blog.morphisec.com Open in urlscan Pro
199.60.103.31 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Submission Tags: falconsandbox
Submission: On May 17 via api (May 17th 2021, 11:01:45 am UTC) from US

Summary HTTP 121 Redirects Links 47 Behaviour Indicators

Summary

This website contacted 38 IPs in 4 countries across 31 domains to perform 121 HTTP transactions. The main IP is 199.60.103.31, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.morphisec.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 17th 2020. Valid for: a year.

This is the only time blog.morphisec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	199.60.103.31 199.60.103.31	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	2606:4700::68... 2606:4700::6811:f2cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
14	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a03:2880:f03... 2a03:2880:f030:13:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:81ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eacc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eecc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:47b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:70b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
2 2	2620:119:50e4... 2620:119:50e4:101::6cae:b55	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f13... 2a03:2880:f130:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6810:5605	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
5	2606:4700::68... 2606:4700::6811:5d2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:c9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:400c:c0a::9b	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:d6ed	13335 (CLOUDFLAR...) (CLOUDFLARENET)
121	38

31 199.60.103.31 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.morphisec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.morphisec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:f2cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f030:13:face:b00c:0:3 (France)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh6.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28c::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:81ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eacc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eecc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e4:101::6cae:b55 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f130:83:face:b00c:0:25de (France)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:5d2 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c9cc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:d6ed (United States)

ASN13335 (CLOUDFLARENET, US)

f.hubspotusercontent10.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	morphisec.com blog.morphisec.com www.morphisec.com	804 KB
14	hubspot.com no-cache.hubspot.com app.hubspot.com api.hubspot.com track.hubspot.com forms.hubspot.com	52 KB
9	fontawesome.com kit.fontawesome.com ka-p.fontawesome.com	131 KB
8	gstatic.com fonts.gstatic.com	114 KB
7	twitter.com platform.twitter.com syndication.twitter.com analytics.twitter.com	149 KB
5	hsappstatic.net static.hsappstatic.net	219 KB
5	linkedin.com 3 redirects platform.linkedin.com px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	57 KB
4	facebook.com www.facebook.com	16 KB
4	facebook.net connect.facebook.net	161 KB
4	googletagmanager.com www.googletagmanager.com	130 KB
3	google.de www.google.de	235 B
3	google.com www.google.com	448 B
3	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	3 KB
3	hubspot.net cdn2.hubspot.net	4 KB
2	fbcdn.net static.xx.fbcdn.net	133 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	googleadservices.com www.googleadservices.com	28 KB
2	googleusercontent.com lh6.googleusercontent.com lh3.googleusercontent.com	152 KB
1	hubspotusercontent10.net f.hubspotusercontent10.net	21 KB
1	hubapi.com api.hubapi.com	924 B
1	hsforms.com forms.hsforms.com	271 B
1	t.co t.co	455 B
1	hsadspixel.net js.hsadspixel.net	2 KB
1	hs-analytics.net js.hs-analytics.net	18 KB
1	hs-banner.com js.hs-banner.com	14 KB
1	usemessages.com js.usemessages.com	19 KB
1	hsleadflows.net js.hsleadflows.net	80 KB
1	hscollectedforms.net js.hscollectedforms.net	24 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	googleapis.com fonts.googleapis.com	1 KB
121	31

	Domain	Requested by
30	blog.morphisec.com	blog.morphisec.com js.usemessages.com
8	fonts.gstatic.com	fonts.googleapis.com
8	ka-p.fontawesome.com	kit.fontawesome.com blog.morphisec.com
7	track.hubspot.com
5	static.hsappstatic.net	app.hubspot.com static.hsappstatic.net
4	www.facebook.com	blog.morphisec.com connect.facebook.net
4	platform.twitter.com	blog.morphisec.com platform.twitter.com
4	connect.facebook.net	blog.morphisec.com connect.facebook.net
4	www.googletagmanager.com	blog.morphisec.com js.hsadspixel.net www.googletagmanager.com
3	api.hubspot.com	static.hsappstatic.net
3	www.google.de	blog.morphisec.com
3	www.google.com	blog.morphisec.com
3	cdn2.hubspot.net	blog.morphisec.com
2	static.xx.fbcdn.net	www.facebook.com
2	www.google-analytics.com	blog.morphisec.com www.google-analytics.com
2	syndication.twitter.com	platform.twitter.com blog.morphisec.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	px.ads.linkedin.com	2 redirects
2	www.googleadservices.com	www.googletagmanager.com
2	no-cache.hubspot.com	blog.morphisec.com
1	www.morphisec.com	app.hubspot.com
1	f.hubspotusercontent10.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	forms.hubspot.com	js.hsleadflows.net
1	analytics.twitter.com	static.ads-twitter.com
1	api.hubapi.com	js.hsadspixel.net
1	app.hubspot.com	js.usemessages.com
1	forms.hsforms.com	blog.morphisec.com
1	t.co	blog.morphisec.com
1	px4.ads.linkedin.com	blog.morphisec.com
1	www.linkedin.com	1 redirects
1	js.hsadspixel.net	blog.morphisec.com
1	js.hs-analytics.net	blog.morphisec.com
1	js.hs-banner.com	blog.morphisec.com
1	js.usemessages.com	blog.morphisec.com
1	js.hsleadflows.net	blog.morphisec.com
1	js.hscollectedforms.net	blog.morphisec.com
1	static.ads-twitter.com	blog.morphisec.com
1	snap.licdn.com	blog.morphisec.com
1	lh3.googleusercontent.com	blog.morphisec.com
1	lh6.googleusercontent.com	blog.morphisec.com
1	fonts.googleapis.com	blog.morphisec.com
1	platform.linkedin.com	blog.morphisec.com
1	kit.fontawesome.com	blog.morphisec.com
121	44

This site contains links to these domains. Also see Links.

Domain
engage.morphisec.com
www.morphisec.com
twitter.com
www-morphisec-com.sandbox.hs-sites.com
azuremarketplace.microsoft.com
support.morphisec.com
www.facebook.com
www.linkedin.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
blog.morphisec.com Cloudflare Inc ECC CA-3	`2020-07-17` - `2021-07-17`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2021-10-14`	2 years	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2020-07-27` - `2021-07-27`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-30` - `2021-07-30`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2020-07-05` - `2021-07-05`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.morphisec.com Cloudflare Inc ECC CA-3	`2020-07-04` - `2021-07-04`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Frame ID: DD63C9643099C9C1DD06C630E62DEA4F
Requests: 104 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fblog.morphisec.com
Frame ID: 5C5E2217792433CF9B523958766579F1
Requests: 2 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/1534169/threads/utk/6c0170752cf245949d2110c6d6ac4e94?uuid=1e1a2bb9b85c42789f9d89d0c0eff614&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.morphisec.com&inApp53=false&messagesUtk=6c0170752cf245949d2110c6d6ac4e94&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Frame ID: C59EB0C44CB3013DA6B3D288C0FA5058
Requests: 10 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html
Frame ID: 03B76E4D1BF00F1A9527EA48E5AA389E
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2fe9d7a5052f94%26domain%3Dblog.morphisec.com%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff25f85f81f19298%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: CC2320DE79CF29115B003B7719233EEF
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

121
Requests

100 %
HTTPS

82 %
IPv6

31
Domains

44
Subdomains

38
IPs

4
Countries

2354 kB
Transfer

6397 kB
Size

6
Cookies

47 Outgoing links

These are links going to different origins than the main page.

URL: https://engage.morphisec.com/support
Title: Support

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/partners
Title: Partners

Search URL Search Domain Scan URL

URL: https://engage.morphisec.com/contact-us-2019
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/
Title: Product Overview

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-shield-threat-prevention
Title: Morphisec Shield

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-guard-endpoint-protection
Title: Morphisec Guard

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/virtual-desktop-infrastructure
Title: Virtual Desktop Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-keep-server-protection
Title: Morphisec Keep

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/server-protection-linux
Title: Linux Server Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/windows-server-protection
Title: Windows Server Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/small-business
Title: SMB

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/k-12-school-cybersecurity
Title: K-12 Education

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/manufacturing-industry
Title: Manufacturing

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/finance-industry
Title: Finance

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/tech-industry
Title: Technology

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/healthcare-industry
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/legal-industry
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/incident-response-services
Title: Incident Response

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/legacy-av
Title: Antivirus Replacement

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/cloud-workload-protection
Title: Cloud Workload Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/remote-employee-security
Title: Remote Employee Security

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/collaboration-application-hardening
Title: Collaboration Application Hardening

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/ransomware-protection
Title: Ransomware Prevention

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/virtual-patch
Title: Virtual Patching and Compliance

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/pos
Title: Point-of-Sale Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/supply-chain-attack-prevention
Title: Supply Chain Attack Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/browser-attack-protection
Title: Browser Attack Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/about-us
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/news-and-events
Title: News

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/news-and-events#events
Title: Events

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-customer-corner
Title: Customers

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/resources
Title: Resources

Search URL Search Domain Scan URL

URL: https://twitter.com/Unit42_Intel/status/1382729698791284736
Title: https://twitter.com/Unit42_Intel/status/1382729698791284736

Search URL Search Domain Scan URL

URL: https://engage.morphisec.com/contact-us
Title: Contact Morphisec today

Search URL Search Domain Scan URL

URL: https://www-morphisec-com.sandbox.hs-sites.com/?__hstc=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&__hssc=182053752.1.1621249288819&__hsfp=2736934676

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/morphisec.morphisec_unified_threat_prevention_platform?tab=overview
Title: Inquire via Azure

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions
Title: Solutions By Industry

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/news-and-events-archived#events
Title: Events

Search URL Search Domain Scan URL

URL: https://support.morphisec.com/support/home
Title: Support

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Morphisec/
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/morphisec
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/morphisec
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCe48cR5xTxPJSYMjG-So7Rw
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/morphisec/
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 64

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1621249287875&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32136%26time%3D1621249287875%26url%3Dhttps%253A%252F%252Fblog.morphisec.com%252Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1621249287875&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1621249287875&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&liSync=true&e_ipv6=AQLRwZkEx9KkEwAAAXl5_OjM-J4sWEeGAC2HF2tgBhs7fKH0bP8nBluGt8Kncakjr_BitZWw

121 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request revealing-the-snip3-crypter-a-highly-evasive-rat-loader Show response
blog.morphisec.com/ 197 KB
30 KB 107ms
60ms Document
text/html 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

f1bf4434a0d6ed489de3879cae72b242cfe905ff7ea1978299bcfce5ae5c008d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Request headers

:method: GET
:authority: blog.morphisec.com
:scheme: https
:path: /revealing-the-snip3-crypter-a-highly-evasive-rat-loader
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-type: text/html; charset=UTF-8
cache-control: s-maxage=10800, max-age=0
etag: W/"1be506d6283d0d3adf51298c3dab9c7b"
last-modified: Sun, 16 May 2021 17:49:28 GMT
link: </hs/hsstatic/AsyncSupport/static-1.94/js/post_listing_asset.js>; rel=preload; as=script,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.27/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
strict-transport-security: max-age=0
cf-cache-status: HIT
cache-tag: CT-46605228199,CG-3742504875,P-1534169,L-17239529598,L-17239665297,L-6439189787,W-17242827075,CW-5622149556,CW-5622149557,CW-5622149569,CW-5622149570,CW-5623122142,CW-5623122145,CW-5623122149,CW-5623122150,CW-5623122152,CW-5623289698,CW-5623289699,CW-5809523305,CW-6224157750,CW-6224175595,CW-6439021673,E-35906320644,E-36272650673,E-6213834303,E-6213834399,E-6224156614,E-6224925249,MENU-17242827075,PGS-ALL,SW-1,GC-25830409560,GC-27563948582
content-security-policy: upgrade-insecure-requests
edge-cache-tag: CT-46605228199,CG-3742504875,P-1534169,L-17239529598,L-17239665297,L-6439189787,W-17242827075,CW-5622149556,CW-5622149557,CW-5622149569,CW-5622149570,CW-5623122142,CW-5623122145,CW-5623122149,CW-5623122150,CW-5623122152,CW-5623289698,CW-5623289699,CW-5809523305,CW-6224157750,CW-6224175595,CW-6439021673,E-35906320644,E-36272650673,E-6213834303,E-6213834399,E-6224156614,E-6224925249,MENU-17242827075,PGS-ALL,SW-1,GC-25830409560,GC-27563948582
referrer-policy: no-referrer-when-downgrade
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-combine-css: Disabled
x-hs-content-campaign-id: dca8ad7e-9bbb-411d-b7d8-27d670ba5cd3
x-hs-content-id: 46605228199
x-hs-hub-id: 1534169
x-powered-by: HubSpot
cf-request-id: 0a1b95fc200000cd8767ae8000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Tws9yuDLX%2B6tg5cNx8V20hE0uZa5Gk%2BmFJcFMM27R0Lvgej9YYps7KemQM6vmfXUK3sJgFGwTUciiS8%2FE9u2IQ%2FpRy%2BYgnxr4LX%2B0vl5%2BbDcnzk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287; path=/; domain=.blog.morphisec.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 650c590d09edcd87-CDG
content-encoding: br
cf-h2-pushed: </hs/hsstatic/AsyncSupport/static-1.94/js/post_listing_asset.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>,</hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>,</hs/hsstatic/cos-i18n/static-1.27/bundles/project.js>,</_hcms/forms/v2.js>

GET
H2 200 post_listing_asset.js Show response
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.94/js/ 3 KB
2 KB 23ms
0ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.94/js/post_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a7d6a52225baae5c38ae3c75b025f025798ab05aed480fa2d4650fb94efc90e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 d62d0235c86cff9cbc14eb8c55f7a9fa.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2095586
x-amz-server-side-encryption: AES256
cf-ray: 650c590d3a5fcd87-CDG
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0a1b95fc480000cd8714989000000001
last-modified: Thu, 04 Feb 2021 19:41:00 GMT
server: cloudflare
etag: W/"a058929d27817bc3ab980554f0b7b6b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SuD1%2BAkYcE8pIjTVsPYvVdsg5f8WI2ZJd5MokQTxlYPD07ET59GDI1nIi5%2Fq6RZDxK2qVNImDkHhom6UuUOfIqJCtaD%2F5TjAw1J7HOUeyIi8hOg%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: vw6NHeRjFw2qMsQaM2YHLdRjrqNqs.9g
cache-control: public, max-age=31536000
x-amz-cf-pop: CDG3-C2
content-type: application/javascript
x-amz-cf-id: eKaegAlCrt1PWO-2_VUnXMn-uj72vj48Rf1nqwOUslYQl6w0-QP45g==
expires: Tue, 17 May 2022 11:01:27 GMT

GET
H2 200 project.js Show response
blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
884 B 49ms
0ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 d62d0235c86cff9cbc14eb8c55f7a9fa.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2095587
x-amz-server-side-encryption: AES256
cf-ray: 650c590d3a60cd87-CDG
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: CDG3-C2
content-encoding: br
cf-request-id: 0a1b95fc480000cd87389fe000000001
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ym68qx774YefxjCsiRTVrO2vWvNJxTzYK%2BEjDO71ZWoYTX%2BLGvwx6GVQIg1PNj1MrgvnIavgVO9TfTAsWeigQgzuUyyUujl%2FSsIt6CI90vSmyIo%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control: public, max-age=31536000
set-cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287; path=/; domain=.blog.morphisec.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: dTls_11UzHhgMffwd-jNUTpFHA7KWHz9nq-mSwt7h9tZ3HBImbqP6Q==
expires: Tue, 17 May 2022 11:01:27 GMT

GET
H2 200 index.js Show response
blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.103/js/ 51 KB
19 KB 43ms
0ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 30c9d09b2d818da2f62b3332bdbbaadc.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 254584
x-amz-server-side-encryption: AES256
cf-ray: 650c590d3a62cd87-CDG
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: CDG50-C2
content-encoding: br
cf-request-id: 0a1b95fc480000cd877d1c4000000001
last-modified: Fri, 14 May 2021 12:13:32 GMT
server: cloudflare
etag: W/"006946e614d6ef469f5c9e46b4836d15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EXDEt6tHbyAkkZJ7c2ruIxk2M6N5cZU4YpuBQICeSZ9R4d3Y6w7NsIvLRl22iXuHFdffy7DbyI1Dptxa9LaCk1Ntl%2FdOKj5ApOEeB7mkuh%2F8GWQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: NS5brkaR0OO1ViABjiLPNZKumB_gwu3c
cache-control: public, max-age=31536000
set-cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287; path=/; domain=.blog.morphisec.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: wxF2kYcLxJuxCQADJKJnoSUavq3_ntvDFVQJosruI0SDirmmtMMvcw==
expires: Tue, 17 May 2022 11:01:27 GMT

GET
H2 200 project.js Show response
blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.27/bundles/ 1 KB
1 KB 36ms
0ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.27/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3f99c65ea3d6186991a21add80eeea6d79500fcb3c9d8263680e0de270e0753

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 2be4364c1cde74eab64cab67d1de266a.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2095587
x-amz-server-side-encryption: AES256
cf-ray: 650c590d3a64cd87-CDG
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: CDG3-C2
content-encoding: br
cf-request-id: 0a1b95fc490000cd87700f9000000001
last-modified: Wed, 19 Aug 2020 22:31:39 GMT
server: cloudflare
etag: W/"d0cd32f08bf823a0389da03beed61887"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ogOPMDhGX0%2B2h6hCqIFtM7ZXJAKfVs%2B4bfJS0JeIVEd8bWR9uRlD78eNLhXIVL4EbOKh47hvL6xmHUHJGZdiIqVlW%2FJe7YPAHUhDHDhfYVlWO8Y%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 2tzxWhBqhFrbWNOKYsoHIauxtaBoTuuO
cache-control: public, max-age=31536000
set-cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287; path=/; domain=.blog.morphisec.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: NfVr2ar8cqN31rrwVKAxErleqayKpWkfvj0nN3UmCJjuAEtSyqAbVw==
expires: Tue, 17 May 2022 11:01:27 GMT

GET
H2 200 v2.js Show response
blog.morphisec.com/_hcms/forms/ 565 KB
134 KB 21ms
0ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c93bea6eb2c5cd796052d336d8f42741459817d0d02ba2c279b0a88691ae8190

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 22e9d361a9c4153886c1c8aa0eb4ffa8.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 132
x-amz-server-side-encryption: AES256
cf-ray: 650c590d3a65cd87-CDG
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: IAD89-C3
content-encoding: br
cf-request-id: 0a1b95fc490000cd873db37000000001
last-modified: Tue, 11 May 2021 11:45:33 UTC
server: cloudflare
etag: W/"f01130e2d2ed0b752b178ae3428286fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=x%2FlPuDIuw2YbKPJ%2BXiSp%2BLk1VYh%2BXTCx0PZ%2BgJ9aW880Cmg%2BzQIncEq8pQfyV0RRvxfInUoNKN%2BBJPJcKLGQaDSFUmOrCL7dvlstYTchB06yOG8%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 2SHDSPDimG87QeZkeFtdSB7nvcQaTAoN
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
set-cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287; path=/; domain=.blog.morphisec.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript; charset=utf-8
x-amz-cf-id: sLnKXP8OY9OCJiMsYZWWJ5gAbueZnES3Ogo5EBXfDUSo1XS2qlBWCg==
x-hs-target-asset: FormsNext/static-5.284/bundles/project_with_deps.js

GET
H2 200 jquery-1.11.2.js Show response
blog.morphisec.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
34 KB 54ms
51ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:path: /hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 2be4364c1cde74eab64cab67d1de266a.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2095582
cf-ray: 650c590d7ac9cd87-CDG
x-cache: Hit from cloudfront
content-encoding: br
cf-request-id: 0a1b95fc680000cd8773087000000001
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6M4mdAeaBYspyFP4p2W%2FTpO9W26B88Xyr5f1u4pS6ZQ8WjseIGTwVexJ%2F11XWqYP7Aoc7sHIJfvSp5EQGWiVckHw7ixHz%2FiZrakrPnRe4eUEM9Q%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: null
cache-control: public, max-age=31536000
x-amz-cf-pop: CDG3-C2
content-type: application/javascript
x-amz-cf-id: FjbtmZW71uc96f-csGRY-GM7eI3kkO_0RS7t9fZodCgSPHdRXB4Ztg==
expires: Tue, 17 May 2022 11:01:27 GMT

GET
H2 200 module_-2712622_Site_Search_Input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1621187180823/ 611 B
555 B 118ms
98ms Stylesheet
text/css 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1621187180823/module_-2712622_Site_Search_Input.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e40dde64af7d8902068c607929962c0fab0a1380cec22d28a152f46f3fecfc03

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1621187180824
date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 62084
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-request-id: 0a1b95fc7500004a73433f3000000001
last-modified: Sun, 16 May 2021 17:46:21 GMT
server: cloudflare
etag: W/"62ab382620e293effad2269c90cf3ce6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZmMNdzbJJsUTif4opYZILRTXE2xc%2BWv%2Fgc48ThYOkgASA115XOxM97XT7EH580TsgWR0bidxO6ky8l5uvzc1FOmH%2BWfdVBwGUmQEaZw%2Bjndw8oGuFy5AM7J4X3lA"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-C1
cf-ray: 650c590d8fb64a73-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 project.css
blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/ 720 B
789 B 49ms
47ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:path: /hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 d5fa26f25a4569f608d0dfafd636bc89.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2095555
x-amz-server-side-encryption: AES256
cf-ray: 650c590d7ac1cd87-CDG
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-request-id: 0a1b95fc680000cd875e91c000000001
last-modified: Wed, 19 Aug 2020 22:47:10 GMT
server: cloudflare
etag: W/"a81c70764750950eb72d4537c41e781f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6%2F7wn%2FrGgXX2%2BtcgegbQDV%2FrGNFRs5y483BQEZC4vls%2BRyT86jK8SbUU1BPXGeTx3pxrI5rCLa3e9b%2FOENbK35lM4BNuO6t9NulloXI7WEk0fpU%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 7bzlyDLBPgFUhJmnx6rYCRN4B2XAfbkA
cache-control: public, max-age=31536000
x-amz-cf-pop: CDG3-C2
content-type: text/css
x-amz-cf-id: 7QDjskKy5XYS6XXavumCoeG9YG-sp4xYMiBHwwhM867cU36IvbShCQ==
expires: Tue, 17 May 2022 11:01:27 GMT

GET
H2 200 rss_post_listing.css
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.94/sass/ 910 B
751 B 54ms
52ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.94/sass/rss_post_listing.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:path: /hs/hsstatic/AsyncSupport/static-1.94/sass/rss_post_listing.css
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 f41c2361062c4fc74c645f4e4fddd2de.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2095581
x-amz-server-side-encryption: AES256
cf-ray: 650c590d7ac3cd87-CDG
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-request-id: 0a1b95fc670000cd8753a84000000001
last-modified: Thu, 04 Feb 2021 19:41:00 GMT
server: cloudflare
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GeNXJnS8i%2FgXn%2BFDSbZeRqVd6TGWokHsZiH%2BuKcyNpZpWijkj5%2B8560NhhWrl%2FS9KAT2A0ZHV2pzqpeo2mRDXzkvFWGkuV03GlJOP2Q8Wa9yfPs%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: poR_HfzOwGppYdgImYO54h7K5fIDNnah
cache-control: public, max-age=31536000
x-amz-cf-pop: CDG3-C2
content-type: text/css
x-amz-cf-id: NaEm8TYDFGf3CEWwjRC8keezyqCZCiQsrcSpYPfxOUVvIaO83RG0gA==
expires: Tue, 17 May 2022 11:01:27 GMT

GET
H2 200 module_6224175595_Morphisec_-_Footer_Social_Icons.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/6224175595/1617603418843/ 392 B
961 B 61ms
59ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/6224175595/1617603418843/module_6224175595_Morphisec_-_Footer_Social_Icons.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 944bed570dc1348d9edb01de5d422b94cb6709c7c16c17f63a6546138b845d25

Request headers

:path: /hs-fs/hub/1534169/hub_generated/module_assets/6224175595/1617603418843/module_6224175595_Morphisec_-_Footer_Social_Icons.min.css
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1617603418843
date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 194
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: B4KKRCMRZVHPG79K
cf-request-id: 0a1b95fc680000cd8764a85000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Mon, 05 Apr 2021 06:16:59 GMT
server: cloudflare
etag: W/"b9e84394f4668b41f7713024caeec348"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6XQc8RGA8me5zOJAX0INxx20E3%2FDciDK2HKrz%2FjDppsVy6ly8RbdiuiCcKtbs3HS1UWv0MQs%2FltR2TMGivUtXhYE0%2F1qDwDWPa%2BzJor57rbt8F4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: b7j4GRYEjE9nphxFWkmpiasjRnYIyi.r
x-amz-cf-pop: IAD89-C1
cf-ray: 650c590d7ac4cd87-CDG
x-amz-cf-id: 1_ojq2b55NE4qMaNPQVYgU6Yv1NLTTMqzzvVnzTb-82tgfFDcAJYSA==
x-amz-id-2: 15Rayprog/PPz6JtiFUZAJUXstpDUDbr5WwfIe8oczOVIfLEFFZJ0G7+yCQ+Y1OjE+hHSMJV/EM=

GET
H2 200 magnific-popup.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/35906320644/1602336947748/2020_-_UIS_-_Template_Folders/Vendor_CSS/ 5 KB
2 KB 49ms
47ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/35906320644/1602336947748/2020_-_UIS_-_Template_Folders/Vendor_CSS/magnific-popup.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb

Request headers

:path: /hs-fs/hub/1534169/hub_generated/template_assets/35906320644/1602336947748/2020_-_UIS_-_Template_Folders/Vendor_CSS/magnific-popup.min.css
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1602336947748
date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 2ad0cde89ab58d454177893ae4447f50.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 194
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: BABZJTXYXBNDD7DH
cf-request-id: 0a1b95fc680000cd8712bf1000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Sat, 10 Oct 2020 13:35:48 GMT
server: cloudflare
etag: W/"64912a79884a20761ab19de42f85218c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Tz6EUmQ4G%2FBdqfES48VxrN0t2X5jE3E2%2Bw0Gg5v%2BxZJ5E0rW41VPkzyyoh9a4lD3otKZG%2BI8gkrcPHgaHt7S4j2olBMVB9i1DH3FQisA0jaqbSQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 9U_qRQcmBO4.hkeZDMZ3w4bmuJdSfscz
x-amz-cf-pop: IAD89-C1
cf-ray: 650c590d7ac6cd87-CDG
x-amz-cf-id: zalk2_2hTxsbs8AerZmxg7IShfie1IxWQmYv3kRhTnMXbxHenRacFQ==
x-amz-id-2: 246AgWUx5CglOfgAlhKzxJPMnIVwvJKzyZ26LroHB9QMnS2UkiJ51eeY3O+hyr1tQmgqLV2TWMA=

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 85 KB
34 KB 20ms
17ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-784310031

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

40018238d51d9b577a2a1467105d584f20564a6bfb91a0d3fe66c7d039cf696a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34208
x-xss-protection: 0
last-modified: Mon, 17 May 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 May 2021 11:01:27 GMT

GET
H2 200 3d204f513a.js Show response
kit.fontawesome.com/ 11 KB
4 KB 71ms
69ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/3d204f513a.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c210239aa6a470434b97ab83a854d415898cf124d8c8205600d79481cf14cffa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: gzip
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-cache-status: HIT
age: 33
strict-transport-security: max-age=31536000; preload
cf-request-id: 0a1b95fc690000d70ded292000000001
x-request-id: FnhmvqT1ysmyzvyc0BSB
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
cf-ray: 650c590d78fad70d-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token

GET
H2 200 in.js Show response
platform.linkedin.com/ 181 KB
55 KB 30ms
9ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F0A) /
Resource Hash: ccc5e125d5226a1bdce87b86d22429fd799dbc09ecf5c9e31e37d880d3eb3f11

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 3209
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 55605
x-li-uuid: dPUG7rfSfxYw8ZGObCsAAA==
server: ECAcc (frc/8F0A)
last-modified: Mon, 17 May 2021 10:07:58 GMT
x-li-pop: prod-edc2
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-ltx1
expires: Mon, 17 May 2021 11:07:58 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1620930322058/hubspot/hubspot_default/shared/responsive/ 5 KB
2 KB 61ms
42ms Stylesheet
text/css 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1620930322058/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1620930322221
date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 318905
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-request-id: 0a1b95fc7300004a7324076000000001
last-modified: Thu, 13 May 2021 18:25:23 GMT
server: cloudflare
etag: W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9neQVbuqY01Z4GbgNfD2fAcT09nfiwrVCB%2BFjY0TZ6LNhdyfzbIltMoOR9mZLmqKGuO94vsM1M6dh1bLILhk3DA%2B61yGXPtsjMrZTANZ6c%2Fw3lT343ZaLFfzh4Hp"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-C1
cf-ray: 650c590d8fbb4a73-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 Morphisec_Sept2018_styles.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834303/1621187185291/Morphisec/Coded_Files/ 141 KB
25 KB 51ms
50ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834303/1621187185291/Morphisec/Coded_Files/Morphisec_Sept2018_styles.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: caf1122c2e7a29b837c2ced58587de0f38ec52be848cd497985a1d816e527fe2

Request headers

:path: /hs-fs/hub/1534169/hub_generated/template_assets/6213834303/1621187185291/Morphisec/Coded_Files/Morphisec_Sept2018_styles.min.css
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1621187185675
date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 194
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 046G9X6MD3GK151F
cf-request-id: 0a1b95fc680000cd870f282000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Sun, 16 May 2021 17:46:26 GMT
server: cloudflare
etag: W/"fca0ceb4103c2ee11eb44a47aa72ed93"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Rl0LkZQm6%2Bb2IhfI47Hlfcg4KCSefWLzHCoj%2Bwmr8hf779KuPaEdHQh2ZVRRzKlPYqCzfm7Do%2B4TVs25UiU2V4roCes0CmayUWdRNysHvS3PmFY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: ioYGhS5iw94.GjAKP7d3brSRGKGVrdcI
x-amz-cf-pop: IAD89-C1
cf-ray: 650c590d7ac7cd87-CDG
x-amz-cf-id: RtN2WCaZFM3mUN_RYM3pjAAg6NBLK3SE-sz7QCDvrEwO2-eS0Cp4MA==
x-amz-id-2: xszoWWT40WWSrKb+C1XdbeuUq6OWi6yEeThghzqkWHOXnEe7rRac5grpCvJqY/USuuqHlL5MVFE=

GET
H2 200 MorphLogoHorizColorWhiteNoTag_RGB.png
blog.morphisec.com/hubfs/ 17 KB
18 KB 47ms
45ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.morphisec.com/hubfs/MorphLogoHorizColorWhiteNoTag_RGB.png
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5402773ff573dece0cb3900253041fc792bb8239908876bd8f4833eae45573f4

Request headers

:path: /hubfs/MorphLogoHorizColorWhiteNoTag_RGB.png
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1b95fcfa0000cd8768bc3000000001
x-amz-meta-cache-tag: F-47184249392,P-1534169,FLS-ALL
age: 217208
x-amz-server-side-encryption: AES256
edge-cache-tag: F-47184249392,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="MorphLogoHorizColorWhiteNoTag_RGB.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 5F6M7RS34E388NSW
cf-bgj: imgq:85,h2pri
etag: "5869144aaa6ac0b61080092c2909813a"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1621023591312
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 ee57e278d5f96045a012c4c3d8da58f9.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG53-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=40633
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 16952
x-amz-id-2: JwVKV/KENSRENHL18f6qQuD3Rv/pEvPZIYqe/NJYRIT0zwHY0glRzTmnKU347xCXNEALIffi6ns=
last-modified: Fri, 14 May 2021 20:19:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lE3cgLOJlJNz%2FZeDm32j%2FvJdWVafLvksKrc8rimSB83QOMWyY%2B3f6VoH2kd4xleI1Eo%2F%2F5%2BUh1b9JloAQ5K9RdBvIDsI7zWjWbCORKk%2FmLVW49c%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: eBw7CZ7wKLw.fZfnIzzoWR_yWqpv4E4l
accept-ranges: bytes
cf-ray: 650c590e5cc9cd87-CDG
x-amz-cf-id: hrKeWPX94EnHAyN-lJVxRzy7u1djK-m5o3qanmvtrfL1O2AMb6oJsw==

GET
H2 200 ac6afdf6-76ba-4bd4-8224-6397963e1198.png
no-cache.hubspot.com/cta/default/1534169/ 1 KB
2 KB 130ms
128ms Image
image/png 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/ac6afdf6-76ba-4bd4-8224-6397963e1198.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa08eb6a9ff122e3686fd722d25cff1b927fdae6230999d3ef98d9bf6b8b4f18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-request-id: S52PHAYF163SVJ5W
x-amz-server-side-encryption: AES256
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1153
x-amz-id-2: Xiz34dtR2wfz3D+dziFBxVLLO78c8WvgmLH6xCAwmKfh4O+NXxySuvvnzBDbr9xU98iwk/1/Nms=
last-modified: Thu, 26 Mar 2020 17:13:49 GMT
server: cloudflare
etag: "29a8b579870958e22f2e256dfb236a33"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Kbafzfyn1ZbDxgGTf9Yi8P5n3ROoObquT%2BMf%2FhMHq3X3WMAF%2BgTdbxPv%2Bi%2Br3nHq3%2FTFUR9cca1mEzVWfIpoga3tcl9QJrwCX9XTn7wCidpYgq8Z6uh7ROybKnvjFHwJgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
cf-request-id: 0a1b95fcf200004e2593810000000001
accept-ranges: bytes
cf-ray: 650c590e59bb4e25-FRA

GET
H2 200 current.js Show response
blog.morphisec.com/hs/cta/cta/ 9 KB
4 KB 48ms
48ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs/cta/cta/current.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4ee2f7ce35c9debc48074853c1f54821a7d1cd2f738a0857cb9754c904bfbb0

Request headers

:path: /hs/cta/cta/current.js
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 4db130e87be66fce9731567ae0669c56.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 24
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=cta-embed-js/static-1.36/bundles/current.js&cfRay=650c5878d44cedab-IAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0a1b95fcb40000cd8759151000000001
cf-ray: 650c590debcfcd87-CDG
last-modified: Wed, 12 May 2021 09:48:14 UTC
server: cloudflare
etag: W/"1777b53ad85549fa3ece2bc9c51b6340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=u5%2F94mXGD3HgmAcrcBFuXTa8bbE3mJ23ifYNPP3z5%2B5B6rXrB7AhPX0AuiQUa4mEoXdIFEC%2Fnl8XoZ3vsjjTntYqOJa9O8DJjRz%2FT7%2FtTUI1Dt4%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: QMWar19_03IGFsusYgoXniHbdWzPWjnr
cache-control: max-age=600
access-control-allow-credentials: false
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: alzfSGkwhw7GWm-n48OlRRut7dWz7NzHgmqJOkpjq-ucPKd67LutJA==
x-hs-target-asset: cta-embed-js/static-1.36/bundles/current.js

GET
H2 200 4f0feebd-16b5-4509-8e27-c4dab59e00e6.png
no-cache.hubspot.com/cta/default/1534169/ 25 KB
26 KB 132ms
130ms Image
image/png 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/4f0feebd-16b5-4509-8e27-c4dab59e00e6.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebc6551704fc71288f7c9c179d45fa30b206a1f85aebf8d8305d17dc1bb357c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-request-id: S52Q3KV7Y7VDZ7QZ
x-amz-server-side-encryption: AES256
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25748
x-amz-id-2: vIURyYAsoq0pWgU1iSSkbR3NGjydPlo1stydGFAubbiQH50etNfw4mlGyMVhmUmFneJgYA/TITg=
last-modified: Tue, 22 Sep 2020 21:52:29 GMT
server: cloudflare
etag: "e33b5d4c95a692d693ea1391671507b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FImQR0Bx25k2L%2B972F2stB1MthOhODhl1JWuhlu4KZvQyeJx047fUEJpEc4ccpst9XUd5FYw4vWadbLLlD%2BW9y9K9pnhgVPxqBTaOefqeoOfgtJX%2FP%2Bl6xsEfdPX%2BwWg8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
cf-request-id: 0a1b95fcf200004e25691ea000000001
accept-ranges: bytes
cf-ray: 650c590e59bd4e25-FRA

GET
H2 200 MorphLogoHorizColorWhiteNoTag_RGB.png
blog.morphisec.com/hs-fs/hubfs/ 17 KB
17 KB 51ms
50ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.morphisec.com/hs-fs/hubfs/MorphLogoHorizColorWhiteNoTag_RGB.png?width=2481&name=MorphLogoHorizColorWhiteNoTag_RGB.png
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5402773ff573dece0cb3900253041fc792bb8239908876bd8f4833eae45573f4

Request headers

:path: /hs-fs/hubfs/MorphLogoHorizColorWhiteNoTag_RGB.png?width=2481&name=MorphLogoHorizColorWhiteNoTag_RGB.png
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1b95fcfa0000cd8740299000000001
age: 190239
x-amz-server-side-encryption: AES256
edge-cache-tag: F-47184249392,P-1534169,FLS-ALL
x-amz-replication-status: PENDING
content-disposition: inline; filename="MorphLogoHorizColorWhiteNoTag_RGB.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-bgj: imgq:85,h2pri
etag: "5869144aaa6ac0b61080092c2909813a"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1621023591312
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8b.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=40633
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 16952
last-modified: Fri, 14 May 2021 20:19:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1IIg8xiGAoG38x1sSw%2Fmk1RRwBxdpAvRkI%2BYh7JR8zSjiL5NQPUAcVhQfA2rOIsdc24bluIzVpe3pEwfj%2FiH%2FEL6%2FkaJaj56vUZSvhSUKAyFvrw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 650c590e5ccccd87-CDG
x-amz-cf-id: _j5f8Rw3qlwLWRkrpm3mp-LNgzti3WDtT_zHy_qc5dUeUHWE3pEqDA==

GET
H2 200 module_-2712622_Site_Search_Input.min.js Show response
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1621187180734/ 4 KB
2 KB 20ms
19ms Script
text/plain 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1621187180734/module_-2712622_Site_Search_Input.min.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e478d6bfa2195bf848e654a633d359e9a224d3df4e8f8afb706ba854075edc4f

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1621187180734
date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 62083
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-request-id: 0a1b95fcd600004a73e21a5000000001
last-modified: Sun, 16 May 2021 17:46:21 GMT
server: cloudflare
etag: W/"d8b891b340d16f54815a2f5729c2405a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yHrvY5dBLFWfUhEYvOSBoOPq5BQK6prBI45kNTBH92kIXjFCsHuoxVTB%2Fcjk48GsVd1dyEF1ab48pv%2FhDEixwSYPsKuu5%2B58BMmEeGeIJhCK8Og7cJIl%2BrVjJiYj"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-C1
cf-ray: 650c590e29494a73-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 lazyload-min.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/ 8 KB
3 KB 56ms
52ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/lazyload-min.min.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545

Request headers

:path: /hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/lazyload-min.min.js
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1603042259630
date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 7e9d74c81117937f0703aa3977d2d999.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 23
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: FYKYSDAW3XPX930E
cf-request-id: 0a1b95fcf90000cd8762a61000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Sun, 18 Oct 2020 17:31:00 GMT
server: cloudflare
etag: W/"67744f609bc5dbc8a0fb9fe0d5005f25"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oaAwkd%2B0KRzzl%2F7SbQ%2BJAWKzZAse5bVXpyB38UiHCx1MsXvsqIi%2F5G%2FbsGeLcytzvNlvaKCD8b5hKkfn8nxlnaw9%2BTbU1zH2LX93b2zSAvZi4vo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 4SGyaLwa93KERwdBmZy9UM4.3aqx9djg
x-amz-cf-pop: IAD89-C1
cf-ray: 650c590e5cc0cd87-CDG
x-amz-cf-id: XRUG7Oy7WOy3peXP_DuJVWrU_BiCi-u7qeT_AvTDqNCU7JVZ6aYTuQ==
x-amz-id-2: Y6VJAr49qiPFEhy6ZBiutmUOVH8R/D3lB8vPkB/dgoI75b+PAnT54TPoC2SGF4WN8BAlD4kN1iQ=

GET
H2 200 vide.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/ 4 KB
3 KB 53ms
50ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/vide.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831

Request headers

:path: /hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/vide.js
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 22
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 3TC6172V2HCFGX8Z
cf-request-id: 0a1b95fcf90000cd870f859000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Mon, 30 Sep 2019 05:35:31 GMT
server: cloudflare
etag: W/"901e2d8fd2af243d3d8dd68e38fa22da"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vlVLHBFuKTu3k67nFJ6cHo8OsFGTVZR5DgZZpInNS5oi8ZxHNIyOiI7g6P4XYD84HdV9yfx8SR13GPch49jqkZtJiR0gP8jzvhFScKaezRLp%2FgU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: xCDhIWpBzbsqxgnqK8jsUmPM_UWe2ml.
x-amz-cf-pop: IAD89-C1
cf-ray: 650c590e5cc4cd87-CDG
x-amz-cf-id: 6h7C9QW4Z9UFNrCL-C_P7x4078NSooJvlakzWIwl36O_FelvOARcEg==
x-amz-id-2: BT3Lqm+KzsObk1hfmfUXDklpH7LdV5qWPKpolut1vUfmyCKH/0aOr4z9qNdvRFW8/ez2b/hA1rs=

GET
H2 200 Morphisec_Sept2018_script.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1611499568052/Morphisec/Coded_Files/ 169 KB
40 KB 74ms
71ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1611499568052/Morphisec/Coded_Files/Morphisec_Sept2018_script.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b97b653b07a8f4c10043c308aa5ef60b5a109c515c80c7f1cd88f15b443dfcc

Request headers

:path: /hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1611499568052/Morphisec/Coded_Files/Morphisec_Sept2018_script.js
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1611499568052
date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 041a4887d523cabe8177e269cc358163.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 23
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: B25EHXX5RTSZ4Q1P
cf-request-id: 0a1b95fcf90000cd8746154000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Sun, 24 Jan 2021 14:46:09 GMT
server: cloudflare
etag: W/"c9c0217a336d33832d53c6cebcac0c8c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HHWiPPx9T4VzGNt3DCuqEbkIG4nza%2BmGym31qB%2BovqzrfqbsNja5AnO7SbhzxqhqaAZOPeVdjr11lRGkxyXmBmDDqtBXmAcVQW9EfbIAJUiZ8ZE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 7tHHYGE0cp4GwJwMpKa42npyA4ZTlJWn
x-amz-cf-pop: IAD89-C1
cf-ray: 650c590e5cc6cd87-CDG
x-amz-cf-id: BW8UH_992FW4-lWCSrA-ePhhgdVdFPYl6wTCjAHz-YbdDtoDcmcayg==
x-amz-id-2: fSYbS8B5jZOdzw1MXG9EzKvKI3PsoqdjN0dSOT16Y+0GuxTdFS+93pMGlVkTQlwH9ovFT3+cusw=

GET
H2 200 magnificpopup.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/ 20 KB
8 KB 59ms
56ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/magnificpopup.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Request headers

:path: /hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/magnificpopup.js
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 7b32163caf7e91fe96df7bbeaa58c0f9.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 194
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: B4KS6YEF53WBSNMQ
cf-request-id: 0a1b95fcfa0000cd871d073000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Mon, 30 Sep 2019 05:35:31 GMT
server: cloudflare
etag: W/"ba6cf724c8bb1cf5b084e79ff230626e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=q5%2FDCRNZvghNysjTHcOK%2BPF1F0t9v5uX2H0OewFwZpKZc6TOR51dTSCE5EK6ojx5wCGLP4CPP40vNhnbHeQyAy1KfSRIT%2BDsVEFUQPvYFQc%2Blpc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: AenlXmDNTXiJmWpCG4hF_X9US4k8ofw.
x-amz-cf-pop: IAD89-C1
cf-ray: 650c590e5cc8cd87-CDG
x-amz-cf-id: jfdBq-KtpSeH93BojUXCri-biwQx51QH1V-i8_RPbjy4plCPC5fa3g==
x-amz-id-2: jIeGOrMBCdc+eh2jpKq+/e7Lbqn1K4nl9F1qbyRsLVfAacJYhB5eQm6UEgatO0/j0xJwQ96O4H0=

GET
H2 200 1534169.js Show response
blog.morphisec.com/hs/scriptloader/ 3 KB
1 KB 45ms
43ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 508e2a431243c3cb0533d079c8eb14c8e866559fd68e5ba66c33ca45eaf8ab1e

Request headers

:path: /hs/scriptloader/1534169.js
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 23
cf-polished: origSize=3002
cf-request-id: 0a1b95fcfb0000cd874d803000000001
x-hubspot-correlation-id: 8e6e1930-f6a9-47ec-937e-a00eb9aa74af
cf-bgj: minify
server: cloudflare
x-trace: 2B89C93CD6E8B8E55646923041BDFEBAD64B3D0AA2000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=34msZXtwGp5MC9N7Z8GPGnQpRiRvUwoUb9G4O%2FQKHYiOS6sJjB3jvXF3F%2Fv14MP0QFwU0c25nU4isYZoyLeawgdcoqTTNEW7WI3aMF3Z1dfymcQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 650c590e5ccecd87-CDG
expires: Mon, 17 May 2021 11:02:27 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 92 KB
24 KB 49ms
15ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a517525b8a7d39bcaf1cf5f9695c5be8fce7a6b920a3924c1a4f70e8ea748c05

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23959
x-fb-rlafr: 0
pragma: public
x-fb-debug: mWQuqEyRaUkYf7+o7r96qkd9vDtMAs/Wm5QluZwJRREmoaYC7ojU6IlM2XSQgLyZyFU98yu/ebGJDAYlyPEr5Q==
x-fb-trip-id: 2050670934
x-frame-options: DENY
date: Mon, 17 May 2021 11:01:27 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pro.min.css Show response
ka-p.fontawesome.com/releases/v5.15.3/css/ 312 KB
53 KB 175ms
174ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.3/css/pro.min.css?token=3d204f513a
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/3d204f513a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f734d8ecda48e6d98faab2e1e9b91d6c5f72b86408ea6e2126d4b1681b92ef4c

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2092252
content-length: 53820
cf-request-id: 0a1b95fd160000d70dc9991000000001
last-modified: Wed, 17 Mar 2021 02:23:58 GMT
server: cloudflare
etag: "6051683e-d23c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 650c590e8ae6d70d-FRA

GET
H2 200 pro-v4-shims.min.css Show response
ka-p.fontawesome.com/releases/v5.15.3/css/ 26 KB
4 KB 115ms
114ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.3/css/pro-v4-shims.min.css?token=3d204f513a
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/3d204f513a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce885aa8b86fb7d85992aae4435fb45b444f8d3919dca083c83a36d7600f96d7

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2092252
content-length: 4202
cf-request-id: 0a1b95fd160000d70df71f4000000001
last-modified: Wed, 17 Mar 2021 02:23:57 GMT
server: cloudflare
etag: "6051683d-106a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 650c590e8ae5d70d-FRA

GET
H2 200 pro-v4-font-face.min.css Show response
ka-p.fontawesome.com/releases/v5.15.3/css/ 27 KB
3 KB 134ms
133ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.3/css/pro-v4-font-face.min.css?token=3d204f513a
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/3d204f513a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22e2037b36515615d60ab5bb486646219d9a2509df36f31a11c9b94ec6f4bd5c

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2092252
content-length: 2568
cf-request-id: 0a1b95fd160000d70de221c000000001
last-modified: Wed, 17 Mar 2021 02:23:57 GMT
server: cloudflare
etag: "6051683d-a08"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 650c590e8ae8d70d-FRA

GET
H2 200 css2
fonts.googleapis.com/ 22 KB
1 KB 15ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834303/1621187185291/Morphisec/Coded_Files/Morphisec_Sept2018_styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cc5fd132061a74f7734ff3ff5e31d6fc9e9ecf30798d98f9f1ac0bceb37fb7db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834303/1621187185291/Morphisec/Coded_Files/Morphisec_Sept2018_styles.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 10:36:27 GMT
server: ESF
date: Mon, 17 May 2021 11:01:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 May 2021 11:01:27 GMT

GET
H2 200 banner.jpg
blog.morphisec.com/hubfs/Morphisec_Sept2018/images/ 17 KB
17 KB 49ms
49ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.morphisec.com/hubfs/Morphisec_Sept2018/images/banner.jpg
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 596321cbb85f68b1fd15a3ac788e42a8668035305c6daa2abdcfdd2bbd560308

Request headers

:path: /hubfs/Morphisec_Sept2018/images/banner.jpg
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 90515c29ffc08c36814da3b1fe9d04e8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-6439029701,FD-6224077822,P-1534169,FLS-ALL
age: 166337
cf-polished: qual=85, origFmt=jpeg, origSize=53423
edge-cache-tag: F-6439029701,FD-6224077822,P-1534169,FLS-ALL
content-disposition: inline; filename="banner.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 8YKTN04C35VYQNBR
cf-request-id: 0a1b95fd1a0000cd877831f000000001
x-cache: Miss from cloudfront
accept-ranges: bytes
last-modified: Fri, 02 Nov 2018 05:18:28 GMT
server: cloudflare
etag: "6b5a7bb5742f26d5496923c15954cb9f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=p5Let2JY%2FSB9fXiUXc%2B%2F3oGEQ3sdtnFdKKH3jIcD2G6SOjxDn7bj2LR%2FVJaAgPQk9SHDH0ybf7ytBCeWGMSF97SfU3Y1dksKdBpg4LwKOSYwEPg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-amz-id-2: FEnrzsD83qVyEx5MwkU1gEqrhBygSiXSlIWXmT1zLEtJKu2FZI0Yyjfchd1hoGoGtPbQtfSsJJg=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: FmW4mbH3z7sPARdVNyo3HX0N7yklJhEy
x-amz-cf-pop: CDG53-C1
content-length: 16896
cf-ray: 650c590e8d1ccd87-CDG
x-amz-cf-id: gh1RL0AX_3ieA7hxG82tcusLQjw4B6kVA3PaygjQWkSJ6B6CCBGk_Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 mem6YaGs126MiZpBA-UFUK0Zdc0.woff2
fonts.gstatic.com/s/opensans/v18/ 13 KB
14 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Zdc0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da407a15b1ea0c1b4bb774bd77bb608d6b1c90397b5a75b8895bbccfda5feb63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blog.morphisec.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:44:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:37 GMT
server: sffe
age: 328645
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13780
x-xss-protection: 0
expires: Fri, 13 May 2022 15:44:02 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blog.morphisec.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 551450
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 11 May 2022 01:50:37 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blog.morphisec.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:47 GMT
server: sffe
age: 89869
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
expires: Mon, 16 May 2022 10:03:38 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blog.morphisec.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 20:40:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 483649
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Wed, 11 May 2022 20:40:38 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN_r8OUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 14ms
13ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blog.morphisec.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 05:52:33 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:21 GMT
server: sffe
age: 364134
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14932
x-xss-protection: 0
expires: Fri, 13 May 2022 05:52:33 GMT

GET
H2 200 memnYaGs126MiZpBA-UFUKWyV9hrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 11ms
11ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWyV9hrIqM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

453e6eb293c6b89bee1e1ac35780b6061d92b91af5e339d57460fc9bc230e678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blog.morphisec.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 11:04:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:25 GMT
server: sffe
age: 345390
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13860
x-xss-protection: 0
expires: Fri, 13 May 2022 11:04:57 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN8rsOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN8rsOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75db69592337280529fdc6448185b1cb88a50dbe9b498718f45ba52907e8aba3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blog.morphisec.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 22:00:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:38 GMT
server: sffe
age: 306063
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15088
x-xss-protection: 0
expires: Fri, 13 May 2022 22:00:24 GMT

GET
H2 200 memnYaGs126MiZpBA-UFUKW-U9hrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKW-U9hrIqM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49512fd44c952848dd006a4319334a7eafd140f92a68081aec2b13673ba5f4a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blog.morphisec.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 02:03:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:15 GMT
server: sffe
age: 377895
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13960
x-xss-protection: 0
expires: Fri, 13 May 2022 02:03:12 GMT

GET
H2 200 snip3%20crypter%20revealed.png
blog.morphisec.com/hs-fs/hubfs/ 424 KB
425 KB 62ms
61ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.morphisec.com/hs-fs/hubfs/snip3%20crypter%20revealed.png?width=697&name=snip3%20crypter%20revealed.png
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c139dbb0d2752062ddd8f73eafa3fff6740d9265ae2b00aa4ba3dadb4cd1c54f

Request headers

:path: /hs-fs/hubfs/snip3%20crypter%20revealed.png?width=697&name=snip3%20crypter%20revealed.png
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1b95fdb70000cd8764aa5000000001
age: 13730
x-amz-server-side-encryption: AES256
edge-cache-tag: F-46620116560,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="snip3%20crypter%20revealed.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-bgj: imgq:85,h2pri
etag: "1bac5bc43dfefa4da59abf85741a633a"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1620334545717
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 ef6762d67d012a06d2761f42352c9e53.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=614155
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 434208
last-modified: Thu, 06 May 2021 20:55:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=K2tml0%2FmNpBhB0NyPSCO2fg%2BVtjVqFpeUMVhTrNrqF1DFDQN3HV7tD424sUDydA3xv%2Ftumwy4dg7V77PFsMCioEK6RJxhRwad37du%2FmM0ybRk9Y%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 650c590f8ed2cd87-CDG
x-amz-cf-id: udZtWKgTATtYDsaMrqFDKXNQiTwL0gVtRsf2lMfai6F6zSi2JnRyWg==

GET
H2 200 vHy6BrR1YN8Jv5KTT9ApAUP_fpBdDeQBj9mC5i4eDyDgMpWeed0Vt9VVd6PHB_g0wci5XaotveLAtvXPYAEckR2ZkPYDXQe9kMvQzDL_dvQeEteFQcn_sSB1n81p57z5amxzrV9o
lh6.googleusercontent.com/ 129 KB
130 KB 13ms
11ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/vHy6BrR1YN8Jv5KTT9ApAUP_fpBdDeQBj9mC5i4eDyDgMpWeed0Vt9VVd6PHB_g0wci5XaotveLAtvXPYAEckR2ZkPYDXQe9kMvQzDL_dvQeEteFQcn_sSB1n81p57z5amxzrV9o

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6b742cdf7e618a7a53771aee085463163550f1b0d19e7fcfe8128c2bd1d4bf38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 07:24:09 GMT
x-content-type-options: nosniff
age: 13038
content-disposition: inline;filename="Untitled presentation (4).png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132512
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 14 May 2021 05:08:11 GMT

GET
H2 200 D_yo-ySsqR0BhJuIlXUFHEvQB7N7I078XeSZPmHSi5utXR8jmjEsAjpMa5wcNPI_bo5k3jQK1l_zS87hFWju1_om5ooHRCbZZLIl3CMYwZFzudFn4XzQ8xZzjkanY3W4q6VJ_Sy3
lh3.googleusercontent.com/ 22 KB
22 KB 8ms
6ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/D_yo-ySsqR0BhJuIlXUFHEvQB7N7I078XeSZPmHSi5utXR8jmjEsAjpMa5wcNPI_bo5k3jQK1l_zS87hFWju1_om5ooHRCbZZLIl3CMYwZFzudFn4XzQ8xZzjkanY3W4q6VJ_Sy3

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

42af4371a919fc9be280a12c6b947f8dbe0e693d0fab6f13ff56532f2931894d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 07:24:07 GMT
x-content-type-options: nosniff
age: 13040
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22461
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 14 May 2021 05:16:18 GMT

GET
H2 200 37b11fda-a2aa-4805-9c0e-bae8eaccd6b7 Show response
blog.morphisec.com/_hcms/forms//embed/v3/form/1534169/ 9 KB
3 KB 202ms
202ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/forms//embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7?callback=hs_reqwest_0&hutk=

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0597033f9179897593050a31b3fae68c886a3f78608dce3fad1659b93b96d420

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /_hcms/forms//embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7?callback=hs_reqwest_0&hutk=
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 671d7255-e665-4db2-a108-5f1c8b73ae56
content-disposition: attachment; filename=no-rfd.txt
vary: Accept-Encoding
cf-request-id: 0a1b95fe130000cd8725b9d000000001
server: cloudflare
x-trace: 2B18EAA63C94C295FDEFA56381DEB9A07E027335D6000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jo%2BRU4KLIegm2qUFM5NaebYpyAsR5pRm4%2B1%2FhFMJKCuKMnKOUHwz955ov%2FooJNxoOzyHVHbiqE5FqaTzEmbRyfJneT3kvj9Wlfn3fUduGiViIzU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 650c5910181ecd87-CDG

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 22ms
10ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 11:01:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=47764
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 41ms
13ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 39722
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1621249288.748531,VS0,VE0
x-served-by: cache-fra19131-FRA

GET
H3-29 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 17ms
17ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5c0a1d17e580b1ef8026d4e334179ac8e3cb22825ea9b266c211023bb5fc44cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: wLiEhQc9dpdy5T4vCBBqhg==
cross-origin-resource-policy: cross-origin
expires: Mon, 17 May 2021 11:07:04 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1781
x-fb-rlafr: 0
x-fb-debug: gT4WeClKViNj2cs0mrKWJ2nD9JPvYufKv81N83oEgn7LzmwZ3gpqHdi66RDo65SrIsATpaBj0Kc9iAN5I+DfSQ==
x-fb-content-md5: f11330257699955250e0d4a46fffa9d3
date: Mon, 17 May 2021 11:01:27 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "9d7c21b0a134e4b63df6483455140530"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 27ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 11:01:27 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/669E)
Age: 975
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H2 200 postlisting Show response
blog.morphisec.com/_hcms/ 3 KB
1 KB 39ms
38ms XHR
application/json 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/_hcms/postlisting?blogId=3742504875&maxLinks=10&listingType=recent&orderByViews=false&hs-expires=1652723190&hs-version=2&hs-signature=AJ2IBuFECccvmBehenDp5_tu0nassdtgOQ&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.94/js/post_listing_asset.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8742825ea7758172994cdb0abf2c2e56e5b7c43b868fe74acb72461fe641364

Request headers

:path: /_hcms/postlisting?blogId=3742504875&maxLinks=10&listingType=recent&orderByViews=false&hs-expires=1652723190&hs-version=2&hs-signature=AJ2IBuFECccvmBehenDp5_tu0nassdtgOQ&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6345
cf-request-id: 0a1b95fe360000cd87730b3000000001
x-hubspot-correlation-id: 8520f25f-0377-4c0c-a99a-f4e77d285321
server: cloudflare
x-trace: 2B2FFE199E80A9952148C483F056D74208E424B208000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=C4vayYVGui5jdNJ8ODTnbzu%2FwVIdMXKDPx5zJxZ28LM4DEHUokfG2cALYYOsOag8QNnFKZATIk%2BdzFIg2x3FOLtYdy%2BawEc6X0YaJB1eCKSQvVE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-robots-tag: none
access-control-allow-credentials: false
cf-ray: 650c591058aecd87-CDG

GET
H3-29 200 885880844953016 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 17ms
16ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/885880844953016?v=2.9.39&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6ef33e95bcb49948a01494b1dc4b9a1b3e35743640c31f5db5d8c1dd80c62b3a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74003
x-fb-rlafr: 0
pragma: public
x-fb-debug: T5KWtrwsXLBRmJeCcDkZJv8Of6e5+c9cVaHTPKL3QmRUSKj+UG9ak5H1oIT18p8j8LNFAW1vBYIA++cqjsQqFA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 17 May 2021 11:01:27 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 81 KB
24 KB 20ms
19ms Script
application/javascript 2606:4700::6811:81ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:81ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfabc4d333e327c32d9d62163c51df7b15e4d8a5a04683e9f024262ab9e3356d

Request headers

Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 22e9d361a9c4153886c1c8aa0eb4ffa8.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 74451
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.239/bundles/project.js&cfRay=65053f685c692bd2-IAD
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0a1b95fe5d0000326087af4000000001
cf-ray: 650c59109ab93260-FRA
last-modified: Fri, 14 May 2021 09:00:06 UTC
server: cloudflare
etag: W/"d4d11e37f3f418bbc582008a9d42401b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: 4Ay4hkDNZ0cZB59AI9nL3xeHgWtkyIlk
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: uqt85qARh5VBdf4eBybxScXGEPut68V_-lBoDsHsJWahxhuH7Db9Yw==
x-hs-target-asset: collected-forms-embed-js/static-1.239/bundles/project.js

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 471 KB
80 KB 34ms
33ms Script
application/javascript 2606:4700::6811:eacc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:eacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10e5ad8f6aab7933888e789f5b9eed29f6064a9a256fe35c384c8da0b648d3dc

Request headers

Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 91541e88a15c80bced2ffb950f407c1e.cloudfront.net (CloudFront)
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 21620
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1019/bundle/main/lead-flows-release.js&cfRay=650a49384bf79ace-IAD
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0a1b95fe5d0000d6d1e4a3d000000001
cf-ray: 650c59109fead6d1-FRA
last-modified: Mon, 10 May 2021 01:50:02 UTC
server: cloudflare
etag: W/"a0422ceeab86db6e0c81719033b4bab7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: vzNq8gdJKWGHBPoJ4NIykDa1nlgXs_sz
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: GicHrrOdgXq8QiiMa3xakrcn0BKpjx-yDdElGwIbZdy9sfYpI2Fasg==
x-hs-target-asset: lead-flows-js/static-1.1019/bundle/main/lead-flows-release.js

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 81 KB
19 KB 46ms
46ms Script
application/javascript 2606:4700::6811:eecc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:eecc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca4de8fd9c3bb2ec7e64324743691202eb3a048b1612c4d08157596a6e030988

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 e3e94284a800d30d02bd662be67e1bf2.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 457
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.8799/bundles/project.js&cfRay=650c4de38cad2bd2-IAD
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0a1b95fe5f00002c19ac855000000001
last-modified: Fri, 14 May 2021 03:34:10 UTC
server: cloudflare
etag: W/"881e20e8c7745677c407d19419cc205b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: YO.k.jDhSlMMvkbEP5YyeK4ETQQsZWgL
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 650c5910983f2c19-FRA
x-amz-cf-id: sd-biYWwNxCfF4N5yqfT0etnT49PPyDmTvz7Zp7I4eZ4mekm7XWGLw==
x-hs-target-asset: conversations-embed/static-1.8799/bundles/project.js

GET
H2 200 1534169.js Show response
js.hs-banner.com/ 59 KB
14 KB 19ms
18ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/1534169.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 015f793808513559dcd2a2e3440d3e17af39b0094c96cce23debeb9405198cca

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: br
cf-cache-status: HIT
age: 32
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-request-id: 5H2502C5V3A5NWYQ
x-amz-id-2: nYx/MzZRrcKMcTBDuv3gSy5X0j6DF/RT3Dwg/XFk78wE7ABl6iHyv9Iy/+Cnk8ToODQfevp+URo=
timing-allow-origin: *
last-modified: Wed, 12 May 2021 19:00:23 GMT
server: cloudflare
etag: W/"a0d89d213d017f8b12311e28481dfb6d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: fecTKPFE53Qk5PebmxHcjsvMIJPkXvt6
access-control-allow-origin: https://www.morphisec.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-request-id: 0a1b95fe5f0000c2ea0db75000000001
cf-ray: 650c5910987dc2ea-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Mon, 17 May 2021 11:05:55 GMT

GET
H2 200 1534169.js Show response
js.hs-analytics.net/analytics/1621249200000/ 62 KB
18 KB 41ms
41ms Script
text/javascript 2606:4700::6811:47b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1621249200000/1534169.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 951c767a67c859e5233a48e09983784b48880a5a006a88a6e822064bf06de017

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: br
cf-cache-status: HIT
age: 32
x-amz-server-side-encryption: AES256
x-amz-request-id: XXS5T1K7XBRG941G
x-amz-id-2: RB0uWj0JzOIQP20QAVXePgMVhJsPHZXR2W0kf6x9XdmFurTCkNGjS4AMfMbgF+4Vgz5K6IGnQ40=
last-modified: Wed, 12 May 2021 19:05:55 GMT
server: cloudflare
etag: W/"54c3746ba416e3f7f45e8db49b7f3c9f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
x-amz-version-id: null
cf-request-id: 0a1b95fe5f0000c27ca1aa3000000001
cf-ray: 650c59109a03c27c-FRA
expires: Mon, 17 May 2021 11:05:55 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 5 KB
2 KB 15ms
14ms Script
application/javascript 2606:4700::6811:70b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7ed0b55ae115363eb49a77c71032bcd46a7f42ab12c27bcca26e5847c871b9f

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
via: 1.1 1fa3f854976309f3d11907ad7125291a.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 533
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.235/bundles/pixels-release.js&cfRay=650c4c088eca4ecd-IAD
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0a1b95fe5f0000324411ae0000000001
last-modified: Wed, 05 May 2021 12:43:50 UTC
server: cloudflare
etag: W/"d8e92fe4a864a0a96b931e530047d2ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: _MNjmjg4X_dKZMa.KN00kh8VXPPuifCK
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 650c59109bdd3244-FRA
x-amz-cf-id: xelsJg5RC-X5UYX5G4sLvKkNhC6aOEwBPhDivwsW9nidgnCHkRUb7w==
x-hs-target-asset: adsscriptloaderstatic/static-1.235/bundles/pixels-release.js

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 17ms
17ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-784310031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

997f5bfb9f0c74974ec265633b71dd76c5f0224611dd26775db3cc823ec24947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14057
x-xss-protection: 0
server: cafe
etag: 15306424688967737279
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 17 May 2021 11:01:27 GMT

GET
H2 200 pro-fa-solid-900-5.0.0.woff2
ka-p.fontawesome.com/releases/v5.15.3/webfonts/ 19 KB
20 KB 26ms
25ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.3/webfonts/pro-fa-solid-900-5.0.0.woff2
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04cca78091358bd19fc803d1dd22af5419766b9921a5fd8eb1b8a27a9220eefc

Request headers

Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
cf-cache-status: HIT
last-modified: Wed, 17 Mar 2021 02:28:31 GMT
server: cloudflare
age: 2092252
etag: "6051694f-4d8c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 650c5910ce96d70d-FRA
content-length: 19852
cf-request-id: 0a1b95fe7e0000d70deca2b000000001

GET
H2 200 pro-fa-brands-400-5.14.0.woff2
ka-p.fontawesome.com/releases/v5.15.3/webfonts/ 3 KB
3 KB 32ms
32ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.3/webfonts/pro-fa-brands-400-5.14.0.woff2
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24450fe6af1d747d1035742771d31c9f6c62322de5d802a139ed0d89a919d046

Request headers

Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
cf-cache-status: HIT
last-modified: Wed, 17 Mar 2021 02:28:19 GMT
server: cloudflare
age: 2092252
etag: "60516943-d20"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 650c5910ce9ad70d-FRA
content-length: 3360
cf-request-id: 0a1b95fe7f0000d70df1332000000001

GET
H2 200 pro-fa-brands-400-5.8.2.woff2
ka-p.fontawesome.com/releases/v5.15.3/webfonts/ 2 KB
2 KB 29ms
28ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.3/webfonts/pro-fa-brands-400-5.8.2.woff2
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42cdc6868cb5db524d79a736d9641e0022b7b318d28443cbd251be10575fef87

Request headers

Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
cf-cache-status: HIT
last-modified: Wed, 17 Mar 2021 02:28:21 GMT
server: cloudflare
age: 2092252
etag: "60516945-960"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 650c5910eed2d70d-FRA
content-length: 2400
cf-request-id: 0a1b95fe900000d70d481b2000000001

GET
H2 200 pro-fa-brands-400-5.0.0.woff2
ka-p.fontawesome.com/releases/v5.15.3/webfonts/ 37 KB
38 KB 20ms
19ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.3/webfonts/pro-fa-brands-400-5.0.0.woff2
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 128684f31b23344239b648335676fa80bfffee1445b69e1d7469e22ead93ae34

Request headers

Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
cf-cache-status: HIT
last-modified: Wed, 17 Mar 2021 02:28:18 GMT
server: cloudflare
age: 2092252
etag: "60516942-958c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 650c5910eed5d70d-FRA
content-length: 38284
cf-request-id: 0a1b95fe910000d70d3680d000000001

GET
H2 200 pro-fa-brands-400-5.0.3.woff2
ka-p.fontawesome.com/releases/v5.15.3/webfonts/ 4 KB
4 KB 22ms
22ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.3/webfonts/pro-fa-brands-400-5.0.3.woff2
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bdb3431dbdb39a1b15ae4e0ca3296963c322e68ab971aa4c51ef058d7f15314

Request headers

Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
cf-cache-status: HIT
last-modified: Wed, 17 Mar 2021 02:28:18 GMT
server: cloudflare
age: 2092252
etag: "60516942-1020"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 650c5910eed7d70d-FRA
content-length: 4128
cf-request-id: 0a1b95fe930000d70ddd8ad000000001

GET
H3-29 200 all.js Show response
connect.facebook.net/en_US/ 213 KB
63 KB 18ms
17ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=cc99455459dcea8f618021273383a353&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e09f702ba741088f59518b1b59fe96ccd0d1096e88ebf765872d662ddaa250e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: sR7QJ5C48DXRgH9vfsUHeg==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 64666
x-fb-rlafr: 0
x-fb-debug: c6Mgno1UIm9t93S2LXchQoPu8mHAJqd6j6pNbKK+E09KdsznrAOpE9sxBsbAgWYJnckVrqDygcOJ/riSiSjLmw==
x-fb-content-md5: 533d34a860774f0d45ab6ec80d94e129
x-frame-options: DENY
date: Mon, 17 May 2021 11:01:27 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "ae128840e197a25cdfcbfb2c33da370b"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 17 May 2022 10:17:15 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1621249287875&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32136%26time%3D1621249287875%26url%3Dhttps%253A%252F%252Fblog.morphisec.com%252Fr...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1621249287875&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1621249287875&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&liSync=true&e_ipv6=AQLRwZ...

0
155 B

317ms
123ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1621249287875&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&liSync=true&e_ipv6=AQLRwZkEx9KkEwAAAXl5_OjM-J4sWEeGAC2HF2tgBhs7fKH0bP8nBluGt8Kncakjr_BitZWw
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: 85TaaqPVfxaAFkfybCsAAA==

Redirect headers

date: Mon, 17 May 2021 11:01:28 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1621249287875&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&liSync=true&e_ipv6=AQLRwZkEx9KkEwAAAXl5_OjM-J4sWEeGAC2HF2tgBhs7fKH0bP8nBluGt8Kncakjr_BitZWw
x-li-proto: http/2
x-li-pop: prod-edc2
content-length: 0
x-li-uuid: N3h1VaPVfxaAK8VCsyoAAA==

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame 5C5E 319 KB
103 KB 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fblog.morphisec.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6723) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 305630
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 17 May 2021 11:01:27 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6723)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/784310031/ 2 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/784310031/?random=1621249287906&cv=9&fst=1621249287906&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5c1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&tiba=Revealing%20the%20%E2%80%98Snip3%E2%80%99%20Crypter%2C%20a%20Highly%20Evasive%20RAT%20Loader&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d0d9b3cb61ebcf842ef78ea950a2d76bcacfaec3e0b5edfd597bc0ae2545780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1104
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 widget Show response
blog.morphisec.com/_hcms/livechat/ 3 KB
4 KB 238ms
238ms XHR
application/json 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/livechat/widget?portalId=1534169&conversations-embed=static-1.8799&mobile=false&messagesUtk=6c0170752cf245949d2110c6d6ac4e94&traceId=6c0170752cf245949d2110c6d6ac4e94

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcbe0065fc8d0b2aa97312d7371fdcbe7088c54e85aca797d364f718c73552ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287
x-hubspot-messages-uri: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:path: /_hcms/livechat/widget?portalId=1534169&conversations-embed=static-1.8799&mobile=false&messagesUtk=6c0170752cf245949d2110c6d6ac4e94&traceId=6c0170752cf245949d2110c6d6ac4e94
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
X-HubSpot-Messages-Uri: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: d887adc4-9f78-48ba-af55-446efbebb689
cf-request-id: 0a1b95ff020000cd8712830000000001
server: cloudflare
x-trace: 2BADCE43341511879F34217B08DAC49E37207A92EB000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dmJ6ECI%2Bkvi9lhS9Wf7ktIa06GUN8hZSC5qAOHHyCIXrOTz4xjNQll%2Fq9M1toP5PfkLhsQnWwTxB7CADK3oRXebRcDg0gNGzd%2F9F3QnKtR%2F%2Bcuc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 650c59119af9cd87-CDG
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 /
www.facebook.com/tr/ 44 B
408 B 48ms
16ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&rl=&if=false&ts=1621249287949&sw=1600&sh=1200&v=2.9.39&r=stable&ec=0&o=30&fbp=fb.1.1621249287948.1796721363&it=1621249287747&coo=false&exp=l1&rqm=GET

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 17 May 2021 11:01:27 GMT

GET
H2 200 adsct
t.co/i/ 43 B
455 B 139ms
124ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nxrig&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 17 May 2021 11:01:28 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1baf8aa386d5e8350fb944d8811d38c76c688e307f9da2e2746b23f668b1f8cc
x-transaction: b5d230f128771fad
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
271 B 108ms
107ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-error-caught&count=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: a6bd76f9-185d-45f0-ac43-a3187408088d
x-trace: 2BE17845BB7657C5FEDE2D03069A91BE58985C0703000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 650c59121bbb1f51-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
cf-request-id: 0a1b95ff5200001f5167216000000001

GET
H2 200 /
www.google.com/pagead/1p-user-list/784310031/ 42 B
321 B 20ms
20ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/784310031/?random=1621249287906&cv=9&fst=1621249200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5c1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&tiba=Revealing%20the%20%E2%80%98Snip3%E2%80%99%20Crypter%2C%20a%20Highly%20Evasive%20RAT%20Loader&async=1&fmt=3&is_vtc=1&random=3333432951&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 11:01:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/784310031/ 42 B
108 B 21ms
20ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/784310031/?random=1621249287906&cv=9&fst=1621249200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5c1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&tiba=Revealing%20the%20%E2%80%98Snip3%E2%80%99%20Crypter%2C%20a%20Highly%20Evasive%20RAT%20Loader&async=1&fmt=3&is_vtc=1&random=3333432951&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 11:01:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 5C5E 256 B
441 B 125ms
110ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=158a8a913a23fb63c8ec548b6533dd7ff03b4f6c

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fblog.morphisec.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:27 GMT
content-encoding: gzip
last-modified: Mon, 17 May 2021 11:01:28 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 429ec02a61d5c0f76266af27151396489bfc34f89ec526841625d779ec00fc52
content-length: 176

GET
H2 200 6c0170752cf245949d2110c6d6ac4e94 Show response
app.hubspot.com/conversations-visitor/1534169/threads/utk/ Frame C59E 45 KB
16 KB 132ms
131ms Document
text/html 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/1534169/threads/utk/6c0170752cf245949d2110c6d6ac4e94?uuid=1e1a2bb9b85c42789f9d89d0c0eff614&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.morphisec.com&inApp53=false&messagesUtk=6c0170752cf245949d2110c6d6ac4e94&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c3f1eeabcc1c02539d94cdd540d15140ccadb43f9190c91ffdc210463b3501

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: app.hubspot.com
:scheme: https
:path: /conversations-visitor/1534169/threads/utk/6c0170752cf245949d2110c6d6ac4e94?uuid=1e1a2bb9b85c42789f9d89d0c0eff614&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.morphisec.com&inApp53=false&messagesUtk=6c0170752cf245949d2110c6d6ac4e94&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
content-type: text/html; charset=utf-8
cf-ray: 650c59131ed14e25-FRA
age: 2163
cache-control: max-age=600
etag: W/"1e19116e05e8e1aeb088f9f717228cb4"
last-modified: Fri, 14 May 2021 03:34:10 UTC
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 e89d95d090c0c86ecc7b8930e434625d.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
cf-request-id: 0a1b95fff100004e25552ca000000001
content-security-policy-report-only: script-src 'unsafe-inline' 'self' www.hubspot.com js.hs-analytics.net js.hsforms.net js.hsleadflows.net *.hsappstatic.net js.hs-banner.com *.hs-scripts.com js.hubspotfeedback.com js.usemessages.com js.hubspot.com js.hsadspixel.net js.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net www.google-analytics.com static.hotjar.com script.hotjar.com www.googletagmanager.com www.fullstory.com *.convertexperiments.com cdn.pdst.fm d.impactradius-event.com cdn.getambassador.com mbsy.co pixel.cdnwidget.com snap.licdn.com connect.facebook.net js.stripe.com checkout.stripe.com survey.survicate.com surveys-static.survicate.com sdk.canva.com www.dropbox.com www.google.com www.gstatic.com apis.google.com maps.googleapis.com www.googleadservices.com googleads.g.doubleclick.net static.ads-twitter.com analytics.twitter.com play.vidyard.com app.vidyard.com fast.wistia.com s.yimg.jp www.redditstatic.com 'unsafe-eval'; report-uri https://exceptions.hubspot.com/csp/report
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
x-amz-cf-id: T55rEVUD69QiyGSOHcOaGvb6vHbflrfL40mOnqvpjvxxMZ_G8etlsg==
x-amz-cf-pop: IAD89-C3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: AZA1_8TDlXgnvHCCsYkRcJN5Y5sEFdzi
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.11255/html/index.html
server: cloudflare
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK button.5573c974dc31bbdab5ea7923a0bd5cf3.js Show response
platform.twitter.com/js/ 7 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 11:01:28 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/669E)
Age: 305632
Etag: "382be2960021b88f6ce982d997cdbd01+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2294

GET
H/1.1 200
OK tweet_button.06c6ee58c3810956b7509218508c7b56.en.html Show response
platform.twitter.com/widgets/ Frame 03B7 32 KB
12 KB 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: 483cc9a5ece5c92d5a2f1ea6e92e7f8bc29844a6c06bf36c0349d70334685dc7

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 305631
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 17 May 2021 11:01:28 GMT
Etag: "a87932e0f094e1fb4cced05f7d97ab94+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/669E)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12228

GET
DATA 200
OK truncated
/ Frame 03B7 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/head-dlb/static-1.133/ Frame C59E 44 KB
16 KB 35ms
18ms Script
application/javascript 2606:4700::6811:5d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/head-dlb/static-1.133/bundle.production.js

Requested by

Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/1534169/threads/utk/6c0170752cf245949d2110c6d6ac4e94?uuid=1e1a2bb9b85c42789f9d89d0c0eff614&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.morphisec.com&inApp53=false&messagesUtk=6c0170752cf245949d2110c6d6ac4e94&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fcb720730ec6667a8eb5cc8922104bcd038a26f8ad3f2b97c39da1f8b1d248c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
via: 1.1 e79fcd7f3f0a842841acfca75e35ea79.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1651604
x-amz-server-side-encryption: AES256
cf-ray: 650c59140a87178e-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1b9600890000178e9e310000000001
last-modified: Tue, 27 Apr 2021 20:06:49 GMT
server: cloudflare
etag: W/"130a0aa46b085d7193be5bff1b06839c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=53RBHLYYRMbw3luHYZjsRspsKNej6Z6387K99Lf79A8i%2Bs3LXp805vPm266OWj%2FCohrT50rQicQkDVEJSdlxJ6QxFv%2FPgTjSCuom8YYrLpfZKtHg2drOPSfsubHwYvyGUFAU"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: GjpMz4KgmP.84GcQIO6xeWpzcLZFXo8X
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: AMS1-C1
content-type: application/javascript
x-amz-cf-id: 0nfcUdMV8bVScdjaQp1C6_sopWmNwFtViK1pX_2yk-6O-ToSORBx4A==
expires: Tue, 17 May 2022 11:01:28 GMT

GET
H2 200 visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.10899/sass/ Frame C59E 20 KB
4 KB 26ms
26ms Stylesheet
text/css 2606:4700::6811:5d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.10899/sass/visitor.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
via: 1.1 fc6dca2df1221c0bec817610bc20e505.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2383101
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/css
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1b96007c00001f45cd2a8000000001
last-modified: Wed, 03 Mar 2021 21:09:00 GMT
server: cloudflare
etag: W/"370a89ea102d7b437eb549729472631f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zKuDM%2Fb1AZAOHeMIDXZV7l%2BMxzlYctR6AOiUKa6esjkP%2BXwNK1ZXUaJAuVqSPp1pz0csnABMI0JpvIyLPeWVd%2BBKkAq8UwaxcfEG6%2FYFWU00tOFSZ6I3nkzDSLffGdVtpIIN"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1rBCyHs_YjjDB1.HOpykpqteK2m6W_oL
cache-control: public, max-age=31536000
x-amz-cf-pop: MUC50-C1
cf-ray: 650c5913f9d51f45-FRA
x-amz-cf-id: ty8MEdjgGU_CHYbNJ3VAGai79DmhaUdHc0j1TA7E5ppRiixT4jKtqg==
expires: Tue, 17 May 2022 11:01:28 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/hubspot-dlb/static-1.129/ Frame C59E 285 KB
84 KB 58ms
41ms Script
application/javascript 2606:4700::6811:5d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/hubspot-dlb/static-1.129/bundle.production.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85a94aca9a3bb11143fc25e69f7cddee5e42619798aea0a4595e5b85af2db47e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
via: 1.1 843560942e8c8e57a33193254e0a9de6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2383241
x-amz-server-side-encryption: AES256
cf-ray: 650c59140a8d178e-FRA
x-cache: RefreshHit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1b96008d0000178e52948000000001
last-modified: Thu, 25 Feb 2021 03:06:13 GMT
server: cloudflare
etag: W/"4b0d6c4998d1c189b73bf24559a044d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=i16sNXaixEJb6Tv%2Be5fsOzgukJ%2FU5TCVBt3wdICdpQKNgq1LogEyttIQkOjKTHkGPVHnQ4APbufm0F9QkahQly3lECfcsSW6w0yQ4P8BQn16SA8Nn30uYpsBvTrov%2BScLrUn"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: tIgtiGaJ4EHx5PaVJ4NwnE5IaF3j9gQD
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: MUC50-C1
content-type: application/javascript
x-amz-cf-id: ZDyZ8RQWk-PL3Fd5LlNKJ5ZVEH0_vNHhazeGC5Tv3uf519KhPXZOhg==
expires: Tue, 17 May 2022 11:01:28 GMT

GET
H2 200 visitor.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.11255/bundles/ Frame C59E 463 KB
115 KB 35ms
18ms Script
application/javascript 2606:4700::6811:5d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.11255/bundles/visitor.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ec924a88dee275c934f23b29b3a73b466ac97634d7394f7833f330837afb6be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
via: 1.1 a1098f0eeab192209962e3a9d76d0339.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 242895
x-amz-server-side-encryption: AES256
cf-ray: 650c59140a90178e-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1b96008b0000178e5d3b1000000001
last-modified: Fri, 14 May 2021 15:24:06 GMT
server: cloudflare
etag: W/"9d352fc0cccb16a14ff063abecb051ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=U1ITGa8zLD%2BS0mP8%2BuIDqIH5XkZic%2B%2Fcz8tldc0DT9z2yMDnijBauHelFQARyw9d8Hrgl0IgAGI5JuVlH4HgUFoVN74FfLTci%2BQ9JnLMMsqj7cxP%2FVTw1q4iCtULx966CTjg"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: jdUHKhrDWmhHU1qUHlDtWSPy.Py2xteH
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: d83j7WAHbiAZNVXvkI-I2iUI_hG2dwi7xpSedMobd-IUBirbM7qhVg==
expires: Tue, 17 May 2022 11:01:28 GMT

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
352 B 113ms
112ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22morphisec%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1621249288374%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 17 May 2021 11:01:28 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 429ec02a61d5c0f76266af27151396489bfc34f89ec526841625d779ec00fc52
x-transaction: a9cf46955a65662d
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-29 200 i18n-data-data-locales-en-us.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.11215/ Frame C59E 776 B
1 KB 26ms
16ms Script
application/javascript 2606:4700::6811:5d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.11215/i18n-data-data-locales-en-us.js

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.11255/bundles/visitor.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:5d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df22767e771da072f5980681e1901799cd76cfc25355ff54cfe6665cd170b9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
via: 1.1 d5d4d284c2005ab214a2c9b6195c55c5.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1018311
x-amz-server-side-encryption: AES256
cf-ray: 650c59150b94c290-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1b9601220000c290bb8cc000000001
last-modified: Tue, 04 May 2021 18:04:11 GMT
server: cloudflare
etag: W/"d71bd95185ff47c26571246928004d3c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JZnaF6fLuGC3rPPEDbQP0HAuhnCfqBFTFHHcIdw8EAdOnvX2970wyNpXtk%2FAI3EyryzQmkOU%2BtaqUqa75cZYjvD%2FfzIWK%2F89KAJIp4T4u%2Fhv%2F0aNkyh7GEp87ui1pWyzeLI2"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: B_3l8b0.cXQIo8pa9Bpsa2z5vRqrO_Xw
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: TXL52-C1
content-type: application/javascript
x-amz-cf-id: SvmnZM5i8WoBbS5nG7kMLS9jMxy1-r69xuv_BDv1GiuUkblaAinYHA==
expires: Tue, 17 May 2022 11:01:28 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 17ms
16ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=885880844953016&ev=Microdata&dl=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&rl=&if=false&ts=1621249288489&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Revealing%20the%20%E2%80%98Snip3%E2%80%99%20Crypter%2C%20a%20Highly%20Evasive%20RAT%20Loader%22%2C%22meta%3Adescription%22%3A%22Morphisec%20Labs%20identified%20a%20new%20crypter%2C%20Snip3%2C%20a%20highly%20evasive%20RAT%20loader%20that%20can%20bypass%20detection-centric%20security%20tools.%20%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22Morphisec%20Labs%20identified%20a%20new%20crypter%2C%20Snip3%2C%20a%20highly%20evasive%20RAT%20loader%20that%20can%20bypass%20detection-centric%20security%20tools.%20%22%2C%22og%3Atitle%22%3A%22Revealing%20the%20%E2%80%98Snip3%E2%80%99%20Crypter%2C%20a%20Highly%20Evasive%20RAT%20Loader%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fblog.morphisec.com%2Fhubfs%2Fsnip3%2520crypter%2520revealed.png%23keepProtocol%22%2C%22og%3Aimage%3Awidth%22%3A%22697%22%2C%22og%3Aimage%3Aheight%22%3A%22425%22%2C%22og%3Aimage%3Aalt%22%3A%22Revealing%20the%20Snip3%20crypter%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.39&r=stable&ec=1&o=30&fbp=fb.1.1621249287948.1796721363&it=1621249287747&coo=false&es=automatic&tm=3&exp=l1&rqm=GET

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Mon, 17 May 2021 11:01:28 GMT

POST
H2 204 rhumb
api.hubspot.com/cartographer/v1/ Frame C59E 0
1 KB 127ms
125ms Ping
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.11255

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.11255/bundles/visitor.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 10a69416-b22e-4835-86c2-8fe56fc1578b
access-control-max-age: 604800
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1b96016a00004e2575044000000001
timing-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vapQdyzxe0aMEUOvmI6XlgpP7X93hoWipy8873QgXs1y2EXQU4lhEO8w5anmcMWyhZSAa9O%2FrWTDvT0HAsXcZYPht5zsLvpCtCVzZH9wgdZn%2FmpjE4JBZ5kfpWI%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://app.hubspot.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 650c59157c654e25-FRA
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer

GET
H2 200 welcomeMessages Show response
api.hubspot.com/livechat-public/v1/bots/public/bot/787391/ Frame C59E 1 KB
1 KB 130ms
129ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/bots/public/bot/787391/welcomeMessages?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.11255&conversations-visitor-ui=static-1.11255&traceId=6c0170752cf245949d2110c6d6ac4e94&sessionId=AMOaWbJbgJ_DpxRSYiM26On00Sw681S6H5k5nbOJRZQ2JL2gNPYSICpvzc64aXjdlUj1lHeylbJ40jEq9hRAGhN1Uu2gG5lZlFkNB_CuTRMjX8p_l8ywqjQp65Ehuppy0L47ZfDpihSR0e37vW4Y70QqqERY99yoLHB6mxzkGnnyMH7fIsXAPPs

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/head-dlb/static-1.133/bundle.production.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f9dca84f3f68ae6a510407980b9fd6e3d6ead3dbbe6dc2cd7d5f3c1c7a5ff35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 6d86016a-1618-413c-801b-3e0a95fcfc0f
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1b96017100004e25819aa000000001
timing-allow-origin: *
server: cloudflare
x-trace: 2B604D250153294F1B12C8EEE99A66035B87C72AF6000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1xxzCJ%2Fui5jzLbbzM88rVgYIvvoAv7s12Hr350By1wMvg4Zwo9tMz7xqCv0N6XTXjCymaarL6Su9DErZMCCXS%2BbFhXUlMnfJfKd3DtYuxx5zXfOvc49VaXaOk7c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://app.hubspot.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 650c59158c774e25-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5492
date: Mon, 17 May 2021 09:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 17 May 2021 11:29:56 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 73 KB
29 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NVB96BD

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f4aef314af31fd5ac022d6223b8fab7a590492d4f7cf8c46490a9de99fc74452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29791
x-xss-protection: 0
last-modified: Mon, 17 May 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 May 2021 11:01:28 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 67 B
924 B 149ms
134ms XHR
application/json 2606:4700::6811:c9cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=1534169

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d302ae6db3ba075e3ffed277505dfcb5716d5d07e7b686a1e5ccb7be504750d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 6c98b98c-668f-4889-8add-a534bb9d37f8
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1b96027e000005edd4a2d000000001
server: cloudflare
x-trace: 2BF66971A0A75FB7873B7B20EB96234A76D77BD46C000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Yi8DC6gTP2JIYt7zmifdlbKgDtO%2F8RfmkAz3ov9R5FI5alKfSVUjspp%2BRdEIOclw9lE2c8aW39H7NfPMI8lSRct6iFaUMA9f%2B9YyW1GmQz9YN1ZOXyso5trgNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
access-control-allow-credentials: false
cf-ray: 650c59173d5005ed-FRA
access-control-allow-headers: *

GET
H2 200 loader-v2.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 7 KB
3 KB 194ms
194ms Script
text/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&__hsfp=2736934676&__hssc=182053752.1.1621249288819&__hstc=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&canon=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&hsutk=75e7714f6883780f2388671e1de839c7&pageId=46605228199&contentType=blog-post&pg=ac6afdf6-76ba-4bd4-8224-6397963e1198&pid=1534169&sv=cta-embed-js-static-1.36&lag=1398&rdy=1&cos=1&df=a
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11b110aac090c47baefad09905db47278e3d66b183121125efbf59053106787d

Request headers

:path: /hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&__hsfp=2736934676&__hssc=182053752.1.1621249288819&__hstc=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&canon=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&hsutk=75e7714f6883780f2388671e1de839c7&pageId=46605228199&contentType=blog-post&pg=ac6afdf6-76ba-4bd4-8224-6397963e1198&pid=1534169&sv=cta-embed-js-static-1.36&lag=1398&rdy=1&cos=1&df=a
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287; _fbp=fb.1.1621249287948.1796721363; __hstc=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1; hubspotutk=75e7714f6883780f2388671e1de839c7; __hssrc=1; __hssc=182053752.1.1621249288819
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
content-encoding: gzip
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: ac254a79-192e-414d-aac3-cb87f8519766
cf-ray: 650c59172e2bcd87-CDG
content-disposition: attachment; name="loaderJS" filename="loader-v2.js"
content-length: 2241
cf-request-id: 0a1b9602800000cd875e9b9000000001
server: cloudflare
x-trace: 2BEBE148DBEBE955C8551998632C0FD4C204358E0A000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Dto2q8%2Bep4Mn3kCU%2B7%2FNnfxlziY6L5V6Mlfq7GCxHBNb%2BsrkM6kYLa2jsv9%2BUSGp0AllYDnPMhvuvO41Kkmvt%2Fz63%2FPdrGre5KGFFrIuP7vmVfA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: noindex, follow

GET
H2 200 loader-v2.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 7 KB
3 KB 244ms
243ms Script
text/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&__hsfp=2736934676&__hssc=182053752.1.1621249288819&__hstc=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&canon=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&hsutk=75e7714f6883780f2388671e1de839c7&pageId=46605228199&contentType=blog-post&pg=4f0feebd-16b5-4509-8e27-c4dab59e00e6&pid=1534169&sv=cta-embed-js-static-1.36&lag=1217&rdy=1&cos=1&df=a
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6462e5f62c69132f95b0a1ea54e3df841b02d2c4cca53d1bcbd46c7d6a0ba42d

Request headers

:path: /hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&__hsfp=2736934676&__hssc=182053752.1.1621249288819&__hstc=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&canon=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&hsutk=75e7714f6883780f2388671e1de839c7&pageId=46605228199&contentType=blog-post&pg=4f0feebd-16b5-4509-8e27-c4dab59e00e6&pid=1534169&sv=cta-embed-js-static-1.36&lag=1217&rdy=1&cos=1&df=a
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287; _fbp=fb.1.1621249287948.1796721363; __hstc=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1; hubspotutk=75e7714f6883780f2388671e1de839c7; __hssrc=1; __hssc=182053752.1.1621249288819
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
content-encoding: gzip
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 3e26834e-7c2c-4bb1-be41-f520666e5e6a
cf-ray: 650c59173e3ecd87-CDG
content-disposition: attachment; name="loaderJS" filename="loader-v2.js"
content-length: 2515
cf-request-id: 0a1b9602800000cd877d23c000000001
server: cloudflare
x-trace: 2B8907FB0E34DD07A3B3FF0C985174E9D2A3C5535E000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uEPF0eT3aVi4vSovGinadsOlfn6a6JOj3ajGSlyDNp0pBmkDsPmrf83sNUlR2FrOB9QnrXhu78VaD1NdNwdcGpAtgJzjjlBz5cELJzRvzDlgqF4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: noindex, follow

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
365 B 24ms
23ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=1534169&pi=46605228199&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&cpi=46605228199&cgi=3742504875&lpi=46605228199&lvi=46605228199&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&t=Revealing+the+%E2%80%98Snip3%E2%80%99+Crypter%2C+a+Highly+Evasive+RAT+Loader&cts=1621249288825&vi=75e7714f6883780f2388671e1de839c7&nc=true&u=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&b=182053752.1.1621249288819&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: f640ce12-61e0-4793-933e-34f650cf9629
cf-ray: 650c591738ca4e25-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0a1b96028200004e253a01a000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZIFHqFdM2KAjPwCkIxvdyCBkcDhJHlDQFo2vLHZ7iG%2FC9ZXxxdrKvCrKDpKylX23NmOwADjEU2aZ0l8bELYF%2Bc0AjtSFjb4mTHpTAibybgg96o9GJHy%2Fwzehc3Kydg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
597 B 23ms
22ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=15699013-ecdf-4114-a644-6c99b64e8a24&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=1534169&pi=46605228199&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&cpi=46605228199&cgi=3742504875&lpi=46605228199&lvi=46605228199&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&t=Revealing+the+%E2%80%98Snip3%E2%80%99+Crypter%2C+a+Highly+Evasive+RAT+Loader&cts=1621249288829&vi=75e7714f6883780f2388671e1de839c7&nc=true&u=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&b=182053752.1.1621249288819&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 4e623174-f0e9-4812-8093-99f725044784
cf-ray: 650c591738cb4e25-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0a1b96028200004e2537200000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oSy8pYwvIu5FSytp4RIYhjEWfrjLSsoM6xNBH7gt94RyrxjTJu7zFixeTeIqDAsjT2gO%2F0hJcgqDb%2BZrBMh1cbzNDBPK3oAa5%2BsofSgw%2BaY%2BgxATdg98xvRZxdUcIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
412 B 26ms
25ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=15699013-ecdf-4114-a644-6c99b64e8a24&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=1534169&pi=46605228199&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&cpi=46605228199&cgi=3742504875&lpi=46605228199&lvi=46605228199&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&t=Revealing+the+%E2%80%98Snip3%E2%80%99+Crypter%2C+a+Highly+Evasive+RAT+Loader&cts=1621249288834&vi=75e7714f6883780f2388671e1de839c7&nc=true&u=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&b=182053752.1.1621249288819&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 157262c4-08bf-4caf-811d-0ca1baec40aa
cf-ray: 650c591738cf4e25-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0a1b96028300004e259e3fa000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Nl4mzYslD8pu3fAZFQig%2BGxhyucDllFGh8eB2WehkxNxEZnfPKVtWTJ5O0EarpqHWPWr5AAachgwfagv4Or9tTpjJIYBWNU5JhrO0otyAOlW%2F16zYA1E3bbuITWWdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
659 B 141ms
125ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nxrig&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 17 May 2021 11:01:28 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 4c53d95a679393565c087971c70c41d6585500feea1f0077c5b7df30a1d77f46
x-transaction: 6d586b725d0c4ba1
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-29 200 like.php Show response
www.facebook.com/plugins/ Frame CC23 48 KB
15 KB 171ms
170ms Document
text/html 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2fe9d7a5052f94%26domain%3Dblog.morphisec.com%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff25f85f81f19298%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=cc99455459dcea8f618021273383a353&ua=modern_es6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1064c379c29cfc64ac56191b88f678b9f05a792ad1dff5c1b93ec7d2497dccc2

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2fe9d7a5052f94%26domain%3Dblog.morphisec.com%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff25f85f81f19298%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: fr=0LuiEvMRGafUVEeXg..Bgok0H...1.0.Bgok0H.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader

Response headers

cache-control: private, no-cache, no-store, must-revalidate
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coop_report"
x-xss-protection: 0
content-encoding: br
x-content-type-options: nosniff
report-to: {"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}
strict-transport-security: max-age=15552000; preload
expires: Sat, 01 Jan 2000 00:00:00 GMT
vary: Accept-Encoding
pragma: no-cache
x-fb-rlafr: 0
content-type: text/html; charset="utf-8"
x-fb-debug: 4oZlNQRv7cEaXECn2QTB3oejr7NEo8+cYFkyxSIhcY8ojViWGtn+ig1jj4kC6JMFeV575uxxPc4tu9rLVtXv2g==
date: Mon, 17 May 2021 11:01:29 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 2 KB
2 KB 489ms
474ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1534169&utk=75e7714f6883780f2388671e1de839c7&__hstc=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&__hssc=182053752.1.1621249288819&contentId=46605228199&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8cecd1e811c5429e8bdd30ab8e66720fa1755defbfeb6fd9098edea2e3cc06a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 6fbf3d56-cf51-4ae9-ad15-00853c9b6f21
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1b9602b100003128782cf000000001
x-robots-tag: none
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=c%2FZVplQmYWWU7GF5gOam84VGw4C80JgEWOxwjBF2RtoT%2FFJAcO5DSO3V%2BlbwqhwBW%2FgRn8QXYN387CjCwhiKHc0SQKJ4dyV%2FWrQbnk54u7onnz%2Fy5lOIjGkAA8otVw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.morphisec.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 650c591788f63128-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1640676003&t=pageview&_s=1&dl=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&ul=en-us&de=UTF-8&dt=Revealing%20the%20%E2%80%98Snip3%E2%80%99%20Crypter%2C%20a%20Highly%20Evasive%20RAT%20Loader&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1381045209&gjid=15144551&cid=1643801293.1621249289&tid=UA-60065248-1&_gid=1368334540.1621249289&_r=1&_slc=1&z=1920484260

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 17 May 2021 11:01:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
150 B 13ms
13ms XHR
text/plain 2a00:1450:400c:c0a::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-60065248-1&cid=1643801293.1621249289&jid=1381045209&gjid=15144551&_gid=1368334540.1621249289&_u=IEBAAEAAAAAAAC~&z=1078269221

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 17 May 2021 11:01:28 GMT
content-type: text/plain
access-control-allow-origin: https://blog.morphisec.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 30ms
30ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-60065248-1&cid=1643801293.1621249289&jid=1381045209&_u=IEBAAEAAAAAAAC~&z=1383202341

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 11:01:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 38ms
37ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-60065248-1&cid=1643801293.1621249289&jid=1381045209&_u=IEBAAEAAAAAAAC~&z=1383202341

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 11:01:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 85 KB
33 KB 23ms
22ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-691187137

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7e08195c75dcebbe97563c5938715dfccde4f26096b110288bb779930ff1fe0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34210
x-xss-protection: 0
last-modified: Mon, 17 May 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 May 2021 11:01:28 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 85 KB
33 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-691187137&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-784310031

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce8317a671a67cd7c740d079692842eb59fb322b6714737e28e2db25405f0519

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34223
x-xss-protection: 0
last-modified: Mon, 17 May 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 May 2021 11:01:28 GMT

GET
H3-29 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 33ms
18ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-691187137&l=dataLayer&cx=c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

997f5bfb9f0c74974ec265633b71dd76c5f0224611dd26775db3cc823ec24947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14057
x-xss-protection: 0
server: cafe
etag: 15306424688967737279
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 17 May 2021 11:01:29 GMT

GET
H3-29 200 __ptq.gif
track.hubspot.com/ 45 B
761 B 43ms
32ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22ac6afdf6-76ba-4bd4-8224-6397963e1198%22%2C%2270682de9-2c06-414e-a6d9-9a481dc12245%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=1534169&pi=46605228199&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&cpi=46605228199&cgi=3742504875&lpi=46605228199&lvi=46605228199&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&t=Revealing+the+%E2%80%98Snip3%E2%80%99+Crypter%2C+a+Highly+Evasive+RAT+Loader&cts=1621249289018&vi=75e7714f6883780f2388671e1de839c7&nc=true&u=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&b=182053752.1.1621249288819&pt=0&cc=15

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 0656961d-b8fc-4061-8d93-70527b025a10
cf-ray: 650c591868aac2ae-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0a1b9603460000c2ae4c0da000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WgMAT8OMRsRPZX%2FuPRioeoRuc4cRdOpUOBQHbVKdviiVpecn1cDRPhDh2JJ2DB%2BZD57PxUgkGKpxuIznxuU%2BN0j5P%2Bcn%2BCcpRkpQ1yf%2BfF4HVlWpaHoaIqI3yHHq3g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 OqOE21UvWe3.png
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ Frame CC23 400 B
672 B 16ms
15ms Image
image/png 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/OqOE21UvWe3.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2fe9d7a5052f94%26domain%3Dblog.morphisec.com%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff25f85f81f19298%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
x-content-type-options: nosniff
content-md5: uF0RL4E+h23ClLQmPOTTMw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 400
x-fb-rlafr: 0
x-fb-debug: jrrKB0/7cuG281BQBF69bWuGzmKecrEHBiUTMSqFPZDKdWAAAy+z58HaB68VcbKi8nnUBSH7MwoDmf5sgR8/aw==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 12 May 2022 01:53:25 GMT

GET
H2 200 1aGdzEZwTaf.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yT/l/en_US/ Frame CC23 504 KB
132 KB 48ms
15ms XHR
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yT/l/en_US/1aGdzEZwTaf.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0c6676edb6a480947e8347cfa5b1b4ae63428d69daa309a55fb8431e772254a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: HrxID+X1h6P6uVwL4laoDg==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 135123
x-fb-rlafr: 0
x-fb-debug: jxI9n8+lqZS0YOAhw85yCCX8PxniSFEnwKs6ItJ/kLqZILIawas9N6gfPVMLmEQvjxVlxcPBfrZHgV4L8Ydo6g==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 14 May 2022 16:36:39 GMT

GET
H2 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
371 B 185ms
184ms Script
text/plain 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=ac6afdf6-76ba-4bd4-8224-6397963e1198&lt=1621249287423&dt=1621249288821&at=1621249289032&ae=1&an=1
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=ac6afdf6-76ba-4bd4-8224-6397963e1198&lt=1621249287423&dt=1621249288821&at=1621249289032&ae=1&an=1
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287; _fbp=fb.1.1621249287948.1796721363; __hstc=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1; hubspotutk=75e7714f6883780f2388671e1de839c7; __hssrc=1; __hssc=182053752.1.1621249288819; _ga=GA1.2.1643801293.1621249289; _gid=GA1.2.1368334540.1621249289; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: 62921252-a550-43a5-bbb8-0d5851aa761d
x-trace: 2BEDA5BD01C946F86FAA616BF980DEF4F7E8F95E08000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LVLltgXaTvhIGrGECC3Dg5fHjDseHvLQTCpXycSzfhiBTnXQDiA0o4mLGRmzmnVb%2BlgOcD%2BkRAz0LZNKg3QV9%2FBbneYZKbeRqs8Zi3KTFFGcLno%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, no-store, no-transform, max-age=0
access-control-allow-credentials: false
cf-ray: 650c59187875cd87-CDG
cf-request-id: 0a1b96034d0000cd87591e9000000001
x-robots-tag: noindex, follow

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/691187137/ 2 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/691187137/?random=1621249289037&cv=9&fst=1621249289037&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5c1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&tiba=Revealing%20the%20%E2%80%98Snip3%E2%80%99%20Crypter%2C%20a%20Highly%20Evasive%20RAT%20Loader&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81f742b39c4d81fb272583aaea9ed445f78f4bd6dd5e87f110942caefab970ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 11:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1106
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/691187137/ 42 B
64 B 28ms
27ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/691187137/?random=1621249289037&cv=9&fst=1621249200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5c1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&tiba=Revealing%20the%20%E2%80%98Snip3%E2%80%99%20Crypter%2C%20a%20Highly%20Evasive%20RAT%20Loader&async=1&fmt=3&is_vtc=1&random=2707362208&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 11:01:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/691187137/ 42 B
64 B 21ms
20ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/691187137/?random=1621249289037&cv=9&fst=1621249200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5c1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&tiba=Revealing%20the%20%E2%80%98Snip3%E2%80%99%20Crypter%2C%20a%20Highly%20Evasive%20RAT%20Loader&async=1&fmt=3&is_vtc=1&random=2707362208&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 11:01:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 __ptq.gif
track.hubspot.com/ 45 B
725 B 24ms
24ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%224f0feebd-16b5-4509-8e27-c4dab59e00e6%22%2C%221e94b878-0cfa-49fe-8aaf-bac4d1cbe0fd%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=1534169&pi=46605228199&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&cpi=46605228199&cgi=3742504875&lpi=46605228199&lvi=46605228199&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&t=Revealing+the+%E2%80%98Snip3%E2%80%99+Crypter%2C+a+Highly+Evasive+RAT+Loader&cts=1621249289069&vi=75e7714f6883780f2388671e1de839c7&nc=true&u=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&b=182053752.1.1621249288819&pt=0&cc=15

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: e877a55a-4c93-4574-a50e-978f706c3764
cf-ray: 650c5918a92ac2ae-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0a1b96036d0000c2ae5da91000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DR4FhOQD%2Fz64%2FpvRsqoGwcWtuIMt6EBaoNR%2FOJFDXF%2F%2B8QY4yI1NjtmbPplMrswW9JgVY5tIccspfx594JjQMwcl2TgOdpH%2BXpQwgkeVSzFTWFTronnr7DokRV0Fqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
338 B 139ms
139ms Script
text/plain 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=4f0feebd-16b5-4509-8e27-c4dab59e00e6&lt=1621249287605&dt=1621249288822&at=1621249289079&ae=1&an=1
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=4f0feebd-16b5-4509-8e27-c4dab59e00e6&lt=1621249287605&dt=1621249288822&at=1621249289079&ae=1&an=1
pragma: no-cache
cookie: __cfruid=6eb56d118f8eda23fcde87358260544d249062b5-1621249287; _fbp=fb.1.1621249287948.1796721363; __hstc=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1; hubspotutk=75e7714f6883780f2388671e1de839c7; __hssrc=1; __hssc=182053752.1.1621249288819; _ga=GA1.2.1643801293.1621249289; _gid=GA1.2.1368334540.1621249289; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: 5dfd2c65-1c79-4a3c-9cc8-273346d441ff
x-trace: 2BD8914EE6C0D0A931B86287331FE02B017D90D898000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=x9%2BGk9iMzcsTSx5e7SmRz44TLmYQMpaUeaOmyf6KE1qmHdMB6Loj3QAZup8VmQT8ckSpESHZ4BSatnyPlB7p1t%2FFLtJ6opXY%2BV%2BQQOVtUmSMvIY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, no-store, no-transform, max-age=0
access-control-allow-credentials: false
cf-ray: 650c5918c917cd87-CDG
cf-request-id: 0a1b96037d0000cd8712895000000001
x-robots-tag: noindex, follow

GET
H2 200 37fb244e-d8ba-4cc0-8e15-3377b17f2a8b.png
f.hubspotusercontent10.net/hubfs/1534169/hub_generated/resized/ 20 KB
21 KB 138ms
123ms Image
image/webp 2606:4700::6810:d6ed
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f.hubspotusercontent10.net/hubfs/1534169/hub_generated/resized/37fb244e-d8ba-4cc0-8e15-3377b17f2a8b.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:d6ed , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e1e9947cd1592a3f5d7b930bbe192190f36aea2182b5596ee402847eea1b792

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
via: 1.1 b0dd57699b1d3b601416c357f037a79b.cloudfront.net (CloudFront)
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 273918
cf-polished: origFmt=png, origSize=25748
x-cache: RefreshHit from cloudfront
x-amz-cf-pop: CDG3-C1
content-disposition: inline; filename="37fb244e-d8ba-4cc0-8e15-3377b17f2a8b.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: XYWF4EQDSJ1M6D08
x-amz-id-2: s6KYshxMQZLgpA4An/8aF4S/yg69DNvcZHIzDLf3tht0lpDXeZT1CMw4m5nqICdlONrM8A0PtsI=
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Tue, 22 Sep 2020 21:52:29 GMT
server: cloudflare
etag: "e33b5d4c95a692d693ea1391671507b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 66JTk5lybKwldEsCUUyVfwsruYUKU4xT
cf-request-id: 0a1b96038600002bce11224000000001
content-length: 20490
cf-ray: 650c5918d9d42bce-FRA
x-amz-cf-id: -TQfUf7Y-417_VZjqsOB5nu3k9HCHVzdICNZYiK9g-obA1-bC12UqA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H3-29 200 cavalry_endpoint.php
www.facebook.com/common/ Frame CC23 67 B
97 B 42ms
41ms Image
image/png 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1621249289027&t_start=1621249289028&t_domcontent=1621249289038&t_layout=1621249289112&t_onload=1621249289112&t_paint=1621249289112&t_creport=1621249289112&t_tti=1621249289038&lid=6963212671996142041-0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com data: blob: 'self';script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2fe9d7a5052f94%26domain%3Dblog.morphisec.com%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff25f85f81f19298%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&layout=button&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: br
x-content-type-options: nosniff
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: XL/zqp2lDF+dDjcKg/hRZVLxattaXOLZrsT4xHF+RVn22wjqor3gIdxOWRJpuOscMOQiGDmppEI5UstnN93pVQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 17 May 2021 11:01:29 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 __ptq.gif
track.hubspot.com/ 45 B
721 B 37ms
37ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=793c7b55-5354-40a5-a09f-5c8f3e0c1a23&lfi=147151&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=1534169&pi=46605228199&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&cpi=46605228199&cgi=3742504875&lpi=46605228199&lvi=46605228199&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&t=Revealing+the+%E2%80%98Snip3%E2%80%99+Crypter%2C+a+Highly+Evasive+RAT+Loader&cts=1621249289362&vi=75e7714f6883780f2388671e1de839c7&nc=true&u=182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1&b=182053752.1.1621249288819&pt=0&cc=15

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:29 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 5dbc0347-c2f3-4cf2-a636-cd58a8964261
cf-ray: 650c591a8c7bc2ae-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0a1b9604940000c2ae78100000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=71kbapBWNxF6r5NaaWJJ0WH7W0UKMIpcaBMZV6lRG222aWctGwksE1SmEtuQGGuBrd2Ifb%2FLb9GHEknrgkV%2F%2BHlME0bRYByMqtmIAuwLaM4hUjr3iwSBXgGNmNXS8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

POST
H2 200 perf Show response
blog.morphisec.com/_hcms/ 2 B
521 B 184ms
184ms XHR
text/plain 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.morphisec.com/_hcms/perf
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-fetch-mode: cors
origin: https://blog.morphisec.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
content-length: 822
:path: /_hcms/perf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.morphisec.com
referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/json

Response headers

cf-ray: 650c5929dcdccd87-CDG
date: Mon, 17 May 2021 11:01:31 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-trace: 2B3C90B160FF5EA17EB7A16C2250E6C23D7007EC95000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LIH6CcXliiu0WR7JULlUtGqAfCtPAsai8hm5jXuDtamyr%2BIptVTHV9SxnJ1Q6W%2F%2BetKuCYOYQ7moB3R6Qkij7EnP4O0lGMy%2FNpFT9nas%2BIKLjJw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-credentials: false
set-cookie: __cfruid=eb82c5930efa305640b368922eba12e047b604c3-1621249291; path=/; domain=.blog.morphisec.com; HttpOnly; Secure; SameSite=None
x-robots-tag: none
content-length: 2
cf-request-id: 0a1b960e240000cd8780235000000001

GET
H2 200 20190102-DSC_8764.jpg
www.morphisec.com/hs-fs/hubfs/ Frame C59E 2 KB
3 KB 115ms
65ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.morphisec.com/hs-fs/hubfs/20190102-DSC_8764.jpg?width=108&height=108
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/1534169/threads/utk/6c0170752cf245949d2110c6d6ac4e94?uuid=1e1a2bb9b85c42789f9d89d0c0eff614&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=blog.morphisec.com&inApp53=false&messagesUtk=6c0170752cf245949d2110c6d6ac4e94&url=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc93c7314d01a82869cead0d6d2950a9a60669b4478b82a5794e78dbae4e26ce

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:33 GMT
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 955533
cf-polished: qual=85, origFmt=jpeg, origSize=5383
edge-cache-tag: F-41588345663,P-1534169,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="20190102-DSC_8764.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 1912
cf-request-id: 0a1b96152f0000b763a2b55000000001
x-amz-server-side-encryption: AES256
last-modified: Thu, 22 Apr 2021 19:59:16 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "a36b1de686de6b9d1b4d2183c6707cc1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dkUlr9SrNpXXWLtSZjS7zFgBfYaYomjijEdWR7XIpxFAsvv6PjNpeqNyHUUrX0WYOdCkVrnKG8GinRw3MOjygM7GJP6yhwyntjtUl9RZ%2FKqEmw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 650c59351e23b763-CDG
x-amz-cf-id: 1eXivlAAc2lz2w0wMhHnM34eyoHU3pGXcMoeg37A2tA94EHKALaXbA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
386 B 30ms
30ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=793c7b55-5354-40a5-a09f-5c8f3e0c1a23&lfi=147151&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=1534169&pi=46605228199&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&cpi=46605228199&cgi=3742504875&lpi=46605228199&lvi=46605228199&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Frevealing-the-snip3-crypter-a-highly-evasive-rat-loader&t=Revealing+the+%E2%80%98Snip3%E2%80%99+Crypter%2C+a+Highly+Evasive+RAT+Loader&cts=1621249296376&vi=75e7714f6883780f2388671e1de839c7&nc=true&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:01:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 4ab00050-ce1c-441a-ab42-39d47168a9a9
cf-ray: 650c59465b214e25-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0a1b961ffa00004e25b1b82000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=n6XcDFDX%2BIYIsgF9Keqduz%2BTCa0rTU5mUurpy8UN8K2zJM%2FKGLjgzLbMCklbM7RnbgQ2sDhto6e1LqjWACbcDug0gGe210TZ%2Bx6hp03VOlrakEM1hWqkoDmdp56wMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

POST
H2 204 send
api.hubspot.com/metrics/v1/frontend/ Frame C59E 0
1 KB 125ms
124ms Ping
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/metrics/v1/frontend/send

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/hubspot-dlb/static-1.129/bundle.production.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 17 May 2021 11:01:38 GMT
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: a8f7226c-52e0-47e4-b387-061b9414b131
access-control-max-age: 604800
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1b96290600004e253d10b000000001
timing-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6R%2BphRUdNXpx6tCazuexfmfIOh9j74jYxNKL%2B5QATy6ODzWTNQ%2FoOxjbsJeJrxU7hy4xge3nNl%2Ffa7rD2F18qnehy%2FNtaXmWcjdv4UggwwqdQWEt%2FxyVpMyf9%2BU%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://app.hubspot.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 650c5954d8534e25-FRA
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.morphisec.com/	1970-01-19 18:20:51	Name: __hssc Value: 182053752.1.1621249288819
.morphisec.com/	1970-01-19 20:30:25	Name: _fbp Value: fb.1.1621249287948.1796721363
.morphisec.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.morphisec.com/	1970-01-20 03:42:25	Name: hubspotutk Value: 75e7714f6883780f2388671e1de839c7
.morphisec.com/	1970-01-20 03:42:25	Name: __hstc Value: 182053752.75e7714f6883780f2388671e1de839c7.1621249288819.1621249288819.1621249288819.1
.blog.morphisec.com/	1969-12-31 23:59:59	Name: __cfruid Value: 6eb56d118f8eda23fcde87358260544d249062b5-1621249287

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.hubapi.com
api.hubspot.com
app.hubspot.com
blog.morphisec.com
cdn2.hubspot.net
connect.facebook.net
f.hubspotusercontent10.net
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.usemessages.com
ka-p.fontawesome.com
kit.fontawesome.com
lh3.googleusercontent.com
lh6.googleusercontent.com
no-cache.hubspot.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
static.ads-twitter.com
static.hsappstatic.net
static.xx.fbcdn.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
track.hubspot.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.morphisec.com
104.244.42.131
104.244.42.136
104.244.42.197
108.174.10.14
142.250.186.66
151.101.12.157
199.60.103.31
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:5605
2606:4700::6810:d6ed
2606:4700::6811:47b0
2606:4700::6811:5d2
2606:4700::6811:70b0
2606:4700::6811:81ab
2606:4700::6811:c9cc
2606:4700::6811:eacc
2606:4700::6811:eecc
2606:4700::6811:f2cc
2606:4700::6812:14bf
2606:4700::6812:1734
2606:4700::6813:9b53
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2a00:1450:4001:802::2003
2a00:1450:4001:808::2002
2a00:1450:4001:808::2008
2a00:1450:4001:80e::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2001
2a00:1450:4001:811::2008
2a00:1450:4001:829::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a00:1450:400c:c0a::9b
2a02:26f0:6c00:28c::25ea
2a03:2880:f030:13:face:b00c:0:3
2a03:2880:f130:83:face:b00c:0:25de
015f793808513559dcd2a2e3440d3e17af39b0094c96cce23debeb9405198cca
04cca78091358bd19fc803d1dd22af5419766b9921a5fd8eb1b8a27a9220eefc
0597033f9179897593050a31b3fae68c886a3f78608dce3fad1659b93b96d420
0c6676edb6a480947e8347cfa5b1b4ae63428d69daa309a55fb8431e772254a3
1064c379c29cfc64ac56191b88f678b9f05a792ad1dff5c1b93ec7d2497dccc2
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
10e5ad8f6aab7933888e789f5b9eed29f6064a9a256fe35c384c8da0b648d3dc
11b110aac090c47baefad09905db47278e3d66b183121125efbf59053106787d
128684f31b23344239b648335676fa80bfffee1445b69e1d7469e22ead93ae34
1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc
1b97b653b07a8f4c10043c308aa5ef60b5a109c515c80c7f1cd88f15b443dfcc
1df22767e771da072f5980681e1901799cd76cfc25355ff54cfe6665cd170b9d
22e2037b36515615d60ab5bb486646219d9a2509df36f31a11c9b94ec6f4bd5c
24450fe6af1d747d1035742771d31c9f6c62322de5d802a139ed0d89a919d046
2bdb3431dbdb39a1b15ae4e0ca3296963c322e68ab971aa4c51ef058d7f15314
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb
3f9dca84f3f68ae6a510407980b9fd6e3d6ead3dbbe6dc2cd7d5f3c1c7a5ff35
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
40018238d51d9b577a2a1467105d584f20564a6bfb91a0d3fe66c7d039cf696a
40c3f1eeabcc1c02539d94cdd540d15140ccadb43f9190c91ffdc210463b3501
42af4371a919fc9be280a12c6b947f8dbe0e693d0fab6f13ff56532f2931894d
42cdc6868cb5db524d79a736d9641e0022b7b318d28443cbd251be10575fef87
453e6eb293c6b89bee1e1ac35780b6061d92b91af5e339d57460fc9bc230e678
483cc9a5ece5c92d5a2f1ea6e92e7f8bc29844a6c06bf36c0349d70334685dc7
49512fd44c952848dd006a4319334a7eafd140f92a68081aec2b13673ba5f4a7
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
508e2a431243c3cb0533d079c8eb14c8e866559fd68e5ba66c33ca45eaf8ab1e
5402773ff573dece0cb3900253041fc792bb8239908876bd8f4833eae45573f4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
596321cbb85f68b1fd15a3ac788e42a8668035305c6daa2abdcfdd2bbd560308
5c0a1d17e580b1ef8026d4e334179ac8e3cb22825ea9b266c211023bb5fc44cc
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
6462e5f62c69132f95b0a1ea54e3df841b02d2c4cca53d1bcbd46c7d6a0ba42d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b742cdf7e618a7a53771aee085463163550f1b0d19e7fcfe8128c2bd1d4bf38
6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545
6ef33e95bcb49948a01494b1dc4b9a1b3e35743640c31f5db5d8c1dd80c62b3a
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
75db69592337280529fdc6448185b1cb88a50dbe9b498718f45ba52907e8aba3
76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d
7a7d6a52225baae5c38ae3c75b025f025798ab05aed480fa2d4650fb94efc90e
7d0d9b3cb61ebcf842ef78ea950a2d76bcacfaec3e0b5edfd597bc0ae2545780
7e08195c75dcebbe97563c5938715dfccde4f26096b110288bb779930ff1fe0e
7e1e9947cd1592a3f5d7b930bbe192190f36aea2182b5596ee402847eea1b792
81f742b39c4d81fb272583aaea9ed445f78f4bd6dd5e87f110942caefab970ef
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85a94aca9a3bb11143fc25e69f7cddee5e42619798aea0a4595e5b85af2db47e
8d302ae6db3ba075e3ffed277505dfcb5716d5d07e7b686a1e5ccb7be504750d
944bed570dc1348d9edb01de5d422b94cb6709c7c16c17f63a6546138b845d25
951c767a67c859e5233a48e09983784b48880a5a006a88a6e822064bf06de017
997f5bfb9f0c74974ec265633b71dd76c5f0224611dd26775db3cc823ec24947
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
9ec924a88dee275c934f23b29b3a73b466ac97634d7394f7833f330837afb6be
9fcb720730ec6667a8eb5cc8922104bcd038a26f8ad3f2b97c39da1f8b1d248c
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a517525b8a7d39bcaf1cf5f9695c5be8fce7a6b920a3924c1a4f70e8ea748c05
aa08eb6a9ff122e3686fd722d25cff1b927fdae6230999d3ef98d9bf6b8b4f18
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b8cecd1e811c5429e8bdd30ab8e66720fa1755defbfeb6fd9098edea2e3cc06a
be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c139dbb0d2752062ddd8f73eafa3fff6740d9265ae2b00aa4ba3dadb4cd1c54f
c210239aa6a470434b97ab83a854d415898cf124d8c8205600d79481cf14cffa
c3f99c65ea3d6186991a21add80eeea6d79500fcb3c9d8263680e0de270e0753
c4ee2f7ce35c9debc48074853c1f54821a7d1cd2f738a0857cb9754c904bfbb0
c7ed0b55ae115363eb49a77c71032bcd46a7f42ab12c27bcca26e5847c871b9f
c93bea6eb2c5cd796052d336d8f42741459817d0d02ba2c279b0a88691ae8190
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
ca4de8fd9c3bb2ec7e64324743691202eb3a048b1612c4d08157596a6e030988
caf1122c2e7a29b837c2ced58587de0f38ec52be848cd497985a1d816e527fe2
cc5fd132061a74f7734ff3ff5e31d6fc9e9ecf30798d98f9f1ac0bceb37fb7db
ccc5e125d5226a1bdce87b86d22429fd799dbc09ecf5c9e31e37d880d3eb3f11
ce8317a671a67cd7c740d079692842eb59fb322b6714737e28e2db25405f0519
ce885aa8b86fb7d85992aae4435fb45b444f8d3919dca083c83a36d7600f96d7
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
da407a15b1ea0c1b4bb774bd77bb608d6b1c90397b5a75b8895bbccfda5feb63
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfabc4d333e327c32d9d62163c51df7b15e4d8a5a04683e9f024262ab9e3356d
e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88
e09f702ba741088f59518b1b59fe96ccd0d1096e88ebf765872d662ddaa250e1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40dde64af7d8902068c607929962c0fab0a1380cec22d28a152f46f3fecfc03
e478d6bfa2195bf848e654a633d359e9a224d3df4e8f8afb706ba854075edc4f
e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e
ebc6551704fc71288f7c9c179d45fa30b206a1f85aebf8d8305d17dc1bb357c3
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1bf4434a0d6ed489de3879cae72b242cfe905ff7ea1978299bcfce5ae5c008d
f4aef314af31fd5ac022d6223b8fab7a590492d4f7cf8c46490a9de99fc74452
f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2
f734d8ecda48e6d98faab2e1e9b91d6c5f72b86408ea6e2126d4b1681b92ef4c
f8742825ea7758172994cdb0abf2c2e56e5b7c43b868fe74acb72461fe641364
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fc93c7314d01a82869cead0d6d2950a9a60669b4478b82a5794e78dbae4e26ce
fcbe0065fc8d0b2aa97312d7371fdcbe7088c54e85aca797d364f718c73552ac

blog.morphisec.com Open in urlscan Pro 199.60.103.31 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

121 Requests

100 %HTTPS

82 %IPv6

31 Domains

44 Subdomains

38 IPs

4 Countries

2354 kBTransfer

6397 kBSize

6 Cookies

47 Outgoing links

Redirected requests

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.morphisec.com Open in urlscan Pro
199.60.103.31 Public Scan

Screenshot
Live screenshot

Full Image

121
Requests

100 %
HTTPS

82 %
IPv6

31
Domains

44
Subdomains

38
IPs

4
Countries

2354 kB
Transfer

6397 kB
Size

6
Cookies

121 HTTP transactions
1 data transactions