blog.kandji.io Open in urlscan Pro
2606:2c40::c73c:67e3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Submission: On May 07 via api (May 7th 2024, 2:10:44 am UTC) from TR — Scanned from DE

Summary HTTP 87 Redirects Links 55 Behaviour Indicators

Summary

This website contacted 27 IPs in 4 countries across 22 domains to perform 87 HTTP transactions. The main IP is 2606:2c40::c73c:67e3, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.kandji.io.
TLS certificate: Issued by E1 on March 11th 2024. Valid for: 3 months.

This is the only time blog.kandji.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2606:2c40::c7... 2606:2c40::c73c:67e3	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2600:9000:211... 2600:9000:211e:d600:10:9492:de80:93a1	16509 (AMAZON-02) (AMAZON-02)
11	2606:4700::68... 2606:4700::6813:b134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	199.60.103.29 199.60.103.29	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
11	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:af5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700:440... 2606:4700:4400::ac40:9284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2600:1f18:e8a... 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
3	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
2	142.250.181.232 142.250.181.232	15169 (GOOGLE) (GOOGLE)
1 2	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
2 2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 2	142.250.184.228 142.250.184.228	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:f26c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
87	27

7 2606:2c40::c73c:67e3 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.kandji.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:d600:10:9492:de80:93a1 (United States)

ASN16509 (AMAZON-02, US)

ob.testrobotflower.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 199.60.103.29 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.kandji.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:af5b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:9284 (United States)

ASN13335 (CLOUDFLARENET, US)

5058330.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.testrobotflower.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.228 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f26c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	kandji.io blog.kandji.io	673 KB
11	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 12774 Failed app.hubspot.com — Cisco Umbrella Rank: 5794 track.hubspot.com — Cisco Umbrella Rank: 2393	11 KB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 312	162 KB
7	testrobotflower.com ob.testrobotflower.com — Cisco Umbrella Rank: 364650 obs.testrobotflower.com — Cisco Umbrella Rank: 301542	40 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 338 www.linkedin.com — Cisco Umbrella Rank: 619 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	3 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	497 KB
4	google.com 2 redirects region1.analytics.google.com — Cisco Umbrella Rank: 3095 www.google.com — Cisco Umbrella Rank: 2	355 B
3	google.de www.google.de — Cisco Umbrella Rank: 7810	191 B
3	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 89 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	301 B
3	hubspotusercontent-na1.net 5058330.fs1.hubspotusercontent-na1.net	215 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 183	72 KB
2	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 126	2 KB
2	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4333 forms-na1.hsforms.com — Cisco Umbrella Rank: 6937	2 KB
1	bing.com bat.bing.com — Cisco Umbrella Rank: 345	13 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	274 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 803	17 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3473	1 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2225	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3146	4 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2189	23 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 533	304 B
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5709	6 KB
87	22

	Domain	Requested by
25	blog.kandji.io	blog.kandji.io cdn2.hubspot.net
11	cdn.cookielaw.org	blog.kandji.io cdn.cookielaw.org
8	track.hubspot.com
6	obs.testrobotflower.com	ob.testrobotflower.com blog.kandji.io
5	www.googletagmanager.com	blog.kandji.io www.googletagmanager.com js.hsadspixel.net
4	px.ads.linkedin.com	3 redirects snap.licdn.com
3	www.google.de	blog.kandji.io
3	5058330.fs1.hubspotusercontent-na1.net	blog.kandji.io
2	connect.facebook.net	js.hsadspixel.net connect.facebook.net
2	www.google.com	2 redirects
2	googleads.g.doubleclick.net	2 redirects
2	www.googleadservices.com	1 redirects www.googletagmanager.com
2	region1.analytics.google.com	www.googletagmanager.com
2	no-cache.hubspot.com	blog.kandji.io
1	bat.bing.com	www.googletagmanager.com
1	www.facebook.com
1	px4.ads.linkedin.com	blog.kandji.io
1	www.linkedin.com	1 redirects
1	snap.licdn.com	js.hsadspixel.net
1	api.hubapi.com	js.hsadspixel.net
1	forms-na1.hsforms.com	blog.kandji.io
1	stats.g.doubleclick.net	www.googletagmanager.com
1	forms.hsforms.com	blog.kandji.io
1	js.hs-analytics.net	blog.kandji.io
1	js.hsadspixel.net	blog.kandji.io
1	js.hs-banner.com	blog.kandji.io
1	app.hubspot.com	blog.kandji.io
1	geolocation.onetrust.com	cdn.cookielaw.org
1	static.hsappstatic.net	blog.kandji.io
1	ob.testrobotflower.com	blog.kandji.io
87	30

This site contains links to these domains. Also see Links.

Domain
www.kandji.io
support.kandji.io
kandji-partner.workramp.io
en.wikipedia.org
www.virustotal.com
cta-redirect.hubspot.com
developer.apple.com
twitter.com
www.facebook.com
www.linkedin.com
www.aicpa.org
www.onetrust.com

Subject Issuer	Validity	Valid
blog.kandji.io E1	`2024-03-11` - `2024-06-09`	3 months	crt.sh
*.testrobotflower.com Amazon RSA 2048 M02	`2023-07-18` - `2024-08-16`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hsappstatic.net E1	`2024-03-10` - `2024-06-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-12-26` - `2024-12-25`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
hs-banner.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
hsadspixel.net E1	`2024-04-16` - `2024-07-15`	3 months	crt.sh
hs-analytics.net GTS CA 1P5	`2024-04-13` - `2024-07-12`	3 months	crt.sh
hsforms.com GTS CA 1P5	`2024-04-17` - `2024-07-16`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
hubapi.com E1	`2024-05-04` - `2024-08-02`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-02-14` - `2024-05-14`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-05-01` - `2024-06-27`	2 months	crt.sh

This page contains 1 frames:

Primary Page: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Frame ID: 2672625076534F291393771B05E7D2F3
Requests: 87 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

87
Requests

93 %
HTTPS

71 %
IPv6

22
Domains

30
Subdomains

27
IPs

4
Countries

1760 kB
Transfer

4642 kB
Size

27
Cookies

55 Outgoing links

These are links going to different origins than the main page.

URL: https://www.kandji.io/start/?utm_source=blog
Title: Book a Demo

Search URL Search Domain Scan URL

URL: https://www.kandji.io/pricing/?utm_source=blog
Title: Request Pricing

Search URL Search Domain Scan URL

URL: https://www.kandji.io/virtual-demo/?utm_source=blog
Title: Virtual Tour

Search URL Search Domain Scan URL

URL: https://www.kandji.io/
Title: Kandji logo

Search URL Search Domain Scan URL

URL: https://www.kandji.io/device-harmony/
Title: Device Harmony

Search URL Search Domain Scan URL

URL: https://www.kandji.io/apple-device-management/
Title: Device Management

Search URL Search Domain Scan URL

URL: https://www.kandji.io/endpoint-detection-response/
Title: Endpoint Detection & Response

Search URL Search Domain Scan URL

URL: https://www.kandji.io/pricing/
Title: Pricing

Search URL Search Domain Scan URL

URL: https://support.kandji.io/
Title: Support

Search URL Search Domain Scan URL

URL: https://www.kandji.io/use-cases/zero-touch-deployment/
Title: Deploy

Search URL Search Domain Scan URL

URL: https://www.kandji.io/use-cases/mac-security-management/
Title: Secure

Search URL Search Domain Scan URL

URL: https://www.kandji.io/use-cases/mdm-configure/
Title: Configure

Search URL Search Domain Scan URL

URL: https://www.kandji.io/use-cases/manage/
Title: Manage

Search URL Search Domain Scan URL

URL: https://www.kandji.io/use-cases/mdm-integrations/
Title: Integrate

Search URL Search Domain Scan URL

URL: https://www.kandji.io/features/liftoff/
Title: Liftoff

Search URL Search Domain Scan URL

URL: https://www.kandji.io/features/passport/
Title: Passport

Search URL Search Domain Scan URL

URL: https://www.kandji.io/features/auto-apps/
Title: Auto Apps

Search URL Search Domain Scan URL

URL: https://www.kandji.io/features/managed-os/
Title: Managed OS

Search URL Search Domain Scan URL

URL: https://www.kandji.io/features/migration-agent/
Title: Migration

Search URL Search Domain Scan URL

URL: https://www.kandji.io/features/reach-compliance/
Title: Compliance

Search URL Search Domain Scan URL

URL: https://www.kandji.io/features/prism/
Title: Prism

Search URL Search Domain Scan URL

URL: https://www.kandji.io/solutions/ios-mdm-solution/
Title: iOS & iPadOS

Search URL Search Domain Scan URL

URL: https://www.kandji.io/resources/
Title: Resources Hub

Search URL Search Domain Scan URL

URL: https://www.kandji.io/resources/customer-stories/
Title: Customer Stories

Search URL Search Domain Scan URL

URL: https://www.kandji.io/resources/macadmins/
Title: MacAdmins Community

Search URL Search Domain Scan URL

URL: https://www.kandji.io/security/
Title: Security Details

Search URL Search Domain Scan URL

URL: https://www.kandji.io/partner/
Title: Resellers

Search URL Search Domain Scan URL

URL: https://www.kandji.io/integrations/
Title: Technology Partners

Search URL Search Domain Scan URL

URL: https://www.kandji.io/partner/become-a-kandji-partner/
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://www.kandji.io/partner/opportunity/
Title: Register a Deal

Search URL Search Domain Scan URL

URL: https://kandji-partner.workramp.io/login
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.kandji.io/company/about/
Title: About Kandji

Search URL Search Domain Scan URL

URL: https://www.kandji.io/company/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.kandji.io/company/news-and-press/
Title: News & Press

Search URL Search Domain Scan URL

URL: https://www.kandji.io/company/about/#contact
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.kandji.io/login/
Title: Log in

Search URL Search Domain Scan URL

URL: https://www.kandji.io/start/
Title: Get Started

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Mach-O
Title: Mach-O binary

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/1827db474aa94870aafdd63bdc25d61799c2f405ef94e88432e8e212dfa51ac7
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://cta-redirect.hubspot.com/cta/redirect/5058330/8bed3482-30c4-4ee2-85a9-6f0e2149b55c?__hstc=234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1&__hssc=234561729.1.1715047840301&__hsfp=2492303821
Title: Get Started

Search URL Search Domain Scan URL

URL: https://cta-redirect.hubspot.com/cta/redirect/5058330/8b112eca-371f-41dd-bc10-130711c6d648?__hstc=234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1&__hssc=234561729.1.1715047840301&__hsfp=2492303821
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://developer.apple.com/library/archive/documentation/Networking/Conceptual/IdentityServices_ProgGuide/monitoring/monitoring.html
Title: Core Services Identity

Search URL Search Domain Scan URL

URL: https://www.kandji.io/updates/
Title: Updates

Search URL Search Domain Scan URL

URL: https://www.kandji.io/solutions/mac-device-management/
Title: macOS MDM Solutions

Search URL Search Domain Scan URL

URL: https://www.kandji.io/solutions/ios-device-management/
Title: iOS MDM Solutions

Search URL Search Domain Scan URL

URL: https://www.kandji.io/definitions/
Title: Apple MDM Definitions

Search URL Search Domain Scan URL

URL: https://www.kandji.io/kandji-vs/
Title: The Kandji Difference

Search URL Search Domain Scan URL

URL: https://twitter.com/KandjiMDM
Title: Link to Kandji's Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/kandjimdm
Title: Link to Kandji's Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/kandji/
Title: Link to Kandji's LinkedIn

Search URL Search Domain Scan URL

URL: https://www.aicpa.org/soc4so
Title: Logo for AICPA SOC for Service Organizations

Search URL Search Domain Scan URL

URL: https://www.kandji.io/legal/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.kandji.io/legal/accessibility-statement/
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.kandji.io/legal/
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://www.googleadservices.com/pagead/conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1192438478&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIyeHTibv6hQMVb4mDBx373gtlMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6OWh0dHBzOi8vYmxvZy5rYW5kamkuaW8vbWFsd2FyZS1jdWNrb28taW5mb3N0ZWFsZXItc3B5d2FyZQ HTTP 302
https://www.google.com/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1192438478&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIyeHTibv6hQMVb4mDBx373gtlMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6OWh0dHBzOi8vYmxvZy5rYW5kamkuaW8vbWFsd2FyZS1jdWNrb28taW5mb3N0ZWFsZXItc3B5d2FyZQ&is_vtc=1&cid=CAQSGwB7FLtqmi2u8gm-Yotdg4X1-Dbrbkcd_Umnxw&random=4137755904 HTTP 302
https://www.google.de/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1192438478&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIyeHTibv6hQMVb4mDBx373gtlMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6OWh0dHBzOi8vYmxvZy5rYW5kamkuaW8vbWFsd2FyZS1jdWNrb28taW5mb3N0ZWFsZXItc3B5d2FyZQ&is_vtc=1&cid=CAQSGwB7FLtqmi2u8gm-Yotdg4X1-Dbrbkcd_Umnxw&random=4137755904&ipr=y

Request Chain 54

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?random=2108237727&cv=11&fst=1715047838895&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=1379092706.1715047839&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIkNXYibv6hQMVF-wRCB1cAA0OMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6OWh0dHBzOi8vYmxvZy5rYW5kamkuaW8vbWFsd2FyZS1jdWNrb28taW5mb3N0ZWFsZXItc3B5d2FyZQ HTTP 302
https://www.google.com/pagead/1p-conversion/781421631/?random=2108237727&cv=11&fst=1715047838895&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=1379092706.1715047839&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIkNXYibv6hQMVF-wRCB1cAA0OMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6OWh0dHBzOi8vYmxvZy5rYW5kamkuaW8vbWFsd2FyZS1jdWNrb28taW5mb3N0ZWFsZXItc3B5d2FyZQ&is_vtc=1&cid=CAQSGwB7FLtq3F0GGExHE1dW6aFgdZAiRyjMzHoAAg&random=3572834935 HTTP 302
https://www.google.de/pagead/1p-conversion/781421631/?random=2108237727&cv=11&fst=1715047838895&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=1379092706.1715047839&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIkNXYibv6hQMVF-wRCB1cAA0OMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6OWh0dHBzOi8vYmxvZy5rYW5kamkuaW8vbWFsd2FyZS1jdWNrb28taW5mb3N0ZWFsZXItc3B5d2FyZQ&is_vtc=1&cid=CAQSGwB7FLtq3F0GGExHE1dW6aFgdZAiRyjMzHoAAg&random=3572834935&ipr=y

Request Chain 57

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1715047839178&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1715047839178&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1329610%26time%3D1715047839178%26url%3Dhttps%253A%252F%252Fblog.kandji.io%252Fmalware-cuckoo-infostealer-spyware%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1715047839178&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1715047839178&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cookiesTest=true&liSync=true&e_ipv6=AQLpfn69Y18KCAAAAY9Q0Ti2pMdT9aT0zNLu06dngqO1nq6fisWmm7oSdSB3XbCAYdF5aNM

87 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request malware-cuckoo-infostealer-spyware Show response
blog.kandji.io/ 162 KB
37 KB 255ms
130ms Document
text/html 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

151a011030233b53e34b6376b949a3f814a500ba948d458fdf66c74a1efa4746

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-159120097439,CT-163759176078,CT-165936097429,CT-27579410748,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cf-cache-status: HIT
cf-ray: 87fdacb9acd49b9e-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Tue, 07 May 2024 02:10:37 GMT
edge-cache-tag: CT-159120097439,CT-163759176078,CT-165936097429,CT-27579410748,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
last-modified: Tue, 07 May 2024 00:49:24 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yp6N8zgF4OR9BWMxxsDHk8WCZCE2cRKq6ehc3zzamOKS%2F0iQ3crEda11Jid%2FaIIbb6ABUKzEdstq0TiDaccBmmG1lHhEWZrJ5DMIz5aYfRc%2BNRCl4N3wyELPT1vNc13MU3MaY4GLT7CjHdNV"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 143
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-5f8479db84-x6m5q
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 165936097429
x-hs-hub-id: 5058330
x-hubspot-correlation-id: 103fb7fc-5e23-42ba-aa12-b7787b4f2809
x-request-id: 103fb7fc-5e23-42ba-aa12-b7787b4f2809

GET
H2 200 project.js Show response
blog.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 72ms
69ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:37 GMT
strict-transport-security: max-age=31536000
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 4703863
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XUAMGwOGg7yTQI6I0oGno5bbCjMR5kc4KEu0wvB%2BJEeEmGpV%2Bg2HtKDAxY4P4674Q%2FG9bBISclZ5a5oQDZI40LRCAY0MWpqqAmoMfhH7zkUQvQxpYAWuGXA3BwXM9vNtZn4jXlHlkcGKm7Qt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87fdacba8d5e9b9e-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Wed, 07 May 2025 02:10:37 GMT

GET
H2 200 v2.js Show response
blog.kandji.io/_hcms/forms/ 482 KB
161 KB 77ms
75ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 518
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=87fda012637e9972-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b0047a8901d8ed9f81db3dcb5982114e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5064/bundles/project-v2.js
date: Tue, 07 May 2024 02:10:37 GMT
strict-transport-security: max-age=31536000
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: 4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 6b20d284-5d8b-48aa-95a8-e417a14502ef
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 10
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 6b20d284-5d8b-48aa-95a8-e417a14502ef
last-modified: Wed, 03 Apr 2024 11:15:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PiRWbn8SZrqrf%2FnvUWLk%2FsSzvD49wlbmu%2B6phmz4D%2FuSTdhe5BKdeE073OxR8kSXaVu1jkPJ2ZBuaBFoH1GAfUuDKRePoZIGylIVjl6JlNIBOrlT05N5bHEx5vKjk0El0ewEBvxxxrc8JAKr"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-wlmbb
cf-ray: 87fdacba8d609b9e-FRA
x-amz-cf-id: qoN_chWMrrdgcMR8MQnRoOKNMUzby1yuey_R67Gbb4-Vz_Ox-XkM1Q==

GET
H2 200 130ddaec76c305292f6ec30ebef2d5ce.js Show response
ob.testrobotflower.com/i/ 102 KB
38 KB 133ms
44ms Script
text/javascript 2600:9000:211e:d600:10:9492:de80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:d600:10:9492:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: 3dbb76c2655ea2f996850c9101b4217c4343587e61e34555bd4d498de0ae7b69

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 06 May 2024 21:12:19 GMT
content-encoding: gzip
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: FRA56-C2
age: 17899
etag: "19784-ylb8HxKQZPvMhXseA9rK8oeZ2eQ"
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=43200
content-length: 38109
x-amz-cf-id: vvls8tyHqK0TKYV8RNVo0fF2spfwDmEy_NvMRLKtUyLgtH1q1ZFRuQ==
expires: Tue, 07 May 2024 09:12:19 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/ 50 KB
7 KB 140ms
60ms Script
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/OtAutoBlock.js

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cea95b67c69f3eadce6a5ae44f8c92cdc25d9ecfd4f1f07abddbcc5609508f9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 72457
content-md5: cZ3p4H6Oo0yMk5k3IdT0MQ==
content-length: 6819
x-ms-lease-status: unlocked
last-modified: Thu, 15 Jun 2023 16:56:03 GMT
server: cloudflare
etag: 0x8DB6DC167708395
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f03b4817-801e-007c-75bf-17177c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87fdacbb09ce39c4-FRA
expires: Wed, 08 May 2024 02:10:37 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 127ms
48ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cfMMgqnnnYda745QhUdJrw==
age: 19868
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Mon, 06 May 2024 02:33:28 GMT
server: cloudflare
etag: 0x8DC6D74E9990068
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 4232d336-901e-004a-3ecf-9f710e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87fdacbaf9cd39c4-FRA

GET
H2 200 kandji.min.css
blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/ 78 KB
15 KB 69ms
67ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

608854bc9b4ff57f231d9b41b1b325b4a987f48eb56f26d928868acd8a2f30dc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 324
x-amz-request-id: F9HPZSY13693H32D
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"bf6969b4ed04d4ea3ce545ba141380ad"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1714606603151
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 07 May 2024 02:10:37 GMT
strict-transport-security: max-age=31536000
via: 1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YQfeRzRYCP7qf_TbRR4YQdYoWaIep.Mc
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: fccf68c1-8cca-44eb-b1ca-a20ae782e7c0
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 192
alt-svc: h3=":443"; ma=86400
x-amz-id-2: iCaDhGep/cYFMzAK1kDnzm5YnoMUv88l3WY7SEHajJCwd3B6Ze+2FZOKIP0UYYHyCVGofDqAGic=
x-evy-trace-route-configuration: listener_https/all
x-request-id: fccf68c1-8cca-44eb-b1ca-a20ae782e7c0
last-modified: Wed, 01 May 2024 23:36:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YSQCP2qJx44pJjL0PDd8Qa%2BhBBQHcIn4nr84N18igqQ%2FRy4iUnMlbl3%2FYBiejy9AkiwbSajY2CmJqYjxhOC3CADNwd0LcULNHIUE6vPetawuRFEIcWBviTI7atDg03HpabbCNcENSEzfSIzY"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-7mxgq
access-control-allow-credentials: false
cf-ray: 87fdacba8d629b9e-FRA
timing-allow-origin: blog.kandji.io
x-amz-cf-id: TzYK1goTY6genjB4tbroyyR_nWJHHGwaH9JPuAZCl_A5EDhoFssN5w==

GET
H2 200 2024.04.30%20Cuckoo%202.png
blog.kandji.io/hs-fs/hubfs/ 17 KB
18 KB 68ms
68ms Image
image/webp 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/2024.04.30%20Cuckoo%202.png?width=672&height=347&name=2024.04.30%20Cuckoo%202.png

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1567d2b9acd79cdc86589be269f601cbffcfa85dbee6ce63db97c8f3434da79

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:37 GMT
strict-transport-security: max-age=31536000
via: 1.1 fecc88aab4864fba141da4bfceb073e8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-165961962245,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 17258
cf-resized: internal=ok/m q=0 n=1330+0 c=54+86 v=2024.4.1 l=17258
last-modified: Tue, 30 Apr 2024 18:02:29 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf6yGpyB0EJrxo_quNgCZ1zhU7KVkZo0foeZqls5VvDQ:4d88a391e2bf20850f08bf6d422c3a96"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2BMSJM3YJbHt5p7T90hpCkI9IizIuTVZ34TPDMN0VPB9wfLzz11QIuoiwOjzYLn49PB3nUdVCuOf%2FU%2BRY7YBn%2FhZdKi2WE4OrOobKhjhJKHYTr5QaW5PO26JAEqupbSFk2lm2eFvSeKmUlZ%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87fdacba9d669b9e-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Untitled%20design%20(1).png
blog.kandji.io/hs-fs/hubfs/ 454 B
1 KB 84ms
83ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/Untitled%20design%20(1).png?width=80&height=80&name=Untitled%20design%20(1).png

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c77a58a32fba476a3d98e8200daea6916689fb18950cce6bd90e48e428caa6f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000
via: 1.1 85b175d782816d34ed73f9ca030bf062.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-157917519700,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 454
cf-resized: internal=ok/m q=0 n=817+0 c=2+18 v=2024.4.0 l=454
last-modified: Thu, 22 Feb 2024 00:19:39 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfPFm93phRdC7Z74QB4VwWNervO7f-n0uC5YAbC82nDQ:11eb812ee9d202f5c27ede07174a49a0"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QLBey0mhW9sUKyMnXzX4o94MklaZMtfk4iyL0lmRaxsOsmn8j1i5vGS9CW%2FHAo4%2FTzORLx57jELPsurTTSR76Nfr4oTbkWG8Bi3%2BcRR6Tl18yTPFGOAIZnOuHL5saZcA"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87fdacbb6bf44504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET 8bed3482-30c4-4ee2-85a9-6f0e2149b55c.png
no-cache.hubspot.com/cta/default/5058330/ 0
0

GET
H3 200 current.js Show response
blog.kandji.io/hs/cta/cta/ 18 KB
8 KB 167ms
167ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hs/cta/cta/current.js

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

34d753f84b9e400b537366e47a9ebe10ec0ed56abe34174795bec29127d2ed79

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 373
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.285/bundles/current.js&cfRay=87fda3a0e10e4522-TXL
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d86286755489ba85735d030c6a6ca5dc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.285/bundles/current.js
date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000
via: 1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: .SaBlZes9qRhWaMqqCvaPXXAz4nOX23D
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 36bcb726-2486-4d5b-a271-a206c07fa76f
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 36bcb726-2486-4d5b-a271-a206c07fa76f
last-modified: Wed, 01 May 2024 11:35:03 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EU%2BgDc%2Bkd3rJQE%2FsZQTkv8H1XwfXzOADLPjLUywPAYNj%2BHfcfXmVeK%2BdEnXMmqPe5rBjKa0UCJ3CwTQwOfDtp6ELWLF5ixA5tr9bLxBfPmR3pCP5qjGuhjRl6Y2FmQlk"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-ncdrp
cf-ray: 87fdacbafb3d4504-TXL
x-amz-cf-id: K9cWlNTg7Og6cVFaA1kRoAdNROKGDarMSIkrSkt0OZwItuz3meWlow==

GET
H2 200 f9cbd4ff-31c8-46b4-914b-33c838de1b34.png
no-cache.hubspot.com/cta/default/5058330/ 3 KB
4 KB 167ms
165ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/5058330/f9cbd4ff-31c8-46b4-914b-33c838de1b34.png

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

631a0d62a719038670e8f56cc868da1bb3542376d251a781c6545cae129e2d7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
x-amz-version-id: tTGyEO0tJlODKY_zmzUuuYcp.joigpwa
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: TYC2EX6CJXCBWAVK
x-amz-server-side-encryption: AES256
content-length: 3266
x-amz-id-2: Oj4oqoYOro9YpRxcg+/yux58Efp7BDZ6SKj2Jn40ZalQfjvnuAoS/F86h7aRStOkr7hxq0HsyGg4nNQ+d8yhGfbz9T1ihu0tYo5U6mGj44E=
last-modified: Fri, 02 Jun 2023 18:06:17 GMT
server: cloudflare
etag: "842097bab8692619d1384bba926c1149"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FacEMGMetQey56ZRYRO%2F6SyYGkWThWQuKeg88gxaPM2fcXECcSQPfVclTtQZVrNAeMtnEfaxdpDPwLbHGRJlbmwryaX38TYp3I6PPpB74UoxfMBqT55N8uDcasec0%2BDApv7mqgEnOxzurggjrqZ6LKD6"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87fdacbb7e5168fe-FRA

GET
H2 200 8b112eca-371f-41dd-bc10-130711c6d648.png
no-cache.hubspot.com/cta/default/5058330/ 1 KB
2 KB 173ms
171ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/5058330/8b112eca-371f-41dd-bc10-130711c6d648.png

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

047ad7989bc75b72ad38301072330f4109f8225a4e34bdde8bfa790edd0d5a0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
x-amz-version-id: f4WGBHOQ..wkPV9PgAGbh2HG2CnWNNPy
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: TYCC2XKMCM658GZ9
x-amz-server-side-encryption: AES256
content-length: 1286
x-amz-id-2: s7DVubEF5LC74/Gihh3AS9N2zxJ3PW+aWZmuXuOLdRZBiyupTAZocNRUXN/GkwV2rXh6S3fBOkyu/km8EM3ByQXiTrMPo0+ojr2gwxUar7U=
last-modified: Fri, 08 Mar 2024 22:19:12 GMT
server: cloudflare
etag: "179d670d165cfa6f65deb404cccd7d89"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JhYwIWcgJDfAu5l53v%2BQwvLhSVOydc%2BgYHIMhfnMAq1at%2Bu11fMcBno6m64rLCHOmb1wuvX42F%2B%2BnWzkmjhN1o8kqLlns4RCzz86HE5sbrQLIDrFJMg7mrT7SBSc3%2FHbAJXEBTDLPcfM22llcdXBxjFD"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 87fdacbb7e5268fe-FRA

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.840/ 13 KB
6 KB 139ms
48ms Script
application/javascript 2606:4700::6811:af5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.840/embed.js

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:af5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
x-amz-version-id: e_mEpsTIjne7IZWFj8MkYDmouI7jSgMC
via: 1.1 a2ce61e5ddc66736c9e2bfb6581fa2da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 629851
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 Apr 2024 16:01:41 GMT
server: cloudflare
etag: W/"3a4474324e070674ecd017b9d44b9c99"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8lHWKPVe5xTccLTuRTVKSFOjpedYpQ4KBpIP8%2Bse%2FRyL%2BsHH1C%2FP9rutfJwHrDyPdDHEFBlH9m2udBTEkTjVPtG72pDiaMF%2FROBKwqgnvgeFGP6gkIrHXmFWR75lV6LeawJeDktRfGckeheYQoN8AMdmehc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87fdacbc0c059750-FRA
x-amz-cf-id: uPbLZkmjrnCQRcy_jlXxA53kIIcKlWFGGfQZ_1GaMR0TsSieN4Mxjg==
expires: Wed, 07 May 2025 02:10:38 GMT

GET
H3 200 kandji.min.js Show response
blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/ 112 KB
37 KB 115ms
114ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.min.js

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

953e94dc295871bac70da3981c02f89826b126b77678c770426e26e2020731c8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 2HV1TG40DR1BA6SN
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"4cb530e790831873094e7ee81d06938a"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1710813314427
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000
via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: tzPl9wZduJpEUTWWdXTe7fGP_WJ6sPj_
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a8ac40e5-873a-4289-b0a7-f88f21e7b8b7
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 144
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QB4MDy1Ai+EP1ZD7/+3lTVUlvlwkd/boUzEwoLmMHl8Vemj+b7NE3SmHDrg/DKmmXM3pp0xGqJE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a8ac40e5-873a-4289-b0a7-f88f21e7b8b7
last-modified: Tue, 19 Mar 2024 01:55:15 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OoVR08jvHySf%2FmfQnDAY0WcfpWH4FCfmRfI%2BHD9CorLPTYmMOXR7%2FH%2Bj%2FYq9XRf%2F%2F1jralKuhZsaP1S7w4UbAJYvedqq%2FgrPg8hPlxq9ZwtOtAP%2BCPunzps1Q0r274am"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5c8495489f-wvfbh
access-control-allow-credentials: false
cf-ray: 87fdacbb6bf34504-TXL
timing-allow-origin: blog.kandji.io
x-amz-cf-id: rcwZzpbmC9EKDI6aae1xb1lwHXUw3-2df65nvq9Cc5BvTwDwKTD_QQ==

GET
H3 200 5058330.js Show response
blog.kandji.io/hs/scriptloader/ 1 KB
2 KB 387ms
387ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hs/scriptloader/5058330.js

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

213c5406df2cd6b933342bef72205b136d5bb24529ad3da7c637c3f23b276556

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 20d6c04f-e578-49a8-b85b-96bcdc535a49
content-encoding: br
x-envoy-upstream-service-time: 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 20d6c04f-e578-49a8-b85b-96bcdc535a49
last-modified: Mon, 06 May 2024 16:40:00 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.kandji.io
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-2hls6
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G0eUfvHE%2BNTijJ5hPO5sBigjKb5vBYCdSVawCjtKzgjVGr00%2FIxYegke%2BIDrNnpFNLqyF1Fv%2B34LYUGxukG7ThdFU2AklTZSITTusNgtgJVbReRBs21yIoZOfSsfub9%2F"}],"group":"cf-nel","max_age":604800}
cf-ray: 87fdacbb6bf84504-TXL
expires: Tue, 07 May 2024 02:12:08 GMT

GET
H3 200 index.js Show response
blog.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.321/js/ 12 KB
5 KB 78ms
77ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000
via: 1.1 44a23a2f4d4e9659f5b008d1f39e1318.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 374308
x-amz-cf-pop: WAW51-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: 1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 15:59:57 GMT
server: cloudflare
etag: W/"5885ac5129ee80f8b7e1e228e142587d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a2TnGn1Gh4mHDbaeNMMg1V6S%2BOhLQy4z9KQ5hvxNwV%2Bw8Qe1dmHXhW3uPwz7AyEPTnViZBZX2vT7Rynxctw1qPZ9mwj5qoBJjis4ImZSBCyeZR5XXoqxvTgzxbV3iu2E"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87fdacbb6bfa4504-TXL
x-amz-cf-id: 5LTyQyxZIRPK3NZXGJfmCy10Vf8EZlRquB0oSXT-gV1kjarqaNrJ5Q==
expires: Wed, 07 May 2025 02:10:38 GMT

GET
H2 200 52104b08-403c-474b-8e63-8560d38d0080.json Show response
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/ 4 KB
2 KB 142ms
59ms XHR
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/52104b08-403c-474b-8e63-8560d38d0080.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bb5b82601b4d9a2d5c0c2114554c057cfcbd14758cbfcc4caabcd22ad9abe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 14651
content-md5: 6BMqikelNA/grYiNXxYYUQ==
content-length: 1508
x-ms-lease-status: unlocked
last-modified: Thu, 15 Jun 2023 16:56:03 GMT
server: cloudflare
etag: 0x8DB6DC1675F9622
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 36884402-a01e-007b-7e03-247b1f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87fdacbbeb528fe8-FRA
expires: Wed, 08 May 2024 02:10:38 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 334 KB
107 KB 154ms
63ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fb3b950984bf09b15b2d2f8e2e29cb305b391320b10ffa3864e01d77513497da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108665
x-xss-protection: 0
last-modified: Tue, 07 May 2024 00:09:18 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 May 2024 02:10:38 GMT

GET
H2 200 PPNeueMontreal-Variable.ttf
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/fonts/ 190 KB
92 KB 261ms
166ms Font
font/ttf 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/fonts/PPNeueMontreal-Variable.ttf
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 910f74967a8d03e18bdd8b4a46a1573653c71d374e9823f2d416d9bd250b1ea6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/
Origin: https://blog.kandji.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-95662839379,FD-95664176134,P-5058330,FLS-ALL
age: 1048772
x-amz-request-id: KKJPTSDK4KEG63EX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-95662839379,FD-95664176134,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"61d5f1a1a93cc2b08ca4fc4032b9df1e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/ttf
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1671243819749
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 07 May 2024 02:10:38 GMT
via: 1.1 88fd4dc311317996718ed4ed98e5cbda.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: LseMZwrny9avZzv6GoE3a9pheWcyZ0eh
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-95662839379,FD-95664176134,P-5058330,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-id-2: 7uWEpvEevNESMUxrgs45hpkM0fx+NRC8MiHkR60dRKBT8DLKncDTZScwP9gUGdo8OhTrQU0Sv7k=
last-modified: Sat, 17 Dec 2022 02:23:40 GMT
server: cloudflare
cf-ray: 87fdacbc5e2e30e8-FRA
timing-allow-origin: 5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id: rGKAG_cjck9U5a6YZ1wQnsdxkFv2rQKz-P5dG2TbHN_BYW_3VSoVbw==

GET
H3 200 First%20screenshot_shadow.png
blog.kandji.io/hs-fs/hubfs/ 80 KB
81 KB 143ms
143ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/First%20screenshot_shadow.png?width=895&height=700&name=First%20screenshot_shadow.png

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9164e39d63790c8764c886c09d0299cc3a3f13f42bf55f1b4cbdc4eea6c6359

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000
via: 1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-165936926823,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 82046
cf-resized: internal=ok/h q=0 n=16+196 c=0+0 v=2024.4.1 l=82046
last-modified: Tue, 30 Apr 2024 14:55:40 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfn-4rA8EuXDA7DQQOxyHyoLxndmRGB8yy55S65dU6DQ:749969da747907414f76c0dfb945f2b1"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ag3lIFHA%2FkB2%2B7GPtHQyuvZiTnKyMux00Odq4cXOGcnCdheBN13a0DSs%2BUOmBwGF28dCKiCaKHlN77S4HzHV3l1qW5IrdOc%2FOsANM%2BmUFsgh6QDJMlW9UL6kZiTkmaJZ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87fdacbb9c2f4504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 2024.03.XX%20installers.png
blog.kandji.io/hs-fs/hubfs/ 2 KB
3 KB 170ms
169ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/2024.03.XX%20installers.png?width=128&height=66&name=2024.03.XX%20installers.png

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e31e68652d40a182ba89f4af0ae2bc09c1a71bb893aa2bdd147a6278081d4ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000
via: 1.1 f2b02f5afeb695ea85b659be98f49e92.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-160884535947,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 2412
cf-resized: internal=ok/h q=0 n=58+0 c=65+39 v=2024.4.1 l=2412
last-modified: Fri, 15 Mar 2024 15:49:20 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfvWXpEFLCQN_zZvbheJ2EmJLxdFxi2AAgjHEhntbsDQ:3c204f838ebc22dfc5014db1beca205b"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XfU%2BfdSnVRL6oyxq0HdUbs6514y2%2FF%2BaA9HWmIjIHPmURfxuICsyXscMhwb70%2F0ADMZXPZHLouJCKPW%2Brq%2FOtCUGbuRAKcxHnZ%2B4fc9Q3Hc8RaPP%2Bq8G5ZaonjRusKxc"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87fdacbbcc854504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 2023.06.29%20security.png
blog.kandji.io/hs-fs/hubfs/ 1 KB
3 KB 171ms
170ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/2023.06.29%20security.png?width=128&height=66&name=2023.06.29%20security.png

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4c8e87133644390cfb20c3cf3055dc631add2a8db9e05f6d23480df2d624399

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000
via: 1.1 335b5d7a095dc0c2b19883021de7870e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-122688660010,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1534
cf-resized: internal=ok/m q=0 n=739+0 c=26+16 v=2024.4.1 l=1534
last-modified: Wed, 28 Jun 2023 17:20:39 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfNCxsMukWtVp3OVsIX2njGMhLdFxi2AAgjHEhntbsDQ:c0131cccd4a63ec31e730507c1405caf"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kLC1KeIZBXz9kb8SPp4k8SuSqvuQ3Aot%2FLlYI2K5kPooBPWFmCFScEL5S7f2noAtNXHHNDBZV4l018OtmiyD9%2ByHZK4Uq6YjHY3tlr3tGmIfn2YR%2B0fatTV0huw1TBFM"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87fdacbbcc864504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 2024.04.18%20Configurator.png
blog.kandji.io/hs-fs/hubfs/ 1 KB
2 KB 172ms
170ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/2024.04.18%20Configurator.png?width=128&height=66&name=2024.04.18%20Configurator.png

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f9341805e550ac6c973ad2fb31797089b016f68d2482b10f7f975a61b403823

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000
via: 1.1 28de398d6bd20bc440c06f568b49c876.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-164794887495,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1316
cf-resized: internal=ok/m q=0 n=1051+0 c=17+13 v=2024.4.1 l=1316
last-modified: Wed, 17 Apr 2024 22:10:35 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cftU2E2Jhvd8jr2j5bb1BXrMladFxi2AAgjHEhntbsDQ:884140d251f39ec2c0519828550c9614"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8aFFmVcHF%2BypSBWl8TxtCBzF9JKVlhuhH8y%2BR9im4EGd5s8Xu1FUaSK1z3VgsZDt23PodHVZHb2pwN%2BEXZ%2F0XsgOmScflByIXT2v1qOViLW6F1O6ZiSLVz%2Bivy0KrXa%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 87fdacbbcc874504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H2 200 Subscribe-Blog.png
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/ 13 KB
14 KB 251ms
168ms Image
image/webp 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/Subscribe-Blog.png
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fc523fde3cc50b1d7b9e935d342b29b1e380d85f6d4b14aba2351838410bc83

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-meta-cache-tag: F-96062485125,FD-95861192563,P-5058330,FLS-ALL
age: 2090012
x-amz-request-id: 0R2CQ7QV965APF6H
x-amz-server-side-encryption: AES256
edge-cache-tag: F-96062485125,FD-95861192563,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Subscribe-Blog.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "ea57f01744259025dbbee871cdd1cb31"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1671621599617
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 07 May 2024 02:10:38 GMT
via: 1.1 99a0678067c9afa5ffc6dde34b960d40.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: CJxRHwMuRdpajywx_jTmK_D4quNoYBxx
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=16283
x-cache: RefreshHit from cloudfront
cache-tag: F-96062485125,FD-95861192563,P-5058330,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 13174
x-amz-id-2: 7ShcDXOmIn0A3jr5HIZUsghFp060kH08mbrCl0IOHBOMP/tCAG6DCWcugKK0Mro45RDssJQtwxY=
last-modified: Wed, 21 Dec 2022 11:20:00 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 87fdacbc5fdd3609-FRA
timing-allow-origin: 5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id: OLdCt8sxfeU1nHIpMT4ZceLGZTeM5liPFOXoexx7ns8T-y1MpGeGTA==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
304 B 152ms
69ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
accept: application/json
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 87fdacbcd8302c55-FRA
access-control-allow-headers: Content-Type

GET
H3 200 json Show response
blog.kandji.io/_hcms/forms/embed/v3/form/5058330/21f774d6-4c0b-4c25-b47a-35023464393a/ 12 KB
4 KB 204ms
204ms XHR
application/json 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/_hcms/forms/embed/v3/form/5058330/21f774d6-4c0b-4c25-b47a-35023464393a/json?hs_static_app=forms-embed&hs_static_app_version=1.5064&X-HubSpot-Static-App-Info=forms-embed-1.5064

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3107c46ccaaa815e2cc3578204d5b2d1bfcdf243074c0eff4c51cd1d1d2f6a49

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 08aa1710-a0dc-4dba-bf5a-893ba7f5aa85
content-encoding: br
x-envoy-upstream-service-time: 15
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 08aa1710-a0dc-4dba-bf5a-893ba7f5aa85
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nx8lw
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IQ4sI8JCzANgAP8%2F8rkX1o4aebGaXW809agTRZkxFatjWn5Q28cN7JG6KWI5PSJghvL02R0qF%2B7BkToKJlI5RnTa9r%2F9pv9SrogP%2FtI%2FytksLMCKqIWLN%2BG8sBcG7m42"}],"group":"cf-nel","max_age":604800}
cf-ray: 87fdacbcae054504-TXL
access-control-allow-headers: *
x-robots-tag: none

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
650 B 225ms
215ms XHR
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=5058330

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 89e5cdb6-5931-4038-81b7-7ccc0f2180c6
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=87fdacbcdf5468fe&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 89e5cdb6-5931-4038-81b7-7ccc0f2180c6
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://blog.kandji.io
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-qbnbs
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 87fdacbcdf5468fe-FRA

GET
H2 200 right-laptopts.png
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/ 109 KB
110 KB 167ms
167ms Image
image/webp 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/right-laptopts.png
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f336afca0db6e13235318d314c37a3f577c0c6219e57c1d44106d45313f0534e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-meta-cache-tag: F-134491805113,FD-95861192563,P-5058330,FLS-ALL
age: 1169655
x-amz-request-id: PT1XPWF5CDQTCC07
x-amz-server-side-encryption: AES256
edge-cache-tag: F-134491805113,FD-95861192563,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="right-laptopts.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "d8f7fec81a5703b8fa569b8c7e09c1d2"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1694478484023
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 07 May 2024 02:10:38 GMT
via: 1.1 88fd4dc311317996718ed4ed98e5cbda.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: jjtaDQNzOAXVY5VvKDfKCQS8NeD2KgjS
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=181766
x-cache: Miss from cloudfront
cache-tag: F-134491805113,FD-95861192563,P-5058330,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 111700
x-amz-id-2: uKc2AnpOPIB2NFf9GoYfuDLUZz9+3wQZKI0C3tl2HHb0QKbV7dIBHY9XuIh89OGm2EJfYhP7Ba0=
last-modified: Tue, 12 Sep 2023 00:28:05 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 87fdacbcd87e3609-FRA
timing-allow-origin: 5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id: 5W5EiC1qjx9P7DZLpUvCnOgIjwCFfu1dbMAzhx9LidQXJ37pQW0U0g==

GET
H2 200 ct Show response
obs.testrobotflower.com/ 4 KB
2 KB 498ms
247ms Script
text/javascript 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.testrobotflower.com/ct?id=57239&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1715047838242&hl=2&op=0&ag=2115704966&rand=039620025009097617620927799058561406883821972902877288725682830562000929229161526191&fs=1600x1200&fst=1600x1200&np=win32&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDEzMDldLFsiYm5jaCIsMF0sWyJhYm5jaCIsMF0sWy05LCIrIl0sWy01MiwiLSJdLFstNjEsIntcIndnc2xcIjpcIjQ7cmVhZG9ubHlfYW5kX3JlYWR3cml0ZV9zdG9yYWdlX3RleHR1cmVzO3BhY2tlZF80eDhfaW50ZWdlcl9kb3RfcHJvZHVjdDt1bnJlc3RyaWN0ZWRfcG9pbnRlcl9wYXJhbWV0ZXJzO3BvaW50ZXJfY29tcG9zaXRlX2FjY2VzcztcIixcInBjZlwiOlwiYmdyYTh1bm9ybVwifSJdLFstNiwie1wid1wiOltdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMjQsIltdIl0sWy02OCwiLSJdLFstMzEsImZhbHNlIl0sWy0xNSwiLSJdLFstNDcsIkV1cm9wZS9CZXJsaW4sZGUtREUsbGF0bixncmVnb3J5Il0sWy02NSwiLSJdLFstNywiLSJdLFstNjIsIjgwIl0sWy0yNiwie1widGpoc1wiOjEwMjE5MTQ4LFwidWpoc1wiOjcxMjQ1NDgsXCJqaHNsXCI6NDI5NDcwNTE1Mn0iXSxbLTY2LCJnZW9sb2NhdGlvbixzdG9yYWdlYWNjZXNzLGdhbWVwYWQsY2hlY3QsbWlkaSxkaXNwbGF5Y2FwdHVyZSx1c2IscGljdHVyZWlucGljdHVyZSxwdWJsaWNrZXljcmVkZW50aWFsc2dldCxsb2NhbGZvbnRzLG90cGNyZWRlbnRpYWxzLGVuY3J5cHRlZG1lZGlhLGNoc2F2ZWRhdGEsY2h1YWZ1bGx2ZXJzaW9ubGlzdCxjaHVhd293NjQsY2hkb3dubGluayxjaHByZWZlcnNjb2xvcnNjaGVtZSxzeW5jeGhyLGNodWFtb2RlbCxjaHByZWZlcnNyZWR1Y2VkdHJhbnNwYXJlbmN5LHNlcmlhbCxjYW1lcmEsY2hwcmVmZXJzcmVkdWNlZG1vdGlvbixwcml2YXRlc3RhdGV0b2tlbmlzc3VhbmNlLGlkZW50aXR5Y3JlZGVudGlhbHNnZXQsY2h1YWZ1bGx2ZXJzaW9uLGZ1bGxzY3JlZW4sY2hkcHIsdW5sb2FkLGtleWJvYXJkbWFwLGNodWFwbGF0Zm9ybSxneXJvc2NvcGUsY2h1YW1vYmlsZSx3aW5kb3dtYW5hZ2VtZW50LGNodWEscHVibGlja2V5Y3JlZGVudGlhbHNjcmVhdGUsbWFnbmV0b21ldGVyLGFjY2VsZXJvbWV0ZXIscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGNodWFhcmNoLHhyc3BhdGlhbHRyYWNraW5nLGNodWFmb3JtZmFjdG9ycyxpZGxlZGV0ZWN0aW9uLGNodWFwbGF0Zm9ybXZlcnNpb24sY2h3aWR0aCxjbGlwYm9hcmRyZWFkLGNodmlld3BvcnR3aWR0aCxwYXltZW50LGNodmlld3BvcnRoZWlnaHQsY2hydHQsYXV0b3BsYXksY3Jvc3NvcmlnaW5pc29sYXRlZCxoaWQsY2h1YWJpdG5lc3Msc2NyZWVud2FrZWxvY2ssY2xpcGJvYXJkd3JpdGUsY2hkZXZpY2VtZW1vcnksbWljcm9waG9uZSJdLFstMjUsIi0iXSxbLTI4LCJlbi1VUyxlbiJdLFstNDQsIjAsMCwwLDUiXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIl0iXSxbLTEzLCItIl0sWy0zMywiLSJdLFstNTgsIi0iXSxbLTQ4LCIwLDAiXSxbLTU1LCIyIl0sWy0zOCwiaSwtMSwtMSwxLDAsNDAsMCwwLDg1LDEzNywtMSwwLDQ0OS4zLDQ0OS4zLDY0NSw2NDUiXSxbLTY3LCItIl0sWy00NSwiLSJdLFstMTYsIjAiXSxbLTE5LCJbMTE3MCwxNTcwLDExNzAsMTU3MCwwLDAsMSwyNCwyNCxcIi1cIiwxNjAwLDEyMDAsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyMDAsMCwwLDAsMCxcIi1cIixcIi1cIiwxNjAwLDEyMDBdIl0sWy0xOCwiWzAsMCwwLDFdIl0sWy0zNiwiW1wiNC8zXCIsXCI0LzNcIl0iXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsNSx0cnVlLHRydWUsbnVsbCwwLHRydWUsdHJ1ZV0iXSxbLTYwLDIwNF0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJpbnRlbCBpbmMuXCIsXCJyXCI6XCJpbnRlbCBpcmlzIG9wZW5nbCBlbmdpbmVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjAgKG9wZW5nbCBlcyBnbHNsIGVzIDEuMCBjaHJvbWl1bSlcIixcImd2ZXJcIjpcIndlYmdsIDEuMCAob3BlbmdsIGVzIDIuMCBjaHJvbWl1bSlcIixcImd2ZW5cIjpcIndlYmtpdFwiLFwiYmVuXCI6NCxcIndnbFwiOjEsXCJncmVuXCI6XCJ3ZWJraXQgd2ViZ2xcIixcInNlZlwiOjE5MzA4MjAyNzksXCJzZWNcIjpcIlwifSJdLFstNTQsIntcImhcIjpbXCJfM1wiLFwiMjg3Mjg5OTMyMFwiLFwiXzFcIixcIjEwMzc5NzUxMDJcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTUzLCIxMDAiXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy00MSwiLSJdLFstMSwiLSJdLFstNTEsIi0iXSxbLTYzLCIwIl0sWy0yOSwiLSJdLFstNDksIi0iXSxbLTE3LCIxNyJdLFstMjEsIi0iXSxbLTM1LCJbMTcxNTA0NzgzODIyNywtMl0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTQsIjxodG1sIGxhbmc9XCJlblwiIGNsYXNzPVwic2Nyb2xsLXB0LVsxcmVtXSBuYXZTd2FwOnNjcm9sbC1wdC1bNnJlbV1cIj48aGVhZD5cbiAgICA8bWV0YSBjaGFyc2V0PVwidXRmLThcIj5cbiAgICA8bWV0YSBuYW1lPVwiZ29vZ2xlLXNpdGUtdmVyaWZpY2F0aW9uXCIgY29udGVudD1cImw2c3h1dURQODhfOEZheUgxaTA5QlhVbUdaN1FWZnhVandla1lCNG5JZklcIj5cblxuICAgIFxuXG4gICAgPHNjcmlwdCBhc3luYz1cIlwiIGRhdGEtb3QtaWdub3JlPVwiXCIgY2xhc3M9XCJvcHRhbm9uLWNhdGVnb3J5LUMwMDAxXCIgc3JjPVwiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RtLmpzP2lkPUdUTS1UN0daUTNMXCI%2BPC9zY3JpcHQ%2BPHNjcmlwdD5mdW5jdGlvbiBkb21SZWFkeShrKXtpZihbJ2ludGVyYWN0aXZlJywnY29tcGxldGUnXS5pbmRleE9mKGRvY3VtZW50LnJlYWR5U3RhdGUpPj0wKXtrKCl9ZWxzZXtkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCdET01Db250ZW50TG9hZGVkJyxrKX19PC9zY3JpcHQ%2BXG5cbiAgICA8dGl0bGU%2BTWFsd2FyZTogQ3Vja29vIEJlaGF2ZXMgTGlrZSBDcm9zcyBCZXR3ZWVuIEluZm9zdGVhbGVyIGFuZCBTcHl3YXJlPC90aXRsZT5cbiAgICA8bGluayByZWw9XCJzaG9ydGN1dCBpY29uXCIgaHJlZj1cImh0dHBzOi8vYmxvZy5rYW5kamkuaW8vaHViZnMvZmF2aWNvbi0zLmljb1wiPlxuICAgIDxtZXRhIG5hbWU9XCJkZXNjcmlwdGlvblwiIGNvbnRlbnQ9XCJLYW5kamkncyB0aHJlYXQgcmVzZWFyY2ggdGVhbSBoYXMgZGlzY292ZXJlZCBhIHBpZWNlIG9mIG1hbHdhcmUgdGhhdCBjb21iaW5lcyBhc3BlY3RzIG9mIGFuIGluZm9zdGVhbGVyIGFuZCBzcHl3YXJlLiBIZXJlJ3MgaG93IGl0IHdvcmtzLlwiPlxuICAgIFxuICAgIFxuICAgIFxuICAgIFxuICAgIFxuXG4gICAgXG4gICAgPHNjcmlwdD5mdW5jdGlvbiBvbkNoZXFSZXNwb25zZShhLHIpe3dpbmRvdy5jcV9yZXFfaWQ9cn08L3NjcmlwdD5cbiAgICA8c2NyaXB0IGFzeW5jPVwiXCIgc3JjPVwiaHR0cHM6Ly9vYi50ZXN0cm9ib3RmbG93ZXIuY29tL2kvMTMwZGRhZWM3NmMzMDUyOTJmNmVjMzBlYmVmMmQ1Y2UuanNcIiBkYXRhLWNoPVwiY2hlcTRwcGNcIiBjbGFzcz1cImN0X2NsaWNrdHJ1ZV81NzIzOVwiPjwvc2NyaXB0PlxuICAgIFxuXG4gICAgXG4gICAgPHNjcmlwdCB0eXBlPVwidGV4dC9qYXZhc2NyaXB0XCIgc3JjPVwiaHR0cHM6Ly9jZG4uY29va2llbGF3Lm9yZy9jb25zZW50LzUyMTA0YjA4LTQwM2MtNDc0Yi04ZTYzLTg1NjBkMzhkMDA4MC9PdEF1dG9CbG9jay5qc1wiPjwvc2NyaXB0PlxuICAgIDxzY3JpcHQgc3JjPVwiaHR0cHM6Ly9jZG4uY29va2llbGF3Lm9yZy9zY3JpcHR0ZW1wbGF0ZXMvb3RTREtTdHViLmpzXCIgdHlwZT1cInRleHQvamF2YXNjcmlwdFwiIGNoYXJzZXQ9XCJVVEYtOFwiIGRhdGEtZG9tYWluLXNjcmlwdD1cIjUyMTA0YjA4LTQwM2MtNDc0Yi04ZTYzLTg1NjBkMzhkMDA4MFwiPjwvc2NyaXB0PlxuICAgIDxzY3JpcHQgdHlwZT1cInRleHQvamF2YXNjcmlwdFwiPlxuICAgICAgZnVuY3Rpb24gT3B0YW5vbldyYXBwZXIoKSB7IH1cbiAgICA8L3NjcmlwdD5cbiAgICBcblxuICAgIFxuICAgIDxzY3JpcHQ%2BKGZ1bmN0aW9uKHcsZCxzLGwsaSl7d1tsXT13W2xdfHxbXTt3W2xdLnB1c2goeydndG0uc3RhcnQnOlxuICAgICAgICAgIG5ldyBEYXRlKCkuZ2V0VGltZSgpLGV2ZW50OidndG0uanMnfSk7dmFyIGY9ZC5nZXRFbGVtZW50c0J5VGFnTmFtZShzKVswXSxcbiAgICAgICAgaj1kLmNyZWF0ZUVsZW1lbnQocyksZGw9bCE9J2RhdGFMYXllcic%2FJyZsPScrbDonJztqLmFzeW5jPXRydWU7XG4gICAgICAgIGouc2V0QXR0cmlidXRlTm9kZShkLmNyZWF0ZUF0dHJpYnV0ZSgnZGF0YS1vdC1pZ25vcmUnKSk7XG4gICAgICAgIGouc2V0QXR0cmlidXRlKCdjbGFzcycsJ29wdGFub24tY2F0ZWdvcnktQzAwMDEnKTtcbiAgICAgICAgai5zcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0bS5qcz9pZD0nK2krZGw7Zi5wYXJlbnROb2RlLmluc2VydEJlZm9yZShqLGYpO1xuICAgICAgfSkod2luZG93LGRvY3VtZW50LCdzY3JpcHQnLCdkYXRhTGF5ZXInLCdHVE0tVDdHWlEzTCcpOzwvc2NyaXB0PlxuICAiXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy01OSwiZGVmYXVsdCJdLFszNywiWzMzMTYyMjQwNDksZnVuY3Rpb24obmV3VmFsdWUpIHtcbiAgICAgICAgICAgICAgYWRkQ29udGVudFdpbmRvd1Byb3h5KHRoaXMpXG4gICAgICAgICAgICAgIC8vIFJlc2V0IHByb3BlcnR5LCB0aGUgaG9vayBpcyBvbmx5IG5lZWRlZCBvbmNlXG4gICAgICAgICAgICAgIE9iamVjdC5kZWZpbmVQcm9wZXJ0eShpZnJhbWUsICdzcmNkb2MnLCB7XG4gICAgICAgICAgICAgICAgY29uZmlndXJhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB3cml0YWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgdmFsdWU6IF9zcmNkb2NcbiAgICAgICAgICAgICAgfSlcbiAgICAgICAgICAgICAgX2lmcmFtZS5zcmNkb2MgPSBuZXdWYWx1ZVxuICAgICAgICAgICAgfV0iXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAxMTEwMTEwMDEwMTEwMTAwMDAwMSJdLFstNDYsIjAiXSxbLTIsIjQsZUFIV1gxL2YzcXpDdmJrdXltUXdnbElhRjNwRXNSRUVUcG9WZEZWQlFRcFJjUkJGU0tJSWdpUklyMEtoSlJxcFNBdENBa1FIcEl6eWJiWHBtWnIvNS9kOTZiemN1U0FQSi9HdCJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy01LCItIl0sWy0yMCwiLSJdLFstMzIsIi0iXSxbLTUwLCItIl0sWy02NCwiWzAsXCJXaW4zMlwiLFt7XCJiXCI6XCJHb29nbGUgQ2hyb21lXCIsXCJ2XCI6XCIxMjRcIn0se1wiYlwiOlwiTm90OkEtQnJhbmRcIixcInZcIjpcIjhcIn0se1wiYlwiOlwiQ2hyb21pdW1cIixcInZcIjpcIjEyNFwifV1dIl0sWy01NywiV0UwWlYxeE9jVmhYWFZWY1N4Y0ZXbFpVU1V4TlhGMEhHV0pZU2hsWVNVbFZRR1FaRVZ4UFdGVVpXRTBaQlZoWFZsZEFWRlpNU2djWkVRTU9Bd2dNQ1FvSkFSQVZHUVZZVjFaWFFGUldURW9IQXdnQkF3b0pFQlZZVFJsNFMwdFlRQmRQWEJrUlVVMU5TVW9ERmhaV1d4ZE5YRXBOUzFaYlZrMWZWVlpPWEVzWFdsWlVGbEFXQ0FvSlhWMVlYRm9PRDFvS0NRd0xBQXRmRDF4YUNnbGNXMXhmQzEwTVdsd1hVMG9EQ0FNUERnZ0tBUkE9Il0sWy04LCItIl0sWy0xMiwibnVsbCJdLFstMzQsIi0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiLFwib2c6ZGVzY3JpcHRpb25cIixcIm9nOnRpdGxlXCIsXCJ0d2l0dGVyOmRlc2NyaXB0aW9uXCIsXCJ0d2l0dGVyOnRpdGxlXCJdfSJdLFstNDAsIjMzIl0sWy0xNCwiLSJdLFstMjMsIisiXSxbLTI3LCJbNTAsMTAsMCxcIjRnXCIsbnVsbF0iXSxbLTEwLCItIl0sWyJkZGIiLCIwLDUsMCwxLDAsMSwwLDAsMCwxLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDEsMSwwLDUsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMywwLDAsMSwwLDAsMCwwLDAiXSxbImNiIiwiMCwxLDAsMCwwLDAsMCwwLDAsMSwwLDAsNCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDMsMCwwLDAsMCwwLDAsMCwyLDAiXV0%3D&dep=0&pre=0&sdd=%7B%7D&cri=j9P3LkH0Fb&pto=680&ver=59&gac=-&mei=&ap=&fe=1&duid=1.1715047838.azNRmiKFB9gG6p3F&suid=1.1715047838.EWluCawxTHSozrES&tuid=1.1715047838.YOO6WAPq4Znt2Rxf&fbc=-&gtm=WyJwYWdldmlldy5ibG9nX21hbHdhcmVfY3Vja29vX2luZm9zdGVhbGVyX3NweXdhcmUiLCJkb21fcmVhZHkiXQ%3D%3D&it=25%2C260%2C313&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-
Requested by: Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 5e6af2a8dd706633726788e571ce082f4c0c803ca9bf69703686d5ae04f4cd6e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: text/javascript
pragma: no-cache
date: Tue, 07 May 2024 02:10:38 GMT
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 1762
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 335 KB
107 KB 57ms
57ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4d28dfb5adba9b6ce37d3a997b15e1087bc5987a374f9503f39122b1552a477f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 109561
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 07 May 2024 02:10:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 335 KB
107 KB 64ms
64ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a8e5d24ee42db9cb2266327b22745681c3430592dcf41cf857afcaab1fd7a204

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 109602
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 07 May 2024 02:10:38 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202303.1.0/ 407 KB
98 KB 50ms
50ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

099d33a1d679bcfa3722a172d91742af80d45166f760db1512e4944a9d95bc23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 12zQcT/rVMicuxojEvnp3g==
age: 24516
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 100389
x-ms-lease-status: unlocked
last-modified: Tue, 18 Apr 2023 02:32:15 GMT
server: cloudflare
etag: 0x8DB3FB51FD9A927
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 28d3babc-501e-0022-05ac-12fc9c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87fdacbd4af139c4-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/1fb5c74a-9f40-42d3-9ca7-f3a03b8afa37/ 100 KB
19 KB 137ms
136ms Fetch
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/1fb5c74a-9f40-42d3-9ca7-f3a03b8afa37/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e41200427492c9d376344c7c1061ca5a2da82b1a6f2400d9c04b44723fa69ef9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: YPAwKbP0jKwGJCCAij8LUQ==
content-length: 18986
x-ms-lease-status: unlocked
last-modified: Thu, 15 Jun 2023 16:56:05 GMT
server: cloudflare
etag: 0x8DB6DC168C385F0
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3a2e9a05-001e-0010-1a0b-15fceb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87fdacbddc3c8fe8-FRA
expires: Wed, 08 May 2024 02:10:38 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/5058330/ 71 KB
23 KB 418ms
325ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/5058330/banner.js
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/hs/scriptloader/5058330.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6957528b73336870fef39c26e4c26a54274b20a6f4bcc72ced85acc62b35cea8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
x-amz-version-id: U18IpK875C1.kZkqgNYlPwP3nLAPfMuJ
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: S7ESB29YGNXZAV95
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 2805e18d-2373-4584-b946-9ec95f9abc8a
x-envoy-upstream-service-time: 26
x-amz-id-2: liWB2BRxHvwatT1e7KrM+PsKLPQeHvzOthOZeLYDj4wvhKHMfVRkmFNQf9Z/McZ56GklPi0qyqM=
x-evy-trace-listener: listener_https
x-request-id: 2805e18d-2373-4584-b946-9ec95f9abc8a
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 15 Apr 2024 14:30:11 GMT
server: cloudflare
etag: W/"aa0a797298b2896ababed192ace38142"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.kandji.io
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-fp48c
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 87fdacbe793f2bf2-FRA
expires: Tue, 07 May 2024 02:15:38 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 132ms
45ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/hs/scriptloader/5058330.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1da8f170c3865aeacd91c9b95531baec2b5dcd16174220092e3a3695ba6ef456

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
x-amz-version-id: .jnzEtgOd9S.y9u.IH0.Nidq3hy2M7RK
via: 1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 492
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.552/bundles/pixels-release.js&cfRay=87fda0b888d72c5e-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 9b9c07bc-667e-4a19-b8b6-cf1d5020ce43
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9b9c07bc-667e-4a19-b8b6-cf1d5020ce43
last-modified: Mon, 06 May 2024 13:51:07 UTC
server: cloudflare
etag: W/"eeced445dd619f5fac08890cddee2915"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-w988t
cf-ray: 87fdacbe7973974d-FRA
x-amz-cf-id: RXFJtcotJsyrk5hZFgy35R0DUzo6x1OWylkoMgoP1stXqTA7MqV5Vw==
x-hs-target-asset: adsscriptloaderstatic/static-1.552/bundles/pixels-release.js

GET
H2 200 5058330.js Show response
js.hs-analytics.net/analytics/1715047800000/ 67 KB
21 KB 257ms
164ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1715047800000/5058330.js
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/hs/scriptloader/5058330.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f12dc284af1e9fe1ff422f71f892485263b9140dbf169882a7d8f82da5b5b12c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: TYC72FNSC90YEGNT
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 512d4027-7d4d-4700-8815-1faa99ba4d00
x-envoy-upstream-service-time: 19
x-amz-id-2: TwWHHtvhvGfUABEfxKk82V4pb85yYa6zlQr6WDenoTAmPU3zWbEPMvqTGNJvCkQJKXEIAj4Y9MA=
x-evy-trace-listener: listener_https
x-request-id: 512d4027-7d4d-4700-8815-1faa99ba4d00
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 24 Apr 2024 18:19:54 GMT
server: cloudflare
etag: W/"8f3df1a9325c8925bfb47bc8c68e83fa"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-2r68v
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 87fdacbe78b42c1b-FRA
expires: Tue, 07 May 2024 02:15:38 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
885 B 195ms
144ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 797e280a-ec66-4152-9a59-c3356c2626f5
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 797e280a-ec66-4152-9a59-c3356c2626f5
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-lrtkq
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 87fdacbe5a1458d8-TXL

POST
H2 204 collect
region1.analytics.google.com/g/ 0
253 B 138ms
46ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4510v893716759za200&_p=1715047837969&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=831461864.1715047838&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&_s=1&cu=USD&dl=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&dt=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&sid=1715047838&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&up.system_color_mode=Light&up.user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F124.0.0.0%20Safari%2F537.36&tfd=842
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 07 May 2024 02:10:38 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.kandji.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
253 B 144ms
46ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-V21CT0R1FX&cid=831461864.1715047838&gtm=45je4510v893716759za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 07 May 2024 02:10:38 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.kandji.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 100ms
51ms Image
image/gif 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-V21CT0R1FX&cid=831461864.1715047838&gtm=45je4510v893716759za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1508916690

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 07 May 2024 02:10:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
849 B 162ms
153ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b0e35b15-f6da-4e35-9fd1-c2630cac4e42
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b0e35b15-f6da-4e35-9fd1-c2630cac4e42
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-xkc98
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 87fdacbe8a6858d8-TXL

GET
H2 200 otFloatingFlat.json Show response
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/ 10 KB
3 KB 51ms
50ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/otFloatingFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: PubgfHj+VI+S8CXDj6L+0w==
age: 77880
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2702
x-ms-lease-status: unlocked
last-modified: Tue, 18 Apr 2023 02:32:08 GMT
server: cloudflare
etag: 0x8DB3FB51B88C45D
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 6b1ef2e5-001e-0062-1b69-79fba4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87fdacbecc868fe8-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/v2/ 61 KB
12 KB 52ms
52ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b382967162c482928529c765a21bf9ae4141dd1ccbdbf480140bdbd67eab8991

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 94mqEGmIxKb0iFeUZrbqtw==
age: 77880
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Tue, 18 Apr 2023 02:32:10 GMT
server: cloudflare
etag: 0x8DB3FB51C6E493B
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9475e437-101e-001c-2994-226be3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87fdacbecc878fe8-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/ 21 KB
4 KB 52ms
52ms Fetch
text/css 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 32275
x-ms-lease-status: unlocked
last-modified: Tue, 18 Apr 2023 02:32:19 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 81f0c99d-101e-0033-67ce-216628000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 87fdacbecc898fe8-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
494 B 50ms
50ms Fetch
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 44040
x-ms-lease-status: unlocked
last-modified: Thu, 02 May 2024 18:04:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 51c18e8b-f01e-0096-6065-9d235d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 87fdacbf3cad8fe8-FRA

GET
H2 200 logo_smaller.jpg
cdn.cookielaw.org/logos/88b1f9df-81c2-4d29-89cf-c98916e9bd0d/55e57800-c74c-4810-a41b-5e2afff8ac2a/7559b0a1-1d52-400b-a0ac-48786ae4e19f/ 7 KB
7 KB 51ms
50ms Image
image/jpeg 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/88b1f9df-81c2-4d29-89cf-c98916e9bd0d/55e57800-c74c-4810-a41b-5e2afff8ac2a/7559b0a1-1d52-400b-a0ac-48786ae4e19f/logo_smaller.jpg

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5846533b4521c67fd6a587522d5dc150c85d870b1dfd635af7990317ace96f86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cWKZllORFmU1skGzXrJiWA==
age: 68491
content-length: 7067
x-ms-lease-status: unlocked
cf-bgj: h2pri
last-modified: Wed, 19 Apr 2023 22:05:49 GMT
server: cloudflare
etag: 0x8DB41223BF0F461
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: 50098723-701e-009c-504f-1494e5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 87fdacbf4c2139c4-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 54ms
54ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 07 May 2024 02:10:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 6771
x-ms-lease-status: unlocked
last-modified: Mon, 06 May 2024 02:33:30 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 855efd17-001e-0022-4fe8-9f2f5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 87fdacbf4c2239c4-FRA

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 257 KB
88 KB 56ms
56ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-781421631&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

406215754bc92ba1daa8be500ea9c72d8f31ebbda012815a86b402dcdf8d2b40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89964
x-xss-protection: 0
last-modified: Tue, 07 May 2024 00:09:18 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 May 2024 02:10:38 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/781421631/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1192438478&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLn...
https://www.google.com/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1192438478&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&psc...
https://www.google.de/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1192438478&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscr...

42 B
64 B

52ms
52ms

Image
image/gif

142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1192438478&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIyeHTibv6hQMVb4mDBx373gtlMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6OWh0dHBzOi8vYmxvZy5rYW5kamkuaW8vbWFsd2FyZS1jdWNrb28taW5mb3N0ZWFsZXItc3B5d2FyZQ&is_vtc=1&cid=CAQSGwB7FLtqmi2u8gm-Yotdg4X1-Dbrbkcd_Umnxw&random=4137755904&ipr=y

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 May 2024 02:10:39 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 May 2024 02:10:39 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1192438478&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIyeHTibv6hQMVb4mDBx373gtlMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6OWh0dHBzOi8vYmxvZy5rYW5kamkuaW8vbWFsd2FyZS1jdWNrb28taW5mb3N0ZWFsZXItc3B5d2FyZQ&is_vtc=1&cid=CAQSGwB7FLtqmi2u8gm-Yotdg4X1-Dbrbkcd_Umnxw&random=4137755904&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tc_imp.gif
obs.testrobotflower.com/tracker/ 43 B
79 B 119ms
119ms Image
image/gif 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.testrobotflower.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126bebc731ed4f89959225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5b168f6e2e17071a10acf9f29f674e8b83df04793d12ab2c720787338c339157660671c053075632065dc6bd624b77be26bb25cb43e2916af05365ac097c7a1bdb50ef4ef497d7d63ebb2807ff7ecaa8556d8e0e3143714493d60264f660b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4a7a7908677a0ddc05afb35cd0e6f2094f79fb6f12a93daf07785715b90ebc33e1f13f3606da097116ce6d0f3758653f912b3d51897199dc77fcc39309e9c248d778cc0b6a69de5e11b29f429aaa9bf6b0d26b6c13bd4f002f04f591e850105d2ce8acbcdfa8d3b8421ddd3ba8b76fb7f6b33cb793c959d9c4368dbe477a610f1944e9870bf3253594fd935af0a9c89ee79bfc7609452a79fdbd87683550435ac0f4f1d3e483e9fec4593059a8c8764fdcd2bbd872f9adabfb03d9fb7e358766e8ff91e1c9bf7471a03feacba74f762cfab58afa07da060b26fc4158d4386ec65984435eebccc74232d375259570542f4a5f538c008a5585c5f3baee63c83c14d52bac18ba8b67edffff8eec4a4bdfb204c3ff25b85b45f728a43651acb6a5d716fea72af761bdeeac1638a60cb248bab2ccea40c997b0f273c037c139cc7f8da3c7b5592044495d3dabbaccb53059db1a17c96cf7079c4d3123c6dff8dd85621b320995e9f1ae63f8711c7d510f0b92eff988fdb845a63ece4277e8170a691adad169d7029100590055f42e5e606dbfe1ed89885c953cc828737093f44b623fa4fd437efd812e0404a76363c3d7c974892937010e03bd2ade734c7ce4a8d7173ab16742f97f6a46d06ab02a4c958be7f525f00fe4e4f90b3c52c8e0e6a888f01a0c1dcf88147da59522a16fa694c2de3966b2dda7de3949f698db1a4584f60b028605e16c57c3dfa8bac5c48826870cf85d3108d85c6900a73fe69e45908039b177c21c7da055d9982b694f0b810e233ba7c9578909d08c5f1ea6b6abac452c89dbdbbd8e19690765086e63947c47cc15b8f54e0f839f78c9e8033a08cd6fbf25a69cba2b5bc51cb54944047210062c8903836dd64f64f8cc94fed6574bd3e05976ee49c7522f43b334408&cri=j9P3LkH0Fb&ts=514&cb=1715047838756
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
date: Tue, 07 May 2024 02:10:38 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
BLOB 200
OK 73093782-709a-4e41-8bd3-8956d49e6832
https://blog.kandji.io/ 261 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://blog.kandji.io/73093782-709a-4e41-8bd3-8956d49e6832
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8df1aab6785e046708e9b9e8ec69a59c7d7f1c757490c682207653a7455fc229

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 261
Content-Type

GET
BLOB 200
OK bfb52c1e-df83-4b84-834b-5bd4550e990c
https://blog.kandji.io/ 529 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://blog.kandji.io/bfb52c1e-df83-4b84-834b-5bd4550e990c
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a87c9da5028926bfada0c7dd00e912219ae87de36b390dd9f32cb958efd0e98

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 529
Content-Type

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 621 B
1 KB 236ms
150ms XHR
application/json 2606:4700::6812:f26c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=5058330

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f26c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83afcd7bea4e4c7cf6e6c8147391aabca2b8b5a1fdce69981a9ee0b723c04904

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6f181829-2ce9-45b6-b7eb-03ec21bfd5bd
content-encoding: br
x-envoy-upstream-service-time: 2
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6f181829-2ce9-45b6-b7eb-03ec21bfd5bd
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.kandji.io
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-5wfz2
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mLnHfv6absXwiGZ4VqwC44nX791Gt1LhAdDX8losvqdSCnaxLv0mo5inzEkkG0llnpuxkepwkchF8WEUm1dKB0aUquynjlADahQn0pMo6fpFnbqMhT%2FFo2%2Fl3cjt%2B3tHDYtRAMZVeVxl2LnY"}],"group":"cf-nel","max_age":604800}
cf-ray: 87fdacc129274d52-FRA
access-control-allow-headers: *

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/781421631/ 3 KB
2 KB 63ms
63ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/781421631/?random=1715047838895&cv=11&fst=1715047838895&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=1379092706.1715047839&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-781421631&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

140e53d988f3aeb938a29084c5a67396d3811487963d2903eb86b67b0f078fc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 07 May 2024 02:10:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1661
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/781421631/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?random=2108237727&cv=11&fst=1715047838895&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sy...
https://www.google.com/pagead/1p-conversion/781421631/?random=2108237727&cv=11&fst=1715047838895&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u...
https://www.google.de/pagead/1p-conversion/781421631/?random=2108237727&cv=11&fst=1715047838895&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_...

42 B
64 B

57ms
56ms

Image
image/gif

142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/781421631/?random=2108237727&cv=11&fst=1715047838895&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=1379092706.1715047839&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIkNXYibv6hQMVF-wRCB1cAA0OMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6OWh0dHBzOi8vYmxvZy5rYW5kamkuaW8vbWFsd2FyZS1jdWNrb28taW5mb3N0ZWFsZXItc3B5d2FyZQ&is_vtc=1&cid=CAQSGwB7FLtq3F0GGExHE1dW6aFgdZAiRyjMzHoAAg&random=3572834935&ipr=y

Requested by

Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Protocol

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 May 2024 02:10:39 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 May 2024 02:10:39 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/781421631/?random=2108237727&cv=11&fst=1715047838895&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=1379092706.1715047839&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIkNXYibv6hQMVF-wRCB1cAA0OMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6OWh0dHBzOi8vYmxvZy5rYW5kamkuaW8vbWFsd2FyZS1jdWNrb28taW5mb3N0ZWFsZXItc3B5d2FyZQ&is_vtc=1&cid=CAQSGwB7FLtq3F0GGExHE1dW6aFgdZAiRyjMzHoAAg&random=3572834935&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 257 KB
88 KB 54ms
54ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-781421631

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d0f57c596b81e98fad995f3df385fcd4cda3c4e911abce4f17008a5c385b0f7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89916
x-xss-protection: 0
last-modified: Tue, 07 May 2024 00:09:18 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 May 2024 02:10:39 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
17 KB 133ms
41ms Script
application/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=54595
accept-ranges: bytes
content-length: 16683

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1715047839178&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1715047839178&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1329610%26time%3D1715047839178%26url%3Dhttps%253A%252F%252Fblog.kandji.io%252Fmal...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1715047839178&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1715047839178&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cookiesTest=true&liSync=true&e_ipv6=AQLpfn69Y18K...

0
263 B

280ms
181ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1715047839178&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cookiesTest=true&liSync=true&e_ipv6=AQLpfn69Y18KCAAAAY9Q0Ti2pMdT9aT0zNLu06dngqO1nq6fisWmm7oSdSB3XbCAYdF5aNM
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 13B1F57E52B440A3957BAB00AD5C4A40 Ref B: FRAEDGE1420 Ref C: 2024-05-07T02:10:40Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYX07FJtbpaFb11spJIMg==

Redirect headers

date: Tue, 07 May 2024 02:10:39 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: F72D4A90667848FA8C9E982C81078419 Ref B: FRAEDGE1511 Ref C: 2024-05-07T02:10:39Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1715047839178&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cookiesTest=true&liSync=true&e_ipv6=AQLpfn69Y18KCAAAAY9Q0Ti2pMdT9aT0zNLu06dngqO1nq6fisWmm7oSdSB3XbCAYdF5aNM
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYX07FFbrAMBpD0HxtIHw==

GET
H3 200 /
blog.kandji.io/ 0
18 KB 109ms
109ms Other
text/html 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:39 GMT
strict-transport-security: max-age=31536000
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
edge-cache-tag: CT-89692465160,CG-5058330,CG-6850365017,P-5058330,CW-95728460932,CW-95831149845,CW-95982514497,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95710341535,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-96820535620,TS-95660243609
x-hs-prerendered: Mon, 06 May 2024 15:18:44 GMT
x-hs-cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
x-hs-content-id: 89692465160
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
referrer-policy: no-referrer-when-downgrade
x-hs-cache-control: s-maxage=10800, max-age=0
last-modified: Mon, 06 May 2024 15:18:44 GMT
server: cloudflare
x-hs-hub-id: 5058330
etag: W/"70aa79c47dbea606f2916688f7f49c3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ae5zlGJqKsky0sMgMqZ2dUPukVTlu3ozFvfpZG518ZGNyOjt3IF48DlnKPFEotfZioohXLBaYzhVj6%2FvKtWSO3ywje0d0FPt6BgxiRJ0LKam1IgjmLF0hyM6u18CxEnm"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 87fdacc328434504-TXL
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script

GET
H3 200 security
blog.kandji.io/tag/ 0
15 KB 100ms
100ms Other
text/html 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/tag/security

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:39 GMT
strict-transport-security: max-age=31536000
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
edge-cache-tag: CT-89692465160,CG-6850365017,P-5058330,CW-95728460932,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95711748276,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,TS-95660243609,TG-154217753888
x-hs-prerendered: Tue, 07 May 2024 00:16:33 GMT
x-hs-cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
x-hs-content-id: 89692465160
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
referrer-policy: no-referrer-when-downgrade
x-hs-cache-control: s-maxage=10800, max-age=0
last-modified: Tue, 07 May 2024 00:16:33 GMT
server: cloudflare
x-hs-hub-id: 5058330
etag: W/"65e14da51c9e1b0560e46648f3765796"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLldTnwScoRKInbBfbKGc3EkowlC5bjvRNWMmpCfPL149uyQ2kJRhxFEFcusOsdmTUg6r8OJ9KTcGHLlSN7O7XMZkY%2FY570vQ9%2BymubqjgirQjY9NO4w%2FMvDCb%2B4L3pM"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: s-maxage=10800, max-age=0
cf-ray: 87fdacc328464504-TXL
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script

GET
H3 200 adam-kohler-christopher-lopez
blog.kandji.io/author/ 0
15 KB 94ms
94ms Other
text/html 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/author/adam-kohler-christopher-lopez

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:39 GMT
strict-transport-security: max-age=31536000
content-encoding: br
content-security-policy: upgrade-insecure-requests
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
edge-cache-tag: CT-89692465160,CG-6850365017,P-5058330,CW-95728460932,DB-5688587,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95711748276,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,TS-95660243609,AU-163759177072
x-hs-prerendered: Tue, 07 May 2024 00:16:36 GMT
x-hs-cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
x-hs-content-id: 89692465160
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
referrer-policy: no-referrer-when-downgrade
x-hs-cache-control: s-maxage=10800, max-age=0
last-modified: Tue, 07 May 2024 00:16:36 GMT
server: cloudflare
x-hs-hub-id: 5058330
etag: W/"7848241eb2c13a0987ce8d0c1a122613"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ACCy4QfCaP6aMWo4EWp58yINXXHctvDU%2F24Z96W9YNaFyxaiF1Yr4dehBydhck3y3q7G1DeXKrpSENVL6xosCczlcsX1HHz5YR07OlCM%2FeNp5I53fG%2BB4UAGzyk3nTCX"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: s-maxage=10800, max-age=0
cf-ray: 87fdacc328474504-TXL
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script

POST
H2 200 mon Show response
obs.testrobotflower.com/ 0
16 B 126ms
126ms XHR
application/json 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.testrobotflower.com/mon
Requested by: Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://blog.kandji.io
date: Tue, 07 May 2024 02:10:39 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

POST
H2 200 mon Show response
obs.testrobotflower.com/ 0
146 B 125ms
125ms XHR
application/json 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.testrobotflower.com/mon
Requested by: Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://blog.kandji.io
date: Tue, 07 May 2024 02:10:39 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 malware-cuckoo-infostealer-spyware
blog.kandji.io/ 0
0 0ms
0ms Other
text/html 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:37 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 103fb7fc-5e23-42ba-aa12-b7787b4f2809
content-encoding: br
edge-cache-tag: CT-159120097439,CT-163759176078,CT-165936097429,CT-27579410748,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cache-tag: CT-159120097439,CT-163759176078,CT-165936097429,CT-27579410748,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-envoy-upstream-service-time: 143
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-hs-content-id: 165936097429
x-request-id: 103fb7fc-5e23-42ba-aa12-b7787b4f2809
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
referrer-policy: no-referrer-when-downgrade
x-hs-hub-id: 5058330
last-modified: Tue, 07 May 2024 00:49:24 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yp6N8zgF4OR9BWMxxsDHk8WCZCE2cRKq6ehc3zzamOKS%2F0iQ3crEda11Jid%2FaIIbb6ABUKzEdstq0TiDaccBmmG1lHhEWZrJ5DMIz5aYfRc%2BNRCl4N3wyELPT1vNc13MU3MaY4GLT7CjHdNV"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-5f8479db84-x6m5q
x-evy-trace-virtual-host: all
cache-control: s-maxage=7200,max-age=5
access-control-allow-credentials: false
cf-ray: 87fdacb9acd49b9e-FRA
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script

GET
H3 200 cloudchat-infostealer
blog.kandji.io/ 0
28 KB 251ms
249ms Other
text/html 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/cloudchat-infostealer

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 796a0120-f63d-49e9-9288-1c06a78a915d
content-encoding: br
edge-cache-tag: CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cache-tag: CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-envoy-upstream-service-time: 218
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-hs-content-id: 163759176078
x-request-id: 796a0120-f63d-49e9-9288-1c06a78a915d
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
referrer-policy: no-referrer-when-downgrade
x-hs-hub-id: 5058330
last-modified: Tue, 07 May 2024 01:26:53 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N7uKrwgiHkUPRxzmIjy3fR7pRsp2qnQV7rnjWk0NaSSxHAJpz%2B1f1f065ax52NeK%2FPCvh%2FTsiUNBGtCFAD5M69a7kwn57cmF5SexwMijvDuZrsCn1S8UGa7fWu7D3VMn"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-5f8479db84-tx4mf
x-evy-trace-virtual-host: all
cache-control: s-maxage=7200,max-age=5
access-control-allow-credentials: false
cf-ray: 87fdacc96ac64504-TXL
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script

GET
H3 200 apple-mitigates-vulnerabilities-installer-scripts
blog.kandji.io/ 0
29 KB 900ms
898ms Other
text/html 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:41 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 46ca351b-c08c-48d3-9115-502610bbfd6a
content-encoding: br
edge-cache-tag: CT-115070156673,CT-153270335865,CT-160875931283,CT-24097247610,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cache-tag: CT-115070156673,CT-153270335865,CT-160875931283,CT-24097247610,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-envoy-upstream-service-time: 208
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-hs-content-id: 160875931283
x-request-id: 46ca351b-c08c-48d3-9115-502610bbfd6a
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
referrer-policy: no-referrer-when-downgrade
x-hs-hub-id: 5058330
last-modified: Mon, 06 May 2024 23:35:45 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AGFi%2FIhjmyXuHIQ3OfAFqyAxOSSJy8U%2FctC2AtzRXap5DiAD1XFfVRZ%2FVkck7t3LQsrYtgSsIYCF5nFqguvnErtdbqW9T%2BN0Va2FmwaSPrewuZxw5RhHGyLrOY1W%2BT%2Fg"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-5f8479db84-tx4mf
x-evy-trace-virtual-host: all
cache-control: s-maxage=7200,max-age=5
access-control-allow-credentials: false
cf-ray: 87fdacc96ac94504-TXL
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
194 B 185ms
182ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 1CB44C6989034A13BA0CC54C503B4069 Ref B: FRAEDGE1511 Ref C: 2024-05-07T02:10:40Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://blog.kandji.io
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYX07FMlhQf1wyqlIyJYQ==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 218 KB
59 KB 123ms
42ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 07 May 2024 02:10:40 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57845
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=36, rtx=0, c=12, mss=1294, tbw=2777, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: 2d87x761mxeRvMs90gQnek5TYbk7XrRQgDJ/OxPUd/FR94woRBegxHmkcxQU72UhNhYQN/svOHUr3XOyLC0VTw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
435 B 170ms
163ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1715047840303&vi=b4f7ba85e6a66b4ded941d4b9d31d3fb&nc=true&u=234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1&b=234561729.1.1715047840301&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8640c016-931d-4c01-b09d-a6be3e10f4ff
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 12
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8640c016-931d-4c01-b09d-a6be3e10f4ff
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wi2vxOx83qoAgkMonmrJROEGPwa0z3mlG6ok%2B4tVAvbDSZl5igCpvzxERknOIWgJeTtzHiWRogbIzQ%2Btz9SWmOZXXa6bKue9RTTW2a5TAHPsNI8ya2JTU3KmJe9usBvU%2FSNGYKZHP%2BcniYDB5avn"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-djmcg
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87fdacca1f6e68fe-FRA
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
685 B 181ms
178ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_analytic_event&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1715047840304&vi=b4f7ba85e6a66b4ded941d4b9d31d3fb&nc=true&u=234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1&b=234561729.1.1715047840301&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5ae4fe5f-5f76-482c-8d49-d9816cf65bba
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 12
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5ae4fe5f-5f76-482c-8d49-d9816cf65bba
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dH1JdLELZsfdmCpAdvDHgNhxwR%2FO4s%2FoYx5iFQjnE%2FmMp%2F%2BX359lCU0AlgXkZtL9lOAc94Md%2B%2BAOuU8fkWB4W5sq%2FC%2Bsi0Yjq9yenDp%2F%2B0KDWJxQO4MLWVg1CkQVfPnI2%2FYsdqEftTeIC76flNDg"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-wmbn8
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87fdacca1f7568fe-FRA
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
428 B 166ms
162ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_definition_fetch_success&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1715047840304&vi=b4f7ba85e6a66b4ded941d4b9d31d3fb&nc=true&u=234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1&b=234561729.1.1715047840301&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8ba6ce1e-87c6-4e91-9629-8131d8ec07d7
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 12
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8ba6ce1e-87c6-4e91-9629-8131d8ec07d7
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PlAMnZlNdbS3IsB5H6ltqXtBqkp%2FaI4vJf2la%2BiBDgaBXWIl8e8oS4i4%2F2Tdz4svXP6DojEj5zjdVW99yy0IMfT61sbXwtXKeZHk65lIyNWNtP8Y232HAEcP3VRqCVVkWANkjofoIDzpdCre3WqV"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-9kkj8
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87fdacca1f7268fe-FRA
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
436 B 168ms
165ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_before_init&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1715047840307&vi=b4f7ba85e6a66b4ded941d4b9d31d3fb&nc=true&u=234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1&b=234561729.1.1715047840301&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 70f1f10c-4889-49e2-8c4c-5284e971b794
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 12
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 70f1f10c-4889-49e2-8c4c-5284e971b794
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mxmhif%2F8qNOrFNZ3LePVYdKbxZCpyJ319X1DwWP9%2BhJYKKWquF%2B39pndeIp3PWPQF%2BTxm2Jka9RlHV3sM20tOJHHTMPEp4p7arMdyr8BEIFfhgtFGl7laLnpwYEi4aTVTFbqNpkYmLkt3xcBkl6u"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-c67ms
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87fdacca1f7168fe-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
633 B 160ms
156ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=21f774d6-4c0b-4c25-b47a-35023464393a&fci=45b86b00-91a3-46e2-b9ca-cc97cec47b4f&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1715047840308&vi=b4f7ba85e6a66b4ded941d4b9d31d3fb&nc=true&u=234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1&b=234561729.1.1715047840301&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 397d8a92-bf04-448a-8244-c95900f0f96d
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 397d8a92-bf04-448a-8244-c95900f0f96d
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E9yrCdvAAnHXGVJMDYrH57NAHtNAUIbOeEsGn1oC3FmzPrULF8pJRggdhte3RYbs31WbEWXTiisV4RR9MeeNguhRKdqZG3N3E47GOwyyb2HEegU3ov0CzMjUecOTWfQq2i8JPq1UNKeUi4RpD4%2Bd"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-9kkj8
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87fdacca1f7068fe-FRA
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
581 B 173ms
169ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_ready&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1715047840308&vi=b4f7ba85e6a66b4ded941d4b9d31d3fb&nc=true&u=234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1&b=234561729.1.1715047840301&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c21f8c71-5151-489b-b34c-2b242e0dec75
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 3
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c21f8c71-5151-489b-b34c-2b242e0dec75
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VXJJeNTo9taPCQi92xinwSDIhwwu%2Fq3m2Zk45LJu6uYsASXIRY1lM1FoJEhkOUkcGYI1zaF%2BEmbqlbsih6Hc%2FLNlfzesPlrooArxd0KaHOELfqFpip8kjG7vz0sz%2BvcWpIXU08ZvhFwo1%2FQURaac"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-hch7x
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87fdacca1f6f68fe-FRA
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
399 B 160ms
159ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_before_validation_init&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1715047840308&vi=b4f7ba85e6a66b4ded941d4b9d31d3fb&nc=true&u=234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1&b=234561729.1.1715047840301&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 75bb637b-e16e-4f1f-9d0c-24af32fa0c24
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 10
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 75bb637b-e16e-4f1f-9d0c-24af32fa0c24
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PIeQwt1SriuqYe9y9qV%2FFLPrp%2BWmzdoB5ArEcNeqhJldaNX3gdiwOaGZXo2SFxqjBkDi6rpj0co4%2F4hccMU3EIa%2FSL%2B%2BTyHMUlyhh97W0P1qdiU5q4WjIjuf7lucEfbPAnsUeUpgZd483gpJ%2BklK"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-c67ms
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87fdaccb181a68fe-FRA
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
473 B 153ms
152ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_analytic_event&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1715047840310&vi=b4f7ba85e6a66b4ded941d4b9d31d3fb&nc=true&u=234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1&b=234561729.1.1715047840301&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 09f2a83a-2231-4b7c-8151-003a73d3f09b
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 09f2a83a-2231-4b7c-8151-003a73d3f09b
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EJWxRDknwQTTJM%2FhkmZJqvTMMRCiAH2NJfVgxrLFVubDaUbpKU%2Fiu0ZEUzs8pUSsXmgRDMJLJ%2Bgq5LjyuZ0UsuVrfNcVH9oSSVubjHEqGkWdKkT2h1FoXmo24LIBWoZUz3HVoegyeK%2B1v7UKIBxx"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-d8gbc
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 87fdaccb181f68fe-FRA
x-robots-tag: none

GET
H3 200 favicon-3.ico
blog.kandji.io/hubfs/ 15 KB
4 KB 91ms
91ms Other
image/vnd.microsoft.icon 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hubfs/favicon-3.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2d41a1b6c32ab456d18738bf61dc24c0e005cdae9b9a4217760ff8dad1e6c49

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-69125449986,P-5058330,FLS-ALL
age: 326584
x-amz-request-id: Q5KS931P9A1A2F53
x-amz-server-side-encryption: AES256
edge-cache-tag: F-69125449986,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"a479d2e98cdbda4dffb71d43887dcac0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1647912952595
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000
via: 1.1 a952a9f23f3cd76250ef3c22a1c48a20.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YpH3jO4xnu2k6P.H5WyN2Y.XriWIZvyk
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-69125449986,P-5058330,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
x-amz-id-2: oqNUHvqHQG35VBosY8T0fCoFZbrVZUAivxTdfxzbYkUBz5pe0gRUvdmfb5gKa5qA3rDbCsuDtpM=
last-modified: Tue, 22 Mar 2022 01:35:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x0ooQ%2BoOMoAxXjviw%2BAfeI5vpwrD0OwVaQcip0QXgx4qx6fqNi1F%2BKmXBUs1JOcEot8Zf7vsWwHSAdn9P5vuZdzjqvN0bWDBUD6nmXZYyl0l51K1yySjjMtl17R0wnAB"}],"group":"cf-nel","max_age":604800}
cf-ray: 87fdacca3bd24504-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: FxaLZWbdMB0wywdAD3Fz1gB9vC9PUZXFRO0-84I70nzDP2tn46-yfw==

GET
H2 200 project.js Show response
blog.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
0 0ms
0ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:37 GMT
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 4703863
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XUAMGwOGg7yTQI6I0oGno5bbCjMR5kc4KEu0wvB%2BJEeEmGpV%2Bg2HtKDAxY4P4674Q%2FG9bBISclZ5a5oQDZI40LRCAY0MWpqqAmoMfhH7zkUQvQxpYAWuGXA3BwXM9vNtZn4jXlHlkcGKm7Qt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87fdacba8d5e9b9e-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Wed, 07 May 2025 02:10:37 GMT

GET
H3 200 v2.js Show response
blog.kandji.io/_hcms/forms/ 482 KB
160 KB 76ms
75ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 60
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=87fdab51c66d44f2-TXL
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b0047a8901d8ed9f81db3dcb5982114e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5064/bundles/project-v2.js
date: Tue, 07 May 2024 02:10:40 GMT
strict-transport-security: max-age=31536000
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: 4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 1edf813c-2dd4-4d0f-b9af-09ec745707af
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1edf813c-2dd4-4d0f-b9af-09ec745707af
last-modified: Wed, 03 Apr 2024 11:15:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2Fjq73dPKzprs27E7MLjU21HiWO3BGe72vWMp7PHcedH%2BsXVO948hXxfn4IG3fR41waajNj8VkGVFzRWbP0sZXtT5b6k9M5eKXlV8gVJLotub3MJ1tFpgezjbT9m2wSx"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-vdptk
cf-ray: 87fdaccafccd4504-TXL
x-amz-cf-id: 43cR12pnyzbHtsjJeqTN3_k3Ofjsn86xchsmpJehPLZlrZYoF24RJQ==

GET
H2 200 821678078239751 Show response
connect.facebook.net/signals/config/ 66 KB
14 KB 108ms
104ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/821678078239751?v=2.9.155&r=stable&domain=blog.kandji.io&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

17b3c66292df72b6c315c952f755b9272e0beaee2bb143457c937ec106578cee

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 07 May 2024 02:10:40 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=63, mss=1294, tbw=63320, tp=-1, tpl=-1, uplat=67, ullat=1
pragma: public
x-fb-debug: /jmSU+W9YGYLgQhdXMRVTUYcT1XJfHno4CvqYGuWNFpMzmu5Q/dtP03wTL5XcF4dWM90EeIFjboafqEQ3Lr/dQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 134ms
39ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=821678078239751&ev=PageView&dl=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&rl=&if=false&ts=1715047840660&sw=1600&sh=1200&ud[external_id]=b4f7ba85e6a66b4ded941d4b9d31d3fb&v=2.9.155&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1715047840659.1248560486&cs_est=true&ler=empty&cdl=API_unavailable&it=1715047840537&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1294, tbw=2792, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 07 May 2024 02:10:40 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 amos-macos-stealer-analysis
blog.kandji.io/ 0
25 KB 253ms
253ms Other
text/html 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/amos-macos-stealer-analysis

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 02:10:41 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c806a420-235b-4a46-8319-22d932f3874d
content-encoding: br
edge-cache-tag: CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cache-tag: CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-envoy-upstream-service-time: 120
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-hs-content-id: 159120097439
x-request-id: c806a420-235b-4a46-8319-22d932f3874d
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
referrer-policy: no-referrer-when-downgrade
x-hs-hub-id: 5058330
last-modified: Tue, 07 May 2024 01:27:21 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=viA5Iw5849270VIa82jd%2FIr1T9pFJIWeaTxiY1qcC0m2ck7LjPjrLStUZRHDH03C2vcasYcctArOXWEK9aV2XRqnkg2%2Bnypltis3Ws6ovIQdvRtQQo1eBPpai%2BtfBVDh"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-5f8479db84-h5vxx
x-evy-trace-virtual-host: all
cache-control: s-maxage=7200,max-age=5
access-control-allow-credentials: false
cf-ray: 87fdaccfabb94504-TXL
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script

POST
H2 200 mon Show response
obs.testrobotflower.com/ 0
39 B 130ms
130ms XHR
application/json 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.testrobotflower.com/mon
Requested by: Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://blog.kandji.io
date: Tue, 07 May 2024 02:10:41 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 47ms
47ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4510v893716759za200&_p=1715047837969&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=831461864.1715047838&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&cu=USD&dl=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&dt=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&sid=1715047838&sct=1&seg=0&_s=2&tfd=5713
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 07 May 2024 02:10:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.kandji.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 163ms
67ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 07 May 2024 02:10:43 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B3D7770374864AA4AA4805D7DBFC3FAB Ref B: FRA31EDGE0819 Ref C: 2024-05-07T02:10:43Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

POST
H2 200 mon Show response
obs.testrobotflower.com/ 0
39 B 140ms
139ms XHR
application/json 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.testrobotflower.com/mon
Requested by: Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://blog.kandji.io
date: Tue, 07 May 2024 02:10:43 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: no-cache.hubspot.com
URL: https://no-cache.hubspot.com/cta/default/5058330/8bed3482-30c4-4ee2-85a9-6f0e2149b55c.png

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blog.kandji.io/	1969-12-31 23:59:59	Name: __cfruid Value: 385db7cec852279c4cd8e6e019b0a95a6ff28132-1715047838
.hubspot.com/	1970-01-20 20:24:09	Name: __cf_bm Value: NGNIrnIH0W8TjC7A72opzK1FmY_3sbD.sKxLqVoKNSY-1715047838-1.0.1.1-Get4O7WJIEC.5g.o4GNc0SovvEAIHKmnIsZyYheu5BGbr3Bcg5BQxaV2Jdod2A08dOFnIKoUnam8jT_k_EHHHw
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: VQFKFpFpxnqXPnicfecyFQRTC3l5lD71LqYNplCJzgk-1715047838124-0.0.1.1-604800000
.kandji.io/	1970-01-20 20:34:12	Name: __kandji_lp Value: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
.kandji.io/	1970-01-20 22:35:31	Name: _cq_duid Value: 1.1715047838.azNRmiKFB9gG6p3F
.kandji.io/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1715047838.EWluCawxTHSozrES
.blog.kandji.io/	1970-01-20 20:24:09	Name: __cf_bm Value: KqJSPYS_RLjGMpqYc4jlSh3N.PhYx521VZQHDLwdJpg-1715047838-1.0.1.1-JY04uzVUeqMa_txt9_3Da.IjVtpeDEhAVd7Siv0f6tNIxx2xNfmkap7O9vkTryHv6uf5fIwSZeiigWZucgybBg
.kandji.io/	1970-01-21 06:00:07	Name: _ga Value: GA1.1.831461864.1715047838
.kandji.io/	1970-01-21 05:09:43	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Tue+May+07+2024+04%3A10%3A38+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202303.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A0%2CC0004%3A0
.hsforms.com/	1970-01-20 20:24:09	Name: __cf_bm Value: SRv7lu_JlCJQQfmUu1mnCx9qEcyHVj80YbsNQ4Zmwyg-1715047838-1.0.1.1-FXw6Ingvj94uXSHjeLAz_HfV.gmJAzrKshh3ovG4Ictr3_LIjKwZi52m3FY1Jjrs8MxXEWQMusMhlUpSHm9JJQ
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: ECtTdcPVYNaduXakKquKzlNRbXSCo5lbC_BQpiMso5Q-1715047838604-0.0.1.1-604800000
obs.testrobotflower.com/	1970-01-21 04:27:58	Name: cg_uuid Value: 790f3e29ed5308cafcf3bc1797220394
.kandji.io/	1970-01-20 22:33:43	Name: _gcl_au Value: 1.1.1379092706.1715047839
.doubleclick.net/	1970-01-20 20:24:08	Name: test_cookie Value: CheckForPermission
.linkedin.com/	1970-01-20 22:33:43	Name: li_sugr Value: f4915690-fe6f-4f6b-b471-ec3134be9add
.linkedin.com/	1970-01-21 05:09:43	Name: bcookie Value: "v=2&0d0da19f-0255-4e7f-8c7c-cdc35d2ada39"
.linkedin.com/	1970-01-20 20:25:34	Name: lidc Value: "b=TGST00:s=T:r=T:a=T:p=T:g=3390:u=1:x=1:i=1715047839:t=1715134239:v=2:sig=AQHT2scck0zUPP71XdMtpg7cmE4Rtwn7"
.linkedin.com/	1970-01-20 21:07:19	Name: UserMatchHistory Value: AQJRvkwYbizvUwAAAY9Q0Tc_CDJGY4MZl9K5FnDk3SxblycKedIIGufkAGWal4BJcOCnYuyxMw5nuQ
.linkedin.com/	1970-01-20 21:07:19	Name: AnalyticsSyncHistory Value: AQKkyQQHkp8NjAAAAY9Q0Tc_oiEd-1AXSyhB6krJZs7MTf7tS02_6nCePKDyk6ZYc3-Phf2yEBpYuL3Xd9xl_w
.www.linkedin.com/	1970-01-21 05:09:43	Name: bscookie Value: "v=1&20240507021039a1dff116-d947-46a2-86b4-121feba1febdAQE1bpxsxEFwjjSh7-fAm4_xXuxAs1SS"
.linkedin.com/	1970-01-21 00:43:19	Name: li_gc Value: MTswOzE3MTUwNDc4Mzk7MjswMjEpXgu/Tu9D5IjZ5tQRsYmSg83/X/UazwvIeOCb6b0NIw==
.kandji.io/	1970-01-21 00:43:19	Name: __hstc Value: 234561729.b4f7ba85e6a66b4ded941d4b9d31d3fb.1715047840301.1715047840301.1715047840301.1
.kandji.io/	1970-01-21 00:43:19	Name: hubspotutk Value: b4f7ba85e6a66b4ded941d4b9d31d3fb
.kandji.io/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.kandji.io/	1970-01-20 20:24:09	Name: __hssc Value: 234561729.1.1715047840301
.kandji.io/	1970-01-20 22:33:43	Name: _fbp Value: fb.1.1715047840659.1248560486
.kandji.io/	1970-01-21 06:00:07	Name: _ga_V21CT0R1FX Value: GS1.1.1715047838.1.0.1715047843.55.0.0

71 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware(Line 1537) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware(Line 1537) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
worker	verbose	URL: blob:https://blog.kandji.io/73093782-709a-4e41-8bd3-8956d49e6832(Line 1) Message: Error
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/821678078239751?v=2.9.155&r=stable&domain=blog.kandji.io&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 107) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5058330.fs1.hubspotusercontent-na1.net
api.hubapi.com
app.hubspot.com
bat.bing.com
blog.kandji.io
cdn.cookielaw.org
connect.facebook.net
forms-na1.hsforms.com
forms.hsforms.com
geolocation.onetrust.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
no-cache.hubspot.com
ob.testrobotflower.com
obs.testrobotflower.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
track.hubspot.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
no-cache.hubspot.com
104.18.80.204
13.107.42.14
142.250.181.232
142.250.184.228
142.250.185.66
142.250.186.35
172.217.23.98
199.60.103.29
2001:4860:4802:32::36
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
2600:9000:211e:d600:10:9492:de80:93a1
2606:2c40::c73c:67e3
2606:4700:4400::6812:22e5
2606:4700:4400::ac40:9284
2606:4700:4400::ac40:9b77
2606:4700::6810:7574
2606:4700::6811:af5b
2606:4700::6811:afc9
2606:4700::6811:df98
2606:4700::6812:f26c
2606:4700::6813:b134
2620:1ec:21::14
2620:1ec:c11::237
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9d
2a02:26f0:3500:16::215:149b
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
047ad7989bc75b72ad38301072330f4109f8225a4e34bdde8bfa790edd0d5a0e
099d33a1d679bcfa3722a172d91742af80d45166f760db1512e4944a9d95bc23
140e53d988f3aeb938a29084c5a67396d3811487963d2903eb86b67b0f078fc8
151a011030233b53e34b6376b949a3f814a500ba948d458fdf66c74a1efa4746
179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533
17b3c66292df72b6c315c952f755b9272e0beaee2bb143457c937ec106578cee
1a87c9da5028926bfada0c7dd00e912219ae87de36b390dd9f32cb958efd0e98
1da8f170c3865aeacd91c9b95531baec2b5dcd16174220092e3a3695ba6ef456
213c5406df2cd6b933342bef72205b136d5bb24529ad3da7c637c3f23b276556
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
3107c46ccaaa815e2cc3578204d5b2d1bfcdf243074c0eff4c51cd1d1d2f6a49
34d753f84b9e400b537366e47a9ebe10ec0ed56abe34174795bec29127d2ed79
3dbb76c2655ea2f996850c9101b4217c4343587e61e34555bd4d498de0ae7b69
3fc523fde3cc50b1d7b9e935d342b29b1e380d85f6d4b14aba2351838410bc83
406215754bc92ba1daa8be500ea9c72d8f31ebbda012815a86b402dcdf8d2b40
4d28dfb5adba9b6ce37d3a997b15e1087bc5987a374f9503f39122b1552a477f
4f9341805e550ac6c973ad2fb31797089b016f68d2482b10f7f975a61b403823
5846533b4521c67fd6a587522d5dc150c85d870b1dfd635af7990317ace96f86
5e6af2a8dd706633726788e571ce082f4c0c803ca9bf69703686d5ae04f4cd6e
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
608854bc9b4ff57f231d9b41b1b325b4a987f48eb56f26d928868acd8a2f30dc
631a0d62a719038670e8f56cc868da1bb3542376d251a781c6545cae129e2d7a
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6957528b73336870fef39c26e4c26a54274b20a6f4bcc72ced85acc62b35cea8
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
83afcd7bea4e4c7cf6e6c8147391aabca2b8b5a1fdce69981a9ee0b723c04904
899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9
8bb5b82601b4d9a2d5c0c2114554c057cfcbd14758cbfcc4caabcd22ad9abe6e
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8df1aab6785e046708e9b9e8ec69a59c7d7f1c757490c682207653a7455fc229
910f74967a8d03e18bdd8b4a46a1573653c71d374e9823f2d416d9bd250b1ea6
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
953e94dc295871bac70da3981c02f89826b126b77678c770426e26e2020731c8
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9e31e68652d40a182ba89f4af0ae2bc09c1a71bb893aa2bdd147a6278081d4ff
9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1
a8e5d24ee42db9cb2266327b22745681c3430592dcf41cf857afcaab1fd7a204
b2d41a1b6c32ab456d18738bf61dc24c0e005cdae9b9a4217760ff8dad1e6c49
b382967162c482928529c765a21bf9ae4141dd1ccbdbf480140bdbd67eab8991
b4c8e87133644390cfb20c3cf3055dc631add2a8db9e05f6d23480df2d624399
c1567d2b9acd79cdc86589be269f601cbffcfa85dbee6ce63db97c8f3434da79
c77a58a32fba476a3d98e8200daea6916689fb18950cce6bd90e48e428caa6f0
cea95b67c69f3eadce6a5ae44f8c92cdc25d9ecfd4f1f07abddbcc5609508f9e
d0f57c596b81e98fad995f3df385fcd4cda3c4e911abce4f17008a5c385b0f7d
d9164e39d63790c8764c886c09d0299cc3a3f13f42bf55f1b4cbdc4eea6c6359
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41200427492c9d376344c7c1061ca5a2da82b1a6f2400d9c04b44723fa69ef9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f12dc284af1e9fe1ff422f71f892485263b9140dbf169882a7d8f82da5b5b12c
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
f336afca0db6e13235318d314c37a3f577c0c6219e57c1d44106d45313f0534e
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
fb3b950984bf09b15b2d2f8e2e29cb305b391320b10ffa3864e01d77513497da

blog.kandji.io Open in urlscan Pro 2606:2c40::c73c:67e3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

87 Requests

93 %HTTPS

71 %IPv6

22 Domains

30 Subdomains

27 IPs

4 Countries

1760 kBTransfer

4642 kBSize

27 Cookies

55 Outgoing links

Redirected requests

87 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.kandji.io Open in urlscan Pro
2606:2c40::c73c:67e3 Public Scan

Screenshot
Live screenshot

Full Image

87
Requests

93 %
HTTPS

71 %
IPv6

22
Domains

30
Subdomains

27
IPs

4
Countries

1760 kB
Transfer

4642 kB
Size

27
Cookies

87 HTTP transactions
0 data transactions