b13477559b570937003