blog.morphisec.com Open in urlscan Pro
199.60.103.225 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Submission: On June 09 via api (June 9th 2024, 5:42:54 pm UTC) from TR — Scanned from DE

Summary HTTP 166 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 49 IPs in 6 countries across 36 domains to perform 166 HTTP transactions. The main IP is 199.60.103.225, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.morphisec.com.
TLS certificate: Issued by GTS CA 1P5 on May 15th 2024. Valid for: 3 months.

This is the only time blog.morphisec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
62	199.60.103.225 199.60.103.225	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	104.18.90.62 104.18.90.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2400:52e0:1e0... 2400:52e0:1e00::1081:1	60068 (CDN77 _) (CDN77 _)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
18	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:ae5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.102.106 18.66.102.106	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
1	13.32.27.54 13.32.27.54	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1484	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	18.193.30.91 18.193.30.91	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:267... 2600:9000:2670:6600:7:d7d6:3c40:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c0d::9a	15169 (GOOGLE) (GOOGLE)
4	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
1	142.250.184.232 142.250.184.232	15169 (GOOGLE) (GOOGLE)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:4769	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2606:4700::68... 2606:4700::6810:6bfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8b11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	157.240.252.13 157.240.252.13	32934 (FACEBOOK) (FACEBOOK)
2 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.58.212.132 216.58.212.132	15169 (GOOGLE) (GOOGLE)
1	52.211.131.71 52.211.131.71	16509 (AMAZON-02) (AMAZON-02)
1	64.233.166.156 64.233.166.156	15169 (GOOGLE) (GOOGLE)
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
2	54.145.181.139 54.145.181.139	14618 (AMAZON-AES) (AMAZON-AES)
3	3.127.196.46 3.127.196.46	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:440... 2606:4700:4400::ac40:9284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.158.205.16 18.158.205.16	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:f36c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
2	2600:9000:223... 2600:9000:223c:3600:2:7dc7:8f00:93a1	16509 (AMAZON-02) (AMAZON-02)
4	54.89.92.78 54.89.92.78	14618 (AMAZON-AES) (AMAZON-AES)
1	216.239.32.36 216.239.32.36	() ()
166	49

62 199.60.103.225 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.morphisec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.morphisec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.90.62 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2400:52e0:1e00::1081:1 (Germany)

ASN60068 (CDN77 _, GB)

consent.cookiefirst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ae5b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-106.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-54.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1484 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.193.30.91 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-30-91.eu-central-1.compute.amazonaws.com

snid.snitcher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2670:6600:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c0d::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4769 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6bfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8b11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.252.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.132 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f132.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.211.131.71 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-131-71.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.166.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wm-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.145.181.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-145-181-139.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.127.196.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

x.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:9284 (United States)

ASN13335 (CLOUDFLARENET, US)

1534169.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.158.205.16 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-205-16.eu-central-1.compute.amazonaws.com

app.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f36c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:3600:2:7dc7:8f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.89.92.78 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-89-92-78.compute-1.amazonaws.com

trackingapi.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.36 (None, )

ASN- ()

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	morphisec.com blog.morphisec.com www.morphisec.com	911 KB
18	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 15016 js.hubspot.com — Cisco Umbrella Rank: 4638 app.hubspot.com — Cisco Umbrella Rank: 6200 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4658 track.hubspot.com — Cisco Umbrella Rank: 2847 forms.hubspot.com — Cisco Umbrella Rank: 6154	116 KB
7	hsforms.com forms-na1.hsforms.com — Cisco Umbrella Rank: 8146 perf.hsforms.com — Cisco Umbrella Rank: 16268 forms.hsforms.com — Cisco Umbrella Rank: 5060 perf-na1.hsforms.com — Cisco Umbrella Rank: 4907	6 KB
6	trendemon.com assets.trendemon.com — Cisco Umbrella Rank: 130490 trackingapi.trendemon.com — Cisco Umbrella Rank: 94433	66 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1430 analytics.twitter.com — Cisco Umbrella Rank: 943 syndication.twitter.com — Cisco Umbrella Rank: 1706	31 KB
6	linkedin.com 2 redirects platform.linkedin.com — Cisco Umbrella Rank: 3852 px.ads.linkedin.com — Cisco Umbrella Rank: 351 px4.ads.linkedin.com — Cisco Umbrella Rank: 6771	163 KB
5	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3163 www.google.com — Cisco Umbrella Rank: 5	438 B
4	google.de www.google.de — Cisco Umbrella Rank: 8139	252 B
4	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 130	463 B
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 205	162 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	397 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 119	3 KB
3	clearbitjs.com x.clearbitjs.com — Cisco Umbrella Rank: 19433	45 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 12512 scout.salesloft.com — Cisco Umbrella Rank: 16014	4 KB
3	snitcher.com snid.snitcher.com — Cisco Umbrella Rank: 92991	25 KB
3	cookiefirst.com consent.cookiefirst.com — Cisco Umbrella Rank: 33096	27 KB
3	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 9781	6 KB
2	hubspotusercontent-na1.net 1534169.fs1.hubspotusercontent-na1.net	50 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 5381 forms.hscollectedforms.net — Cisco Umbrella Rank: 5510	25 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 65	21 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 887 script.hotjar.com — Cisco Umbrella Rank: 1282	59 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 260	32 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 4174	1 KB
1	clearbit.com app.clearbit.com — Cisco Umbrella Rank: 20385	1 KB
1	t.co t.co — Cisco Umbrella Rank: 713	379 B
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 6129	172 B
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2553	26 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3888	4 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5889	92 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2604	26 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 907	15 KB
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 15978	5 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 880	17 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 70	3 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 6339	5 KB
0	lltrck.com Failed lltrck.com Failed
166	36

	Domain	Requested by
55	blog.morphisec.com	blog.morphisec.com cdnjs.cloudflare.com
7	track.hubspot.com
7	www.morphisec.com	blog.morphisec.com
6	no-cache.hubspot.com	blog.morphisec.com
4	trackingapi.trendemon.com	assets.trendemon.com
4	px.ads.linkedin.com	2 redirects snap.licdn.com
4	platform.twitter.com	blog.morphisec.com platform.twitter.com
4	www.google.de	blog.morphisec.com
4	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
4	region1.analytics.google.com	www.googletagmanager.com
4	connect.facebook.net	blog.morphisec.com connect.facebook.net
4	www.googletagmanager.com	blog.morphisec.com www.googletagmanager.com www.google-analytics.com
3	perf.hsforms.com	blog.morphisec.com
3	www.facebook.com	blog.morphisec.com connect.facebook.net
3	x.clearbitjs.com	tag.clearbitscripts.com
3	snid.snitcher.com	blog.morphisec.com snid.snitcher.com
3	consent.cookiefirst.com	blog.morphisec.com consent.cookiefirst.com
3	cdn2.hubspot.net	blog.morphisec.com
2	assets.trendemon.com	blog.morphisec.com assets.trendemon.com
2	1534169.fs1.hubspotusercontent-na1.net	blog.morphisec.com
2	forms-na1.hsforms.com	blog.morphisec.com
2	scout.salesloft.com	scout-cdn.salesloft.com
2	cta-service-cms2.hubspot.com	blog.morphisec.com js.hubspot.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdnjs.cloudflare.com	blog.morphisec.com
1	forms.hubspot.com	js.hsleadflows.net
1	syndication.twitter.com	blog.morphisec.com
1	api.hubapi.com	js.hsadspixel.net
1	app.clearbit.com	x.clearbitjs.com
1	perf-na1.hsforms.com	blog.morphisec.com
1	forms.hsforms.com	blog.morphisec.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	analytics.twitter.com	blog.morphisec.com
1	t.co	blog.morphisec.com
1	content.hotjar.io	script.hotjar.com
1	app.hubspot.com	blog.morphisec.com
1	www.google.com	blog.morphisec.com
1	px4.ads.linkedin.com	blog.morphisec.com
1	js.hs-banner.com	blog.morphisec.com
1	js.hubspot.com	blog.morphisec.com
1	js.hsadspixel.net	blog.morphisec.com
1	js.hsleadflows.net	blog.morphisec.com
1	js.hs-analytics.net	blog.morphisec.com
1	js.hscollectedforms.net	blog.morphisec.com
1	scout-cdn.salesloft.com	blog.morphisec.com
1	static.ads-twitter.com	blog.morphisec.com
1	tag.clearbitscripts.com	www.googletagmanager.com
1	snap.licdn.com	blog.morphisec.com
1	script.hotjar.com	static.hotjar.com
1	fonts.googleapis.com	blog.morphisec.com
1	static.hotjar.com	blog.morphisec.com
1	static.hsappstatic.net	blog.morphisec.com
1	platform.linkedin.com	blog.morphisec.com
0	lltrck.com Failed	blog.morphisec.com
166	54

This site contains links to these domains. Also see Links.

Domain
support.morphisec.com
www.morphisec.com
engage.morphisec.com
www.linkedin.com
www.twitter.com
research.checkpoint.com
azuremarketplace.microsoft.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
blog.morphisec.com GTS CA 1P5	`2024-05-15` - `2024-08-13`	3 months	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2024-03-06` - `2024-12-31`	10 months	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
*.cookiefirst.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-05` - `2024-12-16`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-07-11` - `2024-07-10`	a year	crt.sh
hubspot.com E1	`2024-05-23` - `2024-08-21`	3 months	crt.sh
hsappstatic.net E1	`2024-05-08` - `2024-08-06`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
upload.video.google.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
www.morphisec.com GTS CA 1P5	`2024-05-15` - `2024-08-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-03-19` - `2024-06-17`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
snid.snitcher.com Amazon RSA 2048 M01	`2023-08-18` - `2024-09-14`	a year	crt.sh
clearbitscripts.com Amazon RSA 2048 M03	`2024-05-11` - `2025-06-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.google.de WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-20` - `2025-04-19`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
hscollectedforms.net E1	`2024-05-27` - `2024-08-25`	3 months	crt.sh
hs-analytics.net GTS CA 1P5	`2024-04-13` - `2024-07-12`	3 months	crt.sh
hsleadflows.net E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
hsadspixel.net E1	`2024-04-16` - `2024-07-15`	3 months	crt.sh
hs-banner.com E1	`2024-05-30` - `2024-08-28`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.google.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-01-31` - `2025-03-01`	a year	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
clearbitjs.com Amazon RSA 2048 M02	`2024-02-15` - `2025-03-16`	a year	crt.sh
hsforms.com GTS CA 1P5	`2024-04-17` - `2024-07-16`	3 months	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-12-26` - `2024-12-25`	a year	crt.sh
clearbit.com Amazon RSA 2048 M03	`2024-02-15` - `2025-03-16`	a year	crt.sh
hubapi.com E1	`2024-05-04` - `2024-08-02`	3 months	crt.sh
syndication.twitter.com R3	`2024-05-21` - `2024-08-19`	3 months	crt.sh
*.trendemon.com SSL.com RSA SSL subCA	`2023-06-18` - `2024-06-26`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Frame ID: 2966548C3096F3B6F083DB11E00E21B0
Requests: 162 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.morphisec.com
Frame ID: DC84F7E1C9183639E98E543FD55A395E
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: 8DC4BB5AAAF0C5A2003BEB225F5504F4
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df79488f2831b55c10%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ffafd3cddf303d05fb%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&layout=button_count&locale=en_US&sdk=joey
Frame ID: 6A462F63703C5DB3706AE8C96EED327A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

166
Requests

99 %
HTTPS

50 %
IPv6

36
Domains

54
Subdomains

49
IPs

6
Countries

2346 kB
Transfer

6452 kB
Size

41
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://support.morphisec.com/
Title: Support

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/partners
Title: Partners

Search URL Search Domain Scan URL

URL: https://engage.morphisec.com/experiencing-a-breach
Title: Under Attack?

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/
Title: Product Overview

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/adaptive-exposure-management
Title: Adaptive Exposure Management

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-windows-endpoint-protection
Title: Morphisec for Windows Endpoints

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-windows-server-protection
Title: Morphisec for Windows Servers & Workloads

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-linux-server-protection
Title: Morphisec for Linux Server Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/incident-response-services
Title: Incident Response Services

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/moving-target-defense
Title: About Moving Target Defense

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/finance-industry
Title: Finance

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/hedge-funds-industry
Title: Hedge Funds

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/healthcare-industry
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/tech-industry
Title: Technology

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/manufacturing-industry
Title: Manufacturing

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/legal-industry
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/k-12-school-cybersecurity
Title: K-12 Education

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/small-business
Title: SMB

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-microsoft-defender-av
Title: Microsoft Defender AV

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-microsoft-defender-for-endpoint
Title: Microsoft Defender for Endpoint

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/virtual-desktop-infrastructure
Title: Virtual Desktop Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/cloud-workload-protection
Title: Cloud Workload Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/remote-employee-security
Title: Remote Employee Security

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/ransomware-prevention
Title: Ransomware Prevention

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/virtual-patch
Title: Virtual Patching and Compliance

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/supply-chain-attack-prevention
Title: Supply Chain Attack Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/browser-attack-protection
Title: Browser Attack Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/about-us
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/news-and-events
Title: News & Events

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/contact-us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/resources
Title: Learning Center

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-customer-corner
Title: Customer Stories

Search URL Search Domain Scan URL

URL: https://support.morphisec.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/arnoldosipov/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.twitter.com/osipov_ar
Title: Twitter

Search URL Search Domain Scan URL

URL: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/
Title: various campaigns

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/schedule
Title: Schedule a demo

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-vulnerability-management
Title: Morphisec Vulnerability Visibility & Prioritization

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/legal-compliance
Title: Privacy & Legal

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/morphisec.morphisec_threat_prevention?tab=Overview
Title: Inquire via Azure

Search URL Search Domain Scan URL

URL: https://twitter.com/morphisec

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/morphisec

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCe48cR5xTxPJSYMjG-So7Rw

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 94

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1717954969094&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1717954969094&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1717954969094&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true&e_ipv6=AQKJMjStGJZdegAAAY_-GH9UbLTX_LP47wi5hIZSz7X-BYZVZPUOTJpygo53tmEGV7zwSirTjnpP

166 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request sticky-werewolfs-aviation-attacks Show response
blog.morphisec.com/ 149 KB
24 KB 174ms
99ms Document
text/html 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

357668a31323571ee684d38cb7ab8adfb4aa4cb228017e7b5d254f969541307a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Xss-Protection	1

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-ray: 8912eb97c9be9025-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sun, 09 Jun 2024 17:42:48 GMT
edge-cache-tag: CT-169577076135,CG-3742504875,P-1534169,L-111241817773,W-110459115301,W-110461035085,W-110617941043,W-17242827075,CW-109590708858,CW-111929326924,CW-148583664153,CW-6224157750,CW-96190736016,E-109591972187,E-109621200285,E-109629951254,E-109788822098,E-110333050473,E-110410292559,E-110414479364,E-110809165900,E-36272650673,E-6213834399,E-6224156614,E-6224925249,E-91587260036,MENU-110459115301,MENU-110461035085,MENU-110617941043,MENU-17242827075,PGS-ALL,SW-1,GC-109628533403,GC-111932574522
etag: W/"2a0128b916457d73ce2e179113dea8ed"
last-modified: Sat, 08 Jun 2024 17:05:04 GMT
link: </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UfToaTOxMnSYzBwkzkQtKRATBXgMdjwqKQn%2FXfJiCQQGXwEtqpxWtGyegMOWgxjvlf%2FDz6sqmlRWAxNr3YGHv%2Bs1VYQQD7%2B76U%2B0X%2BBV0Jp9Oa8VUGFxUpTW6ldmYva0zzLZSA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-campaign-id: bf6dd9fa-5c30-4bd3-8325-81c4e2e02c33
x-hs-content-id: 169577076135
x-hs-hub-id: 1534169
x-hs-prerendered: Sat, 08 Jun 2024 17:05:04 GMT
x-xss-protection: 1

GET
H3 200 project.js Show response
blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 134ms
133ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: gzip
via: 1.1 93c19401e4c3042840b49b10b9478098.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7597297
x-amz-cf-pop: VIE50-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=71EtF6cArye0Ow2FuBnTXay0biVJJZ3U99H1arBvhwSMY1JvaQf2ql%2F1F%2BCRdoO%2BwglsnWs6J1iWsZ3IvSH634YArNnEUsIJKhHlSXk7RcPmC2sTuXabx8yLD%2FzgtFKVxMiflA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8912eb986a889025-FRA
x-amz-cf-id: taibrJxhl0Pv-g2kLxYdkl-I0t1gMNjDW9iJ8n3fVTWw3x2RnykuiQ==
expires: Mon, 09 Jun 2025 17:42:48 GMT

GET
H3 200 project.js Show response
blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 112ms
111ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: gzip
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7610994
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zD67MA1j5FZpzH7q%2FFLdz4ScehOQ3GLOo7uDanfKg1xV6EUcAxYkDtp%2BMWRY4pJ0D5EVCGafuuIjMJ48i%2FagkbDB%2BsBHeb%2BMrbpaoklBBnO%2FthK7%2FxDnzaVlyOjuyrB%2FpWhpGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8912eb986a8a9025-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Mon, 09 Jun 2025 17:42:48 GMT

GET
H3 200 post_listing_asset.js Show response
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 3 KB
2 KB 100ms
100ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: gzip
via: 1.1 e221f111ed3ebc025b531e81056d37a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7602163
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: RefreshHit from cloudfront
x-amz-version-id: nC1hzr07YsutChb9rCwKsMoiyxip8lR7
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"d95d7dafd49a1edc76a47120c287b579"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Absi2lCrUdzUfoRei9TUp5%2F%2BVn3DIA3cZBYf0wG8TTIVafeCgHeNFdgcca6n%2B14wAdKS6kWu8O6Pr9icGVMY63V6zfBuWV4ts3Vh5CXvr7872%2BAsqNlhsRAYUsZKKdhAOR5XSw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8912eb986a8c9025-FRA
x-amz-cf-id: TjVkfYIMeFG53PNehI5mn1DOtTFkLDWPEd0kLAMkZtJeAP_-UO3jmw==
expires: Mon, 09 Jun 2025 17:42:48 GMT

GET
H3 200 v2.js Show response
blog.morphisec.com/_hcms/forms/ 482 KB
161 KB 114ms
113ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 440
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=8912e0da37ba9136-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5387/bundles/project-v2.js
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 86e75721-9881-4973-ba9c-54252843c52b
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 86e75721-9881-4973-ba9c-54252843c52b
last-modified: Thu, 06 Jun 2024 13:36:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lPX6t5A5VP%2BsdQ0ve%2FAiRlupmfUBfaGRCxdQkv8qigqgNfUp2vyZPDuDr71smI%2B7mKhSWQzzqwcZWmFJgFTFlRHUprCaFQRjbncDbC3%2FY811imT1uZuZFNUcBd35x4By47xHrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-ncdrp
cf-ray: 8912eb986a8e9025-FRA
x-amz-cf-id: FZHD14vPwNgkhhPMZaz_PZCElL-SSTgq9d8q9DT4zuojrzpsFUv6Sw==

GET
H3 200 reset.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1697111371858/2023/CSS/ 1 KB
2 KB 188ms
187ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1697111371858/2023/CSS/reset.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

abd611420c0557b18c6fbd0dd66eb643fc3298fbaccd15e0a2ba9fdf78f2ca72

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
x-amz-request-id: WS9GJ3E0Y1W663TF
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fdc18c7998eab7f0173b18cbfee4df06"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1697111372573
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: LIGvZMYA2GuHTR7O2Z5oVj7c2QZI5kJK
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 442a620d-81d4-46d3-a1ff-c2d3cf88d226
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 203
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ADMQP+vULYexcmO3qlq3/ntA7pMAD1BEXTcYMSBOxfM1UdUYn0Cwnp+iReLj5LXTVl6kqAvwLHc=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 442a620d-81d4-46d3-a1ff-c2d3cf88d226
last-modified: Thu, 12 Oct 2023 11:49:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2FMpz5yoFX16QsBTQBLImGjZHoymyQDYrkT3N5VCtZ31jeZUT4hZPZmnZefeXfqbCpSmva2wOMdnettMJmBx%2Baawlcsxk1XTiTFXuffOPFdGiXE4H56bt1g4n8uOLTbx2%2BGuVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8912eb986a909025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: lasT-RQqNGcn6RNPBpCqJzS1xfyMcvvoGEot4fmATwm5gDO16BPUZQ==

GET
H3 200 fonts.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/ 6 KB
2 KB 206ms
205ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
x-amz-request-id: WS9R9TZDVJ98YRZB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"129a23607bce2eee640430d3bbfef277"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680693252902
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: dVLtzAKZg__B3uxHbu3a_2GX4VNB5e_S
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 057a8449-0421-4ae7-a647-a5ad3034e951
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 167
alt-svc: h3=":443"; ma=86400
x-amz-id-2: tuLkaSL5Z1fQLIIDpipfPP90FTCrUIY7LBK4tauu0EatuXWBxmglMmhbliSMZ2UQHRMESCtptYA=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 057a8449-0421-4ae7-a647-a5ad3034e951
last-modified: Wed, 05 Apr 2023 11:14:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rvUkZZ%2BUIiwaIaFBpFF2y%2Bu5mvsWIYKFEE%2FFOdquA4PzeezOr6nGbIFrqgRvbNHza%2BaGocvy%2BJDdG25tEGFacrWqKtxsL1Pu71MMrHIKgaM6tPBS2sFsM67h28FzQ4jiGVZo4g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8912eb986a929025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: O47wukNnZI_YnlKyJBJKOu4HDVXMALNhdCQlNEKCR6g1ERMdp306Bg==

GET
H3 200 custom.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/ 280 B
2 KB 239ms
237ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/custom.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 0TEWBS9ZW4AA4TQN
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"5c5cddb5467e6fe854b7d0a6f51135e8"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682414590689
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Tnt1z7gJRW9yvpi1rPu2tP7PpekG4_IL
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b5f661b8-e85a-4ebd-ab12-834fd651d025
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 173
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xoGN3IQVBFPDK/EcdXHlMiU637ho47awTsh9UkXGGaWzMcFXkYo5NN/fiTY/Li0Dzbc+cqjY9f4=
x-evy-trace-route-configuration: listener_https/all
x-request-id: b5f661b8-e85a-4ebd-ab12-834fd651d025
last-modified: Tue, 25 Apr 2023 09:23:11 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0wcS8qtVTv%2FXxQ2UUN%2FkapD73mCRKuFXoSa85wThw%2BhJ1PCfvd67EuTrayyz9nJCtvQGUhV2is8plE96rbg%2Fz8RYwr99YrxCAVxEh4mhLgE7a27gV6R21OQZwILPsZUkIRWJ5w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials: false
cf-ray: 8912eb986a939025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: 08RGV2vtv5sRx6rRaNSpBjNIecMWIKnCHjfT8hcLUBp-ApQDHNzA3A==

GET
H3 200 slick.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/ 1 KB
2 KB 300ms
297ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/slick.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
x-amz-request-id: WS9YX6NKECEEMAP4
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"50424795a4c8f41eaba805785dcd11a3"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681177549173
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 9b097dfab92228268a37145aac5629c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: CSM7qjm5tr1tplGgJgxA9LlFMJy2.Rrt
x-cache: Miss from cloudfront
x-hubspot-correlation-id: c0ba61b1-7ff8-407c-b677-7c40d7b45a89
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 166
alt-svc: h3=":443"; ma=86400
x-amz-id-2: fGEz8nLtg8tREw2Lxtf8BOTyXroKQ6zNbgAzooBuPF0wTWQqT6LstY73wyPPHB7rOai7KMSh0gQ=
x-evy-trace-route-configuration: listener_https/all
x-request-id: c0ba61b1-7ff8-407c-b677-7c40d7b45a89
last-modified: Tue, 11 Apr 2023 01:45:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2Be%2FZWFhCLYSEG9Y%2FlBK06dmk92kiQL27b0ergLxGrC%2BDy9816cn%2BolXpRoDHsvZBn62NqzyGMFspIBByawTnznnDzL9hTSBuzdOotAPF2M3a18Iqup0FpDbFsvOLVnVH3W0Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials: false
cf-ray: 8912eb986a959025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: TH6HrsanyjF4Y9lZPSREjp88nwLOdC0io4YyMzH3742Sm7abazCaYg==

GET
H3 200 module_109590708858_Header_-_Global.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281837/ 19 KB
5 KB 262ms
259ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281837/module_109590708858_Header_-_Global.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

82bd71b6661f724ea282854a39a327fc9977c582f2ab0d4a63ae9f19c2df27ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
x-amz-request-id: WS9WXVJTYR9K5864
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d094d382fe759f4d5bba2e7961af25d9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1712731281837
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: xuDU3AyM6SL4EpOScEBunVgr8bg8duxo
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 0de7d8e7-0e63-4161-88f3-e57f89bacf0d
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 269
alt-svc: h3=":443"; ma=86400
x-amz-id-2: uGGmTEsRRmY6pcdb2ShML0xmH2i2E4qptzRCnjfyQ1VM7o4dktsJv2AOox34f0nLlM1Kxt2cNQw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 0de7d8e7-0e63-4161-88f3-e57f89bacf0d
last-modified: Wed, 10 Apr 2024 06:41:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aMKIlYNCLS3ogaXu7gCPemCnkTQ8CHpK9VKF6FUT%2F6m%2BHK1%2BzRN29sdaTHhnblBOO5anUuG6eeHOZxUfBcZ42lrbn7iUMCShsbDNZEUYi1Wup2TS7%2BiNZ22TPGaFIsTIjgAt2A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8912eb986a969025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: 0enqbjFEodyki8ApwYkSLR6k9k0YI_SjEsRBi8UypemxchQuSKkEAw==

GET
H3 200 project.css
blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/ 720 B
1 KB 122ms
119ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/project.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 6994521
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: 8ccI4weZqJTdCHtwNm3UqetXb_uUGb6Y
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Mar 2024 20:21:22 GMT
server: cloudflare
etag: W/"a81c70764750950eb72d4537c41e781f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EZMhhS6z9KOCnGSOjkRnsDmgzFxP4eXpTYb6Ep6rbm0X7iI1AgxFwbZykr5tYwi7nLBVBN7jKWeRz42f73LPm%2Fc3%2BXent8ChxyMa09ivYzFpYezvoGuC%2FcNDEobcB6JugGUapA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8912eb986a979025-FRA
x-amz-cf-id: g7Xq0RBZkXYErLa84Vt7JzfPtPOIstnRQrqC3IhE4nOzaCNhgj_NTA==
expires: Mon, 09 Jun 2025 17:42:48 GMT

GET
H3 200 module_148583664153_Blog_Quiz.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/148583664153/1703224192160/ 1 KB
2 KB 249ms
246ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/148583664153/1703224192160/module_148583664153_Blog_Quiz.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e0a2edf9cc6b61a6576a95fe791ac7b4470577d68e0cc738a2f90d2d6416589

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
x-amz-request-id: WS9Z24REX5F9TT58
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"5292316ee34f942adabf9639035cb5f1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1703224192160
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: YbKx_knHjcoCWj.kdAsSCG6ojGVZltfV
x-cache: Miss from cloudfront
x-hubspot-correlation-id: e97b6a12-21b0-417a-8103-4c17964614e8
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 214
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 0jH7YwRrHTK1YBpCv7zJMknAhXVnGjCWow6/1113mTTbYVeoUY3KxPF+r/+61HhZi2/RalWHniM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: e97b6a12-21b0-417a-8103-4c17964614e8
last-modified: Fri, 22 Dec 2023 05:49:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hudFSu%2BEX9pbEgLKr1K%2F%2B7o6lLxrUopuF%2BrqCX73iuzCoARZplQhzltlZymzyziceROSb%2BEvVJ7IkFpcSTGCjzO9Z1zPDnFkhAlQaRF8qWaIRa48xpJNMrKawYt853Bpgl6Ang%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8912eb986a999025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: uRvA7RRSMaqVKk-8HPE_l4koR7N-8hQ-exHhErvJQhrgbYtOPIUEPQ==

GET
H3 200 module_-2712622_Site_Search_Input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1717687439473/ 612 B
1 KB 97ms
68ms Stylesheet
text/css 104.18.90.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1717687439473/module_-2712622_Site_Search_Input.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.90.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 267347
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c708989561e0cdbfcf996d1b7f47482c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1717687439473
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 75101491-fe4c-42dc-afbb-f660f031f4b1
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 229
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 75101491-fe4c-42dc-afbb-f660f031f4b1
last-modified: Thu, 06 Jun 2024 15:24:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lKby3mrmcjymkCxXqgc5gc9rSj40I2qGr8LlLpBZWYEn7QbDIq7C%2BYCYWG%2FUDxdHz07hxXFP8GmB2c%2BcczAYJGHB%2B2%2FDC7nfTmzNPQqzPXiBI%2FSweJeHoIFEOa%2BPT9aEzSI%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-4f62g
cf-ray: 8912eb989d86bb53-FRA

GET
H3 200 rss_post_listing.css
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 910 B
1 KB 134ms
132ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4d0ae7ca3bb5e2d6eaa1450e1906adb4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 2936039
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SWTBf7rsHPYyRt14V26V2uZ06wVw0HXGA29vba%2B%2BAygRxo7PEdAqowPb1FJh8TKoWNdXSOP0KJmxWxs4xcwMXFCJ2zQuDiHl%2FdP%2F%2Bcq0tHqOAtcIbC04Tmz5Q3nK6v8XAEohWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8912eb986a9b9025-FRA
x-amz-cf-id: -qMof7lyKXEb2NoFcvGNm4_DKNNLQiJqyYayO2ib1A_4z-SDh2pfbg==
expires: Mon, 09 Jun 2025 17:42:48 GMT

GET
H3 200 module_111929326924_Footer_Global_2023.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1698849006892/ 4 KB
3 KB 208ms
206ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1698849006892/module_111929326924_Footer_Global_2023.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c1113b143de12d58d3771cbddb3a4e7c76580a89ea241479cc9bd5288fd2fd0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
x-amz-request-id: WS9RS9F5846600VN
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a5ec360241c57fd3faa2fbc7878eba90"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698849006892
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: q50x7qOtfnDDU2ZegP01O0u6R_AW5._N
x-cache: Miss from cloudfront
x-hubspot-correlation-id: aa23af53-bfe0-4afb-9272-615026a9b751
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 276
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BuKs66hKG2K7iLwKIRc9nxmCwQ3hrGUoaYmwIC5K5s92qgJf7/i00XwdvGemgGbvSEeOw0PTKPN1+/KJqOX4t8BF1CKzCqlt3DbtjefYO6E=
x-evy-trace-route-configuration: listener_https/all
x-request-id: aa23af53-bfe0-4afb-9272-615026a9b751
last-modified: Wed, 01 Nov 2023 14:30:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TV%2FcvZL5VGQenocxdupKH0nyo7hYv2m7VA3XJPQZ9FlWHGb7AG9T3tvNFS2v%2FLT4kxAnQlrs5Sx6d0N3XrUyk%2FsMV7aMUW0hSLVLbwJqQTEcKacEG7vhwFyAd81kSBx5iQpJfw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
cf-ray: 8912eb986a9c9025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: Ms1R8kXaG8ccsmi7b0esUciznnPc-rhpvaOztAa-i5fqiMZrnSIy6A==

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 87 KB
28 KB 63ms
33ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 256493
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27958
last-modified: Mon, 04 May 2020 23:01:39 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb09ed3-15d84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZbFzHrFwETLEWZv53hIA1bj0jRyr6XPPUuOXwSAi85Ey52hSU3yowEPTx6RTPq8DDDWGS%2FGg32%2B4Q3DN%2FCR6TsAnwCnvOILhQbkxH8BZhRct%2FezeNJO7s6foZoYcSHcDxulGSTiB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8912eb989a96916b-FRA
expires: Fri, 30 May 2025 17:42:48 GMT

GET
H3 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/ 11 KB
4 KB 85ms
56ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/jquery-migrate.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 256328
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3592
last-modified: Thu, 25 Jun 2020 01:22:57 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5ef3fc71-2b0b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nybIt8FdkyXLBLx2rp7d%2BH30ns88Kt5KN5%2BTQz3lmxd0KAQiaJ2hFdH%2FMqybuNr0oadllgVJr37sUnViteaLmxCHllPt2jdZgScpnY5HC7SORuoYthZ26AHTEKvcA2sYsLicyhu6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8912eb989a9b916b-FRA
expires: Fri, 30 May 2025 17:42:48 GMT

GET
H2 200 consent.js Show response
consent.cookiefirst.com/sites/morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/ 3 KB
2 KB 83ms
28ms Script
application/javascript 2400:52e0:1e00::1081:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/consent.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: Cookie First CDN-DE1-1081 /
Resource Hash: d274658b075acbf695a0c18e0dc8a5f3f576a603882464574547b7e05b6a4c7c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: br
cdn-edgestorageid: 1082
cdn-storageserver: DE-383
cdn-cachedat: 05/23/2024 00:10:45
cdn-pullzone: 236985
visitor-location: DE
last-modified: Wed, 22 May 2024 20:41:28 GMT
server: Cookie First CDN-DE1-1081
cdn-fileserver: 588
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"664e5878-aba"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: REVALIDATED
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=30
cdn-requestid: 4ba0bb7102b9f99404dc953cf79107b9
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 custom.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/ 723 B
2 KB 292ms
290ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/custom.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 698VKKQMH7KR53S8
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"aa1f7340688642df1a14a1ed11c7650d"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680774296492
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 041a4887d523cabe8177e269cc358162.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: E6pXkgaUwSKGBww5g6OhIUrjEzq.3zLC
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 145e1e95-6686-4af3-beba-c4a736a45451
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 158
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QqPYDofCkJ5DgYqX0tyKBH/xgb2A0vq0aZ5+6WQnOlqYlafSNx4kG/CBsa7Dg82XOlmJ7kVLuow=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 145e1e95-6686-4af3-beba-c4a736a45451
last-modified: Thu, 06 Apr 2023 09:44:57 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tXZSHwGoBfW0aETg%2BEVasAC2R2aJA8Pt5sh299v5vKqZMKHG02K5Sfi5nS4I%2FcMhzhChJZTMy9d%2FoMYrv7RqV0Y4Kgu2CgpYvKLVLZhrKEfm5O6AqGokVxdRAOHRaacToQOSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials: false
cf-ray: 8912eb986a9d9025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: yd6VZ2so3rXUZk8LMCQ_p0HneavL37Z8e6p6ALzFwW3VWDncDy4brg==

GET
H3 200 font-awesome.min.css
blog.morphisec.com/hubfs/dynamic_esg/css/ 20 KB
6 KB 134ms
132ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/dynamic_esg/css/font-awesome.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d8006f736d3dc32a20a91813f2f50fa2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
content-security-policy: upgrade-insecure-requests
age: 166804
x-amz-cf-pop: FRA60-P7
x-amz-request-id: 7RDTK1EBGZVCJHCS
content-encoding: br
edge-cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
x-amz-version-id: t80ZTUuyC2UKWRLSZGKnunSDBqf49hOf
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: FV3Ppi2de3oTpFVzQwmgtD5EAQ8kEUZWbCMk+L/jkEWPC3MroRhztPlj8GtUavTF0aBK2ac7c5M=
last-modified: Wed, 02 May 2018 21:34:26 GMT
server: cloudflare
etag: W/"aede50e4be8da8450a046f9d293e57a5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OSnpwsJCzTazbCrKo4uAoJFwTtyD4CNp6aqSaJU9ghmdXO8eyP1g%2BJEIh0CXdvwu8Um5735LacGsjs5CWThUVS27VLA5F1pzfkaSTWy%2FnVo8MFe99JM5FZAMlFCSiKDtzjsSoA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 8912eb986aa19025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: xZphUSRNTQnxss8yAjcV6Zszty0hIZP4B386SlIud334AT0Mtk2_9w==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 98ms
22ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE6) /

Resource Hash

f16a9696b3176614d3fe439def6fd9754fd489877999517b99b3b2f265cb7990

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 2209
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163630
x-li-uuid: AAYaeAv5hwg2RlEWIYPtTQ==
last-modified: Sun, 09 Jun 2024 17:05:59 GMT
server: ECAcc (frc/4CE6)
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lva1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Sun, 9 Jun 2024 18:05:59 GMT

GET
H3 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1717687419966/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 101ms
73ms Stylesheet
text/css 104.18.90.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1717687419966/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.90.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
age: 267415
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fda5882b24ca5a84d04d090722dc713b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1717687420655
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: faeac3a5-4bbc-40a7-9615-eb2ea311c410
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 188
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: faeac3a5-4bbc-40a7-9615-eb2ea311c410
last-modified: Thu, 06 Jun 2024 15:23:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JLKDdyHRFpiS23ACa1at8l1GW6Z4bwU9Z%2F4UQECyMqTYajRQIqKWMUi72m%2BXVdgKQNDIKJieXA4dT9%2By%2FT5YR6TB5JaQM%2B7lIGrmpRPt4e9663iLGtIS00e1CpzcIChY8Ks%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-qd96f
cf-ray: 8912eb989d83bb53-FRA
timing-allow-origin: cdn2.hubspot.net

GET
H3 200 old-style.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1709023725071/2023/CSS/ 119 KB
31 KB 280ms
279ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1709023725071/2023/CSS/old-style.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e605a433da0b6d187b3cdfe5bc2e9459a994338d3d3befa8c43fb4f450340a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
x-amz-request-id: WS9QRR7QHGAVQ6DH
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"113cfc86f2822c8fe6a587c4d5f5f5e0"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1709023726300
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: ITfStmbWvO1RG2y8hwIO3ex.42tWx3Mj
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 2ef55c0a-437b-432d-92f7-2b48f409232e
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 322
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lsgdHBEiN8fWiDZZnMKPMMHtcmP6N7dsh41iIX52OZaHX0cvrrY5V4oXAreagurs1WJpWJ7qrng=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2ef55c0a-437b-432d-92f7-2b48f409232e
last-modified: Tue, 27 Feb 2024 08:48:47 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0hakrbQtjewuYQqtqErNkAYYjcAQ8SpyFth38cRc9PuG2OorpFEuDTCyRkcFksW2F8xZG%2FAg2IUzUlDpVIc%2FTaKeRlg8uhtpN5pkfhipKDpyiKoi4leF%2B%2BfWWaqHiXQoFjPYsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8912eb986aa39025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: Gb5cVfYplaJTSsKBwSBjup6ixHOm4VmZKVrnrim0FkvONYdvn55VRQ==

GET
H2 200 c5a43670-224e-4ee8-a697-dff8dfc97039.png
no-cache.hubspot.com/cta/default/1534169/ 1 KB
2 KB 225ms
171ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/c5a43670-224e-4ee8-a697-dff8dfc97039.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef919241c4f9e8332708cde9d589d64af4e72883eaa283d774e27c40a29d10d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
x-amz-version-id: W8AeyTnaqVV3pfbxKJWSin4pOfI_4xTy
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: VW6MXVJ56MAK011Y
x-amz-server-side-encryption: AES256
content-length: 1502
x-amz-id-2: P9V2KKk2wwfq4OEfMZt8ua4k8BBPqZRlKDd3eXE8CrpTKyYbW7tBk/3Wz+5pV8IiPlEGcPzgVgY=
last-modified: Mon, 01 Apr 2024 18:37:57 GMT
server: cloudflare
etag: "a27297b1717befe332ddf4f792ecbe89"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLCjqAn68E8GPt4awHe9mcVkcHLfpNUL4lB9MZOGM%2BMwlAiqNuHEqmOwsU%2B%2BHotIslXMBMrigC8iumo62z5%2BwIhiWo3KCIQX6LOBlsz5ZihmswUMzKPsHuiZ2Bm%2FQSSswXpu4fvyj3EJ6aPitTQUW4Xi"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb98bc0e37ef-FRA

GET
H3 200 current.js Show response
blog.morphisec.com/hs/cta/cta/ 18 KB
8 KB 181ms
180ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/cta/current.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

99638cf918a36ae5912b6e521489ec6f3c8cb82e2e21e2f43941b86f8b223aa6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 365
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.292/bundles/current.js&cfRay=8912e2ad875471ac-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"6d8dd07e8368ff52cc7dcb421189093b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.292/bundles/current.js
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: 6dYEpr.GOIl1ONbJkQvzy0C6ZtehNCz3
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: e55562fe-3ba4-4150-af16-e2db3694535e
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: e55562fe-3ba4-4150-af16-e2db3694535e
last-modified: Thu, 09 May 2024 14:05:37 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jrylOpy6VOb9z2tv5PSNhCU4K9yizrPDPZXVeJlXwcXJsu%2FUw2tORxeaXhrc6oR8TpMM%2Ffo4GvDLo031jugizqC2YxMmZ7jesjuL8o6Ixc8oveuqmBtAHN3veDApWARok2zZjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-9c6mc
cf-ray: 8912eb986aa49025-FRA
x-amz-cf-id: V3tGxsYD0E-G-LP_ThwNxSFRkXYlUEF6trK2utPiqqmV6wA-_G1G1g==

GET
H3 200 Morphisec-Logo.svg
blog.morphisec.com/hubfs/ 5 KB
3 KB 117ms
114ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/Morphisec-Logo.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-163965048881,P-1534169,FLS-ALL
age: 12573
x-amz-request-id: W5G6ZV21Z67457P3
x-amz-server-side-encryption: AES256
edge-cache-tag: F-163965048881,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"765cc8beac4cc28676c6e847214549f8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1712695150225
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 75373f3f77c169166bbce98d302dff7c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CLh4I1f8H1fjYE.XdVDUvmpXn1gHCWyp
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-163965048881,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: T++7JXLJ/dCIkuMF8v2O3oi+GOW8nIxCTZ4pvAcXmM0Z5XvjuZqMRFBRnzC1e9TVQjzYYySreV8=
last-modified: Tue, 09 Apr 2024 20:39:11 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pIP8HHahD%2Fxkrr9PXidpMwc4hTIOZj7Ah0qAb%2BzH9sK4fxQW1H4HrFHKtfpKdnvYKA8RV16Sc2B%2FOpHrwJLXqDns16wVxtI6ukDjgwmtRPPScaOivJApmihfJW7C9FpkN0sjSg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9a7dea9025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 5bphS4sA-IB5KTGAO3fzImbXONYqSRfQBGOSU5iUz3tPNZnkOler6A==

GET
H2 200 3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
no-cache.hubspot.com/cta/default/1534169/ 2 KB
2 KB 149ms
149ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
x-amz-version-id: ulKQMNoMzME6ZWTBPDeq_A_qJjzsu_Xz
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: VW6T53VKSRH1852S
x-amz-server-side-encryption: AES256
content-length: 1631
x-amz-id-2: Rzk1NcL7RI8M4pnOIIVHNGoYQwa90RGbcU3QAHIv1w9qAsxywCzcSNPwB4Pwjw63iRus7rSSnMg=
last-modified: Wed, 05 Apr 2023 16:30:06 GMT
server: cloudflare
etag: "3d5f63abc7db36507720723f2c0d0e15"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dzUt0atfZyB3rxZfm0FnO9IxAL3K0XElM0qqNEFXE%2F3o9RL1DCtVpH8lDdS9wXsT4cSb5WPxC8Hzsav%2Bf3%2B%2BnsodX3g5ZouYGFYv1p1R%2FUsYKUCvrP0MwyqUiFD6QzXSf0gp1Aj7rn0lO4p%2FxUp3KC2d"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb998d6237ef-FRA

GET
H2 200 d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
no-cache.hubspot.com/cta/default/1534169/ 1 KB
2 KB 199ms
199ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: VW6ZB70DFHBKEDM3
x-amz-server-side-encryption: AES256
content-length: 1384
x-amz-id-2: zy8VvAszmPW5UFkd/XG74zdacYAnFNCyAZaZBpdTkIB27Zc3LxWaO6Ttgwbn7UsG6PEvCuG0q9Y=
last-modified: Fri, 18 Nov 2022 14:30:06 GMT
server: cloudflare
etag: "eacaba2cc1bbf4de2a43469ab485d45e"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZoYhjiY2VL47sdyaHRRFQFAfzBCnv%2F6HSDrAYOlnCyTsZJvZjaz4HQaUyRwTZwwMek%2BjNYYuqjDZ7pOSo71Z%2BLa%2FDmku3ikbmQtLEkjaTDPIW6p0JlCf1NQ17Q5ptVIBtZN7J0Woyp0zUqsEWHryfrd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb99ddd137ef-FRA

GET
H2 200 c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab.png
no-cache.hubspot.com/cta/default/1534169/ 42 KB
43 KB 176ms
173ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60bd6bad64c21fc8b1d3f6bf3fa261780974e6b0489a67a1d02db33fb4c9b7b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
x-amz-version-id: mQywM4EnlQtO1rXgIPZZ_ORcxGxdaqep
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: VW6JBFXKSR2FWWPY
x-amz-server-side-encryption: AES256
content-length: 42909
x-amz-id-2: LPTFDw4PatGSiJBg6pWiD/dNjCqyNNVPUe4dD+vsm6GUeNfE04WGQzMesRnE8M+YhxnwU4Kw7qg=
last-modified: Fri, 05 Jan 2024 21:55:07 GMT
server: cloudflare
etag: "52f2133547882c1af4bd99b776191ea7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8zS83panV%2Bafcd66TO3JZd%2BVN2y47vRjl0LXZ%2FC4axloqmBeCy42dQWPrYnOmsYSO9GhNdCrm0m87BumjBLHsa2JyHUDmxFEU1ePAZEWKAwxw5HPbIuUuzl7fFVMemz%2BrrZ1p8IXnF%2FPYdkZGckKguzQ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb9a7ee837ef-FRA

GET
H2 200 6e3260d1-4218-4c07-8a6b-23a2b2c30656.png
no-cache.hubspot.com/cta/default/1534169/ 29 KB
30 KB 167ms
164ms Image
image/jpeg 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/6e3260d1-4218-4c07-8a6b-23a2b2c30656.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf33e7f713c3422d8843e777c6400fb30e1eaf0b80e2b04cbf74d6e0d3e5b468

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
x-amz-version-id: e3EHINO7AnmPMuAiWEsgkJOJ_w7wjr2w
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: VW6RANKWXM8CC5FG
x-amz-server-side-encryption: AES256
content-length: 29780
x-amz-id-2: +rc6P5qXZklDQxSHFV0Olqybbnxlg94mB/LU3RpqO6Dm/QdEM17+n+7V61C8bisjRwZzDR4iyzI=
last-modified: Wed, 14 Feb 2024 20:21:18 GMT
server: cloudflare
etag: "ab6719c435bf97abff2e789f81601412"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6tXsFoSIflinRbYy85yYD5JpFQ0ugdcYsw7UZdA2WFTgdEDNyfS0fXFfB8gpWugluaFWlBE7K9mF3JtK9aJXudqrcv7x%2FVORqBLZb9E%2FZbaEOr024otRMgiZwj01v%2BBSqieLqiubDTov2bAxzjsAxY3d"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb9a7eea37ef-FRA

GET
H3 200 x_twitter_icon.svg
blog.morphisec.com/hubfs/ 460 B
2 KB 115ms
113ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/x_twitter_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-141944464032,P-1534169,FLS-ALL
age: 12573
x-amz-request-id: 5KV7DBQQ34K1JJ3X
x-amz-server-side-encryption: AES256
edge-cache-tag: F-141944464032,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"c7279b34bfee002c148f828d14255c4f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1698243363640
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 8OVftkuv4j6Khff8Nb5oAG2Y32IjKCXk
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-141944464032,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BrHcOlwDM+/pnG3YAhuqHBKXsQOL42tufIx+O/7bFOPda7IhOzqyN89yYVGcR1lyPbWEMyrKx0w=
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jGVygm2WZbrG3f4Fv4Sf1WzKhFIoxX8URBeLdQyeibdjEQ938r1iKcnmlxCEYIjunLDcq8GsWWg5b4aehd9O1heDq5Za31YqdwYd10pJu0z0CXZKioM1y%2F2xydGSyjIS%2BDNF4w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9a7ded9025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: _ZqNAmXcDyB9fskS45u_k2v1EqusRVOIzOaeR0C202COZ3bl4Lh1DA==

GET
H3 200 linkedin_icon.svg
blog.morphisec.com/hubfs/ 628 B
2 KB 117ms
115ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/linkedin_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-141945428832,P-1534169,FLS-ALL
age: 12573
x-amz-request-id: 3MWS5YET0SWAJE2Y
x-amz-server-side-encryption: AES256
edge-cache-tag: F-141945428832,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3ef5ac1f024120437e19fcc4abf556d8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1698243363623
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Bq5Mo6REJV_bnwvIwff4zb93JWXV7_WO
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-141945428832,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: P8rkGKzF4keaNPIPfyk0tsASTo0QaUCWBdpRp3qQIOmoqLf4PXe0SeOhFyGxz0lfejFhDXhgJig=
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KGyPEQNP9mdwh%2Bh8fnwBM6esCyXcOMIdF2vZjVVsHn6WlfJu0gbAT1ltIDdCCWl78anMeBuQLbM0RcRHZdoFPM71gfrCUS7SAvxm2UJOK9kIB%2FnHwke4b6K2SVLiU4jQBq8g9g%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9a7df09025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: lPA81Pq6byHhCt3_QS4_yxPkAYhnPWoN5Fz8gAmRR2ikTmSH8GGrFA==

GET
H3 200 youtube_icon.svg
blog.morphisec.com/hubfs/ 642 B
2 KB 166ms
163ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/youtube_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-141945248869,P-1534169,FLS-ALL
age: 12572
x-amz-request-id: PPY5SJM12YC2197V
x-amz-server-side-encryption: AES256
edge-cache-tag: F-141945248869,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"ced4da2370fbc2016321a375dbbed68b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1698243363649
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 6183f44271d091c21804d467f8a4ce20.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: sJlFqbLZ7aHbNE_.KGb6N9TqRjJsKyuv
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-141945248869,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Y072vs+y97GicnPB6CDQqVUF5nYcuxiFxzosoPQd0P4hWrGS+xDq2SjrXSTJHWXTwFjxWuec3PU=
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d1FCiFDS7csqrEfrvbtN4wCwZlB7TGODoKjTcJ51PGxw%2FDVbRWRgrxQxmjrFytNz55bv9Vg0ZorDGlFqk2BcuUZrEP3UXD2iQ2kpelpvAmgtAD6fGIGlXBwn5LrvXzabQeDLkA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9a7df19025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: Umrg_YvQZ1ifABIXyXYzUy2R2rxQRkDtlEq8hPceyURCnzqfpziMPg==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.971/ 13 KB
5 KB 103ms
50ms Script
application/javascript 2606:4700::6811:ae5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.971/embed.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ae5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
x-amz-version-id: 1gm1MaaLzWiIBc2FerIVtLdckhSMSaY7
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 346331
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jun 2024 15:05:39 GMT
server: cloudflare
etag: W/"26c40482b55a607cd44486a2958741d4"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GAI3uxaWt3le1Emqi3ekUyvVOhUSLWKsMpNJOcNN8FvLBeVXV4NI82sJev91fYMjVZr6h7qYfRJXDYDy2S5b%2Bpeq6tzK88LqWxXJ6eUKYFHCcvM%2FzCtqgfCrNDouu%2Bm4Q6yXfdNPqMeblbbBEiFFZRHHgqc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8912eb9acb369769-FRA
x-amz-cf-id: 4KGI5t64pXc0VBpiZlqrGzYDMFRUiAtNY-kZWNgC73HhfnStC05rHQ==
expires: Mon, 09 Jun 2025 17:42:48 GMT

GET
H3 200 svgConvert.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/ 668 B
2 KB 226ms
225ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/svgConvert.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 698XNMSNT54TC3V1
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"1cb72e618cce9cc73c57265e9b726362"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680697800276
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: SZXdPmhYHKeWP0u0ggYIHYhJ0L5KYvd5
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 01267464-31d4-43a6-a861-46b187dc5427
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 150
alt-svc: h3=":443"; ma=86400
x-amz-id-2: IAdAsb4P0gUlHIB8qDJ6vO9vidHdokx+OYvyCZk8IFSXmPvWOu+TRQRBS9FPOss1CsunM+ZFR2mXpP5eKsqOzoMu3Wk9xAXQ
x-evy-trace-route-configuration: listener_https/all
x-request-id: 01267464-31d4-43a6-a861-46b187dc5427
last-modified: Wed, 05 Apr 2023 12:30:01 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rIOcBoHXWx%2B%2F6VSLDz%2FmI8vp%2FDA5Js%2FhRWvF8KM8zGbdsOyPh2YTrrmyDjyiGv3FyyOyg%2FJlasO43YTUw9OcxnJB8XBBuP%2BWeZqZH26kYr5C3fpcjIKyV%2BU6X2or9lPzEnwoeg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8912eb9a7de09025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: VhWS-ezXd8eEm7gMkUI885gqB3tN6cHoMIvkE8x2GBzhClX8iEGiZA==

GET
H3 200 lottie-player.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/ 359 KB
95 KB 211ms
210ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/lottie-player.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: XG4SGBR4WCYYPB6R
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"9540cac57a5805fdde520bb1869134b2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681491232806
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CTo5DkzSjS7Z2UMEH7W3RDGvw45iU9vL
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 3bea0894-ec1f-4332-bd74-a1f475969202
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 153
alt-svc: h3=":443"; ma=86400
x-amz-id-2: oEtMFbclfHGidzjQpEZEWcUFX0jeTliOsGcowMDN2ZJFSVExxLOsjbmj6KaW8tWjkosIgBKK7Mw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3bea0894-ec1f-4332-bd74-a1f475969202
last-modified: Fri, 14 Apr 2023 16:53:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WYK5mAI4jIuhyk%2BvsEjn5d1fTdfAwKizTpypdUCrJ5U51qa9a64oTD4cQIwQ50P%2FSws5aKVCXnYjezcSC0BKbHrZf0Z8fiIU9Ik0wHWYDFVVbWaP5XSFZXSrmMzWmPmc%2BGuGZw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8912eb9a7de49025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: RfDEYOmqcEy2hJzRswpT6dlxiuiFv8gV3bx03VjaHfINplG1NfV3EA==

GET
H3 200 slick.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/ 42 KB
12 KB 246ms
244ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/slick.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: D1Z76D2B4MXFQQR8
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f6085c5be1a35b91955cf9abd5b2b0ea"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681177460907
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: uoS3eYGmK1dPCzG_bq7yGgNyq7YIozdd
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 449ed9a6-9e22-4b1d-bce9-f7a0bb05180b
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 214
alt-svc: h3=":443"; ma=86400
x-amz-id-2: RHsdXISb9Ka8uTpgm1raBYAXITzgR33tpgUGdJ9D3UlZX9QBPDq6eOt+vTuIx7bhVCKR/4+AJ5I=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 449ed9a6-9e22-4b1d-bce9-f7a0bb05180b
last-modified: Tue, 11 Apr 2023 01:44:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Ee4gdGrWmaowGQ%2BwsJDN1L7w38SfEfJbgx8f%2FZWnpKgeW1%2B1FR%2BSZecvHWnhEwvnJL9%2BKyO%2FaWT4WnO3KSHAUD%2BsojNpbnTkPxiEQ8a8Tuu%2BSU4yVxWYCt%2FqicbBETLcoeiaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8912eb9a7de59025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: SFZxPxi131VX8ikwaIlJWqUs-ajIQlwWyFKWOopKKUtyHMhyuqRF1A==

GET
H3 200 module_109590708858_Header_-_Global.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281038/ 1 KB
2 KB 280ms
278ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281038/module_109590708858_Header_-_Global.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b28f2758dd0c48fa0e8e33ccfee02f1b581b93484aae2af63190df3d4bcc068f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: E89JDQT3YN6R4AZ3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"48cafa9929e94f1a90da5d8bff870b98"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1712731281038
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ic4RHBFCPmyWvypLWH34rOyE17GmvrnL
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 11811928-6a00-4028-b2b3-1d1ecc5e5a16
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 193
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lN0Q+aYPnXvXE/JA9sz6vpTYGTbuQA7kRngm9QB6IVm8DFmy8FICC8ozSYrZZvuknQFW40sItCwiLne1pYHxIA==
x-evy-trace-route-configuration: listener_https/all
x-request-id: 11811928-6a00-4028-b2b3-1d1ecc5e5a16
last-modified: Wed, 10 Apr 2024 06:41:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jov9B%2FYuUlzJaY%2Bp80I04DSCyJbBDwy9SIscmFy3Kwf2xtr3NOTphjV67LNfDyPDfT4WVH5fX8P6w6Flg3mOweLHxRKavYM0ylpFYZXoorMQ7rQUiJhSrSRY0QBjDP0PFnTRyw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8912eb9a7de79025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: rK8Qobd-yIUG_nMbctb3YcdlglCE5KEUpXfDFFSL16FfmsiT4zaelA==

GET
H3 200 module_-2712622_Site_Search_Input.min.js Show response
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1717687438732/ 4 KB
2 KB 72ms
70ms Script
application/javascript 104.18.90.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1717687438732/module_-2712622_Site_Search_Input.min.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.90.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 267346
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f9134a973469f840bf03f740af92c65f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1717687438732
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5ff98687-cf82-42f1-8f35-e227da5a3346
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 165
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5ff98687-cf82-42f1-8f35-e227da5a3346
last-modified: Thu, 06 Jun 2024 15:23:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u5%2BLQApC0FLdqwHgRYpL4QHVt9xP7jCjVNdPHgoFQOl72k6ov47YC2X4%2FyRKsNXXX8PLj8i0sEkN%2F95%2BXP4wIDhNLW3wyFhmfLYzVVNNJl7zVKy6UBsQ%2F5j1FOUt5LDK4%2BY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-qd96f
cf-ray: 8912eb9a781cbb53-FRA

GET
H3 200 lazyload-min.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/ 8 KB
4 KB 212ms
210ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/lazyload-min.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 60PS19102AHKFCP6
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"67744f609bc5dbc8a0fb9fe0d5005f25"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1603042259630
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4SGyaLwa93KERwdBmZy9UM4.3aqx9djg
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9bf7a7d5-5602-45ba-8285-d8c3d4479514
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 175
alt-svc: h3=":443"; ma=86400
x-amz-id-2: cAeQuoUwECAA4f/+kiXZnh5GEPWt7H1rfslH6cel92fTXi5ZTLJ1WwV2c/pNTLW+PkOLEM6B77I=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9bf7a7d5-5602-45ba-8285-d8c3d4479514
last-modified: Sun, 18 Oct 2020 17:31:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=260%2FHr9aSc80xmEYSeNVjHChVDTp4T7rB4NVeu6dfUnfNH3B8BWxvy5IzVnUiDjTVn0abCn1r4armJlHBpKyJlfBuW2TPB%2BxnjjwFkyhtBqBVYkDxkgN%2Bukfs%2BBKfjWu19t7Og%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials: false
cf-ray: 8912eb9a7df39025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: KTRZJ3Gc_LRn-iY3ylcKpNwXelQ5fxlEt06gBwhmVs6xbDkPD4-60Q==

GET
H3 200 vide.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/ 4 KB
3 KB 257ms
255ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/vide.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: P553ZQM2EDM003BS
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"901e2d8fd2af243d3d8dd68e38fa22da"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xCDhIWpBzbsqxgnqK8jsUmPM_UWe2ml.
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: 37796c96-5e20-4cf0-88ad-bf5811a7b1dd
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 129
alt-svc: h3=":443"; ma=86400
x-amz-id-2: m9+ocZVcws9zVZDj0asaWb2T2WcBVAAlFwgzs44Z/7I2fAiOy64BXwLTSyeghS5WQ1QgGQzQIX/uWPwNrGrtQdsCi2wmCjHH9qCmcqIO7Ew=
x-request-id: 37796c96-5e20-4cf0-88ad-bf5811a7b1dd
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 30 Sep 2019 05:35:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WeQWAozxrZzTmDN7eGbQUcOW9Pdc93F%2FWNLwzoAjdGLmvP56flaX121t1hqktl9K2lbwcX4TA%2BXq%2FEMCwQy%2F7czvqkWagsEqhHKS%2FY8xQ%2BahybHSZefSrF8vIImqwRPbaw2lPA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
cf-ray: 8912eb9a7df89025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: 4ItJp3PfHLfMrhvGpK4oO20n1LEC4fWIBJndtnCWoMnuubn3twUl6w==

GET
H3 200 magnificpopup.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/ 20 KB
9 KB 236ms
234ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/magnificpopup.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: JZ4R1M0XEN59HA08
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"ba6cf724c8bb1cf5b084e79ff230626e"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: AenlXmDNTXiJmWpCG4hF_X9US4k8ofw.
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: 400f9d7d-f0e8-4a64-9652-58f168564b84
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 168
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 0cA0WNlFy3YqnV/Wwyzzevo6F5wNRCbNKerUxaoWEKoMN2yGcOHMM/QaCZWwxlIxC7cl2qMMGv3IaLeeGb6048ASKAg58gtLLcpYn7wT4uw=
x-request-id: 400f9d7d-f0e8-4a64-9652-58f168564b84
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 30 Sep 2019 05:35:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xkU8eIgunK1XFtP1yr%2FW1UEqQVDzRnL4%2FgSjunlAWZsj%2BzrVwV2EkRl3PnkSUd9KT2dCUcYMKkm%2BHhdoKTsWM%2BES44qjgcxYR0xLKHbJ5gbTMxwN5hh%2FJXBKwtSOBdhzcofymg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8912eb9a7dfc9025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: kvL9MeMyffF68A12pT9uh7ugo0WYPyoQY4vzKZuFAg7tZiNBoPBtww==

GET
H3 200 Morphisec_Sept2018_script.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/ 166 KB
43 KB 434ms
432ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/Morphisec_Sept2018_script.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 60PKSPWPVERYHG2M
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f7327c38d9f5aeef245b0ee300152178"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1671716922383
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d1cde188ada6755fe03b8541b71fce4a.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YMjvkoc5EhQ12za.7KqifcSwG8LKYS3S
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: eac3cd15-9495-490c-8884-e63eae06baf9
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 213
alt-svc: h3=":443"; ma=86400
x-amz-id-2: aIfsUNet6oYYdTBWBxjfp0v917wGVM46z18sMoFIPcpcUqaJED5bPfxY1FLcibuDBIJU4Dn30KEYrtEUHwK1xeK3aUCJNphc
x-evy-trace-route-configuration: listener_https/all
x-request-id: eac3cd15-9495-490c-8884-e63eae06baf9
last-modified: Thu, 22 Dec 2022 13:48:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BIfbYbfqjDb0CwxiSetkeTdZNqy%2FFrWSYdIsBgpR41VjiPdtHsgIHSkBtlEMd%2F%2FxpumzMRDylhDdt%2B0PJqjU98iXimZM1XezByMgYQvOkHLr%2FRzUCCSll4vebbwZsvWWcgAtKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8912eb9a7dfe9025-FRA
timing-allow-origin: blog.morphisec.com
x-amz-cf-id: O6swmMYsESHWrzb-DCEtaLJH-EuCK5NBELb9qoIEATsuavdHAQfnQg==

GET
H3 200 1534169.js Show response
blog.morphisec.com/hs/scriptloader/ 3 KB
2 KB 280ms
279ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/scriptloader/1534169.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

89024fa0f34e0d8d4355dbc5a23b87a4f5a44b796ed4d7771866d711431ba681

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 23a4a052-d88a-4508-a531-8357c97b8b01
content-security-policy: upgrade-insecure-requests
x-envoy-upstream-service-time: 13
alt-svc: h3=":443"; ma=86400
content-length: 711
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 23a4a052-d88a-4508-a531-8357c97b8b01
last-modified: Sun, 09 Jun 2024 17:30:27 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-blxph
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CdiBfP%2BKv%2BofW2Gi7kzdAJP2gAeYOoTwfWjScVhNdEa%2BR0Pu28gCE2RWsj2LMZ9rkppi0YaVT6sLTjsyu9OUGvTa1QVqMeegwGyXGdFPYbA2vFnUBDSgCcjr%2BYPbZJrlaIAD5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8912eb9a7e039025-FRA
expires: Sun, 09 Jun 2024 17:44:18 GMT

GET
H3 200 index.js Show response
blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/ 12 KB
5 KB 140ms
139ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: gzip
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7003749
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: 1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 15:59:57 GMT
server: cloudflare
etag: W/"5885ac5129ee80f8b7e1e228e142587d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oHpgaPooGxxHP%2Bnd9ANtUKO6%2BWj40yzwx%2B6VDcdW5rKtLUXzvWDrZcR5KzoWyl55o3HAe3Q%2Byy1E%2FaGW2nKtOR%2F%2BoEGyPuE6AOiJDcHD3wvhpJaWnj%2F7juJ7sxmdDAZgZ%2By%2FKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8912eb9a7e079025-FRA
x-amz-cf-id: LBGxxkuxmXbhcFaI-NR3fKwzXfE0BgYFZAIA9oCaZx8Z6HSTKhi43g==
expires: Mon, 09 Jun 2025 17:42:48 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 254 KB
88 KB 111ms
55ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

72e0e14a6e4f28e1fd073245c8190f207d11fe358e3f679327ccf1a880dc28af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89342
x-xss-protection: 0
last-modified: Sun, 09 Jun 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 09 Jun 2024 17:42:48 GMT

GET
H2 200 banner.no-autoblock.js Show response
consent.cookiefirst.com/ 63 KB
24 KB 28ms
27ms Script
application/javascript 2400:52e0:1e00::1081:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/sites/morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/consent.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: Cookie First CDN-DE1-1081 /
Resource Hash: e310c4e689e7bcf75fda1bde019d6e4fb564d95da0b9a7d04fd7e68d9673a444

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: br
cdn-edgestorageid: 1081
cdn-storageserver: DE-662
cdn-cachedat: 05/22/2024 23:50:04
cdn-pullzone: 236985
visitor-location: DE
last-modified: Wed, 22 May 2024 14:39:11 GMT
server: Cookie First CDN-DE1-1081
cdn-fileserver: 588
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"664e038f-faf0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=1200
cdn-requestid: 3e2b3e235743d4c3d20bbbb37249d21f
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 hotjar-3506314.js Show response
static.hotjar.com/c/ 9 KB
4 KB 111ms
54ms Script
application/javascript 18.66.102.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3506314.js?sv=6

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-106.fra56.r.cloudfront.net

Software

Resource Hash

fd3af5690e3288b6b4596c820e76f5c24dca32bf023257932d8c96031bfcf0f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 5d5481cfa85227a3fdd5ff0b03093c62.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/62676c805625a3892e2fcc5220bbd910
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: I836O22yJmUrysNEOcQRC6MdcuwbYrIORpVJ8OzjS0-wWSS5GwAfjA==

GET
H2 200 css2
fonts.googleapis.com/ 57 KB
3 KB 83ms
32ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1709023725071/2023/CSS/old-style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f322afdaf7184e4ddd7fca589f89cdd7e2e2721dffbf8abed7cb1eca88b0915f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1709023725071/2023/CSS/old-style.min.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 09 Jun 2024 17:29:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 09 Jun 2024 17:42:48 GMT

GET
H2 404 version.json Show response
consent.cookiefirst.com/sites/blog.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/ 678 B
1 KB 121ms
61ms Fetch
text/html 2400:52e0:1e00::1081:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/version.json?v=1717954968746
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: Cookie First CDN-DE1-1081 /
Resource Hash: f62504abbb867b0d53b4d90d746313621819f2c5d39ceab4695ac2b0ef8cf223

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/json
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: br
cdn-edgestorageid: 1079
cdn-storageserver: DE-588
cdn-cachedat: 06/09/2024 17:42:48
cdn-pullzone: 236985
visitor-location: DE
server: Cookie First CDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 404
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cdn-cache: MISS
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control: public, max-age=5
cdn-requestid: b1e2e1884e41f5789fad1afa5f78e9fe
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status: 404
cdn-requestpullsuccess: True

GET
H3 200 Montserrat-Regular.woff2
www.morphisec.com/hubfs/fonts/ 64 KB
66 KB 166ms
111ms Font
application/font-woff2 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-Regular.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-109620535302,FD-109627043208,P-1534169,FLS-ALL
age: 12572
x-amz-request-id: 64E09KC2V5JB872J
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109620535302,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "6b8307d4d485772acfa7afe8265fb942"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680693119101
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 429f4d0dffb8bf0b68cf2d9d500542f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nSDGlIqPXu9uV3l2fdqqNA5m3fzDIOo2
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109620535302,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 65900
x-amz-id-2: OuPDYAF8Y6pRMy5iNUlze2bM9gJIlJaFFxJV2veYJ4WTiKhUEkTU+zBM0Z1YRNIWtg1gUU2Fk5s=
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i8VDaXY3pT838F5To4U1OKUGOlXU%2BshhnQIAQ1MEwOphEn8aHgYRFfQ%2Bw%2BlUlPJidJ5aRChSfcVChQRZ%2Bgcqz%2FSzzaOT1JtIjxApX3ZQCIWCdFUuTDyEchs70XmVeOf6jCu5"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8912eb9b6fbb37e4-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: KGEdqojuGd00yCAEoJhbIwER7j9DF_e-j9aYawO50ZyWW3jeCzaiXg==

GET
H2 200 3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
no-cache.hubspot.com/cta/default/1534169/ 2 KB
2 KB 158ms
157ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
x-amz-version-id: ulKQMNoMzME6ZWTBPDeq_A_qJjzsu_Xz
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: VW6WW6VAMF6TNJPE
x-amz-server-side-encryption: AES256
content-length: 1631
x-amz-id-2: gyGH08/iegOcfQnGMiWSwJvHI3ZfiZkJ9L4X7Iwnm3NwokKg4RzRVSCS8Y9NZh0BpA0YQEetIzQ=
last-modified: Wed, 05 Apr 2023 16:30:06 GMT
server: cloudflare
etag: "3d5f63abc7db36507720723f2c0d0e15"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6zt2KFIV%2FghkoCl1UhMmgzdxJPx%2FIAwui1t%2BJQct8CoSMz8dymodw7Z9M8LknrhxvI3qpNeXs8ltDloe75XRcQHTuiRlZ7TZsSSqIZH51tqmh5w1O7CCAWr0NyD8JpNuIeU15NeEqCWKgKoUwrYaLltm"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb9b0fdf37ef-FRA

GET
H3 200 arrow.svg
www.morphisec.com/hubfs/ 271 B
2 KB 152ms
104ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.morphisec.com/hubfs/arrow.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281837/module_109590708858_Header_-_Global.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109679247133,P-1534169,FLS-ALL
age: 14571
x-amz-request-id: DR9MTN9QKB0N8PTQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109679247133,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"4e0f4888e02de418e83ed88b0fb6b77b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680710835406
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: NbewtlYhb0U79FAEY4s37zmrf8HRhCTq
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109679247133,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: P8JLcPzwwAGZnQtt8L7Zz7EONC4hFEZoe9m3UpF3ILFr6pzmQmauxSlR1OxfRK/4ZKsBNBAP2Lw=
last-modified: Wed, 05 Apr 2023 16:07:16 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ixwAnYRybQDCFsSSYxPIRTx7sV8KJw6bLm3uuxjYywR0YBcXaJFcRX%2BStO4qcZRXGxMRAoygV29Fx2SvQWjFyMpSc2Y50MyGnM%2FKC1vxvDsY2EvHdvhVwDL4IEkh33a%2BakAv"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b5bfa2c4a-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: OXnSov5x0VvBwegcxfrVGuliDJF5-NNyKkl3mveM4g1pcBv8Kg0ozA==

GET
H3 200 arrow-white.svg
blog.morphisec.com/hubfs/ 349 B
1 KB 138ms
138ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/arrow-white.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109627044436,P-1534169,FLS-ALL
age: 14571
x-amz-request-id: DR9GMYA3GHEMFZNG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680694543135
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 362b298821815168614ba932732916ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: NPuCNlg810R0YCc6uLonqEzwW8Xztt30a3EHTpExZFoCIMuWzP9ALqp4jXcfABTkeVtvPlu7AHKdUOulqLh4j7Tm6rluA5df
last-modified: Wed, 05 Apr 2023 11:35:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P1VA1b61aBbOTxW2rY2I2jxDZgeyPnnJbqmNiOhqMVMXmq31X2Tj41ckhxlx38ZWj1u%2BCkA3SDw6UfIpz3PlL9y2rKvCn4N8ydY2w8aL22nQwNfwHK%2FsoYObfi9sIkE992y5Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b1ed79025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: kGapFjK0WW9c8s7oSveYnrJ77nk-mVKGkDgTZE-jrZ1rlF3mpDhafA==

GET
H3 200 cybersecurity%20threat%20research%20blog.jpg
blog.morphisec.com/hubfs/ 4 KB
5 KB 150ms
150ms Image
image/webp 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/cybersecurity%20threat%20research%20blog.jpg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-129397473892,P-1534169,FLS-ALL
x-amz-request-id: 5KV4BZBHA35K2F40
x-amz-server-side-encryption: AES256
edge-cache-tag: F-129397473892,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="cybersecurity%20threat%20research%20blog.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "2b7b7ed7eb036c12623f2218a7bab31b"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691668529263
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 bdba42cf1410fb617eeb4ffd3e0b9cb6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: c0ZTjM3EuQi57sUJlqRjc9N65oFUDRbx
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=26491
x-cache: Miss from cloudfront
cache-tag: F-129397473892,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 3770
x-amz-id-2: uYu8GuiIO1eUx0FgWeG8w5YVRndnteUVnuOTf2dlh0A7oQDb3rD9lcUiElgdbAo6V4dtH9rNuP4=
last-modified: Thu, 10 Aug 2023 11:55:30 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZrAxLoMkyJJWTmkhRDtD3OqpG3XqKJIeWQSlnj2COUlvAQFxXWRogXW4%2FqE0knK0cJ2%2BxE4FyFi3lkTBv8dhEi29IPSCvz0ZhaESiBjwiD6AS9%2BN4EHPdju0tH4MEN37XJ3f%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8912eb9b1ee29025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: uheSV8bM-uZGNYxE8XOSQcfr48s1r8xPrMmDXge2YsISlX1KmgrONw==

GET
H3 200 footer-bg-01.svg
blog.morphisec.com/hubfs/ 1010 B
2 KB 142ms
141ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/footer-bg-01.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-110476466060,P-1534169,FLS-ALL
age: 14571
x-amz-request-id: DR9HBHD23X1B6H5Y
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110476466060,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"2ede0c7ada32266a0c611cfc210050ce"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681221340353
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f2b02f5afeb695ea85b659be98f49e92.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: _gIdfKK3n3930Ooq3mAnm0BVYetLtdSX
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-110476466060,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MMdfq0462kOKHU3E1DDt2XXYrTgKcfwhl+VODh77I3eWwOr2b8+dyUput+XFiudSNKvM8Gqld0E=
last-modified: Tue, 11 Apr 2023 13:55:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBn8dMHWqm1T7tCPji8GIDCqakwHWTfbPgNRBqyOwMKHxGiubg6%2F9d1t62yedpOqw%2BkeH5oPnsOZuw%2BXdJJ6eSpRdBtiMQTXJxl8L9UCZ9P4YswQGbTb6y%2FTkGQpkSHfB4JBTg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b1ef99025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: oRl98F-rvHzNc0aDH4RDvtY0FJtwzjesXoQFssAC-LjeAFrUI98UaQ==

GET
H3 200 Montserrat-SemiBold.woff2
www.morphisec.com/hubfs/fonts/ 65 KB
66 KB 235ms
210ms Font
application/font-woff2 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-SemiBold.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-109621325689,FD-109627043208,P-1534169,FLS-ALL
age: 12572
x-amz-request-id: SVD7J153FHJTFKC2
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109621325689,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "09e9af57c990afbf2833f00d90880b6b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680693119436
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 a17242a6cf9be61e0412ecea1610cbde.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: N4AY2AcWVnuw91nHKeLaBhsvto1u2FqE
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109621325689,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 66104
x-amz-id-2: 9vG6cZ9LiSss9kuP9dNdm58VrcYikCsXfdexZg9ynSZ7YKesBYMe5wHt6ExswHwi4+r7P7ULksc=
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bP5rUBxTbDIe01xkuURx6BcdTyDQuR8LiQACliljJ0pHvfdykgGy7WRb4ksNywD9CMjwl%2BFblkv%2FNo%2F9h9xZK5DlfUZOwHPAVus9SQ7dQ8OmUuE66vpPL%2BAQHgLz%2BnqxJNco"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8912eb9b6fc437e4-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: ctAYXXvfldFkpxaKv66EmeX41Jv5NrAmfqpYFwI6BwL-vY54c-o9Nw==

GET
H3 200 Montserrat-Light.woff2
www.morphisec.com/hubfs/fonts/ 64 KB
65 KB 210ms
185ms Font
application/font-woff2 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-Light.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-109627043216,FD-109627043208,P-1534169,FLS-ALL
age: 12572
x-amz-request-id: ZYEXQ0RFR0SXMN76
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109627043216,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "aab897981ce728bf9faaf8d7e9273e82"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680693119255
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: pc80gFZ4d8MJD6P02C8Utp.DAeRoai1s
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109627043216,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 65268
x-amz-id-2: JlpVyBh4W2xi/3m2dHkNjIlh7KqUcDuaMDy+9za1ijnd7XrmSXVFtvIt3HstadG5asSFMPboqzgKKy1DJTFyvg==
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1dxBvvlssdB6iB5ngJV7e0m8KCSBDOd58xZmk9KkrnWoZfpsYB7PEdlb%2FBBfKg%2BinGzVyyi81samlurzYiFzkru97WyjINv%2FPSjKkgBsgLnfeE9cKWy8t9VfMG72gyWX6AEs"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8912eb9b6fc037e4-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: GwreaGWFcgp7FK3nrK2aRXgefsuYTyoNpQliQaxIsyQ_IAvt-ufJfw==

GET
H3 200 Montserrat-ExtraBold.woff2
www.morphisec.com/hubfs/fonts/ 65 KB
67 KB 613ms
588ms Font
application/font-woff2 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-ExtraBold.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-request-id: K1389BEMAN068JRW
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "4e861b47db165af12ec0447c91b0167f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680693119362
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 85310f8b6878a9cfaa0218e021ae364e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Ai1BLbuGpLfH9Dc8qMneVI9MZINf4ZFA
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 66876
x-amz-id-2: MpKs0Sjry6fBtGHDvNsVlYw9i/qIN9JMBdjgcrr0nfhWRFedkv+LQEV/yg7adBmD0F4rva2OwysjmTbq7M4N6Z1ugfjFAdqY
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jkr3AsT%2F7WXC3seWnEhEKPlDXQqBhumn9PVVHfrnyuf7aKG5OxFOzXui17nzaJSCTDz67xQ%2B%2FVzCoIzpF5wq%2FJ0ZHLBV4byxquZYwTWnD%2F50Mz0ZfI9ye9rnf3UF61%2FfFe%2BA"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8912eb9b6fc637e4-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: nM86ORLY7par2XiXISj1ajpuzdenOGU4rNj7ODcdHpWCQht77XWEpw==

GET
H3 200 Montserrat-Medium.woff2
www.morphisec.com/hubfs/fonts/ 64 KB
66 KB 160ms
135ms Font
application/font-woff2 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-Medium.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-request-id: FT10XJDHC07A8HJD
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "16c1a5b7a2037ec2bad9740c8b0ff8ee"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680693119004
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4ce5e5162c2d4fc9022ceb290f794ffe.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: FUjuK6I4k.9p.Gx8MyhsJW6pvpTlo4q4
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 66036
x-amz-id-2: hxeTNgDOAtupfM9nZmIsXh25cddARSLSpjxk5ORWbYbl6D8vHf/S4HXdc2SsWNc/fNS5aRcH51cpBJSJ2yyFLUsWTkSfxIDt2mTHijF6GCE=
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EMMHVOR%2FHOZNUNnInTYH8dIBRv24vl7i6ZIQylVLNPwnxtbSnZMJ%2BdorC3SZWgsMW01QubdOw6%2Fd1tASEPHzUKVrXZNg0LRchHcRLEH4Xdt2gubGMk5aZUFx%2FddHIthZVoXu"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8912eb9b5fb737e4-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: eQ8VfxmUvIO6i9TjoxcjgToeDw8PxL2D-UOEz_NQhUqR-knvnt-PEQ==

GET
H3 200 search_icon.svg
blog.morphisec.com/hubfs/ 350 B
1 KB 108ms
108ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/search_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109619762806,P-1534169,FLS-ALL
age: 12574
x-amz-request-id: N83RXDEZBCD54J4G
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3d95f4288550b5cf8de25c3fedbd715b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680691466397
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 bb8a874d65e0b595aaa3d9aa3f930102.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop: ATH50-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Jhmue0YtUB6bRHV5+xYrGfYlMAi2svy2OuvLebtJbKICc6sv0Uyl9nMQ+kQ3qaiGy4/0QeavfNo=
last-modified: Wed, 05 Apr 2023 10:44:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Gyz4K35%2FnAdu0E6s%2BdOkaLO2EsR16T4JU71%2Fd6qK0XqTP%2Fy97vF%2Bm1otvOWr2jFMZ0xdzEGI4ieplLcj1ihIGf5CDqpRhsgoYh10LdE%2B%2FW5lH5RXZeHLUPUHDuVThzU463Gmg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b3f109025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: AQAz_-2gccUjYCI9rIgvF6K8JEs8_2o8uCS7FZ4OTzvgpXMUJbM0uw==

GET
H3 200 blog.svg
blog.morphisec.com/hubfs/ 797 B
2 KB 126ms
126ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/blog.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109682604959,P-1534169,FLS-ALL
age: 14322
x-amz-request-id: 75XVDRC60YKZ81CQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680711424510
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3W+dw2WT65M2sIeXOwzQWhCmJ8tUIxYLZbGirGsC7bd1Jm9aEnDDQVU4upiLEb3t7SUtLx0Ragw=
last-modified: Wed, 05 Apr 2023 16:17:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTTA4ngtnYq9k6qzVAi8EF5OktmCn0yu%2F1Mr0NmMwVuCy%2BxmwUmfRnaY1Q4fuLEGK%2BLcM70%2B9U4x8%2Brflo4K8yfcnaUwlp%2BWGuzsENhmEm7bV1ahlULT8VfK5SFUrnQeuPl%2BxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b3f179025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: E2HMTmu_VrejzI-DzMHGd-d6tchK1S5p307BVCPmb_nc1g6GdcgoTw==

GET
H3 200 Morphisec_Werewolf_1200x628_v.1.41-ezgif.com-png-to-webp-converter-1.webp
blog.morphisec.com/hs-fs/hubfs/ 54 KB
55 KB 955ms
954ms Image
image/webp 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hs-fs/hubfs/Morphisec_Werewolf_1200x628_v.1.41-ezgif.com-png-to-webp-converter-1.webp?width=1200&height=628&name=Morphisec_Werewolf_1200x628_v.1.41-ezgif.com-png-to-webp-converter-1.webp

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a347ea34a470dd127acceeca1bd03e781aa2f248064c300ba2d27d81ac90a3d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 3199fed6c4260c9448326645d333530a.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-169578897286,P-1534169,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 55046
cf-resized: internal=ok/m q=0 n=822+0 c=11+0 v=2024.6.0 l=55046
last-modified: Wed, 05 Jun 2024 17:43:44 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfC8yr9J2aHcAkT8r9HMFuIBc4P85LQoHV409H_JZsDQ:9d2b38e2508b58416b7d5469baf2d0aa"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SVVzlBpSXBZ%2F5y6kKtkRg610jJuNhXb3SoviI%2BVxAymVDKjJnXdOPNuWyjg9oMlRhuxoAIj2q%2F3wox92VZJITRI9Z370dU3XCybAl4PqGdOdi%2FF5BWzMUNkt4UyMD7XYvr4quA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8912eb9b3f259025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 AttackChain_2-ezgif.com-png-to-webp-converter.webp
blog.morphisec.com/hs-fs/hubfs/ 50 KB
51 KB 2035ms
2035ms Image
image/webp 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hs-fs/hubfs/AttackChain_2-ezgif.com-png-to-webp-converter.webp?width=2501&height=1309&name=AttackChain_2-ezgif.com-png-to-webp-converter.webp

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7aaaa35f71c2759c365534f95547697d30e5ef8863ec17c4ccec17b3af2705

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-169579739174,P-1534169,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 51268
cf-resized: internal=ok/m q=0 n=780+0 c=245+894 v=2024.6.0 l=51268
last-modified: Wed, 05 Jun 2024 17:47:11 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfedg5y4uVN_2FPNB2q7Ar54AXUQdJaJU54KlRhswcDQ:2af0f4cdc6d40f7e5c90d0e2d6628519"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWYfGv6oymDnkcYSAvSaQKzVq6a0nYnCJv2WTZmpHDyw69VHeztIRtWc%2BAwg75FZC7J0Zt0W0UlY4JLYq4TQLSPORNnsMeOg7wlZa9TZOGblHUEX866j4OHcyCNSAkjWMdpq7A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8912eb9b3f319025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H2 200 modules.349061f2d87d84c4c336.js Show response
script.hotjar.com/ 222 KB
55 KB 85ms
27ms Script
application/javascript 13.32.27.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.349061f2d87d84c4c336.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3506314.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-54.fra56.r.cloudfront.net

Software

Resource Hash

5ade1526f1674ac49650f04fa328b8aec7266c24c9a045f5efbb96b6984422c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 11:43:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 2e4a0520ad8fe16707823b20e9441e08.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 367181
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56093
last-modified: Wed, 05 Jun 2024 11:42:10 GMT
etag: "4aa8ac29ac41e30cfd27b0bfd1a19aca"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: JLNaMvXNQQVSob2hL5opWNjuK1LJEAWqBcvj1Z68gNtzdASFbAcl2Q==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 322 KB
106 KB 59ms
58ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

251aa5ff63515634f1df6e55afca9f9eba82ca399cf25be7707b9dde280eed60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108352
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 09 Jun 2024 17:42:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 322 KB
106 KB 56ms
55ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QY7QHR57BF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4a39a8feebc70107051128b873cf4cd30c49875bdade70a57f9ce4f5959f51a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108242
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 09 Jun 2024 17:42:48 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 82ms
23ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 09 Jun 2024 16:29:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 4420
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 09 Jun 2024 18:29:08 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 219 KB
59 KB 83ms
24ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 09 Jun 2024 17:42:48 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57975
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=24, rtx=0, c=12, mss=1297, tbw=2808, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: lQDcLQJWPt9z+rjieiEWrSkirQ7j5UdfWQGY/iNXrohqGxbgyYDzG/PSVPnUM+Xa3szAtSECq5jkYtyyGuhNzQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
x-fb-optimizer: 0
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
17 KB 126ms
42ms Script
application/javascript 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=85429
accept-ranges: bytes
content-length: 16683

GET
H2 200 8424750.js Show response
snid.snitcher.com/ 24 KB
25 KB 253ms
181ms Script
application/javascript 18.193.30.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/8424750.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.30.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-30-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 018858a91ccdb86bbf15086869c68df64ea3a8b80544c059df93197242a31bde

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
x-vapor-base64-encode: True
date: Sun, 09 Jun 2024 17:42:49 GMT
cache-control: max-age=1800, private
content-length: 24862
apigw-requestid: ZHFv8gq-liAEJaQ=
content-type: application/javascript

GET
H2 200 tags.js Show response
tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/ 17 KB
5 KB 304ms
241ms Script
application/javascript 2600:9000:2670:6600:7:d7d6:3c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:6600:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Clearbit /

Resource Hash

3fc6f43f8d589a8e68a0242c1b868cc5219f5bd368d1b960af52716a8541dfec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 3d95fd99ed5f07db9d464a35af433056.cloudfront.net (CloudFront)
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P9
etag: W/"4dc4ea822cc55aa67719411f6076fcbc"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
x-amz-cf-id: R70t15WPwzFB1YlplUaJadAIfNkojRuGq7xwfppA5xo6My5oFwAbKg==

GET lt-v3.js
lltrck.com/scripts/ 0
0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
225 B 29ms
28ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=888594073&t=pageview&_s=1&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&ul=de-de&de=UTF-8&dt=Howling%20at%20the%20Inbox%3A%20Sticky%20Werewolf%27s%20Latest%20Malicious%20Aviation%20Attacks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=325230849&gjid=338494567&cid=1372350684.1717954969&tid=UA-60065248-1&_gid=696647789.1717954969&_r=1&_slc=1&gtm=45He4650n81PQBJZ8Kv897572158za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&npa=1&z=1677084945

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8d1ab314c5802e0fb9580452bd6e3c67918198a9a5ed8bcb3697959e785a7d9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
257 B 84ms
30ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-QY7QHR57BF&gtm=45je4650v898987771z8897572158za200zb897572158&_p=1717954968681&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1372350684.1717954969&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1717954969&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&dt=Howling%20at%20the%20Inbox%3A%20Sticky%20Werewolf%27s%20Latest%20Malicious%20Aviation%20Attacks&en=page_view&_fv=1&_ss=1&tfd=817
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QY7QHR57BF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
48 B 96ms
32ms Ping
text/plain 2a00:1450:400c:c0d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QY7QHR57BF&cid=1372350684.1717954969&gtm=45je4650v898987771z8897572158za200zb897572158&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QY7QHR57BF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 92ms
58ms Image
image/gif 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QY7QHR57BF&cid=1372350684.1717954969&gtm=45je4650v898987771z8897572158za200zb897572158&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=101208281

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
352 B 72ms
31ms XHR
text/plain 2a00:1450:400c:c0d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-60065248-1&cid=1372350684.1717954969&jid=325230849&gjid=338494567&_gid=696647789.1717954969&npa=1&_u=YEBAAEAAAAAAACAAI~&z=1992432866

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 09 Jun 2024 17:42:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 284 KB
97 KB 59ms
59ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4GZ4VXKYJ8&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

79b4cc0ebd3cc53f681c4d0d6a716fd57eec898847218214dbdcd58c619fa42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99728
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 09 Jun 2024 17:42:49 GMT

GET
H3 200 json Show response
blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/ 11 KB
4 KB 378ms
377ms XHR
application/json 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a37f5a9973bff7d81c31172cf62267c3adec166441cdcee7803dedc397a9b0a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/json, text/plain, */*
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Sun, 09 Jun 2024 17:42:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 39fc06fc-f7bc-4eb3-b19f-00990993999e
content-security-policy: upgrade-insecure-requests
x-envoy-upstream-service-time: 26
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 39fc06fc-f7bc-4eb3-b19f-00990993999e
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4lbrq
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YNOU%2F2sP5KjD2KuXXXDkfZpm777aLhpukiElLOkkXUyglflk7b4WEoF%2B5fQ871fDhsFAy3B%2Bsq27TJ6xz0WQZeElqTmu%2F0NkLOjapEyhwDi4n73m0NYBW87sbhtHjXLSIuteSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9c88e29025-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 106ms
35ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220119-FRA

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 123ms
43ms Script
application/javascript 2606:4700::6810:4769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: EZPGEPEQRJ835T56
age: 5933
alt-svc: h3=":443"; ma=86400
x-amz-id-2: vj/H9CfyiKNwtvLJrelCw6CtXo93qB0KDTwbomYs8Kf/kZA94jYHXVgMqek/RNtsa+9eO7BrPxA=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 8912eb9d0a604d52-FRA
expires: Sun, 09 Jun 2024 21:42:49 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 24ms
23ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c634ed089a8d415d0a638e10d1c8dc69bd091e2e4bde14cc47592e5cec14bd91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 09 Jun 2024 17:42:49 GMT
content-md5: vmwmvZhPKCr+yx7STvj30Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1684
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=26, rtx=0, c=64, mss=1297, tbw=63513, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: VQbuCj0UEHTxadeJvd1W+c+X9B6eR2hSkMfaMz47mkp7BbB3IgsrDiiMIirdP2rbOnKGnkXvGv+LPor4bEBI0Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 2da62c635c234634dd64f1cc3782de21
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "d0737d5a177aff917cea568bb60b66cd"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Sun, 09 Jun 2024 17:46:22 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 110ms
28ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 09 Jun 2024 17:42:49 GMT
Content-Encoding: gzip
Age: 1353
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/67BC)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

POST
H2 204 collect
region1.analytics.google.com/g/ 0
46 B 39ms
31ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-HFVX4VZHCS&gtm=45je4650v897583451z8897572158za200zb897572158&_p=1717954968681&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1372350684.1717954969&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1717954969&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&dt=Howling%20at%20the%20Inbox%3A%20Sticky%20Werewolf%27s%20Latest%20Malicious%20Aviation%20Attacks&en=page_view&_fv=1&_ss=1&tfd=862&_z=sendBeacon
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
46 B 32ms
31ms Ping
text/plain 2a00:1450:400c:c0d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HFVX4VZHCS&cid=1372350684.1717954969&gtm=45je4650v897583451z8897572158za200zb897572158&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 64ms
64ms Image
image/gif 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HFVX4VZHCS&cid=1372350684.1717954969&gtm=45je4650v897583451z8897572158za200zb897572158&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1378641776

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
24 KB 220ms
151ms Script
application/javascript 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
x-amz-version-id: WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: fe81d465-dc9f-49d9-b855-488906db1bb2
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=8912eb9d5a0b35e4-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fe81d465-dc9f-49d9-b855-488906db1bb2
last-modified: Wed, 15 May 2024 14:34:44 UTC
server: cloudflare
etag: W/"7d377a186677c174f204d466b8fa5fdb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-9c6mc
cf-ray: 8912eb9d5a0b35e4-FRA
x-amz-cf-id: jrupasktWfE4deoQ3kijz7YlhX1FYRdb7NSSSn6236_sXIUWZiyqnQ==
x-hs-target-asset: collected-forms-embed-js/static-1.503/bundles/project.js

GET
H2 200 1534169.js Show response
js.hs-analytics.net/analytics/1717954800000/ 74 KB
26 KB 235ms
174ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1717954800000/1534169.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0860cea05a45cce23e1946837fd060d75a13aef98275aaf5262e9dfb1e4a388c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: YQXM977N4RMG6DAB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 78f1b403-93dc-45f2-9d11-22cdf5128d5f
x-envoy-upstream-service-time: 37
x-amz-id-2: N1CP7jIgg8jXtZsZL1X/j/ELfq+PoSAaGrfVUeM8RZzlwNcI/PMo6I5aiqh9PXG8E5paX3LQ884=
x-evy-trace-listener: listener_https
x-request-id: 78f1b403-93dc-45f2-9d11-22cdf5128d5f
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 30 May 2024 20:49:00 GMT
server: cloudflare
etag: W/"24993f61b04f3084fce74b9ca89e39d6"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-gnznr
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8912eb9d5a722c53-FRA
expires: Sun, 09 Jun 2024 17:47:49 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
92 KB 594ms
526ms Script
application/javascript 2606:4700::6812:8b11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
x-amz-version-id: HLkmxotJV8gQ_mnvhNwLT9fnVmh1uWjb
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 930ed0ef-dfed-47b5-b91f-8912bf17b252
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js&cfRay=8912eb9d6e9e1da6-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 930ed0ef-dfed-47b5-b91f-8912bf17b252
last-modified: Thu, 30 May 2024 10:22:15 UTC
server: cloudflare
etag: W/"be45bdb720f44c8db4ee42bc228ff2a8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-rcvgx
cf-ray: 8912eb9d6e9e1da6-FRA
x-amz-cf-id: CnpeJz5G9fU4jvtXSm-aMLCooohrRCRIRFGhg17LwjJc20P5eg5cnw==
x-hs-target-asset: lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 99ms
46ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47d1036cdfb7fa765e45f0f3d193baadcd53005e95a2f9bf7b531ebfbf41ea2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
x-amz-version-id: tGbAtiolnAFnleIlWBGAzvQOiFsm5cIW
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 202
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.563/bundles/pixels-release.js&cfRay=8912e6ae1db21e53-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 4503b928-f610-4f8e-a972-74e588c28dd1
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4503b928-f610-4f8e-a972-74e588c28dd1
last-modified: Thu, 30 May 2024 14:14:49 UTC
server: cloudflare
etag: W/"7f1cb0f6264fd05edb4cc0ec6a9bc096"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-9c6mc
cf-ray: 8912eb9d9d278f40-FRA
x-amz-cf-id: NcVqspCApUAWp58M9sZI_tKvPYCt0Gd81BXHrusme50LnGDIMXWYGg==
x-hs-target-asset: adsscriptloaderstatic/static-1.563/bundles/pixels-release.js

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 82 KB
25 KB 232ms
170ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2af4c240d46b3e99eea9ccbfd9c0c1c856c710a5ed3692f455767a96224171b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1159/bundles/project.js&cfRay=8912eb9daaa11c20-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"e6c06eb0663c717e3d4635531672a1e1"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.1159/bundles/project.js
date: Sun, 09 Jun 2024 17:42:49 GMT
x-amz-version-id: V4YhUHRJMuZkqxb1cpgehoNLVpfwce83
x-content-type-options: nosniff
cf-cache-status: EXPIRED
via: 1.1 76e55a2361219fb19722e949475d1844.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 44eafb57-b481-4d15-8a65-909b465dc50d
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-request-id: 44eafb57-b481-4d15-8a65-909b465dc50d
last-modified: Mon, 03 Jun 2024 20:17:08 UTC
server: cloudflare
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jhasB3i3rR3%2FZf0WCnGnakJlDM1oxjJjT56NrVixqtG5dEqsmMOTEKG9%2FQSwl7SxwedAF7zLAzGKK4l3K0XFVvIgmMNWfewa6aUjgeQic3bzcLtwUPSZR0JKgdgXe8XVH%2BL0DjyCYfGg0UJ6"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-w988t
cf-ray: 8912eb9daaa11c20-FRA
x-amz-cf-id: iZ50wLSTibG9Bb1p-4py43lZ4rQg4VVEtIi1kb5fIM73AJr6s8_HiQ==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/1534169/ 71 KB
26 KB 401ms
341ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/1534169/banner.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae0393f48f5412e3124cafc47dd3e8b7bd39a6eb1f2517883c8b175df4df6334

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
x-amz-version-id: JBubI2iZXhfvR9NjtL2LPV82OaUIjqI9
content-encoding: gzip
cf-cache-status: REVALIDATED
x-amz-request-id: 14DBK5GSVW1766D0
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: dc90babd-2c05-4308-9b78-5c5c5b1b045d
x-envoy-upstream-service-time: 35
x-amz-id-2: fNtaD2/+CL16j47yKcag64bZEShqo0t6JNu02ODWsuAqnqErevo/tDO6KKR4VZMTyoazReDLw80=
x-evy-trace-listener: listener_https
x-request-id: dc90babd-2c05-4308-9b78-5c5c5b1b045d
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 24 Apr 2024 13:11:59 GMT
server: cloudflare
etag: W/"850933666a1091136679efb21afc00bc"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-vhl7w
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8912eb9db9c69a41-FRA
expires: Sun, 09 Jun 2024 17:47:49 GMT

GET
H3 200 885880844953016 Show response
connect.facebook.net/signals/config/ 67 KB
14 KB 195ms
194ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/885880844953016?v=2.9.157&r=stable&domain=blog.morphisec.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

7c55a17ff1c99ae06713a4f027b263c90c7fa9da42be6b2a32d21ae174e1c44c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 09 Jun 2024 17:42:49 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=23, mss=1232, tbw=4336, tp=9, tpl=0, uplat=173, ullat=0
pragma: public
x-fb-debug: t3/bzxRLwcE7IzO6IxIO/td6ZETtuLDzpJrS44RUvEw/QwT5Ogiioiu+8k6tiH70a4tOFQEqnoNillg3/xS9cQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
1 KB 270ms
213ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3607898%2C32136&time=1717954969094&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: *
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"priority":"0","trigger_data":"1"}],"filters":[{"c":["311585553"]},{"c":["311585433"]},{"c":["306289434"]},{"c":["192887274"]},{"c":["192886384"]}],"debug_key":"2014985"}
content-encoding: gzip
date: Sun, 09 Jun 2024 17:42:48 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 201EB1F5B1A44762A956CD145633B2AD Ref B: FRAEDGE1114 Ref C: 2024-06-09T17:42:49Z
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYaeI+ubZC/vwe0+aA/ug==
x-fs-uuid: 00061a788fae6d90bfbf07b4f9a03fba

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1717954969094&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1717954969094&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1717954969094&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true&e_ipv6=AQKJMjStGJZde...

0
266 B

258ms
183ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1717954969094&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true&e_ipv6=AQKJMjStGJZdegAAAY_-GH9UbLTX_LP47wi5hIZSz7X-BYZVZPUOTJpygo53tmEGV7zwSirTjnpP
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: D10A03399EFE4878ABFBF90EB2A87126 Ref B: FRAEDGE1716 Ref C: 2024-06-09T17:42:49Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYaeI+1MqTy4JhhVIDnBA==

Redirect headers

date: Sun, 09 Jun 2024 17:42:49 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 518AA575DFD642E09BD3303779AE72E2 Ref B: DUS30EDGE0821 Ref C: 2024-06-09T17:42:49Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898%2C32136&time=1717954969094&url=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cookiesTest=true&e_ipv6=AQKJMjStGJZdegAAAY_-GH9UbLTX_LP47wi5hIZSz7X-BYZVZPUOTJpygo53tmEGV7zwSirTjnpP
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYaeI+xSU0u5Ag1behBsA==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
920 B 195ms
128ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 8107EDD00B3C4782B401F848EE339A05 Ref B: DUS30EDGE0821 Ref C: 2024-06-09T17:42:49Z
linkedin-action: 1
vary: Origin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
access-control-allow-origin: https://blog.morphisec.com
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYaeI+uP868KXciR6BaSA==

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 106ms
58ms Image
image/gif 216.58.212.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-60065248-1&cid=1372350684.1717954969&jid=325230849&npa=1&_u=YEBAAEAAAAAAACAAI~&z=426279927

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f132.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 60ms
60ms Image
image/gif 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-60065248-1&cid=1372350684.1717954969&jid=325230849&npa=1&_u=YEBAAEAAAAAAACAAI~&z=426279927

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 305 KB
87 KB 56ms
25ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=5df8ee24e5b98e5eb0a44b398f5ffecc

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

e4dc380ba5b4005d9d5ae6d437004ff16f3d5c13433efba9d743209477da709b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Origin: https://blog.morphisec.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 09 Jun 2024 17:42:49 GMT
content-md5: V4jiGKkJBa8Fbwl8/8sFuQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 89057
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=29, rtx=0, c=23, mss=1232, tbw=4299, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug: bzIgU5P7QeKrUR0AAlQM9x71tQp/1izQiTlGzRn30Yu03DYTLZ8OpBcYce0C4CUhQzY+HG+yv+5vIzwHy/3d9Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 0ad6c1f36bc6f3cc012243fd1ca5b584
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "2521229f2d166519720af8e83141bf67"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Mon, 09 Jun 2025 15:53:32 GMT

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
677 B 170ms
170ms XHR
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=1534169

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: dd48d5ee-c736-48b8-aa98-5aba6478523a
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8912eb9d4b5e37ef&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: dd48d5ee-c736-48b8-aa98-5aba6478523a
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-wlmbb
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 8912eb9d4b5e37ef-FRA

POST
H2 200 / Show response
content.hotjar.io/ 56 B
172 B 245ms
144ms XHR
application/json 52.211.131.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?site_id=3506314&gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.349061f2d87d84c4c336.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.211.131.71 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-131-71.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3d54c4e89ea374e0beeabbccbf0c7756026208ea131496d1af8bf40c5be5bb0c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 09 Jun 2024 17:42:49 GMT
content-length: 56
access-control-max-age: 86400
content-type: application/json

GET
H3 200 postlisting Show response
blog.morphisec.com/_hcms/ 12 KB
3 KB 298ms
298ms XHR
application/json 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/postlisting?blogId=3742504875&maxLinks=10&listingType=recent&orderByViews=false&hs-expires=1749402303&hs-version=2&hs-signature=AJ2IBuHPzg7zsOG4mchNvVJ1NqSVjkUfDQ&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e207d34a1fa4ccce273eff750fb118c9dfad7282dcb623cf865f6727440502e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9c92ae4f-d0b4-4ec5-8017-27cbaa350aa9
content-security-policy: upgrade-insecure-requests
x-envoy-upstream-service-time: 57
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9c92ae4f-d0b4-4ec5-8017-27cbaa350aa9
last-modified: Sun, 09 Jun 2024 14:49:37 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cD4P3Aa8jd31M4N82aaxGoBamHT3VEeayH1DyGhaBge2nZ4uWQoo9hHndUvlS%2F%2FLGEW%2F8JtzXNT0mEv0Y2eh287mse78TKlqNaaN8oLl2%2FjShFQRk3Yo79JspxmOw6qCcVnbPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-10-19-td/envoy-proxy-5585d4d4b8-kzx2s
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 8912eb9d9abc9025-FRA
x-robots-tag: none

GET
H3 200 arrow-white.svg Show response
blog.morphisec.com/hubfs/ 349 B
0 0ms
0ms XHR
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/arrow-white.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109627044436,P-1534169,FLS-ALL
age: 14571
x-amz-request-id: DR9GMYA3GHEMFZNG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680694543135
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 362b298821815168614ba932732916ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: NPuCNlg810R0YCc6uLonqEzwW8Xztt30a3EHTpExZFoCIMuWzP9ALqp4jXcfABTkeVtvPlu7AHKdUOulqLh4j7Tm6rluA5df
last-modified: Wed, 05 Apr 2023 11:35:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P1VA1b61aBbOTxW2rY2I2jxDZgeyPnnJbqmNiOhqMVMXmq31X2Tj41ckhxlx38ZWj1u%2BCkA3SDw6UfIpz3PlL9y2rKvCn4N8ydY2w8aL22nQwNfwHK%2FsoYObfi9sIkE992y5Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b1ed79025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: kGapFjK0WW9c8s7oSveYnrJ77nk-mVKGkDgTZE-jrZ1rlF3mpDhafA==

GET
H3 200 arrow-white.svg Show response
blog.morphisec.com/hubfs/ 349 B
0 1ms
1ms XHR
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/arrow-white.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109627044436,P-1534169,FLS-ALL
age: 14571
x-amz-request-id: DR9GMYA3GHEMFZNG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680694543135
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 362b298821815168614ba932732916ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: NPuCNlg810R0YCc6uLonqEzwW8Xztt30a3EHTpExZFoCIMuWzP9ALqp4jXcfABTkeVtvPlu7AHKdUOulqLh4j7Tm6rluA5df
last-modified: Wed, 05 Apr 2023 11:35:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P1VA1b61aBbOTxW2rY2I2jxDZgeyPnnJbqmNiOhqMVMXmq31X2Tj41ckhxlx38ZWj1u%2BCkA3SDw6UfIpz3PlL9y2rKvCn4N8ydY2w8aL22nQwNfwHK%2FsoYObfi9sIkE992y5Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b1ed79025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: kGapFjK0WW9c8s7oSveYnrJ77nk-mVKGkDgTZE-jrZ1rlF3mpDhafA==

GET
H3 200 close.svg Show response
blog.morphisec.com/hubfs/ 543 B
2 KB 74ms
73ms XHR
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/close.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109618525080,P-1534169,FLS-ALL
age: 12575
x-amz-request-id: N83NMTECNESBC24X
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109618525080,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"613d5e657a45fdd73680a2a43b1810a9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680690377289
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 b05d0d6fb6ec555d0a055fe98c1f60dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ojcPDMW2kfX705kNgng7YRySVuOGEcf5
x-amz-cf-pop: ATH50-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109618525080,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Ch3JMZwgLfxY1yJfyFnC5wr7RFtTtqF+4YB1o1DFqDWvr3Ra7SyHsfhF6B1GnFMjxomhuP7AcZg=
last-modified: Wed, 05 Apr 2023 10:26:18 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=38ROZrIz0G%2BzfFOuFRF4iwJD%2B1%2FdLcEWaXtzPo%2FH%2FojWb94mW%2BuBW5esbxQFFJeyzfHbE8p9pMNSr%2BQyPrDSX5joJA5ZHT%2FdMX4B7AkTBf7yV%2B9OT7BfiHzmU3Zgu%2BADswFLzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9d9ac69025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: zhG2o4pfMFfoZqIp_53B1cB2Tvc49V64j_36IXzzuKT60joUL1K5_g==

GET
H3 200 search_icon.svg Show response
blog.morphisec.com/hubfs/ 350 B
0 1ms
1ms XHR
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/search_icon.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109619762806,P-1534169,FLS-ALL
age: 12574
x-amz-request-id: N83RXDEZBCD54J4G
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3d95f4288550b5cf8de25c3fedbd715b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680691466397
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 bb8a874d65e0b595aaa3d9aa3f930102.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop: ATH50-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Jhmue0YtUB6bRHV5+xYrGfYlMAi2svy2OuvLebtJbKICc6sv0Uyl9nMQ+kQ3qaiGy4/0QeavfNo=
last-modified: Wed, 05 Apr 2023 10:44:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Gyz4K35%2FnAdu0E6s%2BdOkaLO2EsR16T4JU71%2Fd6qK0XqTP%2Fy97vF%2Bm1otvOWr2jFMZ0xdzEGI4ieplLcj1ihIGf5CDqpRhsgoYh10LdE%2B%2FW5lH5RXZeHLUPUHDuVThzU463Gmg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b3f109025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: AQAz_-2gccUjYCI9rIgvF6K8JEs8_2o8uCS7FZ4OTzvgpXMUJbM0uw==

GET
H3 200 blog.svg Show response
blog.morphisec.com/hubfs/ 797 B
0 2ms
2ms XHR
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/blog.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109682604959,P-1534169,FLS-ALL
age: 14322
x-amz-request-id: 75XVDRC60YKZ81CQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680711424510
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3W+dw2WT65M2sIeXOwzQWhCmJ8tUIxYLZbGirGsC7bd1Jm9aEnDDQVU4upiLEb3t7SUtLx0Ragw=
last-modified: Wed, 05 Apr 2023 16:17:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTTA4ngtnYq9k6qzVAi8EF5OktmCn0yu%2F1Mr0NmMwVuCy%2BxmwUmfRnaY1Q4fuLEGK%2BLcM70%2B9U4x8%2Brflo4K8yfcnaUwlp%2BWGuzsENhmEm7bV1ahlULT8VfK5SFUrnQeuPl%2BxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b3f179025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: E2HMTmu_VrejzI-DzMHGd-d6tchK1S5p307BVCPmb_nc1g6GdcgoTw==

GET
H3 200 search_icon.svg Show response
blog.morphisec.com/hubfs/ 350 B
0 3ms
3ms XHR
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/search_icon.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109619762806,P-1534169,FLS-ALL
age: 12574
x-amz-request-id: N83RXDEZBCD54J4G
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3d95f4288550b5cf8de25c3fedbd715b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680691466397
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 bb8a874d65e0b595aaa3d9aa3f930102.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop: ATH50-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Jhmue0YtUB6bRHV5+xYrGfYlMAi2svy2OuvLebtJbKICc6sv0Uyl9nMQ+kQ3qaiGy4/0QeavfNo=
last-modified: Wed, 05 Apr 2023 10:44:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Gyz4K35%2FnAdu0E6s%2BdOkaLO2EsR16T4JU71%2Fd6qK0XqTP%2Fy97vF%2Bm1otvOWr2jFMZ0xdzEGI4ieplLcj1ihIGf5CDqpRhsgoYh10LdE%2B%2FW5lH5RXZeHLUPUHDuVThzU463Gmg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b3f109025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: AQAz_-2gccUjYCI9rIgvF6K8JEs8_2o8uCS7FZ4OTzvgpXMUJbM0uw==

GET
H3 200 blog.svg Show response
blog.morphisec.com/hubfs/ 797 B
0 4ms
4ms XHR
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/blog.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109682604959,P-1534169,FLS-ALL
age: 14322
x-amz-request-id: 75XVDRC60YKZ81CQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680711424510
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:48 GMT
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3W+dw2WT65M2sIeXOwzQWhCmJ8tUIxYLZbGirGsC7bd1Jm9aEnDDQVU4upiLEb3t7SUtLx0Ragw=
last-modified: Wed, 05 Apr 2023 16:17:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTTA4ngtnYq9k6qzVAi8EF5OktmCn0yu%2F1Mr0NmMwVuCy%2BxmwUmfRnaY1Q4fuLEGK%2BLcM70%2B9U4x8%2Brflo4K8yfcnaUwlp%2BWGuzsENhmEm7bV1ahlULT8VfK5SFUrnQeuPl%2BxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9b3f179025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: E2HMTmu_VrejzI-DzMHGd-d6tchK1S5p307BVCPmb_nc1g6GdcgoTw==

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 14 KB
4 KB 225ms
223ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&pageId=169577076135&pid=1534169&sv=cta-embed-js-static-1.292&rdy=1&cos=1&df=t&pg=c5a43670-224e-4ee8-a697-dff8dfc97039&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab&pg=6e3260d1-4218-4c07-8a6b-23a2b2c30656

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12190336ec1095a32c479a7350868123c61769c9fa490425378cb5bf92a54d9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Sun, 09 Jun 2024 17:42:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 699d01e7-0d01-44a2-b622-2082f1f77c1f
x-envoy-upstream-service-time: 87
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 699d01e7-0d01-44a2-b622-2082f1f77c1f
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4lbrq
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CnSx682vEB9kE34R2l7ncuAAlzqexYkR5kxjSBplZNP%2F0qCp8hg9u5AIGCaAfTT%2FufPWMNz7Vja1UKQWiTUyK7cIif6dIVOODDZiK2wuxUXWCGx2n0Pjmwk2m88mC3DVuhcTrFP5zhw39DHb%2FY3z55kRoWw%2BKQjAlHg%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8912eb9dabe937ef-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
55 B 29ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4GZ4VXKYJ8&_ng=1&gtm=45je4650v9136559716za200&_p=1717954968681&_gaz=1&gcd=13l3l3l2l3&npa=1&dma_cps=sypham&dma=1&tag_exp=0&ul=de-de&sr=1600x1200&cid=1372350684.1717954969&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&dt=Howling%20at%20the%20Inbox%3A%20Sticky%20Werewolf%27s%20Latest%20Malicious%20Aviation%20Attacks&sid=1717954969&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1039
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4GZ4VXKYJ8&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 30ms
30ms Ping
text/plain 64.233.166.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-4GZ4VXKYJ8&cid=1372350684.1717954969&gtm=45je4650v9136559716za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l3&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4GZ4VXKYJ8&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 64.233.166.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wm-in-f156.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 58ms
58ms Image
image/gif 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-4GZ4VXKYJ8&cid=1372350684.1717954969&gtm=45je4650v9136559716za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l3&npa=1&frm=0&z=1414047722

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 verify
snid.snitcher.com/ Frame 0
0 96ms
49ms Preflight 18.193.30.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/verify
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.30.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-30-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://blog.morphisec.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: ZHFv_h27liAEJVA=
cache-control: no-cache, private
date: Sun, 09 Jun 2024 17:42:49 GMT
vary: Access-Control-Request-Method, Access-Control-Request-Headers

POST
H2 200 verify Show response
snid.snitcher.com/ 6 B
149 B 185ms
184ms XHR
application/json 18.193.30.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/verify
Requested by: Host: snid.snitcher.com
URL: https://snid.snitcher.com/8424750.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.30.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-30-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Sun, 09 Jun 2024 17:42:49 GMT
cache-control: no-cache, private
content-length: 6
apigw-requestid: ZHFwAgASFiAEJsg=
content-type: application/json

GET
H2 200 adsct
t.co/i/ 43 B
379 B 277ms
202ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=4944f2c1-7d2f-45f3-a40a-d4209739dd48&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d9f9464b-32f5-40e2-9d07-d2743d0dd435&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.30

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 174
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: b3a143be74a240b0
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: e63d632fe1a956b84b39353cb5445ec49d4cd60f37656f518195f4d8bbda69e1
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
395 B 273ms
199ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=4944f2c1-7d2f-45f3-a40a-d4209739dd48&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d9f9464b-32f5-40e2-9d07-d2743d0dd435&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.30

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 172
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 2233452646c91502
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: dbde5ddb24ace13ed63fa2d5ed1d2683ca007adbe5725f82081eaba336933bd4
content-length: 43

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame DC84 0
0 90ms
24ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.morphisec.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C0) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 6615727
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Sun, 09 Jun 2024 17:42:49 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67C0)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
360 B 369ms
119ms XHR
application/json 54.145.181.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDQ1MTF9.eiHnDZAhBhx__pSttlATzaQdSltPIpahvpYGdr_Bfrg

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.145.181.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-145-181-139.compute-1.amazonaws.com

Software

Resource Hash

aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 26ba914a3a79852d3c8ab1513fceb899

GET
H2 200 destinations.min.js Show response
x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/ 0
21 B 308ms
243ms Script
application/javascript 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/destinations.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
content-length: 0

GET
H2 200 tracking.min.js Show response
x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/ 168 KB
45 KB 272ms
208ms Script
application/javascript 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/tracking.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e87be82092a8e1a5544ef566ba1a636162eecb31e33095c6f17eb06c87cc2efb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600

GET
H2 404 forms.js
x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/ 0
0 263ms
206ms Script
application/javascript 3.127.196.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/forms.js?page_path=%2Fsticky-werewolfs-aviation-attacks

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-196-46.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
content-length: 0
content-type: application/javascript;charset=utf-8

GET
H2 200 /
www.facebook.com/tr/ 0
275 B 71ms
24ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&rl=&if=false&ts=1717954969295&sw=1600&sh=1200&v=2.9.157&r=stable&ec=0&o=4126&fbp=fb.1.1717954969294.75752993534181707&cs_est=true&ler=empty&cdl=API_unavailable&it=1717954969092&coo=false&rqm=GET

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=10, mss=1297, tbw=2791, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 09 Jun 2024 17:42:49 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 277ms
251ms Image
image/png 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&rl=&if=false&ts=1717954969295&sw=1600&sh=1200&v=2.9.157&r=stable&ec=0&o=4126&fbp=fb.1.1717954969294.75752993534181707&cs_est=true&ler=empty&cdl=API_unavailable&it=1717954969092&coo=false&rqm=FGET

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x2090aa17e1215216","source_keys":["1","2"]},{"key_piece":"0xf39227e9b08ad876","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Sun, 09 Jun 2024 17:42:49 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=10, mss=1297, tbw=3110, tp=-1, tpl=-1, uplat=227, ullat=0
pragma: no-cache
x-fb-debug: Uzi+Ppgj/X67YevSnBFpND0xgZSXW/om7F3fzb5GqP636riiHFOWxdCa+eiAjufNAMf9sL681I5p3ty4njf42w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 133 B
454 B 167ms
158ms XHR
application/json 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=1534169&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fbec94ad9621a43267c401bb53db7e0605c1a5fb4b666a613356bee7cb84d81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/json, text/plain, */*
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 09bc6fab-c38e-47ec-a4e0-1fdd22edb9e7
x-envoy-upstream-service-time: 11
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 09bc6fab-c38e-47ec-a4e0-1fdd22edb9e7
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-sc4vs
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8912eb9e7bd935e4-FRA

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1022 B 150ms
150ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=1534169&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&contentId=169577076135

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 83738c8c-8cf2-4a06-a12e-b0b07c16d836
content-encoding: br
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 83738c8c-8cf2-4a06-a12e-b0b07c16d836
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OMu10dQYNp1vsuhVgITggX2iRe%2Fj7EB0qOGQYe8ydIT8J5PE3gWQ%2FVjM3fx3QUYHq%2BUca2%2Fn6McFEkRpL%2BIm3d09zO3Qm1%2Byjxe1cNA5iYfO9bEghw9SC29fw63uK5hfKXyUTRYBgbR6iTV2zZJqd%2Fc76fxJ4EqLOHQ%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8912eb9ecc5a1c20-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4lbrq

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
885 B 191ms
154ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ea959da2-363d-454e-a039-d4044fc20484
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ea959da2-363d-454e-a039-d4044fc20484
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-8jmrd
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8912eb9f3daa03a6-FRA

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 362ms
362ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1717954968789&dt=1717954968790&at=1717954969446&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a2390b59-19e4-4028-82ae-e8cca9b8c5ef
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a2390b59-19e4-4028-82ae-e8cca9b8c5ef
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hls0x5lzAlJmKqzuID8rTx1FgN2kiunnDtQu%2BiM1RDTUnHrnXdmQ4voSkwxrtYfwp0TSXhfOvr%2BsKLtJoExXJJT0jwWtMRqwEBH%2FSd0dXwVDbKvXrpO1MLBUJpb4y5MaupaWwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-zwbwx
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb9f1d9c9025-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 368ms
367ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1717954968789&dt=1717954968790&at=1717954969447&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a4c4a66d-f2ef-4a01-8a04-356453e4bdd0
x-envoy-upstream-service-time: 9
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a4c4a66d-f2ef-4a01-8a04-356453e4bdd0
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BGUMSkNZTVQHKPS%2FIhcI7bS0OM0GP0n67%2BfAc0cdJJg%2Fj7VNAoyIrv71AoD%2BHcknSXMdqtt6qM97zIH7u%2FQpy5y766zlr3FxK8dY%2Fd7gT7SW81372XT4OvO1J93NIUAGtX4%2F9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-46sjt
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb9f2da19025-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 215ms
213ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=6e3260d1-4218-4c07-8a6b-23a2b2c30656&lt=1717954968792&dt=1717954968792&at=1717954969447&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5ecf2917-776b-4184-9229-0e80a6920bb7
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5ecf2917-776b-4184-9229-0e80a6920bb7
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLJ9Kvgc1WhRzXBz6XZ6l1s3WAAyey%2Bz4mMCcpvhtJm9yJgOEcL7uQgRdZicr24q2G2aw8Td%2BFvJPBNEjmBUkI4jlyx7DwfMeOy%2FTrUUpyY32dvZoLlkN1%2F4tOyv5B6Ruu9QRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nr4kt
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb9f2da59025-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 354ms
352ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&lt=1717954968789&dt=1717954968790&at=1717954969448&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c6919387-83c9-441b-b5b0-e64ea8293634
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c6919387-83c9-441b-b5b0-e64ea8293634
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLVglm%2F8yIdoFw40Bx0FQlpPtZ2oQlH76S7aXVEd5h%2FEBD9rGyebykkcmPU9YR0%2BYU0a8JHiczcYHFoLfQ57KCwM7VTBDCYjC7qICrJmGBQTtZUG6ZZdybhbP7o3Da12vi2Hyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nbtvm
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb9f2da79025-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 383ms
381ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab&lt=1717954968791&dt=1717954968791&at=1717954969448&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6167167b-e6cb-49f8-87df-af4d0dd4edf5
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6167167b-e6cb-49f8-87df-af4d0dd4edf5
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BVdj2pW1iop7rzUROO8GZYfMiMkDYZH8nCE91WMsx2MtaVselCqFhtHLLO2LX8PcK4t2mxE4MjnaK5cnddbR4p5CMIiRWMnba6XB1c3mEWAVpx6cFV0BgnEiyGznFgtABBdLHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-zwbwx
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb9f2da99025-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 189ms
187ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=c5a43670-224e-4ee8-a697-dff8dfc97039&lt=1717954968788&dt=1717954968788&at=1717954969449&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1165b998-72fb-4116-894c-e20fa2bf6b10
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1165b998-72fb-4116-894c-e20fa2bf6b10
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZkpiXV6HhAfSBLI9hozST4xrAyEiP7VxBU3Px%2B2US4fpjDdcRJOhH2dig2E%2FeXvMG7w9JYJMnylRZTH%2FvLjHJGg5fpaRzGUUGrTwtxzHoKmaoUVXMNX0EpmSTYXRygEJgIL2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-zwbwx
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8912eb9f2dac9025-FRA
x-robots-tag: noindex, follow

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
930 B 199ms
160ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 345b3d87-795a-45d0-8ee2-1d5cb1fb22b0
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 345b3d87-795a-45d0-8ee2-1d5cb1fb22b0
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-xjgjj
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8912eb9f6dca9ba6-FRA

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
894 B 157ms
157ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d40452f8-8591-4bbd-9073-a2c858ed7ccf
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d40452f8-8591-4bbd-9073-a2c858ed7ccf
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nbtvm
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8912eb9f9e299ba6-FRA

GET
H2 200 d0921e69-55cd-4553-be6f-32df2a0186c2.jpeg
1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/ 14 KB
15 KB 262ms
193ms Image
image/webp 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/d0921e69-55cd-4553-be6f-32df2a0186c2.jpeg
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8d01d76fee55c57a09b3da50e7a879102df24b962df9f31ff43ebc50d31043a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-meta-cache-tag: P-1534169,FLS-ALL
age: 2184026
x-amz-request-id: 091M9W773J0NMP9E
x-amz-server-side-encryption: AES256
edge-cache-tag: P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="d0921e69-55cd-4553-be6f-32df2a0186c2.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "ab6719c435bf97abff2e789f81601412"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1707942076165
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:49 GMT
via: 1.1 8bd22c4e977189bdb5963957ff8477de.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: QYC2eZdeOFpNUUj3LEEwlL4OmCzyc0tV
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=29780
x-cache: Miss from cloudfront
cache-tag: P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 14444
x-amz-id-2: XlpZ9yeuiJCBdDwNhb7bc/W/8PHPHHkCI1+MWj3EDhSxPvqPlnMs3ZatWq1Tad3i2KOrJslPj64pJrZwvAgRWebYjCDjV4gp/v7LX7X7+cU=
last-modified: Wed, 14 Feb 2024 20:21:17 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8912eb9fafa14d6e-FRA
timing-allow-origin: 1534169.fs1.hubspotusercontent-na1.net
x-amz-cf-id: Gpk7RP5uaDpMEpI1i_bHn3rnDsbKUuIkgUv_w3Yz9hqvtYTkgsdRaQ==

GET
H2 200 a8b85f6e-5b92-440b-9490-8f52fe151636.png
1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/ 34 KB
35 KB 199ms
190ms Image
image/webp 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/a8b85f6e-5b92-440b-9490-8f52fe151636.png
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 648318e55febdac418f0f8a23db309f81c273a66c5eb41a8aab85b29bebcdc9f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-meta-cache-tag: P-1534169,FLS-ALL
age: 544306
x-amz-request-id: 4QBWHGR4FGFC32TM
x-amz-server-side-encryption: AES256
edge-cache-tag: P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="a8b85f6e-5b92-440b-9490-8f52fe151636.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "52f2133547882c1af4bd99b776191ea7"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1704491705781
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:49 GMT
via: 1.1 9ec406dc5379d974fc3d9f41dd497bf0.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: aXW8S0NNcXgP1skXixHskKHTqJIbr4lJ
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=42909
x-cache: RefreshHit from cloudfront
cache-tag: P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 34660
x-amz-id-2: 9yICKfJDbDCWeI/LLyXSgQgvZSY0mmMIqBRQMm8Ii/TMCfaMX0NsDue02BwkNjPwQkF0nHs3eLV4OpjEKoKJ4RSDq014yFN1Ig1hcWYikhM=
last-modified: Fri, 05 Jan 2024 21:55:06 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8912eb9fafa64d6e-FRA
timing-allow-origin: 1534169.fs1.hubspotusercontent-na1.net
x-amz-cf-id: nauRF0JmO5GmYITEwcYc4Hzq5NjTWwf-Chkb-F4pJi0v3qFfHthtHw==

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
849 B 156ms
155ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d949d59b-9168-4cf6-8405-05dd9ac07c73
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d949d59b-9168-4cf6-8405-05dd9ac07c73
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nbtvm
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8912eb9fae3d03a6-FRA

GET
H3 200 arrow-white-1.svg
www.morphisec.com/hubfs/ 393 B
2 KB 75ms
75ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.morphisec.com/hubfs/arrow-white-1.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1712731281837/module_109590708858_Header_-_Global.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-109682673984,P-1534169,FLS-ALL
age: 14572
x-amz-request-id: 3MWQ8N1J0BN8FC96
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109682673984,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f6b8983a7a9f44be13760be2a7d47927"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680712961922
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 4a95385e61c9df8f5f8de6338a3fe59a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ZWYxcYkJ3fJQSXhQh1nDTahxfuzH5ivg
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109682673984,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: x55JhrFN0ifBxRz2Rxfix49ZYkFfADqhpB4FeI5gGmhXUEhP0WjqtUWh987feCNMrmO+4bySRb0=
last-modified: Wed, 05 Apr 2023 16:42:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kgXJ4SEBn%2BFT%2FM%2B4yhzQ8u5ebldQ3AO5GuFDRabnT7xncxNtdxcwXHCluOuvPV8jXaDCgPD3fEaTovUiywWvfAZqW2wgclI9AF1atpf3ZFIR2fUauTVBJ6JChL%2FNGvP1EpFR"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eb9f3a252c4a-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 64hSM1uXXTq_VKbkKx9kNJ4DHRLwy0pyzYZkfjzsOA4o4ZnDR-qDtQ==

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
851 B 165ms
155ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 785c1b26-8d37-4853-8734-4e50f6a7c6ad
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 785c1b26-8d37-4853-8734-4e50f6a7c6ad
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nbtvm
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8912eb9fde9003a6-FRA

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
893 B 159ms
146ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1b6acfa0-fedb-4706-9724-c107d843332f
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1b6acfa0-fedb-4706-9724-c107d843332f
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4xq5s
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8912eb9ffea903a6-FRA

POST
H2 200 p Show response
app.clearbit.com/v1/ 16 B
1 KB 239ms
182ms XHR
application/json 18.158.205.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clearbit.com/v1/p

Requested by

Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/tracking.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.205.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-205-16.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding, Origin
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://blog.morphisec.com
access-control-expose-headers
content-security-policy-report-only: default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
access-control-allow-credentials: true
content-type: application/json

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 114 B
1 KB 217ms
167ms XHR
application/json 2606:4700::6812:f36c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=1534169

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f36c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf1cb8930dbca6515121d94c81df4c6b2567c5021435ab4ac683abfc51768ec5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f62b36bc-aac6-4aa6-86f0-c939854dd0a8
content-encoding: br
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f62b36bc-aac6-4aa6-86f0-c939854dd0a8
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-q6689
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XY6nalkyiQNoJDPp1hyNAusIEOQpLt1t0kQwmwDTlICyyRDQbizAzI0wdenM21LHPAxIG2ydi17nGZytBJw55O6k9x7dt70kWm8hXXUwFfgRxD4S3KvlaOuRnYsV6TgxUby0euN1%2BIBjUv4c"}],"group":"cf-nel","max_age":604800}
cf-ray: 8912eba04d42912a-FRA
access-control-allow-headers: *

GET
H/1.1 200
OK button.856debeac157d9669cf51e73a08fbc93.js Show response
platform.twitter.com/js/ 8 KB
3 KB 23ms
23ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: 426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 09 Jun 2024 17:42:49 GMT
Content-Encoding: gzip
Age: 6622609
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2620
Last-Modified: Mon, 11 Dec 2023 17:19:47 GMT
Server: ECS (frb/67BC)
Etag: "fdf02dd038ed38dbf3c240d56262af0c+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
platform.twitter.com/widgets/ Frame 8DC4 0
0 24ms
24ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674B) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 6622600
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 12332
Content-Type: text/html; charset=utf-8
Date: Sun, 09 Jun 2024 17:42:49 GMT
Etag: "e29e65db7bf0a096587728e1faacfd9c+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/674B)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
294 B 173ms
127ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22morphisec%22%2C%22widget_creator_screen_name%22%3A%22osipov_ar%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1717954969634%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=da1c799fc0a4326947fc40167ec5f2c896348928

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 104
date: Sun, 09 Jun 2024 17:42:48 GMT
strict-transport-security: max-age=631138519
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: 424f2d1bd53d6317
cache-control: must-revalidate, max-age=600
perf: 7402827104
x-connection-hash: 1c9ef3e100bef100d14baaec3682344c75e69856a49378203a4006712a5f8967
content-length: 43

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
467 B 117ms
117ms XHR
application/json 54.145.181.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.145.181.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-145-181-139.compute-1.amazonaws.com

Software

Resource Hash

571e843e2561ab132fd44fdd9ad4047668c183102adb416d70110a2d05ac6126

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 420ae0e4b98439077b2c0aedb80cee49

GET
H2 200 share_button.php
www.facebook.com/v3.0/plugins/ Frame 6A46 0
0 265ms
224ms Document
text/html 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df79488f2831b55c10%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ffafd3cddf303d05fb%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=5df8ee24e5b98e5eb0a44b398f5ffecc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
cross-origin-resource-policy: cross-origin
date: Sun, 09 Jun 2024 17:42:50 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v14.0
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma: no-cache
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=25, rtx=0, c=10, mss=1297, tbw=2779, tp=-1, tpl=-1, uplat=203, ullat=0
x-fb-debug: yJmBh/Jxy7MII4rVqfpm+C7ktrywfSZ5AWAs6H3mRxOBSxx4CilDnfjS94nvWUhSvekRvpfUXyQ1yrc5qyDKTQ==
x-xss-protection: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
629 B 158ms
158ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1717954969845&vi=58c55858e3662e003972b153ef3c3c2f&nc=true&u=182053752.58c55858e3662e003972b153ef3c3c2f.1717954969844.1717954969844.1717954969844.1&b=182053752.1.1717954969844&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: cffe2358-66fc-4287-9489-005010bbe02c
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cffe2358-66fc-4287-9489-005010bbe02c
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rIfTvKH3V7t70ITVhv8HUSFd7PjStGeXkYR%2B2E3sgt1tScTzvjG69HLPFmUqo6LPT8GELt3dEYquic5THJ1sHgUlvQjEX4lW9X0x%2B50pEp64Wdj3FHXrWL391ox1NdJJEfWLJmeSu7ZTgMoa2tIO"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-djmcg
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8912eba1aacb37ef-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
580 B 163ms
163ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2e9e7e75-a03c-476b-a1ea-a5c7f8d6c29f
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2e9e7e75-a03c-476b-a1ea-a5c7f8d6c29f
last-modified: Sun, 09 Jun 2024 17:42:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nr4kt
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8912eba1a9aa9ba6-FRA

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
436 B 170ms
170ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=5cd0940c-ccda-4232-8dd1-00f90a007b07&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1717954969849&vi=58c55858e3662e003972b153ef3c3c2f&nc=true&u=182053752.58c55858e3662e003972b153ef3c3c2f.1717954969844.1717954969844.1717954969844.1&b=182053752.1.1717954969844&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b65322c2-70b2-4c68-abba-9ac350139a56
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b65322c2-70b2-4c68-abba-9ac350139a56
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VtdXeNYUcoZQAXi8MLSaEnnDcNBJ3Pj9m%2F1E3VAyidgBNAM8KjvEGHTi2lI9NOJ2LzszXRkUB36R5oO8xJF7Et7FjdVim4d4ceuLfxAtWy7Id0utP7yodshqgwkEH9GMa0uLRnk4W5Okx%2B%2FcACYP"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-nmffp
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8912eba1aad737ef-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
562 B 156ms
156ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=5cd0940c-ccda-4232-8dd1-00f90a007b07&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1717954969849&vi=58c55858e3662e003972b153ef3c3c2f&nc=true&u=182053752.58c55858e3662e003972b153ef3c3c2f.1717954969844.1717954969844.1717954969844.1&b=182053752.1.1717954969844&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 397465a0-f830-47e5-ad9b-b638dd60d9a7
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 397465a0-f830-47e5-ad9b-b638dd60d9a7
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hvSTIkE67jUxtedrjz1vTV9N4VEn%2B59Ykl%2Bkew9mwx0Nw7qoB2gKMvANu4n2OoM1vx2yFnsldfDrtlTLIXGrRn5CHjhMQ5BNU7cHvG4m7VC9kv9CtbGAqS%2BC199WXmOBP3mZYLuSuE2aeqIBqWNQ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-c67ms
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8912eba1aadd37ef-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
483 B 149ms
149ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3%22%2C%22c5b10fd2-1f83-4c8f-b33b-106296dbd6da%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1717954969848&vi=58c55858e3662e003972b153ef3c3c2f&nc=true&u=182053752.58c55858e3662e003972b153ef3c3c2f.1717954969844.1717954969844.1717954969844.1&b=182053752.1.1717954969844&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6557b5b5-798a-4f0c-a189-93eddcab8793
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6557b5b5-798a-4f0c-a189-93eddcab8793
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4VHYQzyJSa52d1omrFkOUlV7Wv%2FCOYm06FszZ3SIcx4x37aOmzw6AoZVYLiQowYouKqhLvD%2FTd0cSUCMJZpxZpSt4p58gk%2BSuIyKQTZ%2F8jjlbA0tRhPY8iAQ6fO%2FRZN2wBZEZXgVem5IhirzAsIu"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-hch7x
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8912eba1bae337ef-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
480 B 162ms
162ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%226e3260d1-4218-4c07-8a6b-23a2b2c30656%22%2C%222ae2553a-d7fa-43ea-8156-aa61fcfbe9a0%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1717954969848&vi=58c55858e3662e003972b153ef3c3c2f&nc=true&u=182053752.58c55858e3662e003972b153ef3c3c2f.1717954969844.1717954969844.1717954969844.1&b=182053752.1.1717954969844&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7aa1942e-c96c-412f-991c-6ec480b94f77
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7aa1942e-c96c-412f-991c-6ec480b94f77
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ukK9ZeZMV65WSUrVIh2jic4V0dh39Z26MM%2FweKjj8jAXAPXEroGqOudAryw4luIziDoJJaOEkRj9NSWSfBa4a5LAP1ox0RxzcKpxZQer2EuP8ngeG1SdRFQvK0FXat10WfngJqKLfE4YSUDATguQ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-wmbn8
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8912eba1bae737ef-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
622 B 170ms
170ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%223c83d6d5-0c56-47b7-8aee-ae6edf73c360%22%2C%2264affa5c-d696-47c5-9e88-09336d256046%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1717954969848&vi=58c55858e3662e003972b153ef3c3c2f&nc=true&u=182053752.58c55858e3662e003972b153ef3c3c2f.1717954969844.1717954969844.1717954969844.1&b=182053752.1.1717954969844&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 71b802da-2b52-4334-bb82-a02add87881a
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 11
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 71b802da-2b52-4334-bb82-a02add87881a
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yAfvQoVpjz44UUcc7MGqG2YgBF%2B%2FPbyUs4OC8bdjsHvzmXZ3mLk13EBLZu3qZvxlNecKbeI2tVysdOjeOBRv5mN%2Fny0saldjkP4aqaOdtZQ%2FjjBWAdFYS849YYmBDx8L4xIX601E8Lv9CiOcH7IR"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-hch7x
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8912eba1baea37ef-FRA
x-robots-tag: none

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 3 KB
2 KB 215ms
206ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1534169&utk=58c55858e3662e003972b153ef3c3c2f&__hstc=182053752.58c55858e3662e003972b153ef3c3c2f.1717954969844.1717954969844.1717954969844.1&__hssc=182053752.1.1717954969844&contentId=169577076135&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2b51b2113cbc41ab91d361153d3cbe64123135f269d40ed3f03934bcd3c94c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 99886adc-ef4e-4dfa-8a41-1f6e937d6395
x-envoy-upstream-service-time: 38
content-length: 1067
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 99886adc-ef4e-4dfa-8a41-1f6e937d6395
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-virtual-host: all
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-4lbrq
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JUa8ObhJ2kwynTzHM75BTm6n%2FCpRBt4u0cJZ24aGImQ5kTmNEByz5rzhMecZGMno%2BCx6VrSRNQnY4%2F4e6B2Cwth1ktofNCHUpiGjAzloW3nsULfE9uKUk06s%2BquBOoV0D6O4ZFK6he700IniHKCc"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8912eba1c93c1c20-FRA

GET
H2 200 trends.min.js Show response
assets.trendemon.com/tag/ 291 KB
59 KB 103ms
27ms Script
application/javascript 2600:9000:223c:3600:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/tag/trends.min.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:3600:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4fa240d2b87d4d2f4e714a6eb95fdd173bc33787301c558bee07e0744a10df22

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 08 Jun 2024 23:40:05 GMT
content-encoding: gzip
via: 1.1 11e35514d631a9a9566fd489de935c06.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jun 2024 09:21:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 64965
etag: "1a8e2d56ff84b74b8e6508f249fb9747"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 59602
x-amz-cf-id: zPOjVv_UWqyh5J01TTlYF1x99MC1xVUd0U3XilSC0gRrzayiRyDCIQ==

GET
H2 200 2552 Show response
trackingapi.trendemon.com/api/settings/ 642 B
781 B 434ms
163ms Script
application/x-javascript 54.89.92.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/settings/2552?callback=jsonp499367&vid=
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.89.92.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-89-92-78.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 9a53f768ac355624e911c343c8b87d1749b0ca8bee8b07c9e8b75a3fe78d57ef

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:50 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 642
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
453 B 194ms
194ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=793c7b55-5354-40a5-a09f-5c8f3e0c1a23&lfi=147151&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=1534169&pi=169577076135&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&cpi=169577076135&cgi=3742504875&lpi=169577076135&lvi=169577076135&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&t=Howling+at+the+Inbox%3A+Sticky+Werewolf%27s+Latest+Malicious+Aviation+Attacks&cts=1717954970078&vi=58c55858e3662e003972b153ef3c3c2f&nc=true&u=182053752.58c55858e3662e003972b153ef3c3c2f.1717954969844.1717954969844.1717954969844.1&b=182053752.1.1717954969844&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 17:42:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9dcb7b83-957d-47c6-b5b9-c8796c0f94e0
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 11
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9dcb7b83-957d-47c6-b5b9-c8796c0f94e0
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8tIFhoDG1lvBpjqNba42Ol0o9Eiy%2BCEsoJXD%2FHcdEOzbjvEK0pwVk6P152qza3bxDA39syLJ9C0LIe7NoNWCTkQsvo97OBG5RzYbU4V56CG5DqPkYvyrtNNOPomVyxSr7BDxL98Zz8z5MromDSwx"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-xnssc
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8912eba30d3237ef-FRA
x-robots-tag: none

GET
H2 200 identity.min.js Show response
assets.trendemon.com/global/ 18 KB
6 KB 25ms
25ms Script
application/javascript 2600:9000:223c:3600:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/global/identity.min.js
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:3600:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jun 2024 09:27:57 GMT
content-encoding: br
via: 1.1 11e35514d631a9a9566fd489de935c06.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jun 2024 09:22:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 29694
x-amz-server-side-encryption: AES256
etag: W/"3f44b799c727cbac65d90f0779b8eb4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: Q7wQwrcWlSxtoloWhCpJBZ3lU6UYjujPQWiS4IcS2ehsddv0bNnm-Q==

GET
H2 200 me Show response
trackingapi.trendemon.com/api/Identity/ 93 B
508 B 129ms
128ms Script
application/x-javascript 54.89.92.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/Identity/me?accountId=2552&DomainCookie=17179549704573743&fingerPrint=003e47d8e89931b15655a201f7547dc6&callback=jsonp5279&vid=
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.89.92.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-89-92-78.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 4678665c8291ae5a90bd577e254175fc6b3ba40a5703dbe40e08613e9400ed40

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:50 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 93
content-type: application/x-javascript; charset=UTF-8

GET
H3 200 favicon.png
blog.morphisec.com/hubfs/ 6 KB
7 KB 66ms
65ms Other
image/webp 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/favicon.png

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

21b4725e42948eeab21e8cf6f0affb63ebc065012b4c7dff779e428ebd33a814

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-3821681143,P-1534169,FLS-ALL
age: 14424
x-amz-request-id: B2Z6WZ96C0WAZB5B
x-amz-server-side-encryption: AES256
edge-cache-tag: F-3821681143,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="favicon.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "ea24d021ea3624ea4b240968cf888698"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1453980185925
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sun, 09 Jun 2024 17:42:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 9eeac92de4b8d1ece6bccbf46123cea0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Cnv3wBnNrZaYmPSr18E5pTmPg2lCgt7t
x-amz-cf-pop: CDG52-P5
cf-polished: origFmt=png, origSize=8707
x-cache: RefreshHit from cloudfront
cache-tag: F-3821681143,P-1534169,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 5908
x-amz-id-2: nLFfXAy1G4woziAix4WqAUV+bWcreTtJkTYiMP0bHMq+FJJIt+3tM9JgRUAtYUG5vdkcgf3MKvllCP6yrt3RRJD5tMNJWc6uCNN0YgFAzHo=
last-modified: Wed, 03 Apr 2024 17:46:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K8g4LXsFTPpjbB6S2fIobpxLuto9rK7WFffMirhwCtBwmsCaIdCXy609GMsOVxLeVjwKhiGYfYuQXtk0QIJEnw6FH9rHNCiqBgVtDgGxSMCasyjaccoMTwcmuxkR82w%2FYhM4TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8912eba628679025-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: RpRC0re1ug9fIKsxt8tGE1IMpKJUIrbmYh62MchHDDUCwNkWckAFoQ==

GET
H2 200 marketingautomation Show response
trackingapi.trendemon.com/api/ 95 B
232 B 131ms
131ms Script
application/x-javascript 54.89.92.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2552&ClientUrl=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vc3RpY2t5LXdlcmV3b2xmcy1hdmlhdGlvbi1hdHRhY2tz&CookieId=17179549704573743&MaCookie=NThjNTU4NThlMzY2MmUwMDM5NzJiMTUzZWYzYzNjMmY%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp510137&vid=2552:17179549704573743
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.89.92.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-89-92-78.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: d66c89bf5e43fcc471aacacfd01f90d7751c7a6f2ffde56829ddad2b53fb5456

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:50 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 95
content-type: application/x-javascript; charset=UTF-8

GET
H2 200 pageview
trackingapi.trendemon.com/api/events/ 43 B
234 B 168ms
168ms Image
image/gif 54.89.92.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trackingapi.trendemon.com/api/events/pageview?accountId=2552&url=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vc3RpY2t5LXdlcmV3b2xmcy1hdmlhdGlvbi1hdHRhY2tz&cookie=17179549704573743&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2552:17179549704573743&r=1717954970700
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.89.92.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-89-92-78.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:50 GMT
server: Kestrel
age: 1691358
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 32ms
32ms Ping
text/plain 216.239.32.36

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-HFVX4VZHCS&gtm=45je4650v897583451z8897572158za200zb897572158&_p=1717954968681&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1372350684.1717954969&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=2&sid=1717954969&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fsticky-werewolfs-aviation-attacks&dt=Howling%20at%20the%20Inbox%3A%20Sticky%20Werewolf%27s%20Latest%20Malicious%20Aviation%20Attacks&en=10percent&_et=807&tfd=6671&_z=sendBeacon
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.36 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 09 Jun 2024 17:42:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lltrck.com
URL: https://lltrck.com/scripts/lt-v3.js?llid=35958

Verdicts & Comments Add Verdict or Comment

215 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

41 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blog.morphisec.com/	1970-01-20 21:12:36	Name: __cf_bm Value: Rm6vOgCeO6n8oBm3S4pYUqK3RvPJvBrf9qYHpnVqxcA-1717954968-1.0.1.1-DV3D4_vYLebkHIrgv7qHBDW9Rrh3iEJ5I0mwBSSHpgNGX7qcT6O8gJiSfOJZhvSW9CmjgSyac2EQgO2Afrjtzg
.blog.morphisec.com/	1969-12-31 23:59:59	Name: __cfruid Value: 341dd9b5e34e9b6c109e3ffbf663e9e044c77afd-1717954968
.hubspot.com/	1970-01-20 21:12:36	Name: __cf_bm Value: VbXDKf403EXHVEH.2v2O8nErKbSzWH8_9jrUbK1SXmA-1717954968-1.0.1.1-.2gS2dV.nst0LWxpZzDFmLbb6hX9ScqX8NlQd4ysbgfiWIUCW5MjVPazai6SFLhAVTI1ODLouqV2bQ5U9Tww1Q
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 6clP3ZN_L6xoY3i9iqQgvCJMgsU8EA_fywVAsz7jdks-1717954968695-0.0.1.1-604800000
.www.morphisec.com/	1970-01-20 21:12:36	Name: __cf_bm Value: cP0fNaRo8ju9kH5PYFaRRtM.7o73W4Jyv752MBUiIAE-1717954968-1.0.1.1-dI1MzHbbBNKEphtb8QDwAm3eHjtjefb9ltlkMDAxxF0rbX0gpOLJyPQp4admQPJnswbZJ5Uq5nqs46thCvtd9g
.www.morphisec.com/	1969-12-31 23:59:59	Name: __cfruid Value: 341dd9b5e34e9b6c109e3ffbf663e9e044c77afd-1717954968
.morphisec.com/	1970-01-20 21:14:01	Name: _gid Value: GA1.2.696647789.1717954969
.morphisec.com/	1970-01-20 21:12:35	Name: _gat_UA-60065248-1 Value: 1
.morphisec.com/	1970-01-21 06:48:34	Name: _ga_QY7QHR57BF Value: GS1.1.1717954969.1.0.1717954969.60.0.0
.morphisec.com/	1970-01-21 06:48:34	Name: _ga Value: GA1.1.1372350684.1717954969
snid.snitcher.com/	1970-01-21 06:48:34	Name: SNID Value: eyJpdiI6InlaNW52U3J2TDNEMWZzZ0h5T21OS0E9PSIsInZhbHVlIjoidzZBSS95TlN2Nmh6dGVMSlpwUFRpUEZOUG5jK0VxNmtRamlrSWgvOXFTclhuZ1I3NU9ObVlmRzNhVzVOVHFIbEVOaUc2VVIvUUoyVGhvbXh6TUZEbXJDZlNKYStMeGpuZjdXSkFlUjc5elJRQ1ZRdHV1cDBGYmxBL2I0MytEUngiLCJtYWMiOiI2NTlmMzY0OTQwNGZhMzhkNTk1YTMyZjFkMzg2NjY3MWE2OGNhMjA1NmUwZWNlNjA5NTE3MDliZDk4OGZlM2QxIiwidGFnIjoiIn0%3D
.morphisec.com/	1970-01-21 05:58:10	Name: _hjSessionUser_3506314 Value: eyJpZCI6IjI4NTkzY2UzLWJhNzgtNWUyNy1iZjNmLTZiOWQ4MzA2ZGYwZSIsImNyZWF0ZWQiOjE3MTc5NTQ5NjkxNTEsImV4aXN0aW5nIjp0cnVlfQ==
.morphisec.com/	1970-01-20 21:12:36	Name: _hjSession_3506314 Value: eyJpZCI6IjNlYWNmMTZlLTAyNGUtNGYwYi05NzUxLTU3OTM1NGQ2MDRkMCIsImMiOjE3MTc5NTQ5NjkxNTEsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.morphisec.com/	1970-01-21 06:48:34	Name: _ga_4GZ4VXKYJ8 Value: GS1.2.1717954969.1.0.1717954969.60.0.0
.morphisec.com/	1970-01-20 23:22:10	Name: _fbp Value: fb.1.1717954969294.75752993534181707
.linkedin.com/	1970-01-20 23:22:10	Name: li_sugr Value: cff27507-0bcd-444e-9be0-65c6f4b2cec1
.linkedin.com/	1970-01-21 05:58:10	Name: bcookie Value: "v=2&f8af90ff-bba3-4c11-869f-69fd3c11672d"
.linkedin.com/	1970-01-20 21:14:01	Name: lidc Value: "b=TGST00:s=T:r=T:a=T:p=T:g=3427:u=1:x=1:i=1717954969:t=1718041369:v=2:sig=AQFlN7HuSCDz81FtMW4OhQYPJARZKEYO"
.linkedin.com/	1970-01-21 01:31:46	Name: li_gc Value: MTswOzE3MTc5NTQ5Njk7MjswMjE1tZq6r9xWnKv2uPlI6i+bPRI7b23IX7v154bDXhF68g==
.twitter.com/	1970-01-21 06:48:34	Name: personalization_id Value: "v1_sV6btU+OQWNon7N878QwUg=="
.t.co/	1970-01-21 06:48:34	Name: muc_ads Value: e2e7cd31-1ee6-4809-ab1d-92d0c99fa4e8
.morphisec.com/	1970-01-21 05:58:10	Name: cb_user_id Value: null
.morphisec.com/	1970-01-21 05:58:10	Name: cb_group_id Value: null
.morphisec.com/	1970-01-21 05:58:10	Name: cb_anonymous_id Value: %2299037a4b-f097-4f46-827f-015d9ed0f8a4%22
blog.morphisec.com/	1970-01-20 21:22:39	Name: slireg Value: https://scout.us2.salesloft.com
.hsforms.com/	1970-01-20 21:12:36	Name: __cf_bm Value: wVeG7fWzkZ69PHi2ocIIb9J0qpn6bLEf0hnpsYCvhDs-1717954969-1.0.1.1-oCjDPhXOgQq5Zt2C56Puvs3OWoSUAiZxG4NGN_a.Qd4YJcJL0EOAFjQafPPcLPspOHTpJ1VfQwOCFgEMB01PZA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: aJ8gIxYMUjZ9oAHsf1T48EBvO.fA8nad8E64MneMYnU-1717954969709-0.0.1.1-604800000
blog.morphisec.com/	1970-01-21 05:58:10	Name: sliguid Value: 58a0a386-c39b-4787-a420-c7bc7fd17582
blog.morphisec.com/	1970-01-21 05:58:10	Name: slirequested Value: true
.morphisec.com/	1970-01-21 01:31:46	Name: __hstc Value: 182053752.58c55858e3662e003972b153ef3c3c2f.1717954969844.1717954969844.1717954969844.1
.morphisec.com/	1970-01-21 01:31:46	Name: hubspotutk Value: 58c55858e3662e003972b153ef3c3c2f
.morphisec.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.morphisec.com/	1970-01-20 21:12:36	Name: __hssc Value: 182053752.1.1717954969844
.morphisec.com/	1970-01-21 06:48:34	Name: _ga_HFVX4VZHCS Value: GS1.1.1717954969.1.0.1717954969.60.0.0
.morphisec.com/	1970-01-21 05:58:10	Name: trd_cid Value: 17179549704573743
trackingapi.trendemon.com/	1970-01-21 06:48:34	Name: trd_gavid_2552 Value: 17179549704573743
trackingapi.trendemon.com/	1970-01-21 06:48:34	Name: trd_gvid Value: 17179549704573743
trackingapi.trendemon.com/	1970-01-21 06:48:34	Name: trd_vid_2552 Value: 2552%3A17179549704573743
.morphisec.com/	1970-01-21 05:58:10	Name: trd_vid_l Value: 2552%3A17179549704573743
.morphisec.com/	1970-01-21 05:58:10	Name: trd_vuid_l Value: -8104042554526984926
.morphisec.com/	1970-01-20 21:13:18	Name: trd_ma_cookie Value: NThjNTU4NThlMzY2MmUwMDM5NzJiMTUzZWYzYzNjMmY%3D

76 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/version.json?v=1717954968746 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/forms.js?page_path=%2Fsticky-werewolfs-aviation-attacks Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.morphisec.com/sticky-werewolfs-aviation-attacks Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1534169.fs1.hubspotusercontent-na1.net
analytics.twitter.com
api.hubapi.com
app.clearbit.com
app.hubspot.com
assets.trendemon.com
blog.morphisec.com
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
consent.cookiefirst.com
content.hotjar.io
cta-service-cms2.hubspot.com
fonts.googleapis.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
lltrck.com
no-cache.hubspot.com
perf-na1.hsforms.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
snap.licdn.com
snid.snitcher.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
tag.clearbitscripts.com
track.hubspot.com
trackingapi.trendemon.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.morphisec.com
x.clearbitjs.com
lltrck.com
104.17.24.14
104.18.80.204
104.18.90.62
104.19.175.188
104.244.42.131
104.244.42.8
13.107.42.14
13.32.27.54
142.250.184.232
142.250.186.67
146.75.120.157
157.240.252.13
18.158.205.16
18.193.30.91
18.66.102.106
199.60.103.225
2001:4860:4802:32::36
216.239.32.36
216.58.212.132
2400:52e0:1e00::1081:1
2600:9000:223c:3600:2:7dc7:8f00:93a1
2600:9000:2670:6600:7:d7d6:3c40:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:4700:4400::ac40:9284
2606:4700:4400::ac40:991b
2606:4700::6810:4769
2606:4700::6810:6bfe
2606:4700::6810:7574
2606:4700::6810:a0a8
2606:4700::6811:80ac
2606:4700::6811:ae5b
2606:4700::6812:8b11
2606:4700::6812:f36c
2620:1ec:21::14
2a00:1450:4001:803::200a
2a00:1450:4001:80e::2008
2a00:1450:4001:827::200e
2a00:1450:400c:c0d::9a
2a02:26f0:3500:16::215:1484
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
3.127.196.46
52.211.131.71
54.145.181.139
54.89.92.78
64.233.166.156
93.184.221.165
018858a91ccdb86bbf15086869c68df64ea3a8b80544c059df93197242a31bde
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
0860cea05a45cce23e1946837fd060d75a13aef98275aaf5262e9dfb1e4a388c
0c7aaaa35f71c2759c365534f95547697d30e5ef8863ec17c4ccec17b3af2705
12190336ec1095a32c479a7350868123c61769c9fa490425378cb5bf92a54d9d
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c
1fbec94ad9621a43267c401bb53db7e0605c1a5fb4b666a613356bee7cb84d81
21b4725e42948eeab21e8cf6f0affb63ebc065012b4c7dff779e428ebd33a814
251aa5ff63515634f1df6e55afca9f9eba82ca399cf25be7707b9dde280eed60
2af4c240d46b3e99eea9ccbfd9c0c1c856c710a5ed3692f455767a96224171b2
3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1
357668a31323571ee684d38cb7ab8adfb4aa4cb228017e7b5d254f969541307a
3a347ea34a470dd127acceeca1bd03e781aa2f248064c300ba2d27d81ac90a3d
3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
3d54c4e89ea374e0beeabbccbf0c7756026208ea131496d1af8bf40c5be5bb0c
3fc6f43f8d589a8e68a0242c1b868cc5219f5bd368d1b960af52716a8541dfec
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56
40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786
4678665c8291ae5a90bd577e254175fc6b3ba40a5703dbe40e08613e9400ed40
46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513
47d1036cdfb7fa765e45f0f3d193baadcd53005e95a2f9bf7b531ebfbf41ea2f
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4a39a8feebc70107051128b873cf4cd30c49875bdade70a57f9ce4f5959f51a0
4c1113b143de12d58d3771cbddb3a4e7c76580a89ea241479cc9bd5288fd2fd0
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e0a2edf9cc6b61a6576a95fe791ac7b4470577d68e0cc738a2f90d2d6416589
4e605a433da0b6d187b3cdfe5bc2e9459a994338d3d3befa8c43fb4f450340a8
4fa240d2b87d4d2f4e714a6eb95fdd173bc33787301c558bee07e0744a10df22
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
571e843e2561ab132fd44fdd9ad4047668c183102adb416d70110a2d05ac6126
5ade1526f1674ac49650f04fa328b8aec7266c24c9a045f5efbb96b6984422c0
5e207d34a1fa4ccce273eff750fb118c9dfad7282dcb623cf865f6727440502e
60bd6bad64c21fc8b1d3f6bf3fa261780974e6b0489a67a1d02db33fb4c9b7b6
636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8
648318e55febdac418f0f8a23db309f81c273a66c5eb41a8aab85b29bebcdc9f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72
6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545
71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
72e0e14a6e4f28e1fd073245c8190f207d11fe358e3f679327ccf1a880dc28af
7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3
76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2
79b4cc0ebd3cc53f681c4d0d6a716fd57eec898847218214dbdcd58c619fa42f
7c55a17ff1c99ae06713a4f027b263c90c7fa9da42be6b2a32d21ae174e1c44c
8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded
82bd71b6661f724ea282854a39a327fc9977c582f2ab0d4a63ae9f19c2df27ef
83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4
89024fa0f34e0d8d4355dbc5a23b87a4f5a44b796ed4d7771866d711431ba681
899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
8d1ab314c5802e0fb9580452bd6e3c67918198a9a5ed8bcb3697959e785a7d9f
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
99638cf918a36ae5912b6e521489ec6f3c8cb82e2e21e2f43941b86f8b223aa6
9a53f768ac355624e911c343c8b87d1749b0ca8bee8b07c9e8b75a3fe78d57ef
9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b
a2b51b2113cbc41ab91d361153d3cbe64123135f269d40ed3f03934bcd3c94c7
a37f5a9973bff7d81c31172cf62267c3adec166441cdcee7803dedc397a9b0a6
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd611420c0557b18c6fbd0dd66eb643fc3298fbaccd15e0a2ba9fdf78f2ca72
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65
ae0393f48f5412e3124cafc47dd3e8b7bd39a6eb1f2517883c8b175df4df6334
afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b28f2758dd0c48fa0e8e33ccfee02f1b581b93484aae2af63190df3d4bcc068f
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
c634ed089a8d415d0a638e10d1c8dc69bd091e2e4bde14cc47592e5cec14bd91
c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453
c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cf1cb8930dbca6515121d94c81df4c6b2567c5021435ab4ac683abfc51768ec5
cf33e7f713c3422d8843e777c6400fb30e1eaf0b80e2b04cbf74d6e0d3e5b468
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
d274658b075acbf695a0c18e0dc8a5f3f576a603882464574547b7e05b6a4c7c
d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c
d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24
d66c89bf5e43fcc471aacacfd01f90d7751c7a6f2ffde56829ddad2b53fb5456
d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461
d8d01d76fee55c57a09b3da50e7a879102df24b962df9f31ff43ebc50d31043a
d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e310c4e689e7bcf75fda1bde019d6e4fb564d95da0b9a7d04fd7e68d9673a444
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4dc380ba5b4005d9d5ae6d437004ff16f3d5c13433efba9d743209477da709b
e87be82092a8e1a5544ef566ba1a636162eecb31e33095c6f17eb06c87cc2efb
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef919241c4f9e8332708cde9d589d64af4e72883eaa283d774e27c40a29d10d1
f16a9696b3176614d3fe439def6fd9754fd489877999517b99b3b2f265cb7990
f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22
f322afdaf7184e4ddd7fca589f89cdd7e2e2721dffbf8abed7cb1eca88b0915f
f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96
f62504abbb867b0d53b4d90d746313621819f2c5d39ceab4695ac2b0ef8cf223
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fd3af5690e3288b6b4596c820e76f5c24dca32bf023257932d8c96031bfcf0f7

blog.morphisec.com Open in urlscan Pro 199.60.103.225 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

166 Requests

99 %HTTPS

50 %IPv6

36 Domains

54 Subdomains

49 IPs

6 Countries

2346 kBTransfer

6452 kBSize

41 Cookies

45 Outgoing links

Redirected requests

166 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.morphisec.com Open in urlscan Pro
199.60.103.225 Public Scan

Screenshot
Live screenshot

Full Image

166
Requests

99 %
HTTPS

50 %
IPv6

36
Domains

54
Subdomains

49
IPs

6
Countries

2346 kB
Transfer

6452 kB
Size

41
Cookies

166 HTTP transactions
0 data transactions