www.kelacyber.com Open in urlscan Pro
162.159.134.42 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Submission: On November 09 via api (November 9th 2025, 10:42:04 pm UTC) from SE — Scanned from FI

Summary HTTP 212 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 36 IPs in 7 countries across 30 domains to perform 212 HTTP transactions. The main IP is 162.159.134.42, located in Ascension Island and belongs to CLOUDFLARENET, US. The main domain is www.kelacyber.com.
TLS certificate: Issued by WE1 on October 2nd 2025. Valid for: 3 months.

This is the only time www.kelacyber.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
72	162.159.134.42 162.159.134.42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.66.171.172 172.66.171.172	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	4.158.108.63 4.158.108.63	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
4	2600:9000:210... 2600:9000:2104:e000:a:45eb:ebc0:93a1	16509 (AMAZON-02) (AMAZON-02)
43	2606:4700:20:... 2606:4700:20::ac43:45af	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:27cf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:8bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	142.250.184.196 142.250.184.196	15169 (GOOGLE) (GOOGLE)
2	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700:20:... 2606:4700:20::681a:a8f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
7	142.250.184.227 142.250.184.227	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6efe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4407::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700::68... 2606:4700::6811:5cbb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1	2001:41a8:47:... 2001:41a8:47:302::1737:303b	6762 (SEABONE-N...) (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A.)
2	2606:4700:10:... 2606:4700:10::ac42:90c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac42:857c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:28e... 2600:9000:28eb:d600:4:d7e1:700:93a1	16509 (AMAZON-02) (AMAZON-02)
1 3	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
4	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.226.244.26 13.226.244.26	16509 (AMAZON-02) (AMAZON-02)
1 3	2620:1ec:50::12 2620:1ec:50::12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	150.171.22.14 150.171.22.14	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.72 142.250.185.72	15169 (GOOGLE) (GOOGLE)
2	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
212	36

72 162.159.134.42 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

www.kelacyber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.66.171.172 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 4.158.108.63 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.leadforensics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2104:e000:a:45eb:ebc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

entail-assets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2606:4700:20::ac43:45af (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.entail.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.entail.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
apps.entail.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.114.97.3 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

cdn.entail-insights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aplo-evnt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.25.14 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:27cf (None, )

ASN13335 (CLOUDFLARENET, US)

js.hscta.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:8bd1 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.184.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.114.96.3 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

t.entail-insights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::681a:a8f (None, )

ASN13335 (CLOUDFLARENET, US)

widgets.entail.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
apps.entail.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.184.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6efe (None, )

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4407::6812:28f0 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6811:5cbb (None, )

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:41a8:47:302::1737:303b (Italy)

ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac42:90c4 (None, )

ASN13335 (CLOUDFLARENET, US)

acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac42:857c (None, )

ASN13335 (CLOUDFLARENET, US)

assets.apollo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:28eb:d600:4:d7e1:700:93a1 (United States)

ASN16509 (AMAZON-02, US)

sc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:34::36 (United States) 1 redirects

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9c (Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.19.175.188 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.244.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-244-26.fra56.r.cloudfront.net

tr.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:50::12 (United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 150.171.22.14 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.118.43 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
72	kelacyber.com www.kelacyber.com	581 KB
51	entail.ai cdn.entail.ai widgets.entail.ai — Cisco Umbrella Rank: 144590 apps.entail.ai	940 KB
11	gstatic.com fonts.gstatic.com www.gstatic.com	793 KB
8	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 3049 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3122 track.hubspot.com — Cisco Umbrella Rank: 2171	33 KB
7	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 3604	67 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 247	58 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 44	439 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 371 px4.ads.linkedin.com — Cisco Umbrella Rank: 7492	2 KB
4	hsforms.com perf.hsforms.com — Cisco Umbrella Rank: 24949 perf-na1.hsforms.com — Cisco Umbrella Rank: 3217	2 KB
4	lfeeder.com sc.lfeeder.com — Cisco Umbrella Rank: 17091 tr.lfeeder.com — Cisco Umbrella Rank: 26096	23 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2155	26 KB
4	entail-assets.com entail-assets.com	51 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 5059	4 KB
3	entail-insights.com cdn.entail-insights.com — Cisco Umbrella Rank: 164926 t.entail-insights.com — Cisco Umbrella Rank: 147207	40 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 48	2 KB
3	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4687	29 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 3999	2 KB
2	aplo-evnt.com aplo-evnt.com — Cisco Umbrella Rank: 21106
2	acsbapp.com acsbapp.com — Cisco Umbrella Rank: 3774 cdn.acsbapp.com — Cisco Umbrella Rank: 3959	214 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4913 forms.hscollectedforms.net — Cisco Umbrella Rank: 4996	26 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2323	2 KB
1	google.fi www.google.fi — Cisco Umbrella Rank: 38230	408 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2927
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 191	559 B
1	apollo.io assets.apollo.io — Cisco Umbrella Rank: 19807	2 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 908	19 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3193	4 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2173	27 KB
1	hscta.net js.hscta.net — Cisco Umbrella Rank: 42987	7 KB
1	leadforensics.com secure.leadforensics.com — Cisco Umbrella Rank: 46933	321 B
212	30

	Domain	Requested by
72	www.kelacyber.com	www.kelacyber.com
38	cdn.entail.ai	www.kelacyber.com cdn.entail.ai
9	widgets.entail.ai	cdn.entail-insights.com cdn.entail.ai
7	fonts.gstatic.com	fonts.googleapis.com www.google.com
6	cdnjs.cloudflare.com	www.kelacyber.com
5	www.googletagmanager.com	www.kelacyber.com www.googletagmanager.com
5	www.google.com	www.kelacyber.com www.googletagmanager.com www.gstatic.com
4	cta-service-cms2.hubspot.com	js.hscta.net js.hubspot.com
4	www.gstatic.com	www.google.com www.gstatic.com
4	apps.entail.ai	cdn.entail.ai
4	js.hs-banner.com	js.hs-scripts.com js.hs-banner.com
4	entail-assets.com	www.kelacyber.com
3	js.zi-scripts.com	www.kelacyber.com js.zi-scripts.com
3	track.hubspot.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	perf.hsforms.com	www.kelacyber.com
3	fonts.googleapis.com	www.kelacyber.com js.hs-banner.com
3	static.addtoany.com	www.kelacyber.com static.addtoany.com
2	ws.zoominfo.com	js.zi-scripts.com
2	tr.lfeeder.com	www.kelacyber.com
2	region1.analytics.google.com	1 redirects www.googletagmanager.com
2	aplo-evnt.com	assets.apollo.io
2	sc.lfeeder.com	www.kelacyber.com
2	t.entail-insights.com	cdn.entail-insights.com
2	js.hs-scripts.com	www.kelacyber.com www.googletagmanager.com
1	px4.ads.linkedin.com	www.kelacyber.com
1	perf-na1.hsforms.com	www.kelacyber.com
1	cdn.acsbapp.com	acsbapp.com
1	www.google.fi	www.kelacyber.com
1	region1.google-analytics.com	www.kelacyber.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	assets.apollo.io	www.kelacyber.com
1	acsbapp.com	www.kelacyber.com
1	snap.licdn.com	www.googletagmanager.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hs-analytics.net	www.kelacyber.com
1	js.hscta.net	www.kelacyber.com
1	cdn.entail-insights.com	www.kelacyber.com www.googletagmanager.com
1	secure.leadforensics.com	www.kelacyber.com
212	42

This site contains links to these domains. Also see Links.

Domain
accessibe.com
info.ke-la.com
partners.kelacyber.com
www.linkedin.com
www.facebook.com
www.instagram.com
twitter.com
google.com

Subject Issuer	Validity	Valid
kelacyber.com WE1	`2025-10-02` - `2025-12-31`	3 months	crt.sh
static.addtoany.com WE1	`2025-10-24` - `2026-01-22`	3 months	crt.sh
*.leadforensics.com Sectigo RSA Domain Validation Secure Server CA	`2024-11-27` - `2025-12-26`	a year	crt.sh
upload.video.google.com WE2	`2025-10-13` - `2026-01-05`	3 months	crt.sh
entail-assets.com Amazon RSA 2048 M03	`2025-06-14` - `2026-07-13`	a year	crt.sh
entail.ai WE1	`2025-11-01` - `2026-01-30`	3 months	crt.sh
entail-insights.com WE1	`2025-10-12` - `2026-01-10`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2025-09-17` - `2025-12-16`	3 months	crt.sh
hscta.net WE1	`2025-09-16` - `2025-12-15`	3 months	crt.sh
hs-scripts.com WE1	`2025-09-15` - `2025-12-14`	3 months	crt.sh
*.google.com WE2	`2025-10-13` - `2026-01-05`	3 months	crt.sh
*.google-analytics.com WE2	`2025-10-13` - `2026-01-05`	3 months	crt.sh
*.gstatic.com WE2	`2025-10-13` - `2026-01-05`	3 months	crt.sh
hs-analytics.net WE1	`2025-09-26` - `2025-12-25`	3 months	crt.sh
hscollectedforms.net WE1	`2025-09-12` - `2025-12-11`	3 months	crt.sh
hsadspixel.net WE1	`2025-09-29` - `2025-12-28`	3 months	crt.sh
hs-banner.com WE1	`2025-09-14` - `2025-12-13`	3 months	crt.sh
hubspot.com WE1	`2025-09-22` - `2025-12-21`	3 months	crt.sh
*.licdn.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-10-14` - `2026-10-13`	a year	crt.sh
acsbapp.com WE1	`2025-10-05` - `2026-01-03`	3 months	crt.sh
apollo.io E8	`2025-10-19` - `2026-01-17`	3 months	crt.sh
*.lfeeder.com Amazon RSA 2048 M02	`2025-01-20` - `2026-02-18`	a year	crt.sh
aplo-evnt.com WE1	`2025-10-04` - `2026-01-02`	3 months	crt.sh
*.g.doubleclick.net WR2	`2025-10-13` - `2026-01-05`	3 months	crt.sh
*.google.fi WE2	`2025-10-13` - `2026-01-05`	3 months	crt.sh
hsforms.com WE1	`2025-11-01` - `2026-01-30`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2025-08-29` - `2026-02-28`	6 months	crt.sh
zi-scripts.com WE1	`2025-11-09` - `2026-02-07`	3 months	crt.sh
zoominfo.com E8	`2025-11-01` - `2026-01-30`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Frame ID: F92E3977E5D775919CA4E6761DF3D1D6
Requests: 205 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.25.html
Frame ID: 2599F1CF4C106A7BAFBCF9E47CE2F084
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/5a20/sw_iframe.html?origin=https%3A%2F%2Fwww.kelacyber.com
Frame ID: 0F4B2C73325AFE8A0709F1D7E0F992DC
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfR5HsUAAAAADHSuv-xx6LhCLKZaZpJiVsYh6br&co=aHR0cHM6Ly93d3cua2VsYWN5YmVyLmNvbTo0NDM.&hl=fi&v=naPR4A6FAh-yZLuCX253WaZq&size=invisible&anchor-ms=20000&execute-ms=15000&cb=a80tdlw8i8x1
Frame ID: E851E49844609096905DCACF2FC26C12
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ransomware Threat Actor Profile: Qilin | KELA Cyber

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

GSAP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

TweenMax(?:\.min)?\.js

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Lodash (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

lodash.*\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

212
Requests

98 %
HTTPS

60 %
IPv6

30
Domains

42
Subdomains

36
IPs

7
Countries

3393 kB
Transfer

10850 kB
Size

17
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://accessibe.com/blog/knowledgebase/screen-reader-guide
Title: Accessibility Screen-Reader Guide, Feedback, and Issue Reporting | New window

Search URL Search Domain Scan URL

URL: https://info.ke-la.com/webinar-outsmarting-cyber-risk
Title: Read more

Search URL Search Domain Scan URL

URL: https://partners.kelacyber.com/log-in/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://info.ke-la.com/kela-cyber-pulse
Title: KELA Cyber Pulse

Search URL Search Domain Scan URL

URL: https://info.ke-la.com/cs/c/?cta_guid=37414c35-1543-4c4b-8f9d-83c98514bd49&signature=AAH58kHrU6hoMa4zNSnDOsJ9OYw7YrCm2w&portal_id=8726485&placement_guid=0912a65f-f283-4c95-98f3-9637e7f76678&click=5ca6c69e-dc5f-457a-b6e8-d3216e8316f4&redirect_url=APefjpGsGe56LR7dMouyHRDPng_wIrg62ssy1JOCwbjXHZDTnAb1AGDKlS-a_VlHNv-IZEikMZYxtaSkApGyr0ToBYAxbIR0lcJReeEHQPWPWk7oMZyNeBjeQMhLtE83pa1W0GSiOqWb&hsutk=2f6cf1b07def37a9cbb5b9a4e7592ea9&canon=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&ts=1762728125741&__hstc=86068039.2f6cf1b07def37a9cbb5b9a4e7592ea9.1762728128184.1762728128184.1762728128184.1&__hssc=86068039.1.1762728128184&__hsfp=1610697633&contentType=standard-page
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://info.ke-la.com/cs/c/?cta_guid=a2b1e061-fe87-4ef0-9f8f-e71948038ec1&signature=AAH58kGVkSZGusx6AUlCC6d6agdrHMIjgA&portal_id=8726485&placement_guid=14aa3af0-a02c-4e40-97c0-0f066156f4fd&click=3d86c4df-f308-446b-abfc-82c356b06ff1&redirect_url=APefjpFbFXg7Edojw7INbCaH-qU4_yT6iP9k1PTVk68ksuC4dVYvwPUuiItZgWmHU0ZDz1c2oLIgFIKHriz9Tx_SrLyxhpPiMow7BsK445sULSYzLI4zKyhZ8BkM_iO3sQYYYEHkPE_zE32DUOcj8UBTM8DD_GhS-g&hsutk=2f6cf1b07def37a9cbb5b9a4e7592ea9&canon=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&ts=1762728125747&__hstc=86068039.2f6cf1b07def37a9cbb5b9a4e7592ea9.1762728128184.1762728128184.1762728128184.1&__hssc=86068039.1.1762728128184&__hsfp=1610697633&contentType=standard-page
Title: Start for FREE

Search URL Search Domain Scan URL

URL: https://info.ke-la.com/cs/c/?cta_guid=37414c35-1543-4c4b-8f9d-83c98514bd49&signature=AAH58kEkp1KExLVNOx8w8FeTtPGFPVZ7tA&utm_referrer=https%3A%2F%2Fwww.google.com%2F&portal_id=8726485&placement_guid=0912a65f-f283-4c95-98f3-9637e7f76678&click=6676a0db-a248-4b21-970f-1e680aefd68c&redirect_url=APefjpHFdE0_KlWze2kbUccjHRgV0lkMLFIGT-RXfJvcn0fDDFLlQcUzbpnUklL4MDd1nHDnWGgiYRdKVkmwm5Gx2-yC1oVeaLnd3_jLfjcsoPUP0IQOXCMHbZfCf9vm9lUkrdJcZTUXucDyZwvKUhH6LMLf8taz09EaLebpqXnnwTBfp_gftbfc3syduV5dub9y0GNJOO4NVlOj0fJqAMGqXQsvskmUiFWYie8bVsmoZR6EUh-Y3KA&hsutk=5d5382721b6320bad91fda09b55edaa2&canon=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2F&ts=1740031241887&__hstc=86068039.5d5382721b6320bad91fda09b55edaa2.1738732774723.1739276219839.1740031244924.8&__hssc=86068039.2.1740031244924&__hsfp=1618190551&contentType=standard-page
Title: Contact us

Search URL Search Domain Scan URL

URL: https://info.ke-la.com/cs/c/?cta_guid=a2b1e061-fe87-4ef0-9f8f-e71948038ec1&signature=AAH58kFq3h6Mw95xreHJU0FL56AgfzXIww&utm_referrer=https%3A%2F%2Fwww.google.com%2F&portal_id=8726485&placement_guid=14aa3af0-a02c-4e40-97c0-0f066156f4fd&click=e76f1c44-674a-4046-aded-579799ad4c2d&redirect_url=APefjpF3WlRDEfh7tfbgfKSyr_6p8JrvSYXbIoU_TLGpVqSZhr0H5MhgMzh0EvzzqKv5XdRK3KmgC5ui3TAUC13Hl0498h2jVKr4ISuKiQWpj-ijS4k0dbUhqiKVxbKfg26sbRtyCkNwkJZO-sojpoTHUvx00k4DqHrIrw_DBPQVNaGVVMBFD-rHGYqKlFYqv14Sg3tdfHLeWUmu-cZJhyIlbqv4TY6DD0APhJVEdhfAjfZe_K1PxJjuJ3MxqtVNzyMBrr8ILatM&hsutk=5d5382721b6320bad91fda09b55edaa2&canon=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2F&ts=1740031241893&__hstc=86068039.5d5382721b6320bad91fda09b55edaa2.1738732774723.1739276219839.1740031244924.8&__hssc=86068039.2.1740031244924&__hsfp=1618190551&contentType=standard-page
Title: try KELA for free

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/kela-group/
Title: <img width="2500" height="2500" src="https://www.kelacyber.com/wp-content/uploads/2021/06/linkedin-icon-black.png" alt="LinkedIn">

Search URL Search Domain Scan URL

URL: https://www.facebook.com/profile.php/?id=100054661320799
Title: <img width="2500" height="2500" src="https://www.kelacyber.com/wp-content/uploads/2021/06/facebook-black.png" alt="Facebook">

Search URL Search Domain Scan URL

URL: https://www.instagram.com/kelagroup/
Title: <img width="2835" height="2835" src="https://www.kelacyber.com/wp-content/uploads/2021/06/instagram-circle-black.png" alt="Instagram">

Search URL Search Domain Scan URL

URL: https://twitter.com/Intel_by_KELA
Title: <img width="2500" height="2500" src="https://www.kelacyber.com/wp-content/uploads/2021/06/twitter-black.png" alt="Twitter">

Search URL Search Domain Scan URL

URL: https://google.com/recaptcha/admin/migrate
Title: Ryhdy toimeen

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 184

https://region1.analytics.google.com/g/collect?v=2&tid=G-2VYZ0NJ0TL&gtm=45je5b50v9102179169za200zb853881816zd853881816&_p=1762728125159&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&cid=498571725.1762728126&ul=fi-fi&sr=1600x1200&are=1&frm=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAgAAAQ&_s=2&tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104573694~104684208~104684211~104948813~115480710~115583767~115616985~115938465~115938468~116217636~116217638&sid=1762728125&sct=1&seg=0&dl=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&dt=Ransomware%20Threat%20Actor%20Profile%3A%20Qilin%20%7C%20KELA%20Cyber&en=blog_read&_c=1&_et=21&tfd=1164 HTTP 302
https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=498571725.1762728126&dbk=14328966711314131037&dma=1&dma_cps=syphamo&en=blog_read&gtm=45je5b50v9102179169za200zb853881816zd853881816&npa=1&tid=G-2VYZ0NJ0TL&dl=https%3A%2F%2Fwww.kelacyber.com%3F

Request Chain 194

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3849553&time=1762728127266&url=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3849553&time=1762728127266&url=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&e_ipv6=AQL1WQl48-weRQAAAZpqyKwJrPC4ie0MRvuOAY06uIzxvrADJAa_-fCje48TqhxMlBoeOHnt

212 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/ 410 KB
68 KB 189ms
65ms Document
text/html 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

841075da59ddfbd17e1ae9323a886cdcd24bbf009b7ceea2682eb1a9eac82a95

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

age: 3330
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, s-maxage=3600
cf-cache-status: HIT
cf-ray: 99c0d23c1e17ad45-ARN
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 09 Nov 2025 22:42:04 GMT
en-cache: hit
expires: Wed, 11 Jan 1984 05:00:00 GMT
ki-cache-tag: e76c1a5c-431d-4e37-bfdd-61f905e2067a,ab7471c12e868e5a5f37d9717d9f95a989ab93590daa87c6cc2dd790a3c2ae8c
ki-cache-type: Edge
ki-cf-cache-status: HIT
ki-edge: v=23.0.1;mv=5.0.17
ki-origin: g1p
last-modified: Sun, 09 Nov 2025 20:59:08 GMT
link: <https://www.kelacyber.com/wp-json/>; rel="https://api.w.org/"
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BePxk9as%2F2Xq6eCZDc2Reng%2FAW%2FNp6tU7SRpfh9GfJwzpsG91FYQrk1Tb2IobUyEZ%2B%2FkFXII8UsRHI9UzhNi6Ig7%2FlUh4yi1FAsdWOHlRTZ%2B0tMRIOAB8zsz%2BVU0wbR%2Bq8n"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-edge-location-klb: 1
x-kinsta-cache: HIT
x-response-time: 284.235ms

GET
H2 200 calendar.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/gAppointments/assets/ 27 KB
6 KB 90ms
81ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/gAppointments/assets/calendar.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ccabfc702b69e93fbda26d1e5b3d93b58bb67a400f6e3159c2789935acd39a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-144d"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KjNmrf%2FYf7ZZ1rfN1R2J81Pza0axruff4jOnQZQ7%2Fn3WSjYTkAU6nVbRge2Q03vhbjUPFx%2B3KfKLJ4QVTxuEqDXIVVzfhpXjKzqWj5r%2BKkF7hQ8Q%2BNGa2MRB9jihZm5aQDXn"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,96280e064133cb58245bed0dcfc348e9f6e4444dbfa54718300f05e0db56ffad
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23c9ec5ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5197
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 schedule.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/gAppointments/assets/ 4 KB
1 KB 79ms
71ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/gAppointments/assets/schedule.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d036842c454a2fda10476e40007d00357dc05c7bf6758aca41882368bc3a0f3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-45d"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2FQTOXROtQ2OdoRmDAxUtW8GdMSMM9jv0amRKe1aL%2BMPRVjT9mQxQLHMnBbfri8WXS8dd2CuE9i4ZyZv6y6xmY%2FoEuGOR0FSozM%2BrdVjDuxFqUxvcK2AClQZ8ZUZEg1wfQsp"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,6aa74c9f3754edbc158a516c49da863af1eae0268273dab3efcb392dd9f627cf
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23c9ec6ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1117
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 grid.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/gAppointments/assets/ 3 KB
1 KB 89ms
81ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/gAppointments/assets/grid.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3cdd9f4f30512bcd8f9ae342aed075986377a7f29789e75ce718291642731cb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-2d5"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBL9gsW%2BjyqnIbgOafLqFURrP8V9hUTaLF0fi%2FIVU5ttjwAaaTSKDn1%2B66sq2%2FAI%2BZUyA0%2BrvVhww1fhDd62roJwP5gF9DX49pVbYBTV2ShaB%2FwtINP2U8x2ymPBQBkKJI1F"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,5452272010004b62baa651e971dfa43466e85312858950784f60e46eab8b83f7
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23c9ec7ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 725
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 dashicons.min.css
www.kelacyber.com/wp-content/cache/min/1/wp-includes/css/ 58 KB
35 KB 73ms
65ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-includes/css/dashicons.min.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8276d99808a3a111dcb2dc61c895388c21341d48be9c3f87d905787a49c2b832

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-8bb9"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LkTXa%2FUHq0m9RjeCBNty8g68qQ2PLe4A41Nlg%2FdFr4dtIJ9ZBFolgmFzgKS%2F8Pb7iR2gFLEWJ%2FGGypxuUXiQk0qxDI4ulufZei7P%2BsieN%2FYWVoF7k37j4YXod3xvStsBYVlD"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,4edcaf170c3e3a06bbb58754fa384983e1cdbc236febd6c3e494f50ba4ab2c15
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23c9ec8ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 35769
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 font-awesome.min.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/gAppointments/assets/ 31 KB
7 KB 83ms
75ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/gAppointments/assets/font-awesome.min.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b40fca3206236793901e302d568ef5321783f105537540a2550606c08491e655

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-1bb3"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Og3w0KU35qu7pWWzvbR0qiXUTnUbWw%2Bf8LEyByn6QS7TBaNyxsQZtjRLEj2ImqQrEkTK6TVJAXjNh%2FiuaGT2vHs1jvhtQ0vP%2FMFW%2F7JhJHL9rLIVShZ6sci%2B6CwcISIdr1fn"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,97ad2823c1ed0f4cd7909159128433cf84d351c17fb1c148b05469dfef19dd91
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23c9ecaad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7091
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 style.min.css
www.kelacyber.com/wp-includes/css/dist/block-library/ 114 KB
14 KB 79ms
71ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-includes/css/dist/block-library/style.min.css?ver=6.8.3

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

838ede31a58a3cdb411d6dd7f13cbe65d4a26193d9fa31882854e63938f12bac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6890b0fe-1c679"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Inas271FXk99zW0OGP1260eg1uCQqtpciHsZ5ymnSh%2B2wnBj%2B%2BkAdF9LJNcqtt07MQ6z8MB6OQXzTZ4VtAthZ3EhfFhn7yVUKxJ%2BemcueWM38PtHcutd8mpsjycgWgevAQoM"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Mon, 04 Aug 2025 13:09:18 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,198f67cfd115e8cf5cca59a69365b14b52e21c63c3203842229611e74595d432
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23c9eccad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 styles.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/css/ 2 KB
1 KB 92ms
84ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3a04d7bf3d6b75ed03b1882e75414faa3fca8fde79ee82937a62360e0bf6f34

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-38c"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=84%2BK8FIT6RXiMkz3%2Bvol7x%2Fso9qIhLxF%2FoGcKTApzgB3thE5JkQEq9gst2pF1fHe27qKoyVyugiIoxcuWzd64bIprrDv7nldK5SdUa9NUtysdRBrnytXHjyb6k8ThDyksyGi"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,b3f617b8830731e348855878b0787f75cea689174ff5da7af48b9f6c37b29422
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23c9ecdad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 908
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 blocks.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/mesh-acf-blocks/includes/css/ 13 KB
3 KB 86ms
79ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/mesh-acf-blocks/includes/css/blocks.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81fb4215f0d84d578430e2c2546fe23cefe2d3ffff34d92704b653edbbda0783

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-c15"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F0rcPXNbMV7d6seCGXa7La3dUR60oMePL0sd4yPzFxgkmkctkBm8JOqm79xOSlmBUQC%2B%2BR6R7UGwVUsUu9e3sWT%2FR0rkoOmIOaACyjMTI150a%2FNPcOndBnFxmBOeSa%2BSUmAh"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,0ba7be08ba870ae278f73fa1749fbc001fa07e69303032bfe92a3277ff6c3333
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23c9ecead45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3093
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 slick.min.css
www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/css/ 1 KB
849 B 71ms
63ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/css/slick.min.css?ver=2.5.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88c94cf1499b838cb6359d937957bd7d4acea76fb8101d209a6c4ed01f4617d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"61bc648b-50c"
age: 1012938
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VtdDFcS8xXrRxSEOVzEnojlnByaVgKtw92ji%2Fnp97OdiZyJ535VoV9BOWbiPVHYqA7mist%2B0fz6vRXRTSKZA2RvGTYegGh39jvh40vwx05EbyM6eOeKKRutcuIKD053tsqiq"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Fri, 17 Dec 2021 10:20:59 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,457b380f9d6c13614cd9788ae1dd7ddccba20b098194e5a2e25be3888d3c1dbf
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23c9ecfad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 font-awesome.min.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/testimonial-pro/public/assets/css/ 31 KB
7 KB 81ms
74ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/testimonial-pro/public/assets/css/font-awesome.min.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a279203264c26448eb5eeb903dba2ac3655110c918910abd6ee1a95ec7a99b1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-1bbe"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=noeN8ypLy%2F6HOI7yox5onubJimpX%2BzXLb4PJli4UQmYfkp7w7BCSAD5cnmMfR61208KR9M5TN4NW%2FKHP649RELqlPUoNDJJQY2zVt20i8%2F0XPYqjSaRgzy6k%2FUb0SefxZ%2FqT"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,409a3f4ca2e6a5b299bf106e83bb26bf3012be385993c182258c175544b60bf4
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23c9ed1ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7102
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 magnific-popup.min.css
www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/css/ 5 KB
2 KB 110ms
103ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/css/magnific-popup.min.css?ver=2.5.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

916cc3b7b2f532c3a682d6a9291e34c29c4b459048079ccc68f5527c0eb22352

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"61bc648b-1482"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bjp7N2bItn7FrswAX%2F0DyEV2jgLP6l%2BOuJ1I138Iy00WLVC6tipVfrmfyEezRYZr0DdlI2%2Bh8nqjT%2BOTBiDB0vrwKyjG%2BsUtFq%2BC5%2FoGRmrQUa8o9hR0CmbS03BaEbr%2BGJkb"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Fri, 17 Dec 2021 10:20:59 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,9b0b7972c57a7d7cab0c588c11d5d1fea24d4a072060522f4a97c0f5e5f5cf20
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf0fad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 style.min.css
www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/css/ 26 KB
4 KB 115ms
108ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/css/style.min.css?ver=2.5.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c8a43a64c4ba1b24f643915cd91f4e3749c2416cd361b7f7e122ca994a93c68

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"61bc648b-673e"
age: 1012938
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OuItgLutOjXR1fVVOyiuOiU8WgXAfyfizJQed1Z79k1SvD5drn1ltnqZmtym7369%2FgxyE6zp1kECNmtvog7%2FQtLSsxxrnWn0hqYP00w7jCL6aDAEsWKmyzWAYGs0aK6VOR5C"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Fri, 17 Dec 2021 10:20:59 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,11b7a03f87ab7369317020d832ef32746c386683e77114ce5e1ace839ee53811
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf10ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 custom.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/testimonial-pro/public/assets/css/ 2 KB
972 B 109ms
101ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/plugins/testimonial-pro/public/assets/css/custom.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d8bed0e997676cf5cf9afc8545cd04c18898037aa31c9af8d647b9eddfa5567

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-20f"
age: 922749
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yc4ggvkZWPwQFzAiNYACrW5nQ5Psm5LfNaVGsXI0aHc%2FUvBIoWAScT%2FEFtSwiLv7c07tpd0Mmz9hVWiBWscfVq1sDQ%2F%2B9F5nzgcYQC3sP%2B2yU0ydmIvfiVfdyyNgVwUWZswL"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,f2ede19c62387f0127393eefc02ab0bdf1b653fa204640d22bbd1290d6d3dc1e
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf12ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 527
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 responsive.min.css
www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/css/ 2 KB
621 B 118ms
111ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/css/responsive.min.css?ver=2.5.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33ab80a6fd1ef7d02a96f7c1996811c44806db035efed7b36a8c8a8ff97167c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"61bc648b-72f"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ECw7BzAHQdboKPSNtpxZMZhrZkpMWBpJw%2FYGtKeGdK7lUVmeXwA%2Be%2Fum135K704vnxA15cdzxdcdCpu2moiu9OXjP7t2UuSEOeeSWDK073fmMPplql16gGB%2FHxxPClMVGkt%2B"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Fri, 17 Dec 2021 10:20:59 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,0d081bba1f37b706ac5dfb970986b0c2ed5f13050f242199ff085e17201fbea2
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf13ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 style.min.css
www.kelacyber.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/ 908 B
632 B 109ms
102ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22a79f1fbcc70373c7021bae2164d9232d1e9dd3c6a163df9f9f54070e5f6b50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"683aa3bb-38c"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g5ClUDL8ERa98pWOwYKtU6sEmYJZGzxRc4Dga%2FkCSC0ehb74PfIjo8CQ9rE%2BIjpiqs%2FxUOLhhOJO0Z2B54Q%2Bd%2F%2BXQ7TswcNXTwM3e21lT6lbhXv9NCar7t%2Bt4aVybWJbf%2FV%2B"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Sat, 31 May 2025 06:37:47 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,380dac57c0759fe2c3450231a59d5faa913e4fbdfc6c53ca0b708502ac373860
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf14ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 style.min.css
www.kelacyber.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/ 258 B
514 B 107ms
100ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9257e3e9c959214ddfab833a69a021ae6557403efe76afcbee259621175274

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"683aa3bb-102"
age: 727959
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4nuDuS5Efr2ShWz%2FBRB6mUNq%2BN0AA5HmkaKeTQmbexMS1tIS7l2lG6isoPvtn7TIiJAXlyw8evsoRiSkn9FsdrSOx4JM4Pv4sOASi%2Filfq8BTGlateAHpxeFRR1iXnAukqY4"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Sat, 31 May 2025 06:37:47 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,7b1c76edd3da36d016ef083d9372a04eb85cfaad69531af13c176610919938ac
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf15ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 style.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/ 45 KB
9 KB 118ms
112ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/style.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbab8dd75fd0743d1f8d2f617ca89ba17f002061a5ec0ae477e05d0d0f168d81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-23fc"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q3uogSK2%2Fme9FUUBZHvwiCHK0NcwOg%2FPE1toBTaOcE6RU56SYVQltyf5RkSabpfh4SIQQ51O5fKtSqrwUf4b4k9aSnl66u1jDd4699ID92lhtx6%2FpENcqSwlbsPXLkrzvIWM"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,c581c73194066b36de7110bb65ed7adf35ce4e6ffdb49301d5720f1936e48056
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf16ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 9212
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 inlined-2023.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/css/ 83 KB
16 KB 118ms
112ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/css/inlined-2023.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67b75e6c1bf3b352b171270979c7a0e79d5123ecf834f9fd89805ed72e86cb4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-3ca5"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FxG1xOtTkgH3xin8WcVV9IGlk4rCoj36A2bm074wuePXwd7RkloB4WAnfuGGjT0ozF6xB7BpbXtSaOQM9qa5hqIleUrOEHpB%2F%2FhdtRfe1aJLDpdJlaBPhvKINbmY9wm9IRTj"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,8cc55810f214133528e093e57872a3a0ddb1682b02534b41578d6a8664d62204
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf18ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15525
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 magic.min.css
www.kelacyber.com/wp-content/themes/kela-child/css/ 33 KB
3 KB 118ms
111ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/css/magic.min.css?ver=1.0.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

620dfc24dfbd582d72474d1fc8a4055287014d7003a4577420f3e11d9f38205e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8d9f-849e"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZeRpXwhPHTzec2j%2B6O9IOFn3ygag4%2FFt5vJ3IGbLIQ4TkzOesoSIDVkGjP0dXEcan8zLpHuOpWxKVWFtojqvi4y9IYa10Xmir%2FZVix7lHyc514ibArYyxa49Upj%2BHPBndsyq"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:06:55 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,a5573de08b55385b49289cd44a080431360e8ff1e4806c663958ff1f4ab5d52d
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf19ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 jquery.fancybox.min.css
www.kelacyber.com/wp-content/themes/kela-child/css/ 12 KB
3 KB 154ms
148ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/css/jquery.fancybox.min.css?ver=1.0.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8d9f-31fb"
age: 2074234
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ujGIzXuGIycD9PYGZqae23EYcEf1FijiCIBBnU8P997EW8Yuq5xKDuOyLLTuchv%2FmgvnFbvFCgEkxTXhyw2hDkyGDuJHUolwEQqlBTEB%2F9HJotS8p3jbPhJd%2Btq4d5tHI526"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:06:55 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,13fdcb7699950614de11fc966e5c878d010b03653a5aab92668b18a8bcdda246
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf1aad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 global.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/css/ 574 KB
125 KB 110ms
103ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/css/global.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25a0f7fb38f2ed370ed24db5300b1d77f03252e63fcffdee87c6c7e40bfb8366

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-1f2c7"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UyUrKZ9ocY1%2F6k58oU3e605%2BPsrFMfzuciQGJKUXjz8umU9id8UJboVtnZdhiQj6KysQMV9zAtCWc4oqs%2BzHL9tvxlKHAv%2FB0iTa%2FZJKVKJjBs5FnKywBR%2BL0b0hwoeSe2mS"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,3b465751a426d9cd3600464ca94412e47726a2daaba4018e0092ae8939b14e50
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf1bad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 127687
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 my_style.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/css/ 13 KB
4 KB 119ms
112ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/css/my_style.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1b5beda2898c5250828c952d14d582663fa1070bbf128d6812d99557ac1f5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-bf5"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UFznk%2FYNbAqsZmeJ1vawkXc4ScYQGGKVRU6XGCU7VprkpLJpdDAHGPQHYHbMhN3upA8yWf4OUGoO85DAIraN9CYhlUrpHkVQCayWTkHHyD5GmKUSvl2HzQSrSPD31FCSf1cM"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,ecbdafabcbae0dd438e0c2cb244e16b4daef58589e7c096f090167197273c684
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf1cad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3061
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 style.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/css/gutenberg/ 30 KB
6 KB 129ms
123ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/css/gutenberg/style.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3657a0381d31b5f2b9543495fd706d1f2055d63a410fa838b252324508ff1b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-13f0"
age: 404079
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HbDEJR4Fwhr13PLwrevGB2R%2BdGEHD5VDYRISU9MxBnKC%2B3xxMaydNRBsq%2F9npzWAm6f5pwDCHm%2BD7d3D2Ft5n9M%2Bl2ra1wQs5aR4jsCM35PnfsIJChF70vXj5mf9HNaz0F3B"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,9826b1e2f72883d3f1dc163676411a4d4f8bcdddf047a2358c2bd623f1eeebb6
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf1fad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5104
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 bootstrap.min.css
www.kelacyber.com/wp-content/themes/kela/inc/assets/css/ 138 KB
19 KB 114ms
108ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela/inc/assets/css/bootstrap.min.css?ver=6.8.3

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31df1e69ea3aece8a8bae5c08bcb7f5e977cb76f886897b301355359b66a48ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8db1-22682"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6PqATkM2dBs%2F6UyqbC%2FPyARl%2BjNBOAdvqv4iQwu4xlyPnU1fxbUkrKbGTDUNun0MuL7%2F5eb6G7Ew64dLPtqmNacoMKqhSTbvZaj5a7iWEdJliLZHcrJDXb%2FnGRmCvWd1SiBm"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:13 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,9d3f5029a9604b42d6491a0800b3553ba7edcc5972c1d29bac3327021e37c6f6
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf21ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 all.css
www.kelacyber.com/wp-content/cache/min/1/releases/v5.1.0/css/ 46 KB
10 KB 131ms
125ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/releases/v5.1.0/css/all.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d54f4b9a5fa7d9e1d03bfab57870d03a74246f689e3c9cf44e92563f462c9cab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-26fd"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ILVfZ8s3oi0rad7W%2BmVGNKc2KCBoPAyBjE1KtdyNv3lBUMDo4CKJ3OfbjHoNQZ4D4gSKG3hIRPZHGQ1PxIBC61W0U4AkRjWjAq0WPKXclTM%2Fi4g%2FibZ%2BFlH9QbX9%2B2K7SPfX"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,43fc2274e0a3d9bf1cd4ee75260ee7ca03dab4e9689df867b5a0d9389cdb7d2c
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf22ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 9981
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 base.css
www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela/framework/css/ 10 KB
3 KB 119ms
113ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela/framework/css/base.css?ver=1761722261

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

971091a239f27e9b38cd97a448914fa797c780de7c34e4cd16f54020baa26d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6901bf95-961"
age: 1005715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CpwuKlIo8ATMBE5YuRKZeVbOAGhW15m5%2BxdQZQsnGHBXB7DDMyHXmWsB2YhgGuEVdlUbBsadz8lBGg%2FeG%2FIUtOpZ%2FMm612j7%2Bz6q0cSxJt89w7uaYm4qCCcz1R5uVdpI0ISG"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 29 Oct 2025 07:17:41 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,6dfa297484955f85d7dcead242dad35ad225ac5561ec8d745ab5f38d8b604ea5
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf23ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2401
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 addtoany.min.css
www.kelacyber.com/wp-content/plugins/add-to-any/ 2 KB
907 B 113ms
107ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674da6b2-644"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=97z4scsMTxq2PbNNHL2BrwLiAQl8WHlZJooH7SNBrw%2BlMCpLeGvSu7E%2Ff1ixcgNMbRb%2B535YXQxBIVYWraaj3elRZBgOEZkCcPmVTin6qVEKIKuIiWY8Xi8xKzpbGglUyVPb"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/css; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Mon, 02 Dec 2024 12:23:14 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,941a19f819045ed3ab3c710c9867984dd28982110e8b11bfb56855187b39672a
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf24ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 jquery.min.js Show response
www.kelacyber.com/wp-includes/js/jquery/ 86 KB
29 KB 117ms
111ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"654bb919-15601"
age: 922749
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDlRsmZYBLW84XKVZ9XBe%2FUvGzUdjxki%2FkIXBR2cUIykN2muxzUTDlnX1u1DZ%2BJ4IZ2t07nAJJqI%2BQXEIkOjvOBMg3Oh6WMGp1Iw0SAoDulalMjSsJm3wM8fe%2B4KVL%2BXasPn"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 08 Nov 2023 16:36:41 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,1036a83d1095b28259ed979adf600947c12e43d4c347f75f39963e9fd90d0244
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf25ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 jquery-migrate.min.js Show response
www.kelacyber.com/wp-includes/js/jquery/ 13 KB
5 KB 122ms
116ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"64d8f57e-3509"
age: 727959
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2ktFxzvCuDORMy4xNGi6pnnI6TMcYznZoqMZo61NTsC5I5%2Fgx%2B3IIBgfA4tyTdQTVZzggbsIZxTrH5sbuEGHg28CNs4mBK6%2Fe6liqejhZdS3hwLsjkyw4jeEAdoIYbaomzt"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Sun, 13 Aug 2023 15:23:42 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,5c6e5af996fb10cc299052017d1b00d1a9bbff17cf6651d72341c444d66f2983
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf26ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 chosen.jquery.min.js Show response
www.kelacyber.com/wp-content/plugins/gravityforms/js/ 28 KB
7 KB 113ms
107ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/gravityforms/js/chosen.jquery.min.js?ver=2.8.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73881513a7e7f8944a311bea8e80e9fad946e256ae74d62b5c8d469dc6df0186

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"65819089-71c1"
age: 838435
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skSzAanKsRpe89XIF7aFQjFtbsdSf6LRImboRkuoGI0%2B0%2BAtNOhMlkGaB3VPZrCilXF%2FFQv7sRS0urfsNqYvFrLlyltnnrv4j42bjsWqvTevfbn3NsashzGob7x1WBIj1HM0"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Tue, 19 Dec 2023 12:46:01 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,2d42c6f5e519949df0385a96ecf2869c804c4d7247c8348c4576f6c37ff2361b
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf27ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 92ms
44ms Script
application/javascript 172.66.171.172
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.171.172 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcb4248858836c831fd9ab8fa4c5a8fe0b8cd038c804fa6cc44a5e9004e163b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-accel-buffering: yes
content-encoding: br
etag: W/"dd9c934d8cf51a92e622ab2f377d1ee1"
age: 28632
cf-cache-status: HIT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lrRs%2BiicCkQ0C07p21cqCn1bkz6V7qT1f0nOH8lVs5WGlsmGlinXaVoj2DjgGho%2BFJEtILjvMIAV1aKEm5f7t%2FAE5LEc%2Flx4KjJAa71SEczf"}]}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400, stale-while-revalidate=30, public
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: strict-origin-when-cross-origin
cf-ray: 99c0d23e790a09a3-ARN
access-control-allow-origin: *
server: cloudflare

GET
H3 200 addtoany.min.js Show response
www.kelacyber.com/wp-content/plugins/add-to-any/ 129 B
796 B 224ms
223ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674da6b2-81"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dNRxsASe299jxLr9By3AEp97nnCDnI4IvS9RCs1xxwQqS83iwEIHzdBgJMguNIYj3wQCNpdP3AFhZKmnqI1Z0QTVfN%2BneowdtrDXlOyIsHhT%2F3su%2FJazjF16Jn3HLlClfrug"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Mon, 02 Dec 2024 12:23:14 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,e447421dd67a51397a547ddb8c40580afb08a9560fc2fae4d1ae0806732d80e5
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e28a398f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 equal-height-columns-public.js Show response
www.kelacyber.com/wp-content/plugins/equal-height-columns/public/js/ 9 KB
3 KB 124ms
118ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/equal-height-columns/public/js/equal-height-columns-public.js?ver=1.2.1

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef437f0675a66e89179d7e4dac1b30b22afa04cb8c2066920ccc9e889f601af8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"665acab8-2366"
age: 1012937
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FEOIko%2FVXYbmpHijsZgwUs44bzGTsjwpiuIvrsfsKAqm5ujScacIrzpMhPdle7E%2BziXRLCvYmPMouOHg8Lra0UcgcU9kY7cOTvl0oMXgS454nNt5v7uBk8ibraImRoeBc85z"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Sat, 01 Jun 2024 07:16:08 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,a32a883725053f9ef11e20aaeb3c6c9552cca88497b03043d3cb1294e4d371df
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf28ad45-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H/1.1 200
OK 201778.js Show response
secure.leadforensics.com/js/ 16 B
321 B 238ms
63ms Script
text/javascript 4.158.108.63
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://secure.leadforensics.com/js/201778.js
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 4.158.108.63 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 732a7e4bf2481986cfa3a74b2dbcbdbd5da962c883499cab4c6a197a4b5d30f8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

Transfer-Encoding: chunked
Cache-Control: public, max-age=86400
Content-Encoding: br
Connection: keep-alive
Request-Context: appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20
Date: Sun, 09 Nov 2025 22:42:05 GMT
Content-Type: text/javascript
Vary: Accept-Encoding

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 203ms
69ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A200%2C300%2C400%2C500%2C700&display=swap

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8507b2353699e4e5dbf0ec36ce7aff3e1e0ae500236171164b0cf752dd9d420c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 09 Nov 2025 22:42:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Sun, 09 Nov 2025 22:42:05 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 Qilin-1760015240109.png
entail-assets.com/kelacyber/fit-in/680x680/ 21 KB
22 KB 241ms
79ms Image
image/webp 2600:9000:2104:e000:a:45eb:ebc0:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://entail-assets.com/kelacyber/fit-in/680x680/Qilin-1760015240109.png

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:e000:a:45eb:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

f922fa3421c362546fd3d03ba919cd348801211732206188370f3d30c6566f32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

age: 1239752
access-control-allow-methods: GET
x-amzn-requestid: cadccf52-5f8a-4b75-ac5b-cd70bd8276de
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: qWFngEYHY2XgQOZUVygG9NGndeO_ueZx0BAuBG9N08CPeCweUzd0Ug==
date: Sun, 26 Oct 2025 14:19:33 GMT
content-type: image/webp
last-modified: Thu, 09 Oct 2025 13:07:21 GMT
access-control-allow-headers: Content-Type, Authorization
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cache-control: max-age=31536000,public
x-amz-apigw-id: TDwecF44joEEN1w=
x-amzn-trace-id: Root=1-68fe2df5-4a60f633400a73a306a1e73c
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
via: 1.1 609487f3e9c1fd7ddcc7b01d9818bfec.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 21742
x-xss-protection: 1; mode=block
x-amz-cf-pop: AMS1-C1

GET
H2 200 vendor_react-bundle-3fb70fab.js Show response
cdn.entail.ai/client/static/ 215 KB
57 KB 232ms
130ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/vendor_react-bundle-3fb70fab.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10fc2b9136101082cb52c8b2b31b4108369b3193fde400e98568d7981d2607a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"4277b3b82c57b0f71715021a631bf0bf"
x-amz-version-id: QhHWxXYwSNzJ8QdsCUgm0mo_mnz3KFZx
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Kc9OxL4kMWkYs%2BhLYP6iAwV8%2FbJvWUqK7LnZuZyUqTkfqbDA9WVmjZIrC5dpgOsH1d6SPcASVSkxQtOdHgsJBayk4vkP%2BidtC0w3xlPaeSc8tZ%2BdWv%2BgUg%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: MhUT8Z3i9t8w2PV5DxA7sHZHojKPEBnOpoNWsk9dAHGt2pw0LxELwg==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)
cf-ray: 99c0d23d7d2d75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 common_app-bundle-23579c2e.js Show response
cdn.entail.ai/client/static/ 222 KB
73 KB 230ms
128ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/common_app-bundle-23579c2e.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb66e4b0d95b22bada7c9fc30e988c2c3f553ce4c48fdb45cbdd429135e1e5f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"0c14384349975aa92e2ed1b2dedcc4cb"
x-amz-version-id: vN1QH6DyAwa2F1D3XaqLBFgjWk7Atx4J
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=h1PCQJePdQHJCjPfwmjwWEa%2B0mc8NOiMmtdhIilENGok9s72oa1I0RqPn%2Bw55q6E6qXa%2FsRSrB69PWSdOKV5%2FkCG0x747xrXnb%2F%2FRNrFKGAMHmryQytZSA%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: FJMVd7LtDlipBZoslLVaxu-EwEIAxC_kxEmCfZbRQDpKOmlhAk40Qg==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:25 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 296d9c953cfde68911b6645bdd6877b2.cloudfront.net (CloudFront)
cf-ray: 99c0d23d7d2b75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 client-bundle-d63b5faf.js Show response
cdn.entail.ai/client/static/ 206 KB
29 KB 231ms
130ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/client-bundle-d63b5faf.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f97a02ce90a4d1bb5b9af8dae69e6d255001ca746162eeecf544e9f773b6eabe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"23e9e4922cd0f1477059b4050afa7675"
x-amz-version-id: Bz5pbNboAaRGWMGCIsu6mr63yCl5_cMF
age: 373642
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=S%2Fz%2Fsig8%2B7r5o3SN3%2BJjC3w8iGZ%2BY0BKj4cyIMLFfoTlFfGRCNKEgwipgrkCI6BctA%2FxYSmGwB2lI1ylJBgudD1hssBrn%2BT8imBgcRQez2U66yQm%2BIa0Yw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: wkMS0WlLjwPt1M7fsIRPK83doSvljn-QAql0dmc3z54aj_9UaD0oig==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Wed, 05 Nov 2025 14:46:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 c76d87fd83a704b78afc1028fc7bcea2.cloudfront.net (CloudFront)
cf-ray: 99c0d23d7d2a75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_transitions_utils_js-node_modules_mui_material_utils_useFor-f7d06d-bundle-beab1ef8.js Show response
cdn.entail.ai/client/static/ 6 KB
3 KB 233ms
132ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_transitions_utils_js-node_modules_mui_material_utils_useFor-f7d06d-bundle-beab1ef8.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddea593777eadb98712f6f8e1197ad439b4a07b0ebde3bace480a5383412729c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"af808307b8fdef13b8e7c03f56a0467a"
x-amz-version-id: R04wW2JkkTWf_eMklNSOyOXydUSFf6Hh
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pH02R7yVlM8RW03Swz306MwKS4KsXFh5W3NhlIApurnYHGRkbLKKZ2IReYAyd0diUBafotkaGij5ctCcLO86fC8ezUq6j0sQOXXysQm5bck0HBdgNlLCgA%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: KpW-hQ8lNZFWiGkDxkTLg5H_WQe3eGFT-UJlZ251Cna9GXJlS7GgVQ==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 115d56d751589aa02dcc0096dd66b552.cloudfront.net (CloudFront)
cf-ray: 99c0d23d3cbd75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_Modal_Modal_js-bundle-fda4c3f0.js Show response
cdn.entail.ai/client/static/ 17 KB
6 KB 230ms
129ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_Modal_Modal_js-bundle-fda4c3f0.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69647743ee6e1175af203cb2a8ffa5da64e833be8c08875be48efec4ca4ae0aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"7add98a3d0e3cbc6ec2552643c876db4"
x-amz-version-id: Zvk_yxEeWtF11nSojrnRB4SGucmharN9
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zcEyuFTCG7cPNLGgi%2F3NLTl66b4PUqKSIEad%2B9%2FUfd6KZ17IgYYpYB0FSRsh4v14S4hRW5s0Zg3WwZqCphKjqMBv0ZoCMEGKKPEHoZdO8r5oqLHiVpf%2F%2Bg%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: svcgeeMmdISXwO3Jvht7AgaAErb-qRDrzogjlRaJjiKL6odm5AsBFA==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)
cf-ray: 99c0d23d3cbb75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_ButtonBase_ButtonBase_js-bundle-be944e30.js Show response
cdn.entail.ai/client/static/ 11 KB
4 KB 190ms
89ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_ButtonBase_ButtonBase_js-bundle-be944e30.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e04e2de1b4d82b19d2a252bf4470c213993651bb778309b19a1e6260e1b7395b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"3e11f9b5d6a64b3cb631b21b261f37e4"
x-amz-version-id: ugzuAURRcGM0O4Q6RoYBfrdwodeuj184
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=O8vMhHFLDQuwdvyDXtE1kQUMqQvOJyZOOKj3JesupU9eqsjFi49wWrtZ4Qco0z8LJE1ulx6rV7pmbLzamcRi8nRT1%2FMygMn18swUTksE0giL0NCALdXQdg%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: YPbGMKQc6iVcfzPk1bOCRNov5fY5zQlfMc93ZTX9UKXk_X78n702_A==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 a1883601a786b7317faec0d94ef154f2.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1375a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_Button_Button_js-bundle-5657cecb.js Show response
cdn.entail.ai/client/static/ 8 KB
3 KB 187ms
86ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_Button_Button_js-bundle-5657cecb.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3adee07e833cffa77d2b8d1ff622f33d36f2aef189a35e1cc7e985a80046f374

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"3a4e2fa589c04ea62708b3258cda00d1"
x-amz-version-id: 7ZKilYrZU7t9zmNb958o.DhOW93uSMMT
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=k%2F6sBLttD5EMpKEacj6kHSgfcb4CMDJKAdb1%2FNn85wZtC1fqP51UjjioTABzvyDkVc5US%2FmiCQrc%2BNjnSQhE5ng04oBZAzQWYUI82aQ%2B2gpBtex8PY9xIw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: ltU2lCgxj0WEFG6FF7VPd9TV3I5hPrThvaeIpuaFP2dBDW3Bj_Z0Hw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 f803b0b1a33d6ee945ec151c2ca0acaa.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1275a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_tss-react_mui_index_js-bundle-cdf9e453.js Show response
cdn.entail.ai/client/static/ 53 KB
16 KB 190ms
89ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_tss-react_mui_index_js-bundle-cdf9e453.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04aa3fe56d508d1d8c04fbcafbd4a65c05d1364f60437039ccca369ac8469f72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"480669db362979b0b450983bf0bd935b"
x-amz-version-id: j5ZYdB7VnGbIczK6mBoi2GIMeZ_PEiLE
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=y8p5CXhRqXLQJh2VRENGgbjitlcmjWAoSl56RuIXhcKhxymSzRPliIrFbv8VpMi3lWU2oTqJazqTY4EQ7MgbhhV4kEExUfMcBUXRv8pzFRFdFpSrWcWq%2FQ%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: 6FmDF8XiFNie25BvKayG_LUcWoHeyD0ts1K7NSJ0UJXqe5CCTDQTrA==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)
cf-ray: 99c0d23d3ca975a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_Dialog_Dialog_js-node_modules_mui_material_DialogContent_Di-dfcfd7-bundle-7243f01b.js Show response
cdn.entail.ai/client/static/ 8 KB
3 KB 191ms
90ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_Dialog_Dialog_js-node_modules_mui_material_DialogContent_Di-dfcfd7-bundle-7243f01b.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfd65a286474d307e6fa40011a00a438728f7d4f2ac25235eb67442c9bfe706e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"5bd2b7b6398acb03d9f0af5c41336827"
x-amz-version-id: cKlnEhfeBYBcruJd68UU_K_ecSwNl3b9
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1jojWopxsunE4fOX5ZE6H9Se0Null4qdi9VaFSjJf0F2LNZPU%2B1rQnHrJvY67WP2VgTUJCUWisSm3gZTtAhMO5lFlVuoaDNPEzau1wpr5Ky8uDAF7H5DEw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: pLrjHw_u2wLkKbA4qlfrwoR2EBqiZ49pTUb9TCACbBiaBrgz4QY51w==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 471577f2b3efe669f21e138a1621a8ca.cloudfront.net (CloudFront)
cf-ray: 99c0d23d3cb175a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 modals-OpenLoginDialog-bundle-e9b6770f.js Show response
cdn.entail.ai/client/static/ 26 KB
8 KB 230ms
130ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/modals-OpenLoginDialog-bundle-e9b6770f.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b832e38bdca15fb951b1141b2e7022dc75f17b7635323edbd7cfb44447bdac7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"5e87490c24ed6f66d75596dc3f70c538"
x-amz-version-id: I5ta65xIylr43tdyQ5gIBGD3RYKLOpG4
age: 2205137
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HMacCZQhxnxxcFidw0Wx%2BW4Tf%2F%2FbjA8jPF7cfwJHUnrFVxD1BH0zKCuhCtHbKYHw8LUPp%2FFtEAb0utP7mNUTCwyYMdeyU5iZezMsZDfLTwriF3oAeVyKuQ%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: _laJUnN1INMBZvZFUapfe6M2SMa6iHJw7xZ5zV-HSPn4Nld5elcqIw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Wed, 15 Oct 2025 10:00:34 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 296d9c953cfde68911b6645bdd6877b2.cloudfront.net (CloudFront)
cf-ray: 99c0d23d3cac75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_SvgIcon_SvgIcon_js-node_modules_mui_material_utils_useIsFoc-5d12b2-bundle-37f594f0.js Show response
cdn.entail.ai/client/static/ 4 KB
2 KB 225ms
124ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_SvgIcon_SvgIcon_js-node_modules_mui_material_utils_useIsFoc-5d12b2-bundle-37f594f0.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6ef2ac7a901a490ee95d31a49902f465c3de32bfe36e7342bfd801584ebb051

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"c93583e8dbdd3a568fde111a4231a00c"
x-amz-version-id: rrGkjQkgXDNfvYonXWglbj9LEvDwzq3M
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ucJt6GfmuFC8lPqPf6K1WGnCk7slYYD9TV1798OnIlNqhQf4cRuG5ZtnKE1k6hQjyycSZVX%2BGSD0xQrJ%2BPHStfGBKlYS5jcgDOI9LJuE2Lw1V7Lk1Fwyqw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: S26OKtsf-Si1rrAhZ13HImlGkrClpCsSEEqEKGu4PXGQLunQ6SLqaQ==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1075a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_Popper_Popper_js-bundle-e68fe0f7.js Show response
cdn.entail.ai/client/static/ 24 KB
9 KB 227ms
127ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_Popper_Popper_js-bundle-e68fe0f7.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8fca04fcaab0cc2c72c6cbeec0dc4abba6f49b1763672e8535a9cb569db538f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"b5909ff96a005e5091d72fadd7c1be81"
x-amz-version-id: qdTGhfLdkfgX9RamRrVRBR1A36HcChZH
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YPLbyooOwlgu0HxVJ0AJTys1xNApdX%2BJz7yqtD6lOX6FQGofNQn1cNXMIX6bpCCuYNL0OCE05wYINe61EAjNrNzPCi69vP7%2Bv6n2SLea5fgw0Iw6M7TlNA%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: Hqp1k1psrd9lDu2LXiBd3AX0q8lX4aMwj5KlxxxWKI5geV3n4cnoFw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 2cbf148f6c14a1a6f56400dc9dc76f2a.cloudfront.net (CloudFront)
cf-ray: 99c0d23d3cb675a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_Popover_Popover_js-bundle-f030afbe.js Show response
cdn.entail.ai/client/static/ 9 KB
4 KB 231ms
131ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_Popover_Popover_js-bundle-f030afbe.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bb7817cc0cbc70cda7d23e36394b9894fb3d58340e938da9f2958a2f69c4d91

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"d3ca1ed5965b20f94e19c8d025b963d2"
x-amz-version-id: M.Q5wFt5zvlTVvII8c0ZkGYZR4PiYcEA
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=NNnpL9biItHcCPbraAi9M3%2BsjEgDB977nAM4Tqy2fpWy31xAJYsbtIthiNrM1l4Kb814gyS6BkxBSNP6x37iP1GZfx4aSJeAurOyatpDguEMOZNv8l9uow%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: YssnsLyU6qrra0-TvQTllUlAKLcH2CSHelY4V8bBqoHzEw2nDapHZA==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 d009c4305a73ef1e26138117423d6076.cloudfront.net (CloudFront)
cf-ray: 99c0d23d3cbe75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_ListItem_ListItem_js-node_modules_mui_material_Typography_T-9d7b7f-bundle-7b0288de.js Show response
cdn.entail.ai/client/static/ 9 KB
3 KB 192ms
92ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_ListItem_ListItem_js-node_modules_mui_material_Typography_T-9d7b7f-bundle-7b0288de.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e7f94f8534d3fa8918b352d3c8596ab48f626663180acd8a4631b3484b82f3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"1e21af0e9a0de900ea38630a8583dcb9"
x-amz-version-id: ahevEVZ5AYbbYYyaZmconcHX64Pjfu9x
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HdmqhXbsCt1UPtxQpMXt8d%2FRjjEnOlAtSkIMOxUixUBL723mtEAkK4QGZdTfKalc72oZtFIIAnGStTckKRpu9NV6FKr7JOgszIVTBV%2F%2Ff1J%2FfaM5LkInQw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: IsZE7qXcz7cPN3QxnIi2Zvl8aYmXUBF9yE9rSosHN_a75s8ybgMCew==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1775a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_Menu_Menu_js-node_modules_mui_material_utils_createSvgIcon_-5c0a8d-bundle-e6593cdb.js Show response
cdn.entail.ai/client/static/ 7 KB
3 KB 229ms
129ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_Menu_Menu_js-node_modules_mui_material_utils_createSvgIcon_-5c0a8d-bundle-e6593cdb.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b6ce39c9db492e3ef1603f2f2084b45ff79e43592b0f96ddc0b8053861a8934

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"5ecb46ad3109b5acd1a75ccf467f2d0f"
x-amz-version-id: Y5L7Mp5.iGZVPk6sM2V2Yk2vNiEohsXz
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=60EbfqcaMePIOlCws3AJFFgkX36WLXPyFsrPSTgX74YD8VANq4M%2B082R0Z9CQEYU7yzCbtb%2Bq%2F%2FfgGQxFwZKR280e13IqCzS1RwEp0D8Qdl5Ly%2BRcksRbA%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: WV0b7bBp-ZgxmeI9ZWforL_rz0aIihHJVX5COVvwJSU0itXqckO1Xw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 296d9c953cfde68911b6645bdd6877b2.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1675a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_TextField_TextField_js-bundle-73c36768.js Show response
cdn.entail.ai/client/static/ 43 KB
12 KB 230ms
130ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_TextField_TextField_js-bundle-73c36768.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1ab1dd991fa40ddfb11d2f5ee9d664d737c32915bfd28bdffb3547e61a64e1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"53a1b55a47ee5a71aa5717778c5f519d"
x-amz-version-id: lgvMIkRylYUaoIG_QbtU6bJjXPvzSWLs
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pSMSdQSIZGXZuic%2FwBIMsoaqv%2FwbzbkaUM7RbA3bGn1rgElc7%2F9Qs3abXCMJR6zQOQzxo21q%2FI4vg%2FRVv1HyTVlXI3hZ5i2PvB2BiL1X7xjfJWYkAI67dA%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: XkMtRXvZltQlszF62BTCHJ2fQmGmMkH1VT51lSNXUdBLtRLSR-LBnA==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 f33514300fff2b9161f119d57e09b528.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1575a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_agent_agent_ts-node_modules_babel_runtime_helpers_esm_slicedToArray_js-bundle-73efc17f.js Show response
cdn.entail.ai/client/static/ 68 KB
20 KB 231ms
131ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_agent_agent_ts-node_modules_babel_runtime_helpers_esm_slicedToArray_js-bundle-73efc17f.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5258e52b9822697abe7eb781ecc3b4fea7358495f2434c62f4bfc9040443f187

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"68a927841e268f77daffe563447ad33c"
x-amz-version-id: HZMEYZSLaUtn.vjl.8L3.SiN7a71bCks
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3ip5z7TuISoJC9eZpDMHtpBjT8NSDvyrvtJ736%2BxfB%2FFJ20qD3eFCjHu%2FkDbVTtL%2BUtQbymPfXDkPRiZMXyS4W%2BkwOCI8vgxWiLZkasmA2jDlcHfC%2FVMxQ%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: Bo9wVihHPD3YxjDzGgpxevnKv6skkPPFyS0as0D0r4gW0Egb03_c1w==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 f33514300fff2b9161f119d57e09b528.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1475a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_lodash_lodash_js-bundle-48e1f00a.js Show response
cdn.entail.ai/client/static/ 69 KB
24 KB 229ms
129ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_lodash_lodash_js-bundle-48e1f00a.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9cdfe7d6925d13375d33fedeef317b66e112e902aa5310db4718ddf0eafa221

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"581a4158ae09b13310347e89918bce97"
x-amz-version-id: NoZFu3PILDsabzeTo08JUu.QDjXds0p.
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=PpbLW5OhXIpmrsSQMbDSVyr7nBFM1coXSqUlURRzIYpm%2BWeHU%2Fky5yRNTFXfhO17012ShHjWs2moenuwCjRh4F9EXF%2BDzEG0oz9gAdAohApoSXW3ArLnzQ%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: Jn1RpPlVX0qO9OrG3A7_VZWyFR_uJGfwQ4jYf7WPcFY1RnjJNA-YAw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 1d542b221a74ce095eec8b4baabd68ca.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1c75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_system_esm_useMediaQuery_useMediaQuery_js-src_client_components_SNDa-b4a0ba-bundle-bec99895.js Show response
cdn.entail.ai/client/static/ 7 KB
3 KB 230ms
130ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_system_esm_useMediaQuery_useMediaQuery_js-src_client_components_SNDa-b4a0ba-bundle-bec99895.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

407ebd07ddc620a40bd1512d326b4530f1e0a731e330d30af0e317ec85c5566c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"e793375df6fa004cbd87ba1ab989ba6e"
x-amz-version-id: Y_AI6PzZh5zXscuBZs_a0C41GInZbVdd
age: 2205137
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=UcOMXQjkNGQASTTGrIlGYr7%2B%2BcDw%2FvVRpB1HXT6daX6ChFjCUOkg%2FKUwAIfYfsw9dqYpsTtqc0gP5Y3J7tliaklqclz64ty3Y1dATATiuxE80Xeh1noOrQ%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: iBzv-MKKUi-5j2oPDXV1xjhzStyd8egarVB_U7xr8wOtvMB6NL_Z9g==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Wed, 15 Oct 2025 10:00:35 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 ff51bc3614c373d274030fe4ca1a34fc.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1b75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_icons-material_utils_createSvgIcon_js-node_modules_mui_material_Icon-5d705b-bundle-41074afa.js Show response
cdn.entail.ai/client/static/ 160 KB
44 KB 190ms
90ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_icons-material_utils_createSvgIcon_js-node_modules_mui_material_Icon-5d705b-bundle-41074afa.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c60dac2533d3568fd5fbc6a1afbfa46bbe803df1b506c76a9292d739e07f94ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"79f18c5345ba274d7fec4abeb6a7b090"
x-amz-version-id: _G8yybRRMCFWSbFjOTxAHZbxjlyfCT3k
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=h0RIWC%2FjOJ7ZsgCcqsRjsGtacbMrcnBb1K5tiWCjR7A6OIyqp%2B5HbP%2FV4IH4uYnYd1gTGUFPeWdsgyccmLS9eCzRsbtAUIfHiL8aQfIRlzQcmImn2jdg7w%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: qg2YLw9l_tMVuipq519rUUdltbo8_3a11NFrxGqj_zE14-5j2SCfsQ==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 471577f2b3efe669f21e138a1621a8ca.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1a75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_components_readOnlyEditor_SNReadOnlyEditor_tsx-bundle-aa8371d7.js Show response
cdn.entail.ai/client/static/ 200 KB
50 KB 224ms
124ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_components_readOnlyEditor_SNReadOnlyEditor_tsx-bundle-aa8371d7.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a1bc48dfe3eac4adc14df3d54053dc2148cd0225523f289b24b3782d4383006

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"5d56eeb6a00ec4799c21d33de107dcb6"
x-amz-version-id: eQ3q5NTMFZQTWRIWhbFVEQGefhQZpFkV
age: 483373
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=eHdD3JPYQFy7x4h6TW5deuksCl%2F9zzusjh%2B1lFcSweEaVcqCKHz7xbtuowmUY7qw3cDYwW4kjnPP5KbJJFdnelIqDdrBSL5pi%2FGki%2BsZUTX6T1%2BabTMTCA%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: uMg7bOajRCGm0HJn2j8M2-XZhHS00MxHySivlc2xwjLm_pws8tJtrg==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Tue, 04 Nov 2025 08:20:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 eddbc5f97ff2aa6a4fb8714754b065e0.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1875a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_components_SNTextLink_tsx-node_modules_moment_moment_js-bundle-db14a063.js Show response
cdn.entail.ai/client/static/ 110 KB
28 KB 228ms
129ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_components_SNTextLink_tsx-node_modules_moment_moment_js-bundle-db14a063.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f952e19145e563a2179a622d3cf5ca53a93476c8ce1f41ffaa097232cd13652

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"46a3e60563938ef3fc4cc8d88b293098"
x-amz-version-id: z1C.Kvbdzrcw.jpiBs1U52k2PcbkHIKF
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=y9baf7rHTxoRBsiwbGpwUr1MZOHm8U9w%2BOq1ewpy6cPtiqAYu7twtmVkIhs94CYcyn5rnw6J%2FlSVofDiQe7kpd7rhsjn%2FQ8HeNwbr%2Fo6n5lLNK6B0bW45g%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: _XiyeMleESLNvBGgvdSJfY08hnr9OnhsP5TrEeHaNiI83PnnnA1TfA==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 d009c4305a73ef1e26138117423d6076.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d2275a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_Tooltip_Tooltip_js-bundle-d167fc68.js Show response
cdn.entail.ai/client/static/ 9 KB
4 KB 229ms
130ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_Tooltip_Tooltip_js-bundle-d167fc68.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0444b05e79e1f0443803d1f676fc9868ff1263cfb918ef42f858c71b23d689f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"15c97ac916cc9deec6a23d679e0303cc"
x-amz-version-id: NXYJhslpkj7F2Cx2t92Uy_hawJD8lh7g
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dowWr%2F7t1ewhkl%2FwN2kAkUEMuZmU9craPhhi7HA3J8tSzHl85kzajoSO7keQno9yg0h6stpGyopEHda6baElcGdV5cG0zVI%2B86eHpnzeeBEcYrlHHY%2BR9w%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: NPa_JWqXODrADghX_DhBf6xTUgdka9LJWmYFIF68BeA3VJKvXp6wtw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 a7b25290e9400fd200644534ae04f210.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d2075a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_mui_material_Avatar_Avatar_js-node_modules_mui_material_Tab_Tab_js-node_-b2d4af-bundle-62cad554.js Show response
cdn.entail.ai/client/static/ 21 KB
8 KB 188ms
89ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_mui_material_Avatar_Avatar_js-node_modules_mui_material_Tab_Tab_js-node_-b2d4af-bundle-62cad554.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afb8375c05a4d7d71b10ae2bafed642b733f9bf8e340a55c72270f149749e0da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"9c8578a4f3110777ae992630b9713aa8"
x-amz-version-id: miKje5Z8.KUJO24mCzpblh_hE7ov1C5H
age: 4540932
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MAryAluGW%2FqloHIpZG0wTuDXAPuPeDolm06Ie31W9LBoJbaWR5KfcuENwFOQtnMstFooK6iHzuZpLB3oI8CJBgdVdBSZwnvUpI4A8fozvYTRQ6fWaWqMEw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: X2R5Y8HYSstVVN00fyk75STEN28nfkbJ8zK6FJo1Zy-GfGN-mPcOaA==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 fdac35835bcf0937b6f910eeac10720e.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1f75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_components_googleAds_SNHorizontalAdSense_tsx-src_client_components_googleA-c64db9-bundle-5066fb8a.js Show response
cdn.entail.ai/client/static/ 9 KB
3 KB 186ms
87ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_components_googleAds_SNHorizontalAdSense_tsx-src_client_components_googleA-c64db9-bundle-5066fb8a.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09c4148f6788bcc3878f6c3a3f5a4d26e753a3b3d7addd0cd16b4e268b1f994c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"3a204bd03e8cd486b027ffb4d036a623"
x-amz-version-id: VJ6FXzMpqL7I0bW_4WYVTab012gF_Dh2
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=BobcvYzAKhBR%2FLi7EcuoKydM%2BIvL49TO2gCa2qIkxwvIErIx0fOm0taI3ep3eoK4vwm3fdxi4fXDPIy%2FyH631rpyVWtq11mu9pI6bCxtMc%2FYBiJeXgzWlw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: 6h6fn2izFYVfjMQfWn97rwqYEp64ffL4dUOmzOtKweQn8PhRYgArfQ==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 a7b25290e9400fd200644534ae04f210.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d1d75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_components_SNButton_tsx-src_client_components_ads_SNAdBanner_tsx-src_clien-862c99-bundle-fe289b3c.js Show response
cdn.entail.ai/client/static/ 10 KB
4 KB 230ms
130ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_components_SNButton_tsx-src_client_components_ads_SNAdBanner_tsx-src_clien-862c99-bundle-fe289b3c.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a6bb39ffa135f9a7a9d4647d12d1c2a4be49685545e104dbeabad4cbfa3fd14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"b2afa5641de58e30f796843b3e427bff"
x-amz-version-id: vr3P8LyT5xYNtLHPrMrJTcWTVpUJQJjK
age: 4541285
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=s%2Fd8UltVahOa48dpyyaGEi0bFas0Eu%2F78vJyuotWOXXZbk9IDGstbwjEmx9YohfuZ3592tcQWOuhkV9NlYB4KHttHKqG%2BauEtTCDAGOM8V6SDX93mTKPaw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: EUopVGW9Lo5MgFCRDCvXGBC6-HHoZINSDVgRQUp8dQfTEh4i2q-bYA==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 3346055bb53a57ebf02828b88e1ee87c.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d2675a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_components_structuredData_SNVideoSD_tsx-node_modules_react-player_lazy_index_js-bundle-e775d86a.js Show response
cdn.entail.ai/client/static/ 24 KB
8 KB 227ms
128ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_components_structuredData_SNVideoSD_tsx-node_modules_react-player_lazy_index_js-bundle-e775d86a.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cdc0ae3733377992e0c0e8a7f9e040aafd21ecd2210e58720bbb30d0be5a01e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"bda066ab5b1f7253be5d9d8ecce3fd65"
x-amz-version-id: 3.bNaulpGTSlhOU506QNi5JQTHWwhlBM
age: 4540931
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QyFX0ZlJgj1xFofJiRglIkBIqFqGS2x3elbEsV0GtLRzcdvR%2BtYpR9MzqvS%2F7o2uabJzDlrKCWELLzVRNVWw7yeIZiiGS8Fp9m6C1Yp%2FsfAnSH%2BwWdHosA%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: 1yvUZohgGqzP1O8p3jWTLk9dTl3RWWZNJJzj_VcP9Qqtj71sv4bKOQ==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d2575a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_components_SNWriterSectionTooltips_tsx-bundle-825ae1fe.js Show response
cdn.entail.ai/client/static/ 13 KB
4 KB 231ms
131ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_components_SNWriterSectionTooltips_tsx-bundle-825ae1fe.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47ba98f2cc73558d6c356850b152234814d660f2f85c30875de8add5b95e4847

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"a04c4b9ecc751b00817bf71a72bb3fb2"
x-amz-version-id: XK2mTVBY.hJg1QJSFwqeeuGQShN7Eiio
age: 1506504
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=88IBjJzwYhPOZfOqKTCqjB7I16e1pZDe7nRjA9c61a6%2FrraNscG2SE8sDX05MC64ifWuADOjtHUiAYWl48BtekfaMv8KlYCnOy3cD6yWyQs2aIdEOqDYhg%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: 1jxhDvAhMxzwMbOiQWR-NSZCTBHZ7c1HyW9KLWnNPJjc8UW8dMnXAw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 23 Oct 2025 11:50:40 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 283a3ebaefd33728d45267e54657c3e2.cloudfront.net (CloudFront)
cf-ray: 99c0d23d3cb875a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_components_SNArticleMainMedia_tsx-src_client_components_SNPostPageTitle_ts-7b38fe-bundle-d146679d.js Show response
cdn.entail.ai/client/static/ 14 KB
5 KB 227ms
128ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_components_SNArticleMainMedia_tsx-src_client_components_SNPostPageTitle_ts-7b38fe-bundle-d146679d.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fceadb4786bb45e66c56bc5bc772b4cdc6586bcceb528e2cbd6259389a6b68ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"481958015f73086d78eb20f54dc0df33"
x-amz-version-id: W4kWqipQnuQ2uI.gJCuX8miGkn_Er300
age: 1518674
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TMoU6CR%2FRj7tZIRI0%2BOLIDNWG0rFQjGpYmepgGIWXHAWCuWqPzGk2dKYEwlxw4niQPWLGyZBTCEc%2BBtaYF0kZ%2Bgjieq7VAMbGREwHiU2xYi%2FkDwrleUDWQ%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: bnpPZV4Bx2YvxRVBRR-ye2IPu1OPd46c4XsdNtEysv64Q2jsK0uWfg==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 23 Oct 2025 08:42:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 917c6054ae6e10a98fc566c655129e8a.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d2375a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_components_SNFromTheBlog_tsx-src_client_components_SNRelatedPosts_tsx-src_-25be18-bundle-0f8ae5cb.js Show response
cdn.entail.ai/client/static/ 10 KB
4 KB 226ms
127ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_components_SNFromTheBlog_tsx-src_client_components_SNRelatedPosts_tsx-src_-25be18-bundle-0f8ae5cb.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ed013bcc692323f2df072715c015d550425a1bb0b69447c5d994584e96007e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"e49521343b63f51686c5d84ae7102741"
x-amz-version-id: Lot6CbNJ9hcHKO7mNMwL3vSGRow4Mkep
age: 3416941
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KwTGWlDNtljtbGuS%2Fm9EvQB%2BQmFWSPOr3BLrdirXYsfhrhtIUa%2FQF4qm5%2FCTFexyJ79NgB3RSHbUvGsigUIsjxTVHC8x%2FDNATin51eM06SKHyEAec%2BI8TA%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: GtIyuWT6yhNoRPJ2L0CAT3VIGo-V0cyeYb4C2h8JX6ppyZcB1LDaVA==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Wed, 01 Oct 2025 09:25:41 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 fdac35835bcf0937b6f910eeac10720e.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d2775a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_components_SNCheckBox_tsx-src_client_components_SNTextField_tsx-bundle-96d48085.js Show response
cdn.entail.ai/client/static/ 16 KB
6 KB 228ms
129ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_components_SNCheckBox_tsx-src_client_components_SNTextField_tsx-bundle-96d48085.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

659c2e36626a0b1d16727e4f275077c38a823d992129a249f0a40eb471b35dd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"9ee38cdb6c8bb9f072a608d749d6291a"
x-amz-version-id: 2FRG5eXJAlUxuqJtXxxXiTfwuTxfDs6B
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=8RUggBQF%2FOFMGWoGK02JaNgVoDagXnMaQQ9ifiN0ykuaEbeZMFk3kdCj%2FfFT4mOAzfPOlbY93ZCyUnIkypriM2DM6YivafX4GD2uoo5wyIrOb4FvR7o7Vg%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: q1vZmHKMCccUJYUcJGqdmbyjBZE5mHzzd8bKiPq86K2wQCqpWfMh-Q==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 d9ef81045d0cf909bd3143957da09138.cloudfront.net (CloudFront)
cf-ray: 99c0d23d6d2475a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_is-hotkey_lib_index_js-node_modules_lodash__arrayPush_js-node_modules_lo-1a0b64-bundle-d122da17.js Show response
cdn.entail.ai/client/static/ 9 KB
4 KB 232ms
133ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_is-hotkey_lib_index_js-node_modules_lodash__arrayPush_js-node_modules_lo-1a0b64-bundle-d122da17.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0582dbec830ff9f337d77cf29b231ed2ab8c018b729b4c4340f4558df4f79ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"4fd68dbe027fcda96beaa519e6407364"
x-amz-version-id: yrONtzFhj3V0td9r2ACwZxyFudFS3JmC
age: 4541286
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FaNR6fs9gaTMn0lMJPTURJ5cl4Ulg%2BnClpene6rYCaT6r5bkDOUjnIFKliLtdpL7h0I%2Bgt1EgSUkmW%2BhmQHIf90H9iovm%2BQ%2FSPvVBiwuBYqJ%2FFixqCecQQ%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: 3I5J07ZZrlNneVUN3_PIp2Mroe8KLfPoKrW0R7GXiK3MRZLAJBKViw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 c76d87fd83a704b78afc1028fc7bcea2.cloudfront.net (CloudFront)
cf-ray: 99c0d23d7d3175a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_pages_common_ResourcePostsList_tsx-src_client_pages_common_SNResourcePageC-c6c1cb-bundle-16f4f9f8.js Show response
cdn.entail.ai/client/static/ 14 KB
4 KB 222ms
123ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_pages_common_ResourcePostsList_tsx-src_client_pages_common_SNResourcePageC-c6c1cb-bundle-16f4f9f8.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45071dea7d625b8b9f958a11a47b98032b1b8f1732de73e2d94d6854a159b300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"ca5f0ec799479eb616e6ee64bee942c3"
x-amz-version-id: RJwu6WL5Wnh3WfrAiXhrw4CU6ZjxXmV6
age: 1251839
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xWaB5fUxdg1yi5Utq13o6eGkktG6A7pkH8DZIzPfYMErQgBRRdHWt4F1LJtBYQ%2FgnNQZWwEbvq9Czs9hh6ymec7N0ksHjRnK23LDNaF2aJlR1OsEIgYXfw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: ACRelJD43DW5hvGRaWNkgpqzxa6CcGnOrHcM5PbA7O5fEBbnk9vEUQ==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Sun, 26 Oct 2025 10:49:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 0f31cf94bd251bd501ac532dacb719fe.cloudfront.net (CloudFront)
cf-ray: 99c0d23d7d2f75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-node_modules_lodash__baseIteratee_js-bundle-35272cb1.js Show response
cdn.entail.ai/client/static/ 10 KB
4 KB 231ms
132ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-node_modules_lodash__baseIteratee_js-bundle-35272cb1.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b2450966658002b3f94d37ca29779294c3e720a6e96160152e71b6e781ed7f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"102e0bc9f0f610709709bfa8235a0768"
x-amz-version-id: X9BLK9x3kXhESoW.IsroWvSUb5o9iQaj
age: 4540932
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=jMLQX16JzquzTACTtMQE7hf77z8va%2FBFKkHjmitriyInKroUJ3fQAdbrr7HbUJYYefmN13TggeQ169j75qONOwFbiWxTFLntDK3c9AZvtsly6qzkz6NTJg%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: dEcwSGMNKMToC3o0Q2ZDcadm_ghgi_bkH29fT0mGj3urxEIK1uJ7rw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 09:04:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 d913eed4ff9d3ba68bce11280aa7e1b8.cloudfront.net (CloudFront)
cf-ray: 99c0d23d7d3275a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_components_SNBreadCrumbs_tsx-src_client_components_SNCantFindWhatYouAreLoo-99ea1c-bundle-b8d9c4e8.js Show response
cdn.entail.ai/client/static/ 704 KB
156 KB 227ms
129ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_components_SNBreadCrumbs_tsx-src_client_components_SNCantFindWhatYouAreLoo-99ea1c-bundle-b8d9c4e8.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b023bc20a7ff09c10900d90b7f44107934f4131353a77a938f9ef46460dfbc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"260f044dd46a46b868729d6aef0878d8"
x-amz-version-id: tcCWjzQKpsY9HB386O545FBkSLrpcxUG
age: 2106745
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lNCXmVafAgVDtnLI8xZExRhbmqu2cQs7%2Fiy%2BLjGKXEV5%2Bz0wj8tfnAcjRpAMbPhE8FLQ75iZKCADv8ejPD9WBcJQoSxVWYfWWk%2BsBTMbPnms%2B3KZrPjVQw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: LsVRR4lxi1WFK6hNVnlo4e1gwP44pUSEv3GrK06INy1z0ydceqSQPg==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 16 Oct 2025 13:24:19 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 fdac35835bcf0937b6f910eeac10720e.cloudfront.net (CloudFront)
cf-ray: 99c0d23d7d2e75a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 default-src_client_pages_blog_Page_templates_default_SNDefaultBlogPost_tsx-src_client_pages_b-e1c72d-bundle-1578cbba.js Show response
cdn.entail.ai/client/static/ 99 KB
32 KB 230ms
131ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/default-src_client_pages_blog_Page_templates_default_SNDefaultBlogPost_tsx-src_client_pages_b-e1c72d-bundle-1578cbba.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8eee91c71dacc4f823fac7d9569d03b7ee54e8a0aa39aa481b0a906c92cecdb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"54f2d92127452f8fdf9d7893e3642e93"
x-amz-version-id: fpkqbEtFaXXH2UXs3MX0uOjdd4mUMRI2
age: 1521552
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SNcVY6MlVOIbRwMugT9v6Ln%2BGRF9TeKl5cgMlFLbHAZF6yCZO%2Fxy%2FKQjtUDoEt7xmH7T5EfQs0PdQF9aDspgBMBWuSddUalfnLOgCKyH3IwcuBnlYcHzaA%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: KFzODj7MAAajBrczRZJT8wA1MZMCA_i82cPzqZmigyFE8KPmORZyeg==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 23 Oct 2025 07:57:26 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 a7b25290e9400fd200644534ae04f210.cloudfront.net (CloudFront)
cf-ray: 99c0d23d7d3475a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 pages-blog-Page-SNBlogPost-bundle-25a01426.js Show response
cdn.entail.ai/client/static/ 983 B
1021 B 231ms
132ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/pages-blog-Page-SNBlogPost-bundle-25a01426.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40671a428065f8aca3dc88c58a95c7ae185b4004cacb06e07e375837247b6410

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
x-amz-version-id: 2uwIGGsZA0DbhTljeXPpLqY9lQetWuRf
age: 4540017
etag: W/"593ad49b7f371cb61db4bcd744ce4851"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=JrGA1NtNaEoFhK65fHNmvKRgo6AzYS1EJBMWXHX7rjQUnrz%2BZN2j7EWcY4ERgXw8aA6kTQkVFK8Qnc%2BSMo2T1AnGwoeKEL8pQefNWMmZ6O2PqPm%2BnnPa5Q%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: 896OQEUNNu9A12VUfUms7FK6U3RLFlNJpQFPRSpkS6pHWp8qTk66Sg==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: Origin
last-modified: Thu, 18 Sep 2025 09:04:23 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 296d9c953cfde68911b6645bdd6877b2.cloudfront.net (CloudFront)
cf-ray: 99c0d23d7d3375a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 entail.js Show response
cdn.entail-insights.com/js/ 149 KB
39 KB 95ms
42ms Script
text/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.entail-insights.com/js/entail.js
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52e8ee82bad6e5e14200ddc469d45686b9d54215440b46631813fc1f544de560

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"5b99865d947bb9bf724cb82195fde570"
age: 6375
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=O0Nf4Qz7WXvdkhAEBckP9wP%2BRUdYwA%2B9gVBG3%2FzyMQ3bOMY5C0Ct5woaSjGxqI3nE%2BtALYjRvxu%2FoxcQFulFL3HAd4wmFD%2FP%2B3moeyUWSs9o9loAA5d9"}]}
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: LMn3QkcwUYG93Y0bF3Vojp8e0wJ5SjzGeNkhVK8v6FIJzktMnzhk0Q==
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: text/javascript
vary: accept-encoding, Origin
priority: u=1,i=?0
server-timing: cfExtPri
last-modified: Wed, 05 Nov 2025 15:11:52 GMT
cache-control: max-age=14400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 c2eb9b44aa5080bf631af7c8ed97f7de.cloudfront.net (CloudFront)
cf-ray: 99c0d23cec67fb58-ARN
x-amz-cf-pop: ARN53-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 TweenMax.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/2.0.1/ 113 KB
34 KB 75ms
42ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/2.0.1/TweenMax.min.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03e71-1c442"
age: 818275
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uheomps5PbqSsi2bhyaUptQdd4Mg8Ch%2FY67iZjcZBeMhsZDP6Ttbdb7R3Mk2dQgwI5M%2BGgyHdP7vkYXb9bSxbz4e5zaM7YDAVonrNlMHj2fqovKg%2Bo4qX4GSez2aLO%2BL%2F8ckRihN"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Fri, 30 Oct 2026 22:42:04 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:10:25 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 99c0d23cca8732d9-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33696
server: cloudflare

GET
H3 200 ScrollMagic.min.js Show response
cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/ 17 KB
6 KB 75ms
42ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/ScrollMagic.min.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9bc2af159f56f6373d66177e46c98091dd63f5ccd06ae805fd3feac847fbe0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "659938dd-153f"
age: 211420
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vf2qtw%2FtG%2BOhG%2Fvnnzcq%2F15PwHpS19eiMu5jDDvr4kx4b0Vb2ZItqaogoi%2Bfhc7TNRK6YKU9CFz%2BJtzn4t2HgwdBYEylc43SgSP2Pvd0plEPVy4eAJhAG90IvPFwWad7LJXcwel4"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Fri, 30 Oct 2026 22:42:04 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 06 Jan 2024 12:26:21 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 99c0d23cca8932d9-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5439
server: cloudflare

GET
H3 200 animation.gsap.js Show response
cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.3/plugins/ 12 KB
4 KB 134ms
101ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.3/plugins/animation.gsap.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78e38a4b5ee64d74496cbd69188e9bf3caf661aec750a7df90d2d9647ebca57c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03cf2-2e7f"
age: 211840
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7HRE9nT2kmD%2BHnJTyl5VJ04tbKZUKuAsoEilJO8bC%2BLHvwn3bixZ9cO%2BgwVXBsePFrTEBuxzDhFpwyiupYn2UGlQsNeKpH%2BIB19zUyFQP5tcSMTiSUCIf67y1ncJ%2BaMbBO0lucmv"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Fri, 30 Oct 2026 22:42:04 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:04:02 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 99c0d23cca8b32d9-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3568
server: cloudflare

GET
H3 200 debug.addIndicators.min.js Show response
cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/ 7 KB
3 KB 134ms
101ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/debug.addIndicators.min.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87c5ef8d6c82252a48593be31ce9ef1cea188983674b37360d06fa5990ac0dbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "659938e0-7cd"
age: 885442
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2BQQCtXW7hMQwGiZBVJ588%2BHe8MG0qGbrhO3TzSqrNajFuA7kLBfbONC7SvkjnyFXPht0oKkSKXA9d5effHu1krAjG1M1CmysxFxJ6O93FDMdsAe5WWn47WqDRCRw7indgBgVGNi"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Fri, 30 Oct 2026 22:42:04 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 06 Jan 2024 12:26:24 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 99c0d23cca8c32d9-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1997
server: cloudflare

GET
H3 200 ScrollToPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/2.0.1/plugins/ 4 KB
2 KB 74ms
41ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/2.0.1/plugins/ScrollToPlugin.min.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54a2bddadbedd2518cc2b1b523defd088477fc3cf65213d4fb6103fa05f129cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03e71-e08"
age: 812710
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WmtzRANf57XYMv7RxzS1cwKfdixjwTwtpj0ePXAEGTksEQ6GKev3EksyFSKpsfVowxNsU1dqOwHvxNfHfbHdRi2TfM8gt9ELR0hX6Qw9q%2FLLp5MWQ%2BS9LCoRcNMbuISEp535ywtd"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Fri, 30 Oct 2026 22:42:04 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:10:25 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 99c0d23cca8e32d9-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1399
server: cloudflare

GET
H2 200 KELA-Logo_black-and-red-300x76.png
www.kelacyber.com/wp-content/uploads/2021/12/ 5 KB
5 KB 106ms
105ms Image
image/png 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://www.kelacyber.com/wp-content/uploads/2021/12/KELA-Logo_black-and-red-300x76.png

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7aaa6abb18bf95156c0b73613400d3fb95c724189f61c86fdd74710b9eff3e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

cf-cache-status: HIT
etag: "61bc650e-138e"
age: 1921346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x90BzrLV0bm2SOsBvXnU7KXhlAnWx5rq%2FZw5jW0FvGaZgkDW33ljDXQl3y0MHNK%2BEmqAzX64fF7xul3CBkSXA%2BYRL72h6EpksjgJKeb69yWgFEkJFmcqh3P2fi%2BJcoZmI7qo"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: image/png
last-modified: Fri, 17 Dec 2021 10:23:10 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,a4b7348b3150c2b8fd623b9489f550e9f2bf85409bcdf44e8d2f48eadd1c7387
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23cdf29ad45-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5006
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 current.js Show response
js.hscta.net/cta/ 19 KB
7 KB 131ms
47ms Script
application/javascript 2606:4700::6811:27cf
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://js.hscta.net/cta/current.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:27cf -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41d368dc0e0534b1b53d164b44baf3b148f2a29b63bca0780c1dbbaecee64422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: Bl6KoDBXJQAVC11CxeCar7aWeJwtT5Ic
etag: W/"4e7372a06ea429888f3bb8fa3f216d0b"
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
age: 424
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: byGMgaNnSKmrTlGOH836JkDnzyi01Q7rAqTH6ij1j8tvYjTwD2NUaQ==
date: Sun, 09 Nov 2025 22:42:04 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 22 Sep 2025 13:33:43 UTC
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: max-age=600
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.476/bundles/current.js&cfRay=98322db8c800db9b-CDG
via: 1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront)
cf-ray: 99c0d23d28ff4eff-ARN
x-hs-target-asset: cta-embed-js/static-1.476/bundles/current.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 main.js Show response
www.kelacyber.com/wp-content/plugins/gAppointments/assets/ 24 KB
5 KB 84ms
83ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/gAppointments/assets/main.js?ver=1.2.6

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51d3f342c01379a964d1c1c6b48c5d0389ec82fdeb9856d96cb9bd483b869547

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"620a3886-610e"
age: 2007168
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RgAnu5xWrFDvmcC6muw44pF%2FHy1mCZMhr9HCawF%2BxLfrtYOG3qgnwQj4Wcxi23wStM%2Fxalu7eRpsFzOT9LeFED%2FUA%2By%2FCXpYZ3CkHr0f%2FSjYmitvuOZRg90bZG3ON%2FVfkBla"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Mon, 14 Feb 2022 11:09:58 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,1a3ffcb36fbe22501ad5e6243752e52c09dae53171b7f5774a6b607b2b68f575
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23d484498f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 schedule.js Show response
www.kelacyber.com/wp-content/plugins/gAppointments/assets/ 3 KB
2 KB 96ms
96ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/gAppointments/assets/schedule.js?ver=1.2.6

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6eaca4d56abe591240bd20f89a5fd81f4259469383f1614b994f86a1315e425f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"61bc644e-cbe"
age: 2007168
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lgRLWlXOiinaCXCA1XyqiKNa8Yt76TleWWL6JJ%2FCaMicttPM4TCNqNddYejVpZCTOarj58Qo%2Bz3uLE5s05OxCSqpi7db8MKGOdHn0khKSebrJwhvgyo8m5U38x%2F3gJW01sxU"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Fri, 17 Dec 2021 10:19:58 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,679440382c4cd84b6ef5d1d9ef43d5865ed6dede697419d5af3c3d66dae131e7
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23d784c98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 hooks.min.js Show response
www.kelacyber.com/wp-includes/js/dist/ 5 KB
2 KB 71ms
70ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-includes/js/dist/hooks.min.js?ver=4d63a3d491d11ffd8ac6

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a1e0d38b691f1d22a92cff65ec0439b428170ac39a4493c7ecb06d5585f56a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674da773-12a8"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VfH6Sn%2F2a9Ti7oLi5bkzBWyg9rCaQiudh2sJALAplODhHEFgme6yhEmd5xH9h2LcWww715hEv64zkSZR%2F5vLm4odHU%2BUtH7iJlxb2SXfVtoxJ6%2F%2F2O1JNRqrGN79Qb9Wh9pX"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Mon, 02 Dec 2024 12:26:27 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,3a5cc00843a75263b5de29777562698c681ab16d69825980fdb8c47fe64bcea4
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23dd86898f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 i18n.min.js Show response
www.kelacyber.com/wp-includes/js/dist/ 9 KB
4 KB 86ms
86ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6630f777-23b5"
age: 727960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1l8qs1BdaPNNEc%2B8ri%2FpjeuvYZqZX4KqUj83Hy6Q8suEGLocb4PooLpHSG06jVksVdPeTWIP1dtEapp8sfX9d3MNxmdXbChPCxzQUywP5sPOe759NRx6KuicHaOlPM0SoSSb"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Tue, 30 Apr 2024 13:51:51 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,c057404eef0b70cd892c6cab7311833de5b005ab89d3d5e55da3c7c834e7f03a
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e187c98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 index.js Show response
www.kelacyber.com/wp-content/plugins/contact-form-7/includes/swv/js/ 12 KB
4 KB 98ms
98ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.2

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29fdd17a7002a2e1bbd9b33adafc53457c64006b5aca8f6e4dbf907de35433ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6901beda-30e0"
age: 1003922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CeRW0GPjQVVTIjTCkKAnAux6VBPUlrMe1a2GumG%2B9DUJbg1abPaP1Sz1YkB%2BhQTr4Zdh2fpbww1STbaWOGliNXmkOY%2FodjwafQxaY1EfKn%2FN6IwwtYfVlUR1m1ZEQLCQgN4F"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 29 Oct 2025 07:14:34 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,a134dccaa6a80607224c2db046237cb306d52953ff7f3a2359da271eb0cdcb84
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e187e98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 index.js Show response
www.kelacyber.com/wp-content/plugins/contact-form-7/includes/js/ 13 KB
5 KB 89ms
88ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.2

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddcce687729cb358abf9d0d8e1217a097859be2b0d18c23d7c851b38c87bc9c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6901beda-348c"
age: 1003922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bbFZboL305VpSzakc1RyZXbiIMuJ3k2N8E6yzvh3y3QFGWZ73rxXYX%2FGIZ0AyCl1TTx4uhiGm%2Byn8TWQ%2BNZBmH2cZwl7ck8XsV8ETuTrswecSZntWhtbOxKlTDLcA0Hd1Xdi"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 29 Oct 2025 07:14:34 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,84ca8e8c29e9ff64fc858b995545813d2ba736b30688b09d3c91b21f1ca6da5d
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e188098f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 8726485.js Show response
js.hs-scripts.com/ 2 KB
1 KB 133ms
50ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://js.hs-scripts.com/8726485.js?integration=WordPress&ver=11.3.21

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

946306c40fb169b1012804b64c2494dd96380682e7aba5e5fe120d7a427e13c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
age: 3
x-content-type-options: nosniff
expires: Sun, 09 Nov 2025 22:43:35 GMT
date: Sun, 09 Nov 2025 22:42:05 GMT
x-hubspot-correlation-id: 9a28645a-ef49-4f27-aefe-bbf5096a32eb
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Sun, 09 Nov 2025 22:42:02 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 99c0d23eaf01dbb0-ARN
accept-ranges: bytes
access-control-allow-origin: https://www.kelacyber.com
content-length: 678
server: cloudflare

GET
H3 200 page-scroll-to-id.min.js Show response
www.kelacyber.com/wp-content/plugins/page-scroll-to-id/js/ 26 KB
7 KB 118ms
115ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/page-scroll-to-id/js/page-scroll-to-id.min.js?ver=1.7.9

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

683194a1ccdbff2ccb1d049dbead875f871f0916266d3cb01e92023303aba203

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"65e56a71-6658"
age: 1092310
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pq%2BYx9mgmbXabxXjHjcj0Svg%2FLLC2s9Mb%2FMcK0b2GHWh7bTfTWOB0l8D%2F%2B%2FtMMr7Y6nqAfTACzTsJNO%2FFIvOxYtPCFGkpkmjuDwCQD71OYj6gvjqA0Bhl%2Bu58PZUTI4Cj4v6"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Mon, 04 Mar 2024 06:30:09 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,107138d1d634586bb1aecb6e16b2eb782c57c06d7fde71872efb725f46cc562b
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288198f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 jquery.validate.min.js Show response
www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/js/ 26 KB
7 KB 119ms
116ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/js/jquery.validate.min.js?ver=2.5.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0724ab5ea0ed874b325369cf480adab1214d83a85a66bfd845155dd991779e72

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"61bc648b-676e"
age: 1012930
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CPz3ipuOQ6f4xGYQvr4tgfrkm6BdZVpY4ZWbsl1yZ0aAwgyckQb2xmTXi5v701C5ONtcl8D4C3cckXQOuCi4SFd9Wh7Th79znUuWWcCB%2FRYMfgW%2BQNHGb86wFtf8Rm5UCQRV"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Fri, 17 Dec 2021 10:20:59 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,2d0bc4623eaf19bcd42722d3c9efdd4d9fd1816289cd20247ac2ab36c3d63382
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288298f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 jquery.magnific-popup.min.js Show response
www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/js/ 20 KB
8 KB 125ms
121ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/js/jquery.magnific-popup.min.js?ver=2.5.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"61bc648b-4ef8"
age: 1012930
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5GSzSvCNf4ObPYTAsI4%2F7ng9HKdVN99mu5QF%2Bo7Sve1lCa6PQDUPrX81A6GJQ99puweE0aaPTJTjoFFtJbKZnXtylCpjCrBigLQ0E46j7AL0HyuLfvG6tN1IDvJqE5BkXvnB"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Fri, 17 Dec 2021 10:20:59 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,e0ed3c7757ef5ed11d501127deb129e0524512abcceff273676f2d4e09aa9d6c
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288498f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 infinite-scroll.pkgd.min.js Show response
www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/js/ 25 KB
7 KB 135ms
132ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/js/infinite-scroll.pkgd.min.js?ver=2.5.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3bb8b08d88d8c2aecdcc22d44304bb5011631ed25f7b92ef36e834392cd227b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"61bc648b-64db"
age: 2511471
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lpFiR4Ifd5%2FQl4a63MJsv7INsLmiRsmMyQd3PM%2By%2FLyui44wCc1MmyTy48LdE5fP8H%2B3UGBbS7QisrpOzWqOEhIaBLGijygLH7E8g%2FYY%2FxDci0KhR%2B4AKa0uZW9uMSpAEpzX"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Fri, 17 Dec 2021 10:20:59 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,ff14d2f6b33a0317291c156d30eeaef4a735fe54d63aee2446779190cfd90a39
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288698f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 imagesloaded.min.js Show response
www.kelacyber.com/wp-includes/js/ 5 KB
2 KB 153ms
149ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-includes/js/imagesloaded.min.js?ver=5.0.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"654bb919-1590"
age: 1104297
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xu8SuTs6EvW5raEtUFQp%2BIGRL2WLmzvtKAHi5GPiTt564ZY1sdd2xdsrpXSQHQPAFp%2FtVJqoEKugEK5sAP%2FyrQiS7o%2BPczkghZDVxvdNHRDrNnA%2F8pWyAYpzn1uvzk6NGpwy"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 08 Nov 2023 16:36:41 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,0bc76b530ac4dac8220e757a602404098eeee70e07e26bc23919a7139e6f6f53
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288798f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 masonry.min.js Show response
www.kelacyber.com/wp-includes/js/ 24 KB
8 KB 153ms
150ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-includes/js/masonry.min.js?ver=4.2.2

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"639710c4-5e4a"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BZr1Bzq6U%2FPUPX7UnMXBo38nrCh2M0ELL9Yo6tbyK%2BPUq2gShaM8BuvlEQjf%2Fe3tmRcu2xo9pR29jdAxaX4MDa5Dr%2BMSY13hgD00gFLE10oxLQLCVH5zrf%2B%2Bj9S1ueYCUCWU"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Mon, 12 Dec 2022 11:30:12 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,bb984a71aa043d945447b2aa7031a639ec67a9503c76231aed0214053224b549
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288898f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 jquery.masonry.min.js Show response
www.kelacyber.com/wp-includes/js/jquery/ 2 KB
1 KB 153ms
150ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"639710c5-71b"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5QFufxYtd8axrJDoQAoI6Ag%2BIaCwDX9n5uOD8%2BUCqSsp4GSj%2FdMwA3yPZ8yxSX82BOckWrvInj76g4nFQVGRFcPTb2OSirnCoptujqQ%2F9dbfaZO%2FOj8AfhsT4IxXrL00ztMJ"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Mon, 12 Dec 2022 11:30:13 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,970ca3d579c7c2be08f4e8a0a4ef0ce4b324a94bf896ae3f13fd02c0facf0b71
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288998f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 scripts.min.js Show response
www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/js/ 6 KB
2 KB 153ms
150ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/testimonial-pro/public/assets/js/scripts.min.js?ver=2.5.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2359bbbad5602be3d9f74f0b16856c9e75fc9e717f8bd84acd131bbb94b2a6c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"61bc648b-17ec"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hhDKiDIL2iuV1Tcx0s4%2FOTL6c6vcmEX2OvH%2BBtG0vH4WCYhYeqp4eujr7H0dPgeR%2Btw9TsB%2FFCSMYL6CSmvvTm5dOzcCTMezfDFSoR049N1vhff23mMneOJ%2BQtoKkzmZlBhd"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Fri, 17 Dec 2021 10:20:59 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,82e0b8ca5d437938223dccf828162fac3f52e854b9d0fa6a9e0fe089e7c10d80
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288a98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 kela-custom.js Show response
www.kelacyber.com/wp-content/themes/kela-child/js/ 3 KB
2 KB 155ms
152ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/js/kela-custom.js?ver=1741096025

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b2c78ba43c080597c16546bb8b1fa97f1adde5f31c2f847314ad1fc452cb5e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67c70459-ce4"
age: 557041
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1eRgKbYQy50nfE8PkdcA4MGmDG%2FqEWVvBh1uM6cLFcJf51pjygpTeLmNjOoHQhYuXtijjkaDcqKx0td8MFXkUCTiJRorM3FwuKoYkX%2FRXj0ChMLQi83wWW%2BQduyrWhLzcT1"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Tue, 04 Mar 2025 13:47:05 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,2113996695b22984494040e991700529855103260a876700b97b05300d2a6f1d
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288b98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 jquery.fancybox.min.js Show response
www.kelacyber.com/wp-content/themes/kela-child/js/ 67 KB
21 KB 155ms
152ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/js/jquery.fancybox.min.js?ver=1.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8da7-10a9d"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2iQAQk%2F0nOGJkMufsQNyZBFSCVRPBweBEqjDECc0EFwQe1%2FP%2BfkNCI5NUrqC%2BZzkjImFICL59zkCJ676lhoyOcRqKgV6gq3p6zRdyij%2FPTmd%2FDzEAwrNCEjQwTry9D0r0QFW"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:03 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,a2bf0a5c013feffaf5dfc0993f4c6b223611bdf25bb426750d6b1f61aa385a6d
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288c98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 marquee.js Show response
www.kelacyber.com/wp-content/themes/kela-child/js/ 23 KB
5 KB 188ms
185ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/js/marquee.js?ver=1.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d7531061706e713bc04537c9833a87ffb1096d4110fd528d87044ac62d675d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8da7-5c27"
age: 922737
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1wQ2mBYP17uvHtFJuBHyoJTT2h7CJpc5JJTyLfRfWoIhbZ3ErpjHSzrxi0PEJbNjOwjhfxh06KniSqSQJ%2BeDDJ0CJRt361nouLWlahj%2BzRqvvaflsIloGLSdgYwTD1UI6v5Z"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:03 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,bd266b893a426a420f20bedca3ac8b39061f9a662cec088f303afc8353c4cafb
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288d98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 slick.min.js Show response
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/ 42 KB
10 KB 43ms
40ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.min.js?ver=1.8.1

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer: https://www.kelacyber.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65999b46-2444"
age: 216653
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kOgUhvJmcQ1m56KRoWhtcAl6d0hH2uPXPP0HL7lceqC5VhARMq%2FwL0EmnBha2QEstRpz6ej0Q8D3TCEcLw0Y3TmbSIV2RBtXyFKF8kKNyyxmyjS7FLpmIRUAukCeHBauNfUuU3dU"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Fri, 30 Oct 2026 22:42:05 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 06 Jan 2024 19:26:14 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 99c0d23e2e4f32d9-HEL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 9284
server: cloudflare

GET
H3 200 cookie.min.js Show response
www.kelacyber.com/wp-content/themes/kela-child/js/ 2 KB
1 KB 188ms
186ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/js/cookie.min.js?ver=1.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d07dcdbb3ddaba0dda7d56d496cbb5d8fbb1bdadc23f812126d3c4c6ab39e158

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8da6-691"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1R3XTcmnlyWpjkRSwnLrBmg6UL%2BJmEa2aqU2B%2FN7R1tP32oGblDL1XIKXiYTPEvuivpxq0rqpRYVMtWmcXg8gKP0wAw9SRdANPrfAzOk%2FMyXHOqhfkHYdL3HWEX5tvAu3qkw"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:02 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,6a8233de09b11d1339f06db8f602cf21ab3aab2c81653a9793a1c7d069426e57
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e288f98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 jquery.validate.min.js Show response
www.kelacyber.com/wp-content/themes/kela/js/ 23 KB
8 KB 188ms
185ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela/js/jquery.validate.min.js?ver=1712561335

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"661555ad-5add"
age: 704894
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HkkiuOxILMkZiFT28TeBvqAjJKi5lxzwBc7uYqCbhl2XC0hQJxl%2F9IDYd1FATCLwS9pXZHHAJeJEVEQ4hVJtUCwAaSYz4xrlyFyu1swQCfpzBrLW5iSqoqAtI0eK7Ba3tQGz"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Tue, 09 Apr 2024 14:50:21 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,f7e192958704f2aa182a406a16e81dfd8bb8380741c14c7af05b8aa70f16c2fd
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289098f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 additional-methods.min.js Show response
www.kelacyber.com/wp-content/themes/kela/js/ 18 KB
6 KB 188ms
185ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela/js/additional-methods.min.js?ver=1712561335

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1883f7a26d574acb192e568d50c21d03b29a14087bd26e6fe83a8615cf7d814

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"661555ad-4820"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ewV0Iuxg36FkPlxVhCQZpEsCkghSTGORKvg13OP17aWKpKyOYIKFLw9vZKwwW577GclilPutH4Ues8GBZ%2F90h73g%2Ba2XN85g1zEz%2F43tG%2B91MSIgAjAIddun20rGD0tsMpds"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Tue, 09 Apr 2024 14:50:21 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,0ff855c1c7a7ec16cd5ef55cda695d72d4a36bf72604cba6f045ef46aaddc3c0
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289198f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 lazyload.js Show response
www.kelacyber.com/wp-content/themes/kela-child/js/ 7 KB
3 KB 188ms
185ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/js/lazyload.js?ver=1.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7b9bbcf9395cbe85a8b92b598f98c8cfa7351fa6cdc315f36ed1b06f74490f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8da7-1de5"
age: 414146
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mf8gPjMvnGD9WKBUZ74yU4pKDr8gXhL9qPKi4klq3XOUq6rh4y78Xl8dmpDlYbY6628krmRFBxrdqskvCQJXCluqg7mviqejyjeNYsivxrSL1WeILvF7D1COiKv2NVGZCLOt"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:03 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,b1f92ceb73843fb6be691ee14fc069aeac3dbfef9c9780b12c8ac3957508242b
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289398f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 jquery.matchHeight.min.js Show response
www.kelacyber.com/wp-content/themes/kela-child/js/utils/ 3 KB
2 KB 188ms
185ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/js/utils/jquery.matchHeight.min.js?ver=0.7.2

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cbca25b22dd758afc2963e748dfbe3512840a136c27d7fd0d9f267c79852698

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"658d0693-caf"
age: 557041
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2d7hhBluNMiLW%2Bf%2FfddJS%2Bx6%2BIKW6VhQ8IImOAAD5MxwX5%2F7PLVaVUUNgKJkUHiT6%2Fn725gasZ1GD7pKucihk8QHqH1Ux5Ir0x2U6mOTbMpCyaQbGGT5vHu8zUoOU%2FgaeMaA"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Thu, 28 Dec 2023 05:24:35 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,140c2628b901c44e766e93666d861842292ffc7ee009d5c5be285457799dacb6
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289498f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 my_scripts.js Show response
www.kelacyber.com/wp-content/themes/kela-child/js/ 111 B
786 B 196ms
193ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/js/my_scripts.js?ver=1.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5de12aec1063e6051f239af50cd7bbd3ffcfde977d650583d719a7c84dfed06

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8da7-6f"
age: 48652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKsqSzBiCKdIUHvbKBL4sOd9bVlzO9jEsZ3GD0ZIgYjCcmqvNFBBK2x1tvV90nDE5kpicmNVy74HhqjI%2FD231W44rvc1obnfbP%2FJN7aP20eNe%2F8oBlFGL7Gf1qvZ3ovQCarK"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:03 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,b80add23e1361ed284c08790f4f7b39579e29b06ee705bea8175b52097ae13bb
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289598f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 all-remote-inlined.js Show response
www.kelacyber.com/wp-content/themes/kela-child/js/inlined/ 8 KB
3 KB 196ms
193ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/js/inlined/all-remote-inlined.js?ver=1703951788

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f8c81a2d23c1f25cfabe084df70d31cc72ae15fe015494289d045e4fa56c34e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"65903dac-2133"
age: 2074235
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QoperXPWSRmQTIz0N8xEs1YJbua8InOFA7JdFUieOe%2F1DCdUEicvQlDGQeKWli59VS1E%2B9phABZc%2FX90P%2Fiwh%2FLHVR5ukh0cIyGlEyIB68x1ssRkGXWLTkRz5YC0MljM8jRe"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Sat, 30 Dec 2023 15:56:28 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,6889681b81c9640136f654994adb73c14a777cfdc00bcdf907eee45bc5830ae6
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289698f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 hs-validator.js Show response
www.kelacyber.com/wp-content/themes/kela-child/js/ 6 KB
2 KB 196ms
194ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela-child/js/hs-validator.js?ver=1723533635

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

264f41ec5b5069e18d18fe43975a23bf992852ebd95b1dcfe8188a219ca8bbbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66bb0943-19e9"
age: 2074235
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P073rzJ7bIUBtJsfeQXX2Qqi9ikmP2sCtCuT%2FPD5I%2BUNFS%2BzlUrSrjQKvRm%2FMfyY1nrUlA5urcYwhIVkLUntE6ebeq3%2Fz0%2BWji%2FTtmOPSpj8Eg8BTRPElKffcs8q9qnUeW1A"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Tue, 13 Aug 2024 07:20:35 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,a01bfcdd667af5697b291aaa975f2bac9bbab78faf17de06a14cc4dd7ef4e542
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289798f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 popper.min.js Show response
www.kelacyber.com/wp-content/themes/kela/inc/assets/js/ 19 KB
7 KB 196ms
194ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela/inc/assets/js/popper.min.js?ver=6.8.3

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8db5-4af4"
age: 1003922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5t9rND3l8vdTHJSOsULgXsZgTZ0FdP0wptUMaNoqeZSbNHpKDMGL7TeR219%2FHs5WTQ8XLfeaGqjZUEJxd4kVmSt4aT3H8nOcAIxxhryFs5k0eddStAvL7VwnCPNRwof1RV5v"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:17 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,70b65cff2fb421d9825704b80643911bd3694ce9dea3811ff6771677b6554554
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289898f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 bootstrap.min.js Show response
www.kelacyber.com/wp-content/themes/kela/inc/assets/js/ 50 KB
14 KB 196ms
194ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela/inc/assets/js/bootstrap.min.js?ver=6.8.3

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5a17d46976d471cf060c5a0e25749a323d6ab20cf0910f40afed81047ba21ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8db5-c62b"
age: 1003922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JJ405RQjcc731ys7V62JPJIozXHUWVVg0IcSZLhodnIbfACx%2BzmXkydNQA0zkQHZam0UBlQMrGtYjddvl04OCgTaUD7BpwTsc6MWeNCE2E%2FzGn6tqY1vDXS78heNdTM09Ojm"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:17 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,49f38e98c39d627d1c6ef10d7aaedd4c600d2a1071bc15e4e80ab0055b2ee3b2
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289998f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 theme-script.min.js Show response
www.kelacyber.com/wp-content/themes/kela/inc/assets/js/ 2 KB
1 KB 203ms
201ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela/inc/assets/js/theme-script.min.js?ver=6.8.3

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e9b946627b24b2f8adddbe7cb098c0725bd20bcaf390f3ead267efc0b8636b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8db6-9bb"
age: 1003922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JgRpKOG3WnCcPqccMRcWZ6tqrFj6eg7iG%2FbSvYoUeRSce7VNW1lBbxkcNgM9BvKBoF3jfKnfD%2Fhu0DlLAdZGAEaKUMkXQPmHqAS7e5tUTY1dvgekD5M8bIifMXSy7fBzs8DA"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:18 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,ded1dd702e59730a0f5c1ef901de58947e5f80eb3322ba15111f2abc96760090
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289a98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 skip-link-focus-fix.min.js Show response
www.kelacyber.com/wp-content/themes/kela/inc/assets/js/ 325 B
878 B 203ms
201ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela/inc/assets/js/skip-link-focus-fix.min.js?ver=20151215

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8db5-145"
age: 1012929
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ti54eC95dL0SUd5rd49HIkQjUilOFnXhJV7jTINuegxJMf7NK0LlKtmJ5ewAu8tbVObag23FHmIznLyqmBvf%2BYsxHu48nYgYqIEe5GCEjRyVmXbQgIBHFhRQV1uo3vjxX%2B%2FU"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:17 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,bb4387964e90f519f32c6ad3b6491d88cc445b22cb16ae00ecfac76e0679e2d6
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289b98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 new-tab.js Show response
www.kelacyber.com/wp-content/plugins/page-links-to/dist/ 34 KB
13 KB 203ms
201ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.7

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6606d543-8687"
age: 727960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H8Rmr3qXw5TN2LA12Si9ZipJ5rS2gRTsm0skoXJ%2FyL4Hv81GvAQnyVx1mhGiKPKcC46QFklP0GPX9DJkPooQnME%2BloZy%2F6izHKtzGpYX4SfgwdHMx4k%2FG5%2FFMN6R1c0fOGKz"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Fri, 29 Mar 2024 14:50:43 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,1456cac5fbfe185d72acd35ae5106636fb4645bbf4106e4f7d238b679526d45f
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289c98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 mesh-custom.js Show response
www.kelacyber.com/wp-content/themes/kela/framework/js/ 4 KB
2 KB 220ms
218ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela/framework/js/mesh-custom.js?ver=1.0.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39afaf3b9388f2eb6c8ca91cd0c762d991128689d061f7dfe658f79f4ca058a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8db0-e57"
age: 234224
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=829NMVdbDh3YYLlL8aFDhUotJfSADEIhH%2FZo2q0bpxqBfq06Ag0iUArmEsS5FglGCKslqpbN9ZjEF2h93COnVw1Ex9jG9snjaah%2BylWmR0PmnRqEOAur5EG8UA6rOyarJ6Gv"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:12 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,6073473ca4a0833c6f058fc61407c133e4e562da6ec6dcca7af9b7aca1714639
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289d98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 mesh-animations.js Show response
www.kelacyber.com/wp-content/themes/kela/framework/js/ 1 KB
1 KB 220ms
218ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela/framework/js/mesh-animations.js?ver=1.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fdb339a7a89d884a70473c3aca889b3368f8bf5fafd80dfd28fb25d077f4ffe1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8db0-5cd"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RX%2FShvw%2BcX04prEAK0EAQC1iXL5mKB6pP55vIQBBW5kxYJ0PzQnZ56QTKHIFHuqrmghzyEo%2BSX0aq7qWw2oJI0NKJScnGo1Kle2qBHVRyDHr0pKQmhmZXQT%2BUyGI62PjWS%2FQ"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:12 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,3f5009adbf77de2a9d53903dcd993c050f1a225150d53feaf4190501d9fedbc7
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289e98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 transparent-header.js Show response
www.kelacyber.com/wp-content/themes/kela/framework/js/ 516 B
883 B 220ms
218ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/themes/kela/framework/js/transparent-header.js?ver=1.0.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c47bf8042caf1abdf4fce2c1d4f10dae4754f1585f56965f58df2a332d1aabb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"651d8db0-204"
age: 2511471
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fqFkGsrML%2F8O35TMcc4CaDawbIR%2FD3v4aRVRA%2B4RUacSvIjrluA1okKdyyensnA%2Booa55RvyS1wa4bg1Jy2p4j5Je7REVI5jSjvCJPnvZkJPGIzHjijaWEWlHfTUDaX1aN6u"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 04 Oct 2023 16:07:12 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,4e86d409a64e0fa375895f79b69cf38e70fdf7454f394560a7b114daeeba72c3
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e289f98f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 140ms
74ms Script
text/javascript 142.250.184.196
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LfR5HsUAAAAADHSuv-xx6LhCLKZaZpJiVsYh6br&ver=3.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

ESF /

Resource Hash

1488d4088b707ecb5ce2380385f509a8ce517b744134e4bcb16109f4edc4b4ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Sun, 09 Nov 2025 22:42:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Sun, 09 Nov 2025 22:42:05 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H3 200 wp-polyfill.min.js Show response
www.kelacyber.com/wp-includes/js/dist/vendor/ 40 KB
14 KB 221ms
219ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

290b9b630f7dc870dfc3c139ea090b68105f971d870a4774a1eeab5cfe31b7a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"683aa3f7-a11f"
age: 557041
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IBloptVY%2FmUjSyihm8dQvizlOvmQWHmDXOUdqp4mgr3Dn%2BwHFivf3nzIefBioTB3Di7vw2yGS54olzVRTYYOkLy%2BT70nqiHkYyvWB6QssCT1PJY9yMB9409A7iVuuhUTR2aD"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Sat, 31 May 2025 06:38:47 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,0e3a60873f35325e981b8ddcdf60bd8a0453361ab4d34958e00409accfab9ca7
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e28a098f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 index.js Show response
www.kelacyber.com/wp-content/plugins/contact-form-7/modules/recaptcha/ 934 B
1 KB 223ms
222ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=6.1.2

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6901beda-3a6"
age: 1003922
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BVQzNm5nBuMaF1H9WAuYpR2FCsE5hWK7vMW6lKkBTjiKGoC6Rm2sP4WGhckUrJaefddBLoglSVHg3SwY6ZPZUAvLhEiKqHB7Kj1QMA25zq8oFdxokic4b4jdpSW9%2BDkb7gF9"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Wed, 29 Oct 2025 07:14:34 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,90f5f5e86b42b34f0075a84efe078cf4d26a908f1ca39a9f3db25c1c6b1fe350
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e28a198f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 heartbeat.js Show response
www.kelacyber.com/wp-content/plugins/wp-rocket/assets/js/ 0
698 B 224ms
222ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/wp-rocket/assets/js/heartbeat.js?ver=3.13.4

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

cf-cache-status: HIT
etag: "648190f6-0"
age: 1012928
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q898udZgxbkeptfR6Z%2FR3qNqwp2NACeqxSLRUfljXu3Qswiyxbt6mJUcbwrCSQBFFOM6ofWX9o9kW%2Fu92l319nj9bzInMjF0i17JqTgy3xdXqjyi0P9SpIv3jEwhXu1WQofB"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 08 Jun 2023 08:27:34 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,2536acfa971e6e08aae5483612f0f80b44863d25dacde8e8cefa4b163a34970d
priority: u=2,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e28a298f6-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 lazyload.min.js Show response
www.kelacyber.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 9 KB
4 KB 222ms
221ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"648190f6-22bc"
age: 1927065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SwS7aFU%2FbiT8n1DzDLhUxErQ6oqe59WNr9vJRS8zfOaMJ6w4UvPyuQAf0dHRumqJ9G7uqWeC0ZUpx%2FL6cKg7HN%2F68h8zLLCG62OoRYIl7sZk0ngbQTElzw546Nsi0vpKUGxt"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
ki-cf-cache-status: HIT
vary: Accept-Encoding
last-modified: Thu, 08 Jun 2023 08:27:34 GMT
ki-origin: g1p
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,14e583cba866128c7de4bb298aa4774c90292ba4fd9f15d2d04bebbac532d1f7
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d23e28a498f6-ARN
access-control-allow-origin: *
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H2 200 css
fonts.googleapis.com/ 2 KB
654 B 70ms
70ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:100

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/wp-content/cache/min/1/wp-content/themes/kela-child/css/global.css?ver=1761722261

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

744aefd1b5a8aa0c50a3c2033fe9f9bb35f2299a495ca15b9de8e1a2f6c1857f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 09 Nov 2025 22:42:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Sun, 09 Nov 2025 22:25:33 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

OPTIONS
H3 204 c
t.entail-insights.com/ Frame 0
0 175ms
123ms Preflight 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://t.entail-insights.com/c?ip=1&_=1762728125154&ver=1.0.7&compression=base64

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-access-token
Access-Control-Request-Method: POST
Origin: https://www.kelacyber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-access-token
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.kelacyber.com
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 99c0d23eae0dc992-ARN
date: Sun, 09 Nov 2025 22:42:05 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
priority: u=1,i
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cF9KW7p7lg%2Fzt%2BCYVcFm3zQvS5%2BSs9JgcHr8PgcRcKAPXaN%2BT7pcnoisH%2FEAKifU4y0wlbc2FJDjha2D1ZJve044zD0Mu0BxcyvL3v9GQa8LfNCBoQ%3D%3D"}]}
server: cloudflare
server-timing: cfExtPri
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Access-Control-Request-Headers

OPTIONS
H2 204 et-d55dbe39-def4-546f-a033-c1830618c360
widgets.entail.ai/decide/ Frame 0
0 221ms
134ms Preflight 2606:4700:20::681a:a8f
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://widgets.entail.ai/decide/et-d55dbe39-def4-546f-a033-c1830618c360?ip=1&_=1762728125158&ver=1.0.7&compression=base64

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a8f -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: x-access-token
Access-Control-Request-Method: POST
Origin: https://www.kelacyber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-access-token
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.kelacyber.com
access-control-max-age: 1728000
cf-cache-status: DYNAMIC
cf-ray: 99c0d23ee9c0ad45-ARN
date: Sun, 09 Nov 2025 22:42:05 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=iHvTFVHc5x0gG1N%2FKc9k56WrUur2vd83j22TxMPDwFVLGxH%2BWUyVY5EyoLLHPJqmift33QlDea7vcnEKUryIJdKXIqOhPddglsuRs70%3D"}]}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Headers
via: 1.1 a626e6748fd7659cdc58de81924341d6.cloudfront.net (CloudFront)
x-amz-cf-id: D4rvp1kzidqZ5PAW-RnTpx8-5tF5jwhuT0phkiTMcy9D3f5rcA3SDg==
x-amz-cf-pop: ARN56-P1
x-cache: Miss from cloudfront
x-response-time: 0.125ms

POST
H3 200 c Show response
t.entail-insights.com/ 15 B
644 B 169ms
128ms XHR
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://t.entail-insights.com/c?ip=1&_=1762728125154&ver=1.0.7&compression=base64

Requested by

Host: cdn.entail-insights.com
URL: https://cdn.entail-insights.com/js/entail.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Access-Token: et-d55dbe39-def4-546f-a033-c1830618c360
Referer: https://www.kelacyber.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

content-encoding: zstd
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=X4mK7kbxywzu76lwT%2FhGKtqSILyY0HKrfZCJ5ArWuJdH5etyvp7jMMRNgVOjbuA%2FskAW82QfDZ7q6vyPoz8jsM0dNZPC4otFbtd1kiFAJWwTfkKgAQ%3D%3D"}]}
x-response-time: 2.830ms
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/json; charset=utf-8
vary: Origin
priority: u=1,i
strict-transport-security: max-age=31536000; includeSubDomains
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
access-control-allow-credentials: true
cf-ray: 99c0d23fbe1951e0-ARN
access-control-allow-origin: https://www.kelacyber.com
server: cloudflare

POST
H2 200 et-d55dbe39-def4-546f-a033-c1830618c360 Show response
widgets.entail.ai/decide/ 315 B
707 B 153ms
152ms XHR
application/json 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://widgets.entail.ai/decide/et-d55dbe39-def4-546f-a033-c1830618c360?ip=1&_=1762728125158&ver=1.0.7&compression=base64

Requested by

Host: cdn.entail-insights.com
URL: https://cdn.entail-insights.com/js/entail.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62d31b80093b283ce4700be9da036181e1dea5cc2c1a5485ae727c13769cf224

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

X-Access-Token: et-d55dbe39-def4-546f-a033-c1830618c360
Referer: https://www.kelacyber.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2BW%2FhKB2Ex%2FrAUu3f7ehaaRAu0ZyqiqzUZc%2FXWG23CGfQPTX0%2F7MkRusgUdidOyJ9CvhEKvHq8Vy6M57WuWWcdqVzeaTe0AYqrhJ9"}]}
x-response-time: 3.081ms
x-cache: Miss from cloudfront
x-amz-cf-id: BbPldCmfwfh00GAT1JSmMUl0mKbt9afJSGKnRGWDKZaeNA6sTPueBQ==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
access-control-allow-credentials: true
via: 1.1 0ca6102b671acc9950502eeeca241bf8.cloudfront.net (CloudFront)
cf-ray: 99c0d23fbfa875a1-ARN
access-control-allow-origin: https://www.kelacyber.com
x-amz-cf-pop: ARN56-P1
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 406 KB
141 KB 211ms
75ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-556TBLB

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bf2999f9603c71dd1aad9b2dd4025dea569380cfcd23e381fe61184d6527d046

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: zstd
expires: Sun, 09 Nov 2025 22:42:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 09 Nov 2025 21:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 144140
x-xss-protection: 0
server: Google Tag Manager

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5717ca23d709412273363eeec758a20b45b769f719d865119f3b753579fb6a9b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1a0bc084cc3b590aca78b6eb1e64d30174b8f6135322fa50b10dc6d40b13c6e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1eb677ff632aae24e700d06662bdc24c74587fe63d27f506666a1d6922ad64f9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b96edc909b484f58068f718a6cfd10a66d9f604439b35b16c8715d7e1e19d1d4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4484dbddc576cd98734a66234a5ca3882bc69db92e09b27ed3762158e3eae29

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 432807330486fcd0e6cf264f69b8ac4beb05bfaa35c961e63aabbf04fd6c4f9c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 483784ecdf80ccaffd50869e23e2efdbeed9343b1b4c7dae837667e4984a68a7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 58f1c38e2afab36d04ba3cc6ad84ba4891dfcb9a5019baf368644fa1c90521cf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 153 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 08999d617f45a16b8cf6f9fa4026e8c201f563e6928efd7ca1f18085554541e4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H3 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v24/ 8 KB
8 KB 132ms
64ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A200%2C300%2C400%2C500%2C700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer: https://fonts.googleapis.com/

Response headers

age: 484326
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 04 Nov 2026 08:09:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 04 Nov 2025 08:09:59 GMT
last-modified: Mon, 15 Sep 2025 16:35:07 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7816
x-xss-protection: 0
server: sffe

GET
H3 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v24/ 8 KB
8 KB 142ms
74ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A200%2C300%2C400%2C500%2C700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer: https://fonts.googleapis.com/

Response headers

age: 485362
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 04 Nov 2026 07:52:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 04 Nov 2025 07:52:43 GMT
last-modified: Mon, 15 Sep 2025 16:36:26 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7748
x-xss-protection: 0
server: sffe

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25acc7dfc7fcb784ac05b4af734933b3eadbf408bf95796e669332b3bb8bab51

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50246964cad138de88656e76c147e14a9d59246dd876604e757d34a6496f7c84

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b358baee10b49cffae38eb2408e41df657d60eabf48d907af02e97de79d06d0b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 8726485.js Show response
js.hs-analytics.net/analytics/1762728300000/ 76 KB
27 KB 329ms
246ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.hs-analytics.net/analytics/1762728300000/8726485.js
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 373f965f1df9c42ec7d5da886bc991403fae630bbedaa957713d49865b6314ae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"aa5724a3266fd1e0b199cdf148119119"
x-amz-version-id: null
expires: Sun, 09 Nov 2025 22:47:05 GMT
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: text/javascript
last-modified: Tue, 14 Oct 2025 17:55:10 GMT
vary: origin, Accept-Encoding
x-amz-id-2: NV0rzUdNCftOxpQ524My4k0+evdDLrlvF3r9o4192bpoIn88Egn3p86jOZclQbJpCB8PB5ac6Ac=
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-ray: 99c0d23f2ff34b93-ARN
x-amz-request-id: XXP01RT8R7PG5X32
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v24/ 8 KB
8 KB 115ms
62ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A200%2C300%2C400%2C500%2C700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer: https://fonts.googleapis.com/

Response headers

age: 485506
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 04 Nov 2026 07:50:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 04 Nov 2025 07:50:19 GMT
last-modified: Mon, 15 Sep 2025 16:34:42 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7884
x-xss-protection: 0
server: sffe

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 75 KB
26 KB 272ms
188ms Script
application/javascript 2606:4700::6810:6efe
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8726485.js?integration=WordPress&ver=11.3.21

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6efe -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6989d448c7c1b89cc62297314a67bb53026cabe88b7de6a049a362b548e713fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer: https://www.kelacyber.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
cf-cache-status: EXPIRED
x-amz-version-id: v__NyrN49vgdzldvpYWO5h5BP4eDGz2d
etag: W/"659c866a477e0d1ebed228b1e9912047"
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
access-control-allow-methods: GET
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: FLVp5bp4JWbbx8PSLtbObBpP8BeQaPSWdpqZYkBqs7Eb5GbVHDklmQ==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 06 Nov 2025 09:55:36 UTC
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
x-amz-replication-status: COMPLETED
cache-control: s-maxage=600, max-age=300
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.3943/bundles/project.js&cfRay=99a3f2996884c1a5-FRA
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
cf-ray: 99c0d23fd8ab8055-ARN
access-control-allow-origin: *
x-hs-target-asset: collected-forms-embed-js/static-1.3943/bundles/project.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 7 KB
4 KB 127ms
48ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8726485.js?integration=WordPress&ver=11.3.21

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6d839c0da9056d9b284672c233a8a7dc285d6f6c1f8a9cff55b2608c0480475

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: 6d3H1V8Y.7bCUKUHQgLWIXY.HLOaOjWa
etag: W/"13895842d917f252b353af5ab09b62e8"
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 280
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: adRz4fO2DExJRVKi8dTWwUlqh5a9nBcutb_1JTJr0nx1l9s7jmy-8w==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 07 Nov 2025 18:25:40 UTC
vary: accept-encoding
x-amz-replication-status: COMPLETED
cache-control: max-age=600
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.2646/bundles/pixels-release.js&cfRay=99aeeeb2fc36ed1b-IAD
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
cf-ray: 99c0d23fdd8e2e15-ARN
x-hs-target-asset: adsscriptloaderstatic/static-1.2646/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/8726485/ 74 KB
26 KB 608ms
533ms Script
text/javascript 2606:4700:4407::6812:28f0
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.hs-banner.com/v2/8726485/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8726485.js?integration=WordPress&ver=11.3.21
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4407::6812:28f0 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05c279f3e26e7e8040d0b592ab6188c3a8cd425cd814d0e01a222592a419e200

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

access-control-max-age: 604800
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"16f1ab4f625eead2874acea339063b9c"
x-amz-version-id: XdKxzcfd0ee2XaAaPIAAYG42UfNn8IuR
access-control-allow-methods: GET,OPTIONS,HEAD
expires: Sun, 09 Nov 2025 22:47:05 GMT
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: text/javascript; charset=UTF-8
last-modified: Sun, 02 Nov 2025 08:24:43 GMT
vary: Accept-Encoding
x-amz-id-2: wdSefyJXYbeJV4qb72s5GLxU90v9WpLbVYsgdEgwyUku+d3Gp7yVVmtcQmALjvv2Qv7bh5Tvh9QfPA8vg3yfSJnOmbBla7dx
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cache-control: max-age=300, public
timing-allow-origin: *
access-control-allow-credentials: false
cf-ray: 99c0d23fcd862c4c-HEL
x-amz-request-id: PAAJ3HC6BVTFZMJG
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 95 KB
28 KB 260ms
184ms Script
application/javascript 2606:4700::6811:5cbb
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8726485.js?integration=WordPress&ver=11.3.21

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5cbb -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

679ddca538c5568e1cb19a913fa47bca5f18374a921511cf6782932e6e116279

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer: https://www.kelacyber.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
cf-cache-status: EXPIRED
x-amz-version-id: FOlNsOirnt_rN1Fh9oJ1vW50ubtgUeba
etag: W/"577917385e93b8831a6c379176d4248c"
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cCnSgoKXocWRk57glxawH4%2FKSlcHXUQ1mlgzQYHj7a0GcNah3g998NiTvUjw%2B8gSxkiRQ3naJ6WeZXGmg2bbTkIzO7nKARt9VUqzTYMRRPnLPmb3MrLSxz9NRkH9LfyNsEeGEOYjjLfC%2Fke6"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: tQCcl03Pgm9W77KhdS3KaTDa3_9C6aSdaAR0HUy2BYuMuYHctUvPzA==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 17 Oct 2025 14:45:15 UTC
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: max-age=600
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.4703/bundles/project.js&cfRay=99c0d23fc863eff0-ARN
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
cf-ray: 99c0d23fc863eff0-ARN
access-control-allow-origin: *
x-hs-target-asset: web-interactives-embed/static-2.4703/bundles/project.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 clientsComponents-kelacyber-hooks-bundle-2c83139b.js Show response
cdn.entail.ai/client/static/ 2 KB
1 KB 43ms
40ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdn.entail.ai/client/static/clientsComponents-kelacyber-hooks-bundle-2c83139b.js

Requested by

Host: cdn.entail.ai
URL: https://cdn.entail.ai/client/static/client-bundle-d63b5faf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4733efe9ed68c810e16702503d5e8c7e977e46db8b95fe51fdb70ec0ee55ec36

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"204eec9ba0bd00b0fc25ca028842d9d3"
x-amz-version-id: 2LcwZ3Lb5MlSfrgj_qJcWiZyLOb2BBBP
age: 4528734
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=LadInWVdsr1di%2BGRZMl5BcTUaRMX0LAVgNfvWEENdqzv262yGgnqSmV5sAtAoTlmm%2FSqrNql3rpyhaAUoeFQFJGni%2BRvPVE0LmNCXPDMRO1yD7wSAMah%2Fw%3D%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: CWRUgNzbLT_k1jok_RD7n9MzjGQBlGiBfgw7LkIukydCDI7xXx-t6g==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Thu, 18 Sep 2025 11:25:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 a1883601a786b7317faec0d94ef154f2.cloudfront.net (CloudFront)
cf-ray: 99c0d23f5f3775a1-ARN
x-amz-cf-pop: ARN56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

OPTIONS
H2 204 tall_side
apps.entail.ai/api/pirsomotV2/pirsomot/ Frame 0
0 147ms
122ms Preflight 2606:4700:20::681a:a8f
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://apps.entail.ai/api/pirsomotV2/pirsomot/tall_side

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a8f -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: sn-host,sn-locale
Access-Control-Request-Method: GET
Origin: https://www.kelacyber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: sn-host,sn-locale
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.kelacyber.com
access-control-max-age: 1728000
cf-cache-status: DYNAMIC
cf-ray: 99c0d2407bddad45-ARN
date: Sun, 09 Nov 2025 22:42:05 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=d7v30IDLVWbCax1ZJJj%2BLqA6HvmstnoMZWy0nbgbPz4%2BrSB08sG7yEWOWwh%2BLG%2FKO7kyViEfO%2FjvueyuHXA5ZlVymhSiE4Iir07BA0os%2FMMLBaBz7dgktzA%3D"}]}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Headers
x-response-time: 0.327ms

OPTIONS
H2 204 /
apps.entail.ai/api/user/ Frame 0
0 146ms
124ms Preflight 2606:4700:20::681a:a8f
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://apps.entail.ai/api/user/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a8f -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: sn-host,sn-locale
Access-Control-Request-Method: GET
Origin: https://www.kelacyber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: sn-host,sn-locale
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.kelacyber.com
access-control-max-age: 1728000
cf-cache-status: DYNAMIC
cf-ray: 99c0d2407bdead45-ARN
date: Sun, 09 Nov 2025 22:42:05 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dysQ6F9yExTzAMfm%2FFBPXlhzRCKivCC1GLuJF5WRZCWcBdPPSyy6kDQuE7bzwZwBYwrXEfDYlk9kuezqnZ%2FqEtv3t%2BNfDEXXuJNsW1ol4k3RZnU7MPRJ27E%3D"}]}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Headers
x-response-time: 0.264ms

GET
H2 200 400-bundle-a1717254.js Show response
widgets.entail.ai/static/ 808 KB
234 KB 45ms
45ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://widgets.entail.ai/static/400-bundle-a1717254.js

Requested by

Host: cdn.entail.ai
URL: https://cdn.entail.ai/client/static/default-src_client_components_readOnlyEditor_SNReadOnlyEditor_tsx-bundle-aa8371d7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22e0c7d5994a796736372e1f2b5dee5aa4debf4a978565c4c13b3c79d066859e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"44116cb2fbd85922cec14f81f6b37cfa"
x-amz-version-id: FB09UYY7teEFCBG0NVH.bqzTBTruOB9E
age: 78026
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=J5oeGUAaxGbzaRF7NnB2NmOTFlP%2Bt6stP%2F%2FT9PpqW4ImdbQ1T3gAHVPbj6SREOKEWzYmi4q7zO1xxurvh%2BlwUV6riasG5lmK1aHTEYj5p1PRQPMwQvUShdjNGQA%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: bcmLG1lu6uPb3vwDkt7M2-nwaY3JzoxxO91q8-Np3Fxrha4FG0OBDw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Tue, 04 Nov 2025 08:40:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 0ca6102b671acc9950502eeeca241bf8.cloudfront.net (CloudFront)
cf-ray: 99c0d240583075a1-ARN
x-amz-cf-pop: ARN56-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 client-bundle-0a7a99ad.js Show response
widgets.entail.ai/static/ 284 KB
50 KB 43ms
43ms Script
application/javascript 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://widgets.entail.ai/static/client-bundle-0a7a99ad.js

Requested by

Host: cdn.entail.ai
URL: https://cdn.entail.ai/client/static/default-src_client_components_readOnlyEditor_SNReadOnlyEditor_tsx-bundle-aa8371d7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b411705c15d7bea74cc8db8f6db2631e2092b8a4ae8db55561c6ac2945da5f34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"845f21f0cf7e8fca647f6636a12c2d9a"
x-amz-version-id: ZGOnMm82Y4yx7lI09xMKBcVpa9iHufuY
age: 38628
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=z8wvGciyX6M12d2gw2u44josFUZaSjv1%2FQMrxY2jRZheRZ6Wt2eQrY8K8pUSVaGH4Qj7f%2FOXL9egLXr9zC4EhCvF3JKXe4L43Uq87Reu%2FU2%2B2PCeV8eEz5NbZrM%3D"}]}
x-cache: Hit from cloudfront
x-amz-cf-id: B88ntBGn2Ej4aTfY7ZpazC6q14fq0SIzgHurWa9tVn95nDyYqwnN-g==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Wed, 05 Nov 2025 11:37:30 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
via: 1.1 0ca6102b671acc9950502eeeca241bf8.cloudfront.net (CloudFront)
cf-ray: 99c0d240583475a1-ARN
x-amz-cf-pop: ARN56-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 tall_side Show response
apps.entail.ai/api/pirsomotV2/pirsomot/ 15 B
390 B 132ms
131ms XHR
application/json 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://apps.entail.ai/api/pirsomotV2/pirsomot/tall_side

Requested by

Host: cdn.entail.ai
URL: https://cdn.entail.ai/client/static/default-src_client_agent_agent_ts-node_modules_babel_runtime_helpers_esm_slicedToArray_js-bundle-73efc17f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://www.kelacyber.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Accept: application/json
SN-Locale: en
SN-host: www.kelacyber.com

Response headers

strict-transport-security: max-age=15552000; includeSubDomains; preload
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"f-vq7iR8edCWsBmYr0817vqlEnUMY"
access-control-allow-credentials: true
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9INvq8nKCMmy5nn%2FkIVfu%2Bf3IydwycfnHP7qtsdSMQhIsXu0KwnYiytrHZK6iO%2BeA5ADhNv3kKuyM8crtbBeuNQnv5Wtyq6Dlm3N4%2Barx%2F0HE2SZc%2BD0ltQ%3D"}]}
cf-ray: 99c0d241494975a1-ARN
x-response-time: 6.799ms
access-control-allow-origin: https://www.kelacyber.com
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

GET
H2 200 / Show response
apps.entail.ai/api/user/ 27 B
495 B 126ms
126ms XHR
application/json 2606:4700:20::ac43:45af
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://apps.entail.ai/api/user/

Requested by

Host: cdn.entail.ai
URL: https://cdn.entail.ai/client/static/common_app-bundle-23579c2e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:45af -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54f7e618eb7655df07f08feb342d6b5374b916ca6f96253f51ddcdf6df423405

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://www.kelacyber.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
SN-locale: en
SN-host: www.kelacyber.com

Response headers

strict-transport-security: max-age=15552000; includeSubDomains; preload
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"1b-kU32D9h5iX8PFllYDz5kz+KV2Kk"
access-control-allow-credentials: true
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1PMbnakwQkGdc1Jxo1UA6mSaZ465W5qeVctgJvVOX4E%2FoS1vqkgfSZwSqA8BrW87V8Id1NI7dJEDEzujKm8UpBjz%2FbUeoYASgXirRWakTDO9fU0m%2Bwyv6fI%3D"}]}
cf-ray: 99c0d241494d75a1-ARN
x-response-time: 1.759ms
access-control-allow-origin: https://www.kelacyber.com
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

GET
H2 200 cbac8094eb024eb48c842315b36b6c491738325849315-1753370992741.png
entail-assets.com/kelacyber/fit-in/25x25/ 428 B
1 KB 65ms
65ms Image
image/webp 2600:9000:2104:e000:a:45eb:ebc0:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://entail-assets.com/kelacyber/fit-in/25x25/cbac8094eb024eb48c842315b36b6c491738325849315-1753370992741.png

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:e000:a:45eb:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d23dd783210b737bf0cb7c503912e6a19c2bffa986bdd124cc9b7ba8558a27a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

age: 1497680
access-control-allow-methods: GET
x-amzn-requestid: 2d1afee9-5443-483c-b353-402a943bacb6
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: Ovtg6LfBC9Cg7e1kTn8LJV5KrpEdBc_F-by6S7b508xDYM0k8uB6MQ==
date: Thu, 23 Oct 2025 14:40:45 GMT
content-type: image/webp
last-modified: Thu, 24 Jul 2025 15:29:53 GMT
access-control-allow-headers: Content-Type, Authorization
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cache-control: max-age=31536000,public
x-amz-apigw-id: S56xLE3bDoEEvGA=
x-amzn-trace-id: Root=1-68fa3e6d-3cd6b0f03c4292e14263dd1f
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
via: 1.1 609487f3e9c1fd7ddcc7b01d9818bfec.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 428
x-xss-protection: 1; mode=block
x-amz-cf-pop: AMS1-C1

GET
H2 200 cbac8094eb024eb48c842315b36b6c491738325849315-1753370992741.png
entail-assets.com/kelacyber/fit-in/150x150/ 1 KB
2 KB 63ms
62ms Image
image/webp 2600:9000:2104:e000:a:45eb:ebc0:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://entail-assets.com/kelacyber/fit-in/150x150/cbac8094eb024eb48c842315b36b6c491738325849315-1753370992741.png

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:e000:a:45eb:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

0cd9a63f5f05409ba10c0cc117e7ef4638529ddc1df296fdf5b9ed90df6037e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

age: 4009496
access-control-allow-methods: GET
x-amzn-requestid: 0d186331-08e8-41a0-a2aa-3882b975efa1
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: G6Xo0AOURqV2siagZx6EJAFysPaJqMul6WtMHr2kbKMG0nMLfcpPHw==
date: Wed, 24 Sep 2025 12:57:09 GMT
content-type: image/webp
last-modified: Thu, 24 Jul 2025 15:29:53 GMT
access-control-allow-headers: Content-Type, Authorization
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cache-control: max-age=31536000,public
x-amz-apigw-id: RaGZ9GktDoEEI7w=
x-amzn-trace-id: Root=1-68d3eaa5-71dba5d703586bb644d17a90
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
via: 1.1 609487f3e9c1fd7ddcc7b01d9818bfec.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 1332
x-xss-protection: 1; mode=block
x-amz-cf-pop: AMS1-C1

GET
H2 200 Incidents-1759905163522.png
entail-assets.com/kelacyber/fit-in/680x342/ 26 KB
26 KB 339ms
338ms Image
image/webp 2600:9000:2104:e000:a:45eb:ebc0:93a1
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://entail-assets.com/kelacyber/fit-in/680x342/Incidents-1759905163522.png

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:e000:a:45eb:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

f49e111eea635c1bac95b9ab07278561c1a94fe8357523bd49a77b877dbdc485

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

access-control-allow-methods: GET
x-amzn-requestid: 8275b0e0-3894-4726-a544-247287e0e8eb
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: UW7XuKbbz8xKniYB4iMtaQLkFvXT3HndfEQBQWL4E7s0Ee2KF6hsYw==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: image/webp
last-modified: Wed, 08 Oct 2025 06:32:44 GMT
access-control-allow-headers: Content-Type, Authorization
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cache-control: max-age=31536000,public
x-amz-apigw-id: TzDNrGfdDoEEYvw=
x-amzn-trace-id: Root=1-691118bd-304ba39d2ff2993035d5c881
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
via: 1.1 609487f3e9c1fd7ddcc7b01d9818bfec.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 26154
x-xss-protection: 1; mode=block
x-amz-cf-pop: AMS1-C1

GET
H2 200 recaptcha__fi.js Show response
www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/ 814 KB
348 KB 202ms
63ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/recaptcha__fi.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfR5HsUAAAAADHSuv-xx6LhCLKZaZpJiVsYh6br&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f29cbf179571d29fdad53e7d0594f1e0331c15bba61a5ab4b5e073bbea74da03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer: https://www.kelacyber.com/

Response headers

content-encoding: gzip
age: 318138
report-to: {"group":"recaptcha-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha-scs"}]}
x-content-type-options: nosniff
expires: Fri, 06 Nov 2026 06:19:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 06 Nov 2025 06:19:47 GMT
last-modified: Mon, 03 Nov 2025 01:02:43 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha-scs"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha-scs
accept-ranges: bytes
access-control-allow-origin: *
content-length: 355370
x-xss-protection: 0
server: sffe

GET
H3 200 sm.25.html Show response
static.addtoany.com/menu/ Frame 2599 716 B
1007 B 80ms
43ms Document
text/html 172.66.171.172
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://static.addtoany.com/menu/sm.25.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.171.172 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

274d4116239b63097bb7c16e56e27cbb5a77be20392fb8e2317c0a0235185cad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kelacyber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 11666
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 99c0d240eab7e891-ARN
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 09 Nov 2025 22:42:05 GMT
etag: W/"551efc5187c9f500b4e394155ba03720"
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
priority: u=0,i
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=V51rvizQjTkbjYGWtqCgHJq9t4LqP6Dzb7l8rjJPaAElFJhwLwtDERfAMX6akEby%2BjG2TwFwczqHPygPWWpf8NnPW2SvkyQ2vFmAvjq1YnA4"}]}
server: cloudflare
server-timing: cfExtPri
speculation-rules: "/cdn-cgi/speculation"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: accept-encoding
x-accel-buffering: yes
x-content-type-options: nosniff

GET
H3 200 core.oafg07ee.js Show response
static.addtoany.com/menu/modules/ 71 KB
26 KB 79ms
43ms Script
application/javascript 172.66.171.172
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.oafg07ee.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.171.172 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

292d24e79b1e264ced629c35d3b59a7a83093f972cdd0eac61e7b32189964772

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer: https://www.kelacyber.com/

Response headers

x-accel-buffering: yes
content-encoding: br
etag: W/"c24c44a1988676fe88781355cb3740b1"
age: 13990
cf-cache-status: HIT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=AnqMcrt1OdyjrfHTiL6tx3lhg7TQVRQDYX50N87ouTPCvOaYPrSvXd6ZAv0wHEQ9XYwtrHJMv6L9RyxAlGN2Uge7jL0Xee4aevOUiK1NJP7h"}]}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding
priority: u=1,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=315360000, immutable
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: strict-origin-when-cross-origin
cf-ray: 99c0d240edb10a27-ARN
access-control-allow-origin: *
server: cloudflare

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 5 KB
3 KB 266ms
191ms XHR
application/json 2606:4700::6811:5cbb
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&pid=8726485&sv=cta-embed-js-static-1.476&rdy=1&df=t&pg=0912a65f-f283-4c95-98f3-9637e7f76678&pg=14aa3af0-a02c-4e40-97c0-0f066156f4fd&pg=14aa3af0-a02c-4e40-97c0-0f066156f4fd&pg=0912a65f-f283-4c95-98f3-9637e7f76678&pg=14aa3af0-a02c-4e40-97c0-0f066156f4fd

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5cbb -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a02bcccfdbdf124560415fa8746ba515cf66b0bd08c827e4af8d6f616c9eb9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
access-control-expose-headers: X-Origin-Hublet
content-encoding: gzip
cf-cache-status: DYNAMIC
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHiQcGYHDTiOMnUCcL69VQx2Mtk5%2FZWUG1%2FImdL6EFGwJRtltqTiq7VFXY5je11UFyuO%2Byqiwbpa0PNQF3tc9Fmiml7xBmMvaSGWkIXJ5uyD2Ci0FSQqWnBWMaBOJ1Y4YZvFEJEpkq57q2oog0uvkYloRzRiTnqg6RI%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
date: Sun, 09 Nov 2025 22:42:05 GMT
x-hubspot-correlation-id: d98b852e-6a82-4345-8be4-5328eb1caeef
content-type: application/json;charset=utf-8
vary: origin, accept-encoding
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 99c0d24148d65571-ARN
access-control-allow-origin: https://www.kelacyber.com
content-length: 1441
server: cloudflare

OPTIONS
H2 204 list
widgets.entail.ai/widget/dialogs/ Frame 0
0 83ms
82ms Preflight 2606:4700:20::681a:a8f
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://widgets.entail.ai/widget/dialogs/list

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a8f -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: x-access-token
Access-Control-Request-Method: GET
Origin: https://www.kelacyber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-access-token
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.kelacyber.com
access-control-max-age: 1728000
cf-cache-status: DYNAMIC
cf-ray: 99c0d240dc5ead45-ARN
date: Sun, 09 Nov 2025 22:42:05 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=d%2Bt59pxb%2B5syAlucNa3gPLyZV3ZMT1IoX%2FZbL6KfdMwlp5TTMhVjCoRoAI1B6JO6YOd333nquq25LHDjvT93TBzf9nd%2BqDwQSwHN4GE%3D"}]}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Headers
via: 1.1 a626e6748fd7659cdc58de81924341d6.cloudfront.net (CloudFront)
x-amz-cf-id: qHO1_7sdPwtaOHVi810u5LUEULwewBncLCnM3ZiwSUuNXdnWgcuQHA==
x-amz-cf-pop: ARN56-P1
x-cache: Miss from cloudfront
x-response-time: 0.170ms

OPTIONS
H2 204 active-bar
widgets.entail.ai/bars/ Frame 0
0 81ms
80ms Preflight 2606:4700:20::681a:a8f
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://widgets.entail.ai/bars/active-bar?url=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a8f -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: x-access-token
Access-Control-Request-Method: GET
Origin: https://www.kelacyber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-access-token
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.kelacyber.com
access-control-max-age: 1728000
cf-cache-status: DYNAMIC
cf-ray: 99c0d240dc61ad45-ARN
date: Sun, 09 Nov 2025 22:42:05 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2B2HcVR1DNQWl5ugYo8bZi6Gp2FGwg0wjKZWw3lUi7pKHYNocPrrcTxpu0pp8oyPnuviOnRa1CRPDKFidEH7cmSio67t%2Few1L0FMutkc%3D"}]}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Headers
via: 1.1 a626e6748fd7659cdc58de81924341d6.cloudfront.net (CloudFront)
x-amz-cf-id: hQqoyJVVQXIUVnvhV29ee1QVwJWrkZJH4a81BHvAGqB56nuejfqd8g==
x-amz-cf-pop: ARN56-P1
x-cache: Miss from cloudfront
x-response-time: 0.095ms

GET
H2 200 list Show response
widgets.entail.ai/widget/dialogs/ 2 KB
2 KB 616ms
616ms Fetch
application/json 2606:4700:20::681a:a8f
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://widgets.entail.ai/widget/dialogs/list

Requested by

Host: cdn.entail-insights.com
URL: https://cdn.entail-insights.com/js/entail.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a8f -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfab016e4d09353b9153ffb2d88f060c979d1f51681c6ca03e2a343b7f12dae2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
X-Access-Token: et-d55dbe39-def4-546f-a033-c1830618c360
Referer: https://www.kelacyber.com/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2F5vqoLXXzOe%2BQkr17GciW%2FqXnGxy4b5koF1Ji4yhTg%2Ft6Sgl1HYidWSS9gaSJ55WNEgdQtZ20qX7VgPaaD5hwhr22iidRVYcwp%2F7hMU%3D"}]}
x-response-time: 513.299ms
x-cache: Miss from cloudfront
x-amz-cf-id: UQ-olJ9Up4-4GP5Be0djm7tkdAlPUu0oLaiJVESiDj9K6HK4KtLSCA==
date: Sun, 09 Nov 2025 22:42:06 GMT
content-type: application/json; charset=utf-8
vary: Origin,Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
access-control-allow-credentials: true
via: 1.1 a626e6748fd7659cdc58de81924341d6.cloudfront.net (CloudFront)
cf-ray: 99c0d2415cefad45-ARN
access-control-allow-origin: https://www.kelacyber.com
x-amz-cf-pop: ARN56-P1
server: cloudflare

POST
H2 200 nl Show response
widgets.entail.ai/campaigns/ 47 B
383 B 134ms
134ms Fetch
application/json 2606:4700:20::681a:a8f
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://widgets.entail.ai/campaigns/nl

Requested by

Host: cdn.entail-insights.com
URL: https://cdn.entail-insights.com/js/entail.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a8f -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

809d0b274002b811f4d1d91b0dca3e214b6c3734c1dc33bfe2d60ace55207bc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4cM2%2F3qjdJL4v6O3RqNGRzslIhn3HBLHLJVX7UFizyNx8bhNQfm7zzjzSxqn%2BRAVxGO%2F69kxTfHshRwN5JGY9dEm8pUEDsaC0Vdn"}]}
x-response-time: 55.110ms
x-cache: Miss from cloudfront
x-amz-cf-id: _9ggaVUGndK0MbCumsYWJSX6-MPCMzl9gKVUy64PtfapBAFvS1ZK5w==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
access-control-allow-credentials: true
via: 1.1 a626e6748fd7659cdc58de81924341d6.cloudfront.net (CloudFront)
cf-ray: 99c0d240dc5fad45-ARN
access-control-allow-origin: https://www.kelacyber.com
x-amz-cf-pop: ARN56-P1
server: cloudflare

GET
H2 200 active-bar Show response
widgets.entail.ai/bars/ 41 B
455 B 431ms
431ms Fetch
application/json 2606:4700:20::681a:a8f
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://widgets.entail.ai/bars/active-bar?url=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F

Requested by

Host: cdn.entail-insights.com
URL: https://cdn.entail-insights.com/js/entail.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:a8f -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aba0aab39ddbef5ba2f080ee7d8a383b3b30829de7dad191e906e402d268fb39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
X-Access-Token: et-d55dbe39-def4-546f-a033-c1830618c360
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=V8d1Ed90QvcueDd8ZykTmYD9QCfgttJwU%2BDPCHQHQxiGsS7N0zpkRAS3ZMdvCNYyw4xsAgxe5DszyyJEaiHblYb5J5sWdfrClieg"}]}
x-response-time: 345.616ms
x-cache: Miss from cloudfront
x-amz-cf-id: ZIEf0yNa6w_jdEcdtQJPjPSIZxNFdC1UuEZnpK7z-TKo8hx-2b8Vdg==
date: Sun, 09 Nov 2025 22:42:06 GMT
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
access-control-allow-credentials: true
via: 1.1 a626e6748fd7659cdc58de81924341d6.cloudfront.net (CloudFront)
cf-ray: 99c0d2415ce9ad45-ARN
access-control-allow-origin: https://www.kelacyber.com
x-amz-cf-pop: ARN56-P1
server: cloudflare

POST
H3 200 collect
www.google.com/ccm/ 0
0 66ms
66ms Fetch
text/plain 142.250.184.196
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://www.google.com/ccm/collect?frm=0&en=page_view&dl=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&scrsrc=www.googletagmanager.com&rnd=1030726209.1762728126&dt=Ransomware%20Threat%20Actor%20Profile%3A%20Qilin%20%7C%20KELA%20Cyber&auid=800314854.1762728126&navt=n&npa=1&gtm=45He5b50v853881816za200zd853881816xea&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115583767~115938465~115938468~116217636~116217638&tft=1762728125596&tfd=920&apve=1&apvf=f
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-556TBLB
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f4.1e100.net
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 511 KB
163 KB 103ms
102ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2VYZ0NJ0TL&cx=c&gtm=4e5b50

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-556TBLB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e8a4b0f6f55703db81a26dd4e895dcd0850684310f1a9d923e6474a2f19dc300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Sun, 09 Nov 2025 22:42:05 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 166895
date: Sun, 09 Nov 2025 22:42:05 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 382 KB
132 KB 77ms
77ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-11031147722&cx=c&gtm=4e5b50

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-556TBLB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ec07685f50b84e8e5d092b5cb43da35bfb6a881dcac4f1b6c0b26463f00b0c82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: zstd
expires: Sun, 09 Nov 2025 22:42:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 09 Nov 2025 21:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 135480
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 52 KB
19 KB 294ms
95ms Script
application/javascript 2001:41a8:47:302::1737:303b
SEABONE-NET TELEC...

General

Check archive.org

Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-556TBLB

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41a8:47:302::1737:303b , Italy, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

Resource Hash

4937c7883dfea438ed4dff4faaf3148604d8853b14ca860b8ce788cd8b8c341f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

cache-control: max-age=86400
content-encoding: gzip
x-cdn-proto: HTTP2
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600
access-control-allow-origin: *
content-length: 18876
date: Sun, 09 Nov 2025 22:42:05 GMT
last-modified: Thu, 16 Oct 2025 10:19:40 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 8726485.js Show response
js.hs-scripts.com/ 2 KB
802 B 203ms
203ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://js.hs-scripts.com/8726485.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-556TBLB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf2aa18a31360682ede39dff2b5afd3ea7d971bfff9b51885bdbe65ccf046263

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: EXPIRED
x-content-type-options: nosniff
expires: Sun, 09 Nov 2025 22:43:35 GMT
date: Sun, 09 Nov 2025 22:42:05 GMT
x-hubspot-correlation-id: 7945ffd2-ff7d-4b50-add2-c18b96f47f28
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Sun, 09 Nov 2025 22:42:05 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 99c0d24119c9dbb0-ARN
accept-ranges: bytes
access-control-allow-origin: https://www.kelacyber.com
content-length: 675
server: cloudflare

GET
H2 200 app.js Show response
acsbapp.com/apps/app/dist/js/ 767 KB
214 KB 128ms
43ms Script
application/javascript 2606:4700:10::ac42:90c4
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://acsbapp.com/apps/app/dist/js/app.js
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac42:90c4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6512c6a0fe75328b212c6f75d71e5dc948179b32c174d99c3576e609edab9a21

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-goog-metageneration: 3
access-control-expose-headers: *
x-goog-hash: crc32c=gFFpZg==, md5=oWx3N7u7sOW5CuXstSnFbQ==
cf-cache-status: HIT
etag: W/"a16c7737bbbbb0e5b90ae5ecb529c56d"
age: 1046
content-encoding: br
x-goog-stored-content-encoding: identity
expires: Mon, 09 Nov 2026 22:24:39 GMT
x-goog-stored-content-length: 785021
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 06 Nov 2025 07:56:44 GMT
vary: accept-encoding
x-guploader-uploadid: AOCedOGE1opBsyEkU57mRsIZkgcZ47i_ccuqSrUzcIIdpqoGpgzUPW_WG3dolTusiEHFD7z-eI9Rn_E
cache-control: public, max-age=300, must-revalidate
x-goog-storage-class: STANDARD
cf-ray: 99c0d241a81c70d7-ARN
access-control-allow-origin: *
x-goog-generation: 1762415804741308
server: cloudflare

GET
H2 200 tracker.iife.js Show response
assets.apollo.io/micro/website-tracker/ 3 KB
2 KB 139ms
51ms Script
application/javascript 2606:4700:10::ac42:857c
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=57firb
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac42:857c -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2039d204f18247df88a0f132f35fe67f9e52ee7268515ead1647c611f737ba07

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *
content-encoding: br
x-goog-hash: crc32c=MY6wfg==, md5=hthBoodcqITOwlOMWg5w7g==
etag: W/"86d841a2875ca884cec2538c5a0e70ee"
age: 59710
cf-cache-status: HIT
x-goog-stored-content-encoding: gzip
expires: Mon, 09 Nov 2026 03:26:01 GMT
x-goog-stored-content-length: 1168
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
last-modified: Mon, 13 Jan 2025 12:58:37 GMT
vary: Accept-Encoding
x-guploader-uploadid: AFIdbgRN8hceqN5FgPTL4C5C-7q-1SXTSSicTtwuwLuj_edOj1Cw21DfYH3RRz3N5L3ZLtO39bwpdvI
cache-control: public, max-age=31466636
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 99c0d241aaa14434-ARN
access-control-allow-origin: *
x-goog-generation: 1736773117067886
server: cloudflare

GET insights.js
cdn.entail-insights.com/js/ 0
0

GET
H2 200 lftracker_v1_p1e024BlOJQ8GB6d.js Show response
sc.lfeeder.com/ 32 KB
11 KB 236ms
75ms Script
application/javascript 2600:9000:28eb:d600:4:d7e1:700:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://sc.lfeeder.com/lftracker_v1_p1e024BlOJQ8GB6d.js
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:28eb:d600:4:d7e1:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9c47407bed7cf8b7779e3bb04e25e01cf8029fe8d982f5e65b64eaa35aaf85d9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
x-amz-version-id: XDsrVSh3K7KUx1kcF1GaSQa0fRrsTXFb
etag: W/"3546bafbb4a131dbe1de4cfa5a31ef3f"
age: 1632
x-cache: Hit from cloudfront
x-amz-cf-id: MCGktiN3d6UF0DpAj8upIXkGvX8ix6_EdNDi95ANdpg5vHpgxVYHmA==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Fri, 07 Nov 2025 08:10:32 GMT
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
via: 1.1 c882e22548530d40265eb261348d86d0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P12
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 lftracker_v1_ywVkO4Xm391aZ6Bj.js Show response
sc.lfeeder.com/ 32 KB
11 KB 231ms
70ms Script
application/javascript 2600:9000:28eb:d600:4:d7e1:700:93a1
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://sc.lfeeder.com/lftracker_v1_ywVkO4Xm391aZ6Bj.js
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:28eb:d600:4:d7e1:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1df37e65c771c0df5eb508b21ebe03a3a6b84d622dc6e81eae8199aa1310aea5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: br
x-amz-version-id: nR0KgFnIJGRnAjy6BEc6hCEudaYb4MpN
etag: W/"2efa235ca48830ef454dd0b9bc8020da"
age: 1632
x-cache: Hit from cloudfront
x-amz-cf-id: BS7bYPQq4S2DNZ0iXtS1wiSOI7w_g-eNSt_1mNCT4pSLswDtpkwikQ==
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Fri, 07 Nov 2025 08:10:18 GMT
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
via: 1.1 c882e22548530d40265eb261348d86d0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P12
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 sw_iframe.html Show response
www.googletagmanager.com/static/service_worker/5a20/ Frame 0F4B 3 KB
2 KB 196ms
62ms Document
text/html 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/5a20/sw_iframe.html?origin=https%3A%2F%2Fwww.kelacyber.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-556TBLB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ada301d803d8f4b2ba210c9c57091378255ed54b96e4236a9e2ce587a2a4035

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 457057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1486
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Tue, 04 Nov 2025 15:44:28 GMT
expires: Wed, 04 Nov 2026 15:44:28 GMT
last-modified: Thu, 02 Oct 2025 09:08:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 134 B
377 B 162ms
153ms XHR
application/json 2606:4700::6810:6efe
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=8726485&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6efe -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

080320f8d75d38988a4fd2136e53b15333269ca5ccece33e94f0f9310e961a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
cache-control: max-age=0
content-encoding: br
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
cf-ray: 99c0d2422bc98055-ARN
access-control-allow-origin: https://www.kelacyber.com
date: Sun, 09 Nov 2025 22:42:05 GMT
x-hubspot-correlation-id: 581c329c-2e6f-4802-96a8-7216f66f2e97
content-type: application/json;charset=utf-8
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: *

OPTIONS
H3 200 track_request
aplo-evnt.com/api/v1/intent_pixel/ Frame 0
0 225ms
176ms Preflight 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=663a2d126e0b0c0574382e66
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.kelacyber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 99c0d24268bec6a0-ARN
content-length: 0
date: Sun, 09 Nov 2025 22:42:05 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
priority: u=1,i
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MbOTyrqfj1yLvlB4Ovld35i%2F%2FxDok1CwlMixhUIfOcjvWDNsrbTJFcwEAMJirv%2FX%2BhS4abruzsLeH9%2FJx5OPbO5wGsoNomZa3We4Wxo%3D"}]}
server: cloudflare
server-timing: cfExtPri
x-request-id: fd374a26-f579-4f01-85b2-b55db9516b5d
x-runtime: 0.000896

POST
H3 204 track_request
aplo-evnt.com/api/v1/intent_pixel/ 0
0 190ms
189ms Fetch 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=663a2d126e0b0c0574382e66

Requested by

Host: assets.apollo.io
URL: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=57firb

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn .salesforce.com .lightning.force.com; report-uri https://o101058.ingest.us.sentry.io/api/222018/security/?sentry_key=86bb17dd8c2449719dd6b498f3431191&sentry_environment=production&sentry_release=8abdcfe677aba1e791f0a5dc7360ffa721cd292e
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.kelacyber.com/

Response headers

access-control-max-age: 7200
x-request-id: cc6d4375-7c7d-46eb-a29f-5bca96a5433a
access-control-expose-headers
x-transaction-id: 47d33453-6049-4120-9347-a331db6d3a89
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rpnvQslzy%2BBFZK1Fs%2F11OMNPUZ0oIDWBHtjCovbQWRZgJBvnqn6AW1XC%2FSpERqGUcfJCZBrEDIphDFxlBPrt1O3Le0gWptGMLivQiGE%3D"}]}
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:06 GMT
vary: Origin
x-runtime: 0.013256
priority: u=1,i
x-frame-options: ALLOWALL
strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn *.salesforce.com *.lightning.force.com; report-uri https://o101058.ingest.us.sentry.io/api/222018/security/?sentry_key=86bb17dd8c2449719dd6b498f3431191&sentry_environment=production&sentry_release=8abdcfe677aba1e791f0a5dc7360ffa721cd292e
cache-control: no-cache
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 99c0d2438a01c6a0-ARN
access-control-allow-origin: *
server: cloudflare

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 86 B
1006 B 171ms
171ms Fetch
application/json 2606:4700::6811:5cbb
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=8726485&currentUrl=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5cbb -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26a562d5101459c8569b45e31933d3e896cbbb54c5829ae2f14c0fc32a0ba290

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xd%2FlAtLBgGvwP8RB1d7Fw20ahHSQfdMl2CoOU%2FUfoaRYzsr%2BooJzsRMv0wRJmpJzOAC4Z2UrBq5I6mqCZyLU%2B50wpgAsZBsfST%2Fh7U39HD1z%2Be6nzGr47lJoKmPEkU7JFbQuO0%2BebuKspNrOV7t4Iq5Hym6GDKckeXc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
date: Sun, 09 Nov 2025 22:42:05 GMT
x-hubspot-correlation-id: 54a8b1db-1ea5-4248-bef9-fa251c09c60b
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 99c0d2421aa4eff0-ARN
access-control-allow-origin: https://www.kelacyber.com
server: cloudflare

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 100ms
32ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-2VYZ0NJ0TL&gtm=45je5b50v9102179169z8853881816za200zb853881816zd853881816&_p=1762728125159&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&cid=498571725.1762728126&ul=fi-fi&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=Ag&_s=1&tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104573694~104684208~104684211~104948813~115480710~115583767~115616985~115938465~115938468~116217636~116217638&sid=1762728125&sct=1&seg=0&dl=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&dt=Ransomware%20Threat%20Actor%20Profile%3A%20Qilin%20%7C%20KELA%20Cyber&en=page_view&_fv=2&_nsi=1&_ss=1&tfd=1141
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2VYZ0NJ0TL&cx=c&gtm=4e5b50
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:164:0
report-to: {"group":"ascnsrsggc:164:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:164:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.kelacyber.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:164:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
559 B 198ms
63ms Ping
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2VYZ0NJ0TL&cid=498571725.1762728126&gtm=45je5b50v9102179169z8853881816za200zb853881816zd853881816&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104573694~104684208~104684211~104948813~115480710~115583767~115616985~115938465~115938468~116217636~116217638
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2VYZ0NJ0TL&cx=c&gtm=4e5b50
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::9c , Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:132:0
report-to: {"group":"ascnsrsggc:132:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:132:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.kelacyber.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:132:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 09 Nov 2025 22:42:06 GMT
content-type: text/plain
server: Golfe2

GET
H2

204

https://region1.analytics.google.com/g/collect?v=2&tid=G-2VYZ0NJ0TL&gtm=45je5b50v9102179169za200zb853881816zd853881816&_p=1762728125159&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&cid=498571725.17...
https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=498571725.1762728126&dbk=14328966711314131037&dma=1&dma_cps=syphamo&en=blog_read&gtm=45je5b50v9102179169za200zb8538...

0
0

39ms
33ms

Fetch
text/plain

2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=498571725.1762728126&dbk=14328966711314131037&dma=1&dma_cps=syphamo&en=blog_read&gtm=45je5b50v9102179169za200zb853881816zd853881816&npa=1&tid=G-2VYZ0NJ0TL&dl=https%3A%2F%2Fwww.kelacyber.com%3F
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H2
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
attribution-reporting-info: preferred-platform=os
cross-origin-resource-policy: cross-origin
report-to: {"group":"ascnsrsgnc:90:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgnc:90:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgnc:90:0
attribution-reporting-register-os-trigger: "https://region1.google-analytics.com/privacy-sandbox/register-os-conversion?_c=1&cid=498571725.1762728126&dbk=14328966711314131037&dma=1&dma_cps=syphamo&en=blog_read&gtm=45je5b50v9102179169za200zb853881816zd853881816&npa=1&tid=G-2VYZ0NJ0TL&dl=https%3A%2F%2Fwww.kelacyber.com%3F"
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgnc:90:0
content-length: 0
attribution-reporting-register-trigger: {"aggregatable_trigger_data":[{"key_piece":"0xd9fd959b31cd7d5b","source_keys":["1"]},{"key_piece":"0xf8eb40928d0d5eb5","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"14328966711314131037","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"1"}],"filters":{"2":["11031147722","634986061","10950285700"],"5":["11-09","11-08","11-07"]}}
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: text/plain
server: Golfe2

Redirect headers

cache-control: no-cache, no-store, must-revalidate
location: https://region1.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=498571725.1762728126&dbk=14328966711314131037&dma=1&dma_cps=syphamo&en=blog_read&gtm=45je5b50v9102179169za200zb853881816zd853881816&npa=1&tid=G-2VYZ0NJ0TL&dl=https%3A%2F%2Fwww.kelacyber.com%3F
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"ascnsrsggc:164:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:164:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:164:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:164:0
content-length: 507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 09 Nov 2025 22:42:05 GMT
content-type: text/html; charset=UTF-8
server: Golfe2

GET
H2 200 ga-audiences
www.google.fi/ads/ 42 B
408 B 214ms
74ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.fi/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2VYZ0NJ0TL&cid=498571725.1762728126&gtm=45je5b50v9102179169z8853881816za200zb853881816zd853881816&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104573694~104684208~104684211~104948813~115480710~115583767~115616985~115938465~115938468~116217636~116217638&tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104573694~104684208~104684211~104948813~115480710~115583767~115616985~115938465~115938468~116217636~116217638&z=149097959

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Sun, 09 Nov 2025 22:42:06 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
310 B 469ms
469ms Script
application/javascript 2606:4700::6811:5cbb
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=8726485&pg=0912a65f-f283-4c95-98f3-9637e7f76678&lt=1762728125161&dt=1762728125163&at=1762728125855&ae=1&sl=1&an=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5cbb -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: noindex, follow
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r4nKC2YvCVjC4CpnQblJycYFRmAYsgAAyYFtLrK%2BmMdJYrimHxYFmer2RTcTHuX4SrD5RYc5HYqoyc73jCYIGfsbNH98bHvhQ9VCHNNWdwgjQSl6rf2R581GF51avc%2FqZSFs2mW3mWzfhxIA%2BIgmzNGxk6awIYkMDjM%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
date: Sun, 09 Nov 2025 22:42:06 GMT
x-hubspot-correlation-id: 13be7144-1155-4803-9720-486bf2eea815
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Sun, 09 Nov 2025 22:42:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-ray: 99c0d242ba575571-ARN
accept-ranges: bytes
content-length: 0
server: cloudflare

GET
H2 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
420 B 198ms
198ms Script
application/javascript 2606:4700::6811:5cbb
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=8726485&pg=14aa3af0-a02c-4e40-97c0-0f066156f4fd&lt=1762728125162&dt=1762728125163&at=1762728125856&ae=1&sl=1&an=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5cbb -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: noindex, follow
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HSRfFBln%2Bak5mKhCVyOUKgLajzhLD0LxINK6FYntEHk92rsuYMN%2BO6t%2FyliUIWCUSmBg6OIXNkn6p9qbSusSvJfSNQ3S%2F0hVm%2Fqh05Ui7guhPSYJ7S%2FMqxzHhtHzdQ7bJkKSYbygaBg6mTzTpIEszMLxBwKzPIUXhUY%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
date: Sun, 09 Nov 2025 22:42:06 GMT
x-hubspot-correlation-id: 81545220-2b6d-4126-b5ce-9aa6fd1a37b1
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Sun, 09 Nov 2025 22:42:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-ray: 99c0d242ba595571-ARN
accept-ranges: bytes
content-length: 0
server: cloudflare

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
508 B 223ms
178ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: none
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:06 GMT
x-hubspot-correlation-id: 8d21e2fe-791b-4813-a16a-2106e9604437
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Sun, 09 Nov 2025 22:42:06 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 99c0d242fddefdb9-HEL
accept-ranges: bytes
content-length: 35
server: cloudflare

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
447 B 228ms
184ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: none
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:06 GMT
x-hubspot-correlation-id: e47f72e3-7911-48c1-b75e-66045e503521
content-type: image/gif
vary: origin, Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 99c0d242fdddfdb9-HEL
content-length: 35
server: cloudflare

GET
H2 200 config.json Show response
cdn.acsbapp.com/config/kelacyber.com/ 164 B
698 B 317ms
231ms Fetch
application/json 2606:4700:10::ac42:90c4
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://cdn.acsbapp.com/config/kelacyber.com/config.json?page=%2Fblog%2Fransomware-threat-actor-profile-qilin%2F
Requested by: Host: acsbapp.com
URL: https://acsbapp.com/apps/app/dist/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac42:90c4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5aff7bac4456f5be5abe4c5c2871b1c7df93d56efd3e2ec3d6b56e52b457cfb0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=Zy2dXA==, md5=lGnBIneiO5S39AwPGyjb8A==
cf-cache-status: MISS
etag: W/"9469c12277a23b94b7f40c0f1b28dbf0"
content-encoding: br
x-goog-stored-content-encoding: identity
expires: Mon, 09 Nov 2026 22:42:07 GMT
x-goog-stored-content-length: 164
date: Sun, 09 Nov 2025 22:42:07 GMT
content-type: application/json
last-modified: Wed, 15 May 2024 17:08:56 GMT
vary: accept-encoding
x-guploader-uploadid: AOCedOHQOB28AAGFa1x4smYubuE6AqzY-kd2coNXO6T4ZyILloHsw4qGsg6nunA0rEu_gHxeSIC6Ass
cache-control: public, max-age=300, must-revalidate
x-goog-storage-class: STANDARD
cf-ray: 99c0d24bb94182bf-ARN
access-control-allow-origin: *
x-goog-generation: 1715792936556905
server: cloudflare

GET
H2 200 /
tr.lfeeder.com/ 43 B
320 B 239ms
102ms Image
image/gif 13.226.244.26
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://tr.lfeeder.com/?sid=ywVkO4Xm391aZ6Bj&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6WyJHLTJWWVowTkowVEwiXSwiZ2FDbGllbnRJZHMiOlsiNDk4NTcxNzI1LjE3NjI3MjgxMjYiXSwiY29udGV4dCI6eyJsaWJyYXJ5Ijp7Im5hbWUiOiJsZnRyYWNrZXIiLCJ2ZXJzaW9uIjoiMi43MC4wIn0sInBhZ2VVcmwiOiJodHRwczovL3d3dy5rZWxhY3liZXIuY29tL2Jsb2cvcmFuc29td2FyZS10aHJlYXQtYWN0b3ItcHJvZmlsZS1xaWxpbi8iLCJwYWdlVGl0bGUiOiJSYW5zb213YXJlIFRocmVhdCBBY3RvciBQcm9maWxlOiBRaWxpbiB8IEtFTEEgQ3liZXIiLCJyZWZlcnJlciI6IiJ9LCJldmVudCI6InRyYWNraW5nLWV2ZW50IiwiY2xpZW50RXZlbnRJZCI6IjExYWQ0OWI3ZDBiOWNiMzYiLCJzY3JpcHRJZCI6Inl3VmtPNFhtMzkxYVo2QmoiLCJjb29raWVzRW5hYmxlZCI6dHJ1ZSwiY29uc2VudExldmVsIjoibm9uZSIsImFub255bWl6ZUlwIjpmYWxzZSwibGZDbGllbnRJZCI6IkxGMS4xLjZmM2UzOTczNTVhNTg0MDcuMTc2MjcyODEyNzI1NyIsImZvcmVpZ25Db29raWVzIjpbXSwicHJvcGVydGllcyI6e30sImF1dG9UcmFja2luZ0VuYWJsZWQiOnRydWUsImF1dG9UcmFja2luZ01vZGUiOiJzcGEifQ==
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.244.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-244-26.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

cross-origin-resource-policy: cross-origin
via: 1.1 6942d46e6bed08f4180d0ef0e1b81710.cloudfront.net (CloudFront)
x-cache: LambdaGeneratedResponse from cloudfront
content-length: 43
x-amz-cf-id: kdlLiSs2xGNQPxny1VMcgYUY8B_OCH0oCGUS-mHQRCkFS89zkP-crw==
date: Sun, 09 Nov 2025 22:42:07 GMT
content-type: image/gif
x-amz-cf-pop: FRA56-P14
server: CloudFront
vary: Origin

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
337 B 161ms
160ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: none
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:07 GMT
x-hubspot-correlation-id: 006f6f59-7bd5-4847-a983-516bfd97cdcc
content-type: image/gif
vary: origin, Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 99c0d24b8c1bfdb9-HEL
content-length: 35
server: cloudflare

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
839 B 320ms
178ms XHR
application/json 2620:1ec:50::12
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3849553&time=1762728127266&url=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:50::12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Accept: *
Referer: https://www.kelacyber.com/

Response headers

x-li-pop: afd-prod-ltx1-x
content-encoding: gzip
x-fs-uuid: 000643311fdff323a62203a0d370ba8b
x-msedge-ref: Ref A: B959BD2748DA4A3B9518D3D35F0BE268 Ref B: STOEDGE1221 Ref C: 2025-11-09T22:42:07Z
x-li-fabric: prod-ltx1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAZDMR/f8yOmIgOg03C6iw==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:06 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3849553&time=1762728127266&url=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3849553&time=1762728127266&url=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&e_ipv6=AQL1WQl48-weRQAAAZpqyKwJr...

0
287 B

316ms
177ms

Image
application/javascript

150.171.22.14
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3849553&time=1762728127266&url=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&e_ipv6=AQL1WQl48-weRQAAAZpqyKwJrPC4ie0MRvuOAY06uIzxvrADJAa_-fCje48TqhxMlBoeOHnt
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H2
Server: 150.171.22.14 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 9513280698A04700A27D61807746C161 Ref B: STOEDGE1714 Ref C: 2025-11-09T22:42:07Z
x-li-fabric: prod-ltx1
x-li-uuid: AAZDMR/kqLMej+troKVa2w==
x-li-proto: http/2
alt-svc: h3=":443"; ma=86400
x-cache: CONFIG_NOCACHE
content-length: 0
date: Sun, 09 Nov 2025 22:42:07 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3849553&time=1762728127266&url=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&e_ipv6=AQL1WQl48-weRQAAAZpqyKwJrPC4ie0MRvuOAY06uIzxvrADJAa_-fCje48TqhxMlBoeOHnt
x-msedge-ref: Ref A: C03DBCF74CFC4A708428BAA2B7D42AF6 Ref B: STOEDGE1611 Ref C: 2025-11-09T22:42:07Z
x-li-fabric: prod-ltx1
x-li-uuid: AAZDMR/f7S53YYUybaqeNA==
x-li-proto: http/2
alt-svc: h3=":443"; ma=86400
x-cache: CONFIG_NOCACHE
content-length: 0
date: Sun, 09 Nov 2025 22:42:07 GMT

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 5 B
148 B 106ms
43ms Fetch
text/plain 2606:4700:4407::6812:28f0
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8726485/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4407::6812:28f0 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce81d0271ac633efe2c7c355a84d556da445cffa0317e2d4efbdf28c80819ca5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

cache-control: private, max-age=1500
cf-ray: 99c0d24bfba68d8a-HEL
access-control-allow-origin: *
content-length: 5
date: Sun, 09 Nov 2025 22:42:07 GMT
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame E851 77 KB
44 KB 144ms
78ms Document
text/html 142.250.184.196
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfR5HsUAAAAADHSuv-xx6LhCLKZaZpJiVsYh6br&co=aHR0cHM6Ly93d3cua2VsYWN5YmVyLmNvbTo0NDM.&hl=fi&v=naPR4A6FAh-yZLuCX253WaZq&size=invisible&anchor-ms=20000&execute-ms=15000&cb=a80tdlw8i8x1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/recaptcha__fi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

ESF /

Resource Hash

9daaf4c8a85e0c90971193a0fe3d423d67ee07286d41d5c6352159b7740a8044

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Otpi6iDSdfGruS7pBJM7Hg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kelacyber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Otpi6iDSdfGruS7pBJM7Hg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Sun, 09 Nov 2025 22:42:07 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
tr.lfeeder.com/ 43 B
318 B 141ms
110ms Image
image/gif 13.226.244.26
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://tr.lfeeder.com/?sid=p1e024BlOJQ8GB6d&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6WyJHLTJWWVowTkowVEwiXSwiZ2FDbGllbnRJZHMiOlsiNDk4NTcxNzI1LjE3NjI3MjgxMjYiXSwiY29udGV4dCI6eyJsaWJyYXJ5Ijp7Im5hbWUiOiJsZnRyYWNrZXIiLCJ2ZXJzaW9uIjoiMi43MC4wIn0sInBhZ2VVcmwiOiJodHRwczovL3d3dy5rZWxhY3liZXIuY29tL2Jsb2cvcmFuc29td2FyZS10aHJlYXQtYWN0b3ItcHJvZmlsZS1xaWxpbi8iLCJwYWdlVGl0bGUiOiJSYW5zb213YXJlIFRocmVhdCBBY3RvciBQcm9maWxlOiBRaWxpbiB8IEtFTEEgQ3liZXIiLCJyZWZlcnJlciI6IiJ9LCJldmVudCI6InRyYWNraW5nLWV2ZW50IiwiY2xpZW50RXZlbnRJZCI6ImM5YjNmZmM2OWQ5NjMxNzUiLCJzY3JpcHRJZCI6InAxZTAyNEJsT0pROEdCNmQiLCJjb29raWVzRW5hYmxlZCI6dHJ1ZSwiY29uc2VudExldmVsIjoibm9uZSIsImFub255bWl6ZUlwIjpmYWxzZSwibGZDbGllbnRJZCI6IkxGMS4xLjZmM2UzOTczNTVhNTg0MDcuMTc2MjcyODEyNzI1NyIsImZvcmVpZ25Db29raWVzIjpbXSwicHJvcGVydGllcyI6e30sImF1dG9UcmFja2luZ0VuYWJsZWQiOnRydWUsImF1dG9UcmFja2luZ01vZGUiOiJzcGEifQ==
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.244.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-244-26.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

cross-origin-resource-policy: cross-origin
via: 1.1 6942d46e6bed08f4180d0ef0e1b81710.cloudfront.net (CloudFront)
x-cache: LambdaGeneratedResponse from cloudfront
content-length: 43
x-amz-cf-id: 7cQaUJ-A839CSpB5iLKS0eMYxqMRNfnM68ks5MTTKdQm8TUFsjVvbQ==
date: Sun, 09 Nov 2025 22:42:07 GMT
content-type: image/gif
x-amz-cf-pop: FRA56-P14
server: CloudFront
vary: Origin

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 161ms
161ms Preflight
application/octet-stream 2606:4700:4407::6812:28f0
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4407::6812:28f0 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.kelacyber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.kelacyber.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 99c0d24c3bf28d8a-HEL
content-length: 0
content-type: application/octet-stream
date: Sun, 09 Nov 2025 22:42:07 GMT
server: cloudflare
timing-allow-origin: *
vary: origin

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
663 B 70ms
69ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,700;1,400&display=swap

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8726485/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

34c2a8516b67722cd2aeecd3b104d68ae8fbcbe0a69ddadd8d0ca7fd2c6a8b2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 09 Nov 2025 22:42:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 09 Nov 2025 22:42:07 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Sun, 09 Nov 2025 22:36:59 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 182ms
181ms Fetch 2606:4700:4407::6812:28f0
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8726485/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4407::6812:28f0 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.kelacyber.com/

Response headers

x-request-id: e29c373c-666b-4c94-bc2b-facfa6bf37d0
access-control-max-age: 604800
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_http
date: Sun, 09 Nov 2025 22:42:07 GMT
x-hubspot-correlation-id: e29c373c-666b-4c94-bc2b-facfa6bf37d0
vary: origin
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-d95f65568-gq4cn
timing-allow-origin: *
x-envoy-upstream-service-time: 22
access-control-allow-credentials: true
cf-ray: 99c0d24d3cba8d8a-HEL
access-control-allow-origin: https://www.kelacyber.com
x-evy-trace-route-configuration: listener_http/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/ Frame E851 81 KB
42 KB 193ms
63ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfR5HsUAAAAADHSuv-xx6LhCLKZaZpJiVsYh6br&co=aHR0cHM6Ly93d3cua2VsYWN5YmVyLmNvbTo0NDM.&hl=fi&v=naPR4A6FAh-yZLuCX253WaZq&size=invisible&anchor-ms=20000&execute-ms=15000&cb=a80tdlw8i8x1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ed7b552641c3004138810ee9d628ecdb90fb8b3c561eddf52da41aaea323c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.google.com/

Response headers

content-encoding: gzip
age: 4053
report-to: {"group":"recaptcha-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha-scs"}]}
x-content-type-options: nosniff
expires: Mon, 09 Nov 2026 21:34:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 09 Nov 2025 21:34:34 GMT
last-modified: Mon, 03 Nov 2025 01:02:43 GMT
content-type: text/css
vary: Accept-Encoding
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha-scs"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha-scs
accept-ranges: bytes
content-length: 42506
x-xss-protection: 0
server: sffe

GET
H2 200 recaptcha__fi.js Show response
www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/ Frame E851 814 KB
347 KB 277ms
147ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/recaptcha__fi.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f29cbf179571d29fdad53e7d0594f1e0331c15bba61a5ab4b5e073bbea74da03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.google.com/

Response headers

content-encoding: gzip
age: 318140
report-to: {"group":"recaptcha-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha-scs"}]}
x-content-type-options: nosniff
expires: Fri, 06 Nov 2026 06:19:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 06 Nov 2025 06:19:47 GMT
last-modified: Mon, 03 Nov 2025 01:02:43 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha-scs"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha-scs
accept-ranges: bytes
access-control-allow-origin: *
content-length: 355370
x-xss-protection: 0
server: sffe

GET
H3 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v24/ 8 KB
0 0ms
0ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer: https://fonts.googleapis.com/

Response headers

age: 484326
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 04 Nov 2026 08:09:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 04 Nov 2025 08:09:59 GMT
last-modified: Mon, 15 Sep 2025 16:35:07 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7816
x-xss-protection: 0
server: sffe

GET
H3 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v24/ 8 KB
0 0ms
0ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.kelacyber.com
Referer: https://fonts.googleapis.com/

Response headers

age: 485506
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 04 Nov 2026 07:50:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 04 Nov 2025 07:50:19 GMT
last-modified: Mon, 15 Sep 2025 16:34:42 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7884
x-xss-protection: 0
server: sffe

POST
H2 204 /
px.ads.linkedin.com/wa/ 0
0 180ms
179ms Fetch 2620:1ec:50::12
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://px.ads.linkedin.com/wa/?medium=fetch&fmt=g
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:50::12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.kelacyber.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 148AE86898D24851AFA02A17F5693E5A Ref B: STOEDGE1611 Ref C: 2025-11-09T22:42:07Z
x-li-fabric: prod-ltx1
access-control-allow-credentials: true
x-li-uuid: AAZDMR/nZ0nPgX8OaJ5hdg==
x-li-proto: http/2
access-control-allow-origin: https://www.kelacyber.com
x-cache: CONFIG_NOCACHE
alt-svc: h3=":443"; ma=86400
date: Sun, 09 Nov 2025 22:42:07 GMT
vary: Origin

GET webworker.js
www.google.com/recaptcha/api2/ Frame E851 0
0

GET
H2 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame E851 2 KB
2 KB 62ms
62ms Image
image/png 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/styles__ltr.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/styles__ltr.css

Response headers

age: 485532
report-to: {"group":"recaptcha-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha-scs"}]}
x-content-type-options: nosniff
expires: Tue, 11 Nov 2025 07:49:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 04 Nov 2025 07:49:56 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
cache-control: public, max-age=604800
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha-scs"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha-scs
accept-ranges: bytes
content-length: 2228
x-xss-protection: 0
server: sffe

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E851 15 KB
15 KB 128ms
62ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.google.com
Referer: https://www.google.com/

Response headers

age: 485664
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 04 Nov 2026 07:47:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 04 Nov 2025 07:47:44 GMT
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15344
x-xss-protection: 0
server: sffe

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E851 15 KB
15 KB 123ms
58ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Origin: https://www.google.com
Referer: https://www.google.com/

Response headers

age: 484514
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 04 Nov 2026 08:06:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 04 Nov 2025 08:06:54 GMT
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15552
x-xss-protection: 0
server: sffe

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
361 B 164ms
162ms Image
image/gif 2606:4700::6811:5cbb
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=fi-fi&bfp=1610697633&v=1.1&a=8726485&ct=standard-page&rcu=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&pu=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&t=Ransomware+Threat+Actor+Profile%3A+Qilin+%7C+KELA+Cyber&cts=1762728128185&rv=1&vi=2f6cf1b07def37a9cbb5b9a4e7592ea9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5cbb -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: none
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oW69UqDMPIc%2BWCHDHdd%2F87zNnwfBif8SydOjIqya4r9vY%2B0%2BwLQArsKTe%2BnAFrFQdSOFmTqZD3cNtmLqEK3avJrvK1pE8iH0uuRd2IG%2Fhjr0bauPaqz1NHWfdWCxtHExtK4mgc6Fi%2BkW672mQbkt"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sun, 09 Nov 2025 22:42:08 GMT
x-hubspot-correlation-id: 21aab548-f21b-4f10-821c-f60ee7519759
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 99c0d2514ae25571-ARN
content-length: 45
server: cloudflare

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
361 B 185ms
184ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: none
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:08 GMT
x-hubspot-correlation-id: f1352097-1d1d-4f12-8140-8e5331a7fa56
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Sun, 09 Nov 2025 22:42:08 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 99c0d2514817fdb9-HEL
accept-ranges: bytes
content-length: 35
server: cloudflare

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
387 B 165ms
164ms Image
image/gif 2606:4700::6811:5cbb
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%220912a65f-f283-4c95-98f3-9637e7f76678%22%2C%2237414c35-1543-4c4b-8f9d-83c98514bd49%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=fi-fi&bfp=1610697633&v=1.1&a=8726485&ct=standard-page&rcu=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&pu=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&t=Ransomware+Threat+Actor+Profile%3A+Qilin+%7C+KELA+Cyber&cts=1762728128186&rv=1&vi=2f6cf1b07def37a9cbb5b9a4e7592ea9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5cbb -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: none
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ccHYyR7IJ%2FTdN%2BLziEzAxCDlneLBOaIZLHBqVHREc0%2Bhjn3kD57Kwkjytc9t6aB%2Fk1sxR5%2Bbmcwpz5mJw6t1RmlGRs3xeg%2Bkoa%2FfSQUyFjm2B2BaEuhrl7PM%2FNYwT6xTsrSxeWBiuFI%2BOzuhRKde"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sun, 09 Nov 2025 22:42:08 GMT
x-hubspot-correlation-id: 8dea075e-0d7b-4a67-9e14-a219bd76e3d9
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 99c0d2514add5571-ARN
content-length: 45
server: cloudflare

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
465 B 161ms
160ms Image
image/gif 2606:4700::6811:5cbb
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%2214aa3af0-a02c-4e40-97c0-0f066156f4fd%22%2C%22a2b1e061-fe87-4ef0-9f8f-e71948038ec1%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=fi-fi&bfp=1610697633&v=1.1&a=8726485&ct=standard-page&rcu=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&pu=https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F&t=Ransomware+Threat+Actor+Profile%3A+Qilin+%7C+KELA+Cyber&cts=1762728128187&rv=1&vi=2f6cf1b07def37a9cbb5b9a4e7592ea9&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5cbb -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

x-robots-tag: none
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p5%2BCkOZaukwE0WDZohO27br6ILsG91lWnYgWE9CBjigCky0E%2B7vUCZYqqmrDD1Tu%2BH%2FcYzhXEJUEZ1SUVEUg%2FG%2FlsqBMcjYXSfC4XUcax8SggPIkUmB79KZsCR3Q1uEI7IBSAByKvSIjQ2nB5yz4"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Sun, 09 Nov 2025 22:42:08 GMT
x-hubspot-correlation-id: ebd0f324-0849-4635-a92b-256a0528103d
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 99c0d2514ae05571-ARN
content-length: 45
server: cloudflare

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 94ms
53ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.kelacyber.com
URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d068ef00c6c828cb59cc6c9957691c1e8f32d76d2085a5f80a9a312c2956d2f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-version-id: Hi3q.JzwkuqPXL93c5_Wt6gLmEdbKycK
etag: W/"7341d29d35a92e01a30e0cc83f0f5b13"
age: 78451
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 6GX7kgDJ5OieBD5F7GAHaY-Zy6bPab2Q9ubRpbRFCMEhCFo8gksCXw==
date: Sun, 09 Nov 2025 22:42:08 GMT
content-type: application/javascript
last-modified: Fri, 26 Sep 2025 09:03:53 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
via: 1.1 8c2efbc0ac00e45c1124ca7bacedb34e.cloudfront.net (CloudFront)
cf-ray: 99c0d2518d17dc20-HEL
x-amz-cf-pop: HEL51-P5
server: cloudflare

GET
H3 200 a
www.googletagmanager.com/ 0
11 B 67ms
66ms Image
text/html 142.250.185.72
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.googletagmanager.com/a?v=3&t=l&pid=1020259300&rv=5b50&tag_exp=101509157~103116026~103200004~103233427~104527907~104528500~104684208~104684211~104948813~115480710~115583767~115673441~115938465~115938469~116217636~116217638&u=AAAAAAAIAAAAACA&ut=AgAAgQ&h=Ag&gtm=45be5b50v9178116369za200zb853881816zd853881816&cl=3.21.0&ccid=178116369&cid=AW-11031147722&l=L482.S17.B13.E2418.I851.TC11.HTC0~gtm.init_consent.S0.V0.E13~gtm.init.S0.V0.E13.TS5ogtcrossdomain.TI8.TE0.TS5ogtadsdatatos.TI17.TE0.TS5ogt1pdatav2.TI10.TE0.TS5ccdadsfirst.TI18.TE0.TS5ccdemform.TI16.TE0.TS5ccdempageview.TI15.TE0.TS5ccdadsconvmarking.TI14.TE0.TS5ccdadd1pdata.TI13.TE0.TS5ccdadslast.TI11.TE0.TS5ccdadd1pdata.TI12.TE9~gtm.js.S0.V0.E9.TS5rep.TI6.TE0~gtm.dom.S0.V0.E0~gtm.load.S0.V0.E0~SS147.29999923706055

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sun, 09 Nov 2025 22:42:08 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 cropped-kela-favicon-32x32.png
www.kelacyber.com/wp-content/uploads/2021/08/ 542 B
1 KB 74ms
73ms Other
image/png 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://www.kelacyber.com/wp-content/uploads/2021/08/cropped-kela-favicon-32x32.png

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.134.42 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

137ff820b2090c9b03e47e09dc18b3ddc4b3b4ec1f0c4718379d1da233043ae4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

cf-cache-status: HIT
etag: "61bc64ab-21e"
age: 1921294
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cs%2Bck23d7eH%2BxWbR2YRFpCtDo3IQ3CjsWjSqddUiiOzYxuiA5EWEbKt%2Btes8HzgzdXKqa781D%2BtdqrNcWz9kXZkavH2PlNwqYWsMigLTKRqaIVJxN7RxdDBb2Bi0KeXosf5S"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:08 GMT
content-type: image/png
last-modified: Fri, 17 Dec 2021 10:21:31 GMT
vary: Accept-Encoding
ki-origin: g1p
ki-cf-cache-status: HIT
ki-cache-tag: 15f687d7-0d26-4789-8685-9dbca736b543,c370879dd13ec25869ae74e3e431af82f4fe9ba208feb1845c9aedf85fb588b9
priority: u=1,i
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-edge-location-klb: 1
cf-ray: 99c0d2514e5598f6-ARN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 542
ki-cache-type: CDN
server: cloudflare
ki-edge: v=23.0.1;mv=5.0.17

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 385 B
715 B 215ms
215ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1bd6ad884ac0b2f912f2919f4d7dc46fb827a8488fecd5614551bba2bba34d36

Request headers

Authorization: Bearer 7531b3d5351693465039
Referer: https://www.kelacyber.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: application/json
visited_url: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"181-NSjjU2vyxgUaBXk5crvkZuu7Iek"
apigw-requestid: TzDOKiSoPHcESaw=
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: vsWNFodayYtnaGSJ_Pa3sfNyFBhu79R_XvcqahHuA0FnfCtr2KX0Rw==
date: Sun, 09 Nov 2025 22:42:08 GMT
content-type: application/json; charset=utf-8
vary: Origin
priority: u=1,i
server-timing: cfExtPri
access-control-allow-credentials: true
via: 1.1 448fcc252e476a639e1c3f425638c58a.cloudfront.net (CloudFront)
cf-ray: 99c0d2537c476cca-HEL
access-control-allow-origin: https://www.kelacyber.com
x-amz-cf-pop: HEL51-P5
x-powered-by: Express
server: cloudflare

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 243ms
210ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.kelacyber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://www.kelacyber.com
alt-svc: h3=":443"; ma=86400
apigw-requestid: TzDOIi7DPHcESDg=
cf-cache-status: DYNAMIC
cf-ray: 99c0d2522b4f6cca-HEL
date: Sun, 09 Nov 2025 22:42:08 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
vary: Origin
via: 1.1 c0d784c8cb0829410b26bfbb6dee995a.cloudfront.net (CloudFront)
x-amz-cf-id: DSe1fYIVe7fKBYDWKZCAjAeyW3stqnG1nBkZczKlUDK5Y04HXCO50w==
x-amz-cf-pop: HEL51-P5
x-cache: Miss from cloudfront
x-powered-by: Express

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame E851 37 KB
21 KB 143ms
140ms XHR
application/json 142.250.184.196
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LfR5HsUAAAAADHSuv-xx6LhCLKZaZpJiVsYh6br

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/recaptcha__fi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

ESF /

Resource Hash

3f770b2353eaeb123922188175a617470f9dbb209c57b0ccccd93253a8d73847

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: application/x-protobuffer
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfR5HsUAAAAADHSuv-xx6LhCLKZaZpJiVsYh6br&co=aHR0cHM6Ly93d3cua2VsYWN5YmVyLmNvbTo0NDM.&hl=fi&v=naPR4A6FAh-yZLuCX253WaZq&size=invisible&anchor-ms=20000&execute-ms=15000&cb=a80tdlw8i8x1

Response headers

cache-control: private
content-encoding: gzip
cross-origin-resource-policy: same-site
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Sun, 09 Nov 2025 22:42:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Sun, 09 Nov 2025 22:42:08 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server: ESF
x-frame-options: SAMEORIGIN

POST
H3 200 clr
www.google.com/recaptcha/api2/ 0
0 133ms
67ms Fetch
application/binary 142.250.184.196
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/clr?k=6LfR5HsUAAAAADHSuv-xx6LhCLKZaZpJiVsYh6br

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/naPR4A6FAh-yZLuCX253WaZq/recaptcha__fi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer: https://www.kelacyber.com/

Response headers

cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
content-length: 0
date: Sun, 09 Nov 2025 22:42:08 GMT
x-xss-protection: 0
content-type: application/binary
server: ESF
x-frame-options: SAMEORIGIN

GET
H3 200 / Show response
ws.zoominfo.com/pixel/6613be34b1dcf0440a8ce10f/ 3 KB
2 KB 245ms
212ms Fetch
text/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/pixel/6613be34b1dcf0440a8ce10f/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

951ee08d30b33d328718f298130413f663df188c1035695f8b619b4307966f5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_zitok: 34a5a53025a1ac12e5631762728128
_vtok: MTg1LjIwNC4xLjE4Ng==
visited-url: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
Referer: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sun, 09 Nov 2025 22:42:09 GMT
content-type: text/javascript
vary: Accept-Encoding
priority: u=1,i
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url,evi,event-id,session-id
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 99c0d2568e1232d9-HEL
access-control-allow-origin: https://www.kelacyber.com
x-powered-by: Express
server: cloudflare

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/6613be34b1dcf0440a8ce10f/ Frame 0
0 238ms
193ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/pixel/6613be34b1dcf0440a8ce10f/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.kelacyber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url,evi,event-id,session-id
access-control-allow-origin: https://www.kelacyber.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 99c0d2551bfc97a1-HEL
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 09 Nov 2025 22:42:08 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
BLOB 200
OK 353997fd-a6a5-45ce-b52d-06b58ce8d1e5 Show response
https://www.kelacyber.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Download Go to

Full URL: blob:https://www.kelacyber.com/353997fd-a6a5-45ce-b52d-06b58ce8d1e5
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 951ee08d30b33d328718f298130413f663df188c1035695f8b619b4307966f5e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/javascript
Content-Length: 3457

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.entail-insights.com
URL: https://cdn.entail-insights.com/js/insights.js

Domain: www.google.com
URL: https://www.google.com/recaptcha/api2/webworker.js?hl=fi&v=naPR4A6FAh-yZLuCX253WaZq

Verdicts & Comments Add Verdict or Comment

190 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-21 13:58:00	Name: _GRECAPTCHA Value: 09ADiQh0dJWbAVf_gw8JvWEaIfBxP1L3JNQHUaQUOsPAuXd0kQ-9x48FH_mSGqtLi5YP0YkwnnTCzX86Xu3qrtpZ4
.www.kelacyber.com/	1970-01-21 09:38:49	Name: __cf_bm Value: rH8aBfLdWeuyJhTKxZBIl06lqX4fa5Iyz2q03WsurHw-1762728124-1.0.1.1-bvl4WdEc14SgJqewlIoUklgsP3ULSWx68T.U5C0ApnM5L2_LFZ78fzZV1FhtVWNXKCv9xJhz.7vCRehipEEUEKWbBcDm3v3pj24o_PGlcn0
www.kelacyber.com/	1970-01-21 09:38:49	Name: gp_easy_passthrough_session Value: 8f3f83b1d0aab5a0f019bc4d6c74443d\|\|1762721239\|\|1762720879
.kelacyber.com/	1970-01-21 18:24:24	Name: en_ins Value: %7B%22en_did%22%3A%22126e96de-0cda-4f31-a954-64c1fda7f279%22%2C%22en_sid%22%3A%220d913997-f232-47c9-80d8-dc953da8990b%22%2C%22en_lp%22%3A%22https%3A%2F%2Fwww.kelacyber.com%2Fblog%2Fransomware-threat-actor-profile-qilin%2F%22%2C%22en_new_user%22%3Atrue%2C%22en_control_group%22%3Afalse%7D
.kelacyber.com/	1970-01-21 11:48:24	Name: _gcl_au Value: 1.1.800314854.1762728126
.apollo.io/	1970-01-21 09:38:49	Name: __cf_bm Value: 3ZkEBTFqk98MVZ_r0QepiJQd3P4d6gFRN8KSoTksqqk-1762728125-1.0.1.1-ENHrKe2Q4glWeLTQJ60420IGozt2llp6RNEmQmweVQs7sElHoOQGwbGoeZiI0IO5kxoC5EumQjM96ixMf28yOvoAoI24zHWjJFKqFaTqjcg
.hubspot.com/	1970-01-21 09:38:49	Name: __cf_bm Value: 4WkBdZanBaNy.OXNiqnP3jNGY1fh1uaqMX3qe2S0Qj0-1762728125-1.0.1.1-bd__3OggxVgFYPQbQtu1u5smNYTJv_ii1GNRXUEY08KA6wBXcIn2sCmDMEs9HbgDWGBgHnyR2wdZg4WhdFVdkDrI29pAfcycH_HyKcweApM
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: fy_8XemvNf_tdAdxaUBShcOHUtDfAnYyC8PnxJRXMYw-1762728125797-0.0.1.1-604800000
.kelacyber.com/	1970-01-21 19:14:48	Name: _ga Value: GA1.1.498571725.1762728126
.region1.google-analytics.com/	1970-01-21 11:48:24	Name: ar_debug Value: 1
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 12zg3PNGTZ46f2rZ8bRDcDOPeCmTFJ7kyY9jTibLaDg-1762728126068-0.0.1.1-604800000
.kelacyber.com/	1970-01-21 18:24:24	Name: _lfa Value: LF1.1.6f3e397355a58407.1762728127257
.linkedin.com/	1970-01-21 18:24:24	Name: bcookie Value: "v=2&6f5f3c1f-3590-4403-8e9e-232929d9c598"
.linkedin.com/	1970-01-21 13:58:00	Name: li_gc Value: MTswOzE3NjI3MjgxMjc7MjswMjGec3VSVQSjmw1p6vfiEq3MRXfaEjH+qkxvmsYqLdANNQ==
.linkedin.com/	1970-01-21 09:40:14	Name: lidc Value: "b=TGST05:s=T:r=T:a=T:p=T:g=3409:u=1:x=1:i=1762728127:t=1762814527:v=2:sig=AQFr_KfLHrBJFX1TQYXm2wQ3hD-uVz6_"
.www.kelacyber.com/	1970-01-21 18:24:24	Name: _zitok Value: 34a5a53025a1ac12e5631762728128
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 8HC0Wecbpvu..iwQ0TEo3a4QbkzM2dbJIpHrWIRyHbU-1762728129218-0.0.1.1-604800000

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://www.kelacyber.com/blog/ransomware-threat-actor-profile-qilin/ Message: Attestation check for Attribution Reporting on https://region1.google-analytics.com failed.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acsbapp.com
aplo-evnt.com
apps.entail.ai
assets.apollo.io
cdn.acsbapp.com
cdn.entail-insights.com
cdn.entail.ai
cdnjs.cloudflare.com
cta-service-cms2.hubspot.com
entail-assets.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hscta.net
js.hubspot.com
js.zi-scripts.com
perf-na1.hsforms.com
perf.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
sc.lfeeder.com
secure.leadforensics.com
snap.licdn.com
static.addtoany.com
stats.g.doubleclick.net
t.entail-insights.com
tr.lfeeder.com
track.hubspot.com
widgets.entail.ai
ws.zoominfo.com
www.google.com
www.google.fi
www.googletagmanager.com
www.gstatic.com
www.kelacyber.com
cdn.entail-insights.com
www.google.com
104.16.118.43
104.17.25.14
104.19.175.188
13.226.244.26
142.250.184.196
142.250.184.227
142.250.185.72
150.171.22.14
162.159.134.42
172.64.150.44
172.66.171.172
188.114.96.3
188.114.97.3
2001:41a8:47:302::1737:303b
2001:4860:4802:34::36
2600:9000:2104:e000:a:45eb:ebc0:93a1
2600:9000:28eb:d600:4:d7e1:700:93a1
2606:4700:10::ac42:857c
2606:4700:10::ac42:90c4
2606:4700:20::681a:a8f
2606:4700:20::ac43:45af
2606:4700:4407::6812:28f0
2606:4700::6810:6efe
2606:4700::6810:8bd1
2606:4700::6811:27cf
2606:4700::6811:5cbb
2606:4700::6811:afc9
2606:4700::6811:df98
2620:1ec:50::12
2a00:1450:4001:80b::200a
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2003
2a00:1450:4001:828::2008
2a00:1450:400c:c04::9c
4.158.108.63
0444b05e79e1f0443803d1f676fc9868ff1263cfb918ef42f858c71b23d689f3
04aa3fe56d508d1d8c04fbcafbd4a65c05d1364f60437039ccca369ac8469f72
05c279f3e26e7e8040d0b592ab6188c3a8cd425cd814d0e01a222592a419e200
0724ab5ea0ed874b325369cf480adab1214d83a85a66bfd845155dd991779e72
080320f8d75d38988a4fd2136e53b15333269ca5ccece33e94f0f9310e961a00
08999d617f45a16b8cf6f9fa4026e8c201f563e6928efd7ca1f18085554541e4
09c4148f6788bcc3878f6c3a3f5a4d26e753a3b3d7addd0cd16b4e268b1f994c
0b023bc20a7ff09c10900d90b7f44107934f4131353a77a938f9ef46460dfbc2
0bb7817cc0cbc70cda7d23e36394b9894fb3d58340e938da9f2958a2f69c4d91
0c47bf8042caf1abdf4fce2c1d4f10dae4754f1585f56965f58df2a332d1aabb
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0ccabfc702b69e93fbda26d1e5b3d93b58bb67a400f6e3159c2789935acd39a6
0cd9a63f5f05409ba10c0cc117e7ef4638529ddc1df296fdf5b9ed90df6037e2
0cdc0ae3733377992e0c0e8a7f9e040aafd21ecd2210e58720bbb30d0be5a01e
10fc2b9136101082cb52c8b2b31b4108369b3193fde400e98568d7981d2607a9
137ff820b2090c9b03e47e09dc18b3ddc4b3b4ec1f0c4718379d1da233043ae4
1488d4088b707ecb5ce2380385f509a8ce517b744134e4bcb16109f4edc4b4ae
17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1bd6ad884ac0b2f912f2919f4d7dc46fb827a8488fecd5614551bba2bba34d36
1df37e65c771c0df5eb508b21ebe03a3a6b84d622dc6e81eae8199aa1310aea5
1eb677ff632aae24e700d06662bdc24c74587fe63d27f506666a1d6922ad64f9
2039d204f18247df88a0f132f35fe67f9e52ee7268515ead1647c611f737ba07
22a79f1fbcc70373c7021bae2164d9232d1e9dd3c6a163df9f9f54070e5f6b50
22e0c7d5994a796736372e1f2b5dee5aa4debf4a978565c4c13b3c79d066859e
2359bbbad5602be3d9f74f0b16856c9e75fc9e717f8bd84acd131bbb94b2a6c4
25a0f7fb38f2ed370ed24db5300b1d77f03252e63fcffdee87c6c7e40bfb8366
25acc7dfc7fcb784ac05b4af734933b3eadbf408bf95796e669332b3bb8bab51
264f41ec5b5069e18d18fe43975a23bf992852ebd95b1dcfe8188a219ca8bbbb
26a562d5101459c8569b45e31933d3e896cbbb54c5829ae2f14c0fc32a0ba290
274d4116239b63097bb7c16e56e27cbb5a77be20392fb8e2317c0a0235185cad
290b9b630f7dc870dfc3c139ea090b68105f971d870a4774a1eeab5cfe31b7a7
292d24e79b1e264ced629c35d3b59a7a83093f972cdd0eac61e7b32189964772
29fdd17a7002a2e1bbd9b33adafc53457c64006b5aca8f6e4dbf907de35433ca
2a1bc48dfe3eac4adc14df3d54053dc2148cd0225523f289b24b3782d4383006
2ada301d803d8f4b2ba210c9c57091378255ed54b96e4236a9e2ce587a2a4035
2b2c78ba43c080597c16546bb8b1fa97f1adde5f31c2f847314ad1fc452cb5e0
2d7531061706e713bc04537c9833a87ffb1096d4110fd528d87044ac62d675d9
2f952e19145e563a2179a622d3cf5ca53a93476c8ce1f41ffaa097232cd13652
31df1e69ea3aece8a8bae5c08bcb7f5e977cb76f886897b301355359b66a48ec
33ab80a6fd1ef7d02a96f7c1996811c44806db035efed7b36a8c8a8ff97167c2
34c2a8516b67722cd2aeecd3b104d68ae8fbcbe0a69ddadd8d0ca7fd2c6a8b2e
373f965f1df9c42ec7d5da886bc991403fae630bbedaa957713d49865b6314ae
39afaf3b9388f2eb6c8ca91cd0c762d991128689d061f7dfe658f79f4ca058a0
3a6bb39ffa135f9a7a9d4647d12d1c2a4be49685545e104dbeabad4cbfa3fd14
3adee07e833cffa77d2b8d1ff622f33d36f2aef189a35e1cc7e985a80046f374
3cdd9f4f30512bcd8f9ae342aed075986377a7f29789e75ce718291642731cb6
3d068ef00c6c828cb59cc6c9957691c1e8f32d76d2085a5f80a9a312c2956d2f
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e9b946627b24b2f8adddbe7cb098c0725bd20bcaf390f3ead267efc0b8636b8
3ed013bcc692323f2df072715c015d550425a1bb0b69447c5d994584e96007e5
3f770b2353eaeb123922188175a617470f9dbb209c57b0ccccd93253a8d73847
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
40671a428065f8aca3dc88c58a95c7ae185b4004cacb06e07e375837247b6410
407ebd07ddc620a40bd1512d326b4530f1e0a731e330d30af0e317ec85c5566c
41d368dc0e0534b1b53d164b44baf3b148f2a29b63bca0780c1dbbaecee64422
432807330486fcd0e6cf264f69b8ac4beb05bfaa35c961e63aabbf04fd6c4f9c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45071dea7d625b8b9f958a11a47b98032b1b8f1732de73e2d94d6854a159b300
4733efe9ed68c810e16702503d5e8c7e977e46db8b95fe51fdb70ec0ee55ec36
47ba98f2cc73558d6c356850b152234814d660f2f85c30875de8add5b95e4847
483784ecdf80ccaffd50869e23e2efdbeed9343b1b4c7dae837667e4984a68a7
4937c7883dfea438ed4dff4faaf3148604d8853b14ca860b8ce788cd8b8c341f
4b9257e3e9c959214ddfab833a69a021ae6557403efe76afcbee259621175274
50246964cad138de88656e76c147e14a9d59246dd876604e757d34a6496f7c84
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
51d3f342c01379a964d1c1c6b48c5d0389ec82fdeb9856d96cb9bd483b869547
5258e52b9822697abe7eb781ecc3b4fea7358495f2434c62f4bfc9040443f187
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
52e8ee82bad6e5e14200ddc469d45686b9d54215440b46631813fc1f544de560
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
54a2bddadbedd2518cc2b1b523defd088477fc3cf65213d4fb6103fa05f129cc
54f7e618eb7655df07f08feb342d6b5374b916ca6f96253f51ddcdf6df423405
5717ca23d709412273363eeec758a20b45b769f719d865119f3b753579fb6a9b
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
58f1c38e2afab36d04ba3cc6ad84ba4891dfcb9a5019baf368644fa1c90521cf
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5aff7bac4456f5be5abe4c5c2871b1c7df93d56efd3e2ec3d6b56e52b457cfb0
5cbca25b22dd758afc2963e748dfbe3512840a136c27d7fd0d9f267c79852698
620dfc24dfbd582d72474d1fc8a4055287014d7003a4577420f3e11d9f38205e
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
62d31b80093b283ce4700be9da036181e1dea5cc2c1a5485ae727c13769cf224
6512c6a0fe75328b212c6f75d71e5dc948179b32c174d99c3576e609edab9a21
659c2e36626a0b1d16727e4f275077c38a823d992129a249f0a40eb471b35dd1
679ddca538c5568e1cb19a913fa47bca5f18374a921511cf6782932e6e116279
67b75e6c1bf3b352b171270979c7a0e79d5123ecf834f9fd89805ed72e86cb4c
683194a1ccdbff2ccb1d049dbead875f871f0916266d3cb01e92023303aba203
69647743ee6e1175af203cb2a8ffa5da64e833be8c08875be48efec4ca4ae0aa
6989d448c7c1b89cc62297314a67bb53026cabe88b7de6a049a362b548e713fa
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b2450966658002b3f94d37ca29779294c3e720a6e96160152e71b6e781ed7f9
6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9
6eaca4d56abe591240bd20f89a5fd81f4259469383f1614b994f86a1315e425f
732a7e4bf2481986cfa3a74b2dbcbdbd5da962c883499cab4c6a197a4b5d30f8
73881513a7e7f8944a311bea8e80e9fad946e256ae74d62b5c8d469dc6df0186
744aefd1b5a8aa0c50a3c2033fe9f9bb35f2299a495ca15b9de8e1a2f6c1857f
78e38a4b5ee64d74496cbd69188e9bf3caf661aec750a7df90d2d9647ebca57c
7a02bcccfdbdf124560415fa8746ba515cf66b0bd08c827e4af8d6f616c9eb9b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7e7f94f8534d3fa8918b352d3c8596ab48f626663180acd8a4631b3484b82f3c
809d0b274002b811f4d1d91b0dca3e214b6c3734c1dc33bfe2d60ace55207bc5
81fb4215f0d84d578430e2c2546fe23cefe2d3ffff34d92704b653edbbda0783
8276d99808a3a111dcb2dc61c895388c21341d48be9c3f87d905787a49c2b832
838ede31a58a3cdb411d6dd7f13cbe65d4a26193d9fa31882854e63938f12bac
841075da59ddfbd17e1ae9323a886cdcd24bbf009b7ceea2682eb1a9eac82a95
8507b2353699e4e5dbf0ec36ce7aff3e1e0ae500236171164b0cf752dd9d420c
87c5ef8d6c82252a48593be31ce9ef1cea188983674b37360d06fa5990ac0dbe
88c94cf1499b838cb6359d937957bd7d4acea76fb8101d209a6c4ed01f4617d0
8b6ce39c9db492e3ef1603f2f2084b45ff79e43592b0f96ddc0b8053861a8934
8eee91c71dacc4f823fac7d9569d03b7ee54e8a0aa39aa481b0a906c92cecdb2
916cc3b7b2f532c3a682d6a9291e34c29c4b459048079ccc68f5527c0eb22352
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
946306c40fb169b1012804b64c2494dd96380682e7aba5e5fe120d7a427e13c4
951ee08d30b33d328718f298130413f663df188c1035695f8b619b4307966f5e
971091a239f27e9b38cd97a448914fa797c780de7c34e4cd16f54020baa26d4a
9a1e0d38b691f1d22a92cff65ec0439b428170ac39a4493c7ecb06d5585f56a3
9c47407bed7cf8b7779e3bb04e25e01cf8029fe8d982f5e65b64eaa35aaf85d9
9c8a43a64c4ba1b24f643915cd91f4e3749c2416cd361b7f7e122ca994a93c68
9d8bed0e997676cf5cf9afc8545cd04c18898037aa31c9af8d647b9eddfa5567
9daaf4c8a85e0c90971193a0fe3d423d67ee07286d41d5c6352159b7740a8044
9ed7b552641c3004138810ee9d628ecdb90fb8b3c561eddf52da41aaea323c37
9f8c81a2d23c1f25cfabe084df70d31cc72ae15fe015494289d045e4fa56c34e
a0582dbec830ff9f337d77cf29b231ed2ab8c018b729b4c4340f4558df4f79ca
a1a0bc084cc3b590aca78b6eb1e64d30174b8f6135322fa50b10dc6d40b13c6e
a279203264c26448eb5eeb903dba2ac3655110c918910abd6ee1a95ec7a99b1a
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
a3a04d7bf3d6b75ed03b1882e75414faa3fca8fde79ee82937a62360e0bf6f34
a4484dbddc576cd98734a66234a5ca3882bc69db92e09b27ed3762158e3eae29
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a5de12aec1063e6051f239af50cd7bbd3ffcfde977d650583d719a7c84dfed06
a7aaa6abb18bf95156c0b73613400d3fb95c724189f61c86fdd74710b9eff3e0
aba0aab39ddbef5ba2f080ee7d8a383b3b30829de7dad191e906e402d268fb39
afb8375c05a4d7d71b10ae2bafed642b733f9bf8e340a55c72270f149749e0da
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b358baee10b49cffae38eb2408e41df657d60eabf48d907af02e97de79d06d0b
b40fca3206236793901e302d568ef5321783f105537540a2550606c08491e655
b411705c15d7bea74cc8db8f6db2631e2092b8a4ae8db55561c6ac2945da5f34
b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
b832e38bdca15fb951b1141b2e7022dc75f17b7635323edbd7cfb44447bdac7a
b96edc909b484f58068f718a6cfd10a66d9f604439b35b16c8715d7e1e19d1d4
bb66e4b0d95b22bada7c9fc30e988c2c3f553ce4c48fdb45cbdd429135e1e5f3
bbab8dd75fd0743d1f8d2f617ca89ba17f002061a5ec0ae477e05d0d0f168d81
bf2999f9603c71dd1aad9b2dd4025dea569380cfcd23e381fe61184d6527d046
c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5
c1b5beda2898c5250828c952d14d582663fa1070bbf128d6812d99557ac1f5dd
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
c5a17d46976d471cf060c5a0e25749a323d6ab20cf0910f40afed81047ba21ef
c60dac2533d3568fd5fbc6a1afbfa46bbe803df1b506c76a9292d739e07f94ea
c6ef2ac7a901a490ee95d31a49902f465c3de32bfe36e7342bfd801584ebb051
c7b9bbcf9395cbe85a8b92b598f98c8cfa7351fa6cdc315f36ed1b06f74490f3
c9cdfe7d6925d13375d33fedeef317b66e112e902aa5310db4718ddf0eafa221
cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
ce81d0271ac633efe2c7c355a84d556da445cffa0317e2d4efbdf28c80819ca5
cf2aa18a31360682ede39dff2b5afd3ea7d971bfff9b51885bdbe65ccf046263
cfab016e4d09353b9153ffb2d88f060c979d1f51681c6ca03e2a343b7f12dae2
cfd65a286474d307e6fa40011a00a438728f7d4f2ac25235eb67442c9bfe706e
d036842c454a2fda10476e40007d00357dc05c7bf6758aca41882368bc3a0f3a
d07dcdbb3ddaba0dda7d56d496cbb5d8fbb1bdadc23f812126d3c4c6ab39e158
d1883f7a26d574acb192e568d50c21d03b29a14087bd26e6fe83a8615cf7d814
d23dd783210b737bf0cb7c503912e6a19c2bffa986bdd124cc9b7ba8558a27a4
d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5
d54f4b9a5fa7d9e1d03bfab57870d03a74246f689e3c9cf44e92563f462c9cab
d8fca04fcaab0cc2c72c6cbeec0dc4abba6f49b1763672e8535a9cb569db538f
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
ddcce687729cb358abf9d0d8e1217a097859be2b0d18c23d7c851b38c87bc9c0
ddea593777eadb98712f6f8e1197ad439b4a07b0ebde3bace480a5383412729c
df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e04e2de1b4d82b19d2a252bf4470c213993651bb778309b19a1e6260e1b7395b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d839c0da9056d9b284672c233a8a7dc285d6f6c1f8a9cff55b2608c0480475
e8a4b0f6f55703db81a26dd4e895dcd0850684310f1a9d923e6474a2f19dc300
ec07685f50b84e8e5d092b5cb43da35bfb6a881dcac4f1b6c0b26463f00b0c82
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef437f0675a66e89179d7e4dac1b30b22afa04cb8c2066920ccc9e889f601af8
f1ab1dd991fa40ddfb11d2f5ee9d664d737c32915bfd28bdffb3547e61a64e1c
f29cbf179571d29fdad53e7d0594f1e0331c15bba61a5ab4b5e073bbea74da03
f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc
f3657a0381d31b5f2b9543495fd706d1f2055d63a410fa838b252324508ff1b1
f3bb8b08d88d8c2aecdcc22d44304bb5011631ed25f7b92ef36e834392cd227b
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f49e111eea635c1bac95b9ab07278561c1a94fe8357523bd49a77b877dbdc485
f922fa3421c362546fd3d03ba919cd348801211732206188370f3d30c6566f32
f97a02ce90a4d1bb5b9af8dae69e6d255001ca746162eeecf544e9f773b6eabe
f9bc2af159f56f6373d66177e46c98091dd63f5ccd06ae805fd3feac847fbe0f
fcb4248858836c831fd9ab8fa4c5a8fe0b8cd038c804fa6cc44a5e9004e163b6
fceadb4786bb45e66c56bc5bc772b4cdc6586bcceb528e2cbd6259389a6b68ff
fdb339a7a89d884a70473c3aca889b3368f8bf5fafd80dfd28fb25d077f4ffe1

www.kelacyber.com Open in urlscan Pro 162.159.134.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

212 Requests

98 %HTTPS

60 %IPv6

30 Domains

42 Subdomains

36 IPs

7 Countries

3393 kBTransfer

10850 kBSize

17 Cookies

13 Outgoing links

Redirected requests

212 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.kelacyber.com Open in urlscan Pro
162.159.134.42 Public Scan

Screenshot
Live screenshot

Full Image

212
Requests

98 %
HTTPS

60 %
IPv6

30
Domains

42
Subdomains

36
IPs

7
Countries

3393 kB
Transfer

10850 kB
Size

17
Cookies

212 HTTP transactions
13 data transactions