urlscan.io logo urlscan.io
SecurityTrails logo

blog.morphisec.com Open in urlscan Pro
2606:2c40::c73c:67e1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://engage.morphisec.com/e3t/Ctc/T5+113/c9M6y04/VVLcY91jycZDVRqW5S5Fy2lJW2nfwL3536cLWN3cFw6T3lYMRW95jsWP6lZ3mHVXxsJb309Gc...
Effective URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_h...
Submission: On September 08 via manual from MY — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 40 IPs in 4 countries across 29 domains to perform 153 HTTP transactions. The main IP is 2606:2c40::c73c:67e1, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.morphisec.com.
TLS certificate: Issued by GTS CA 1P5 on July 24th 2023. Valid for: 3 months.
This is the only time blog.morphisec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 58 2606:2c40::c7... 209242 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 2400:52e0:1e0... 200325 (BUNNYCDN)
1 2606:2800:233... 15133 (EDGECAST)
16 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
1 18.66.97.37 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
7 2606:2c40::c7... 209242 (CLOUDFLAR...)
1 52.222.236.43 16509 (AMAZON-02)
2 2a02:26f0:710... 20940 (AKAMAI-ASN1)
1 146.75.120.157 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a03:2880:f08... 32934 (FACEBOOK)
4 2606:2800:234... 15133 (EDGECAST)
2 2a00:1450:400... 15169 (GOOGLE)
4 2606:4700::68... 13335 (CLOUDFLAR...)
3 2001:4860:480... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 104.244.42.197 13414 (TWITTER)
1 104.244.42.195 13414 (TWITTER)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.215.129.16 16509 (AMAZON-02)
2 54.209.155.178 14618 (AMAZON-AES)
2 2600:9000:20e... 16509 (AMAZON-02)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f17... 32934 (FACEBOOK)
2 104.244.42.8 13414 (TWITTER)
1 2a03:2880:f08... 32934 (FACEBOOK)
153 40
58    2606:2c40::c73c:67e1 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
engage.morphisec.com
blog.morphisec.com
3    2606:4700::6810:6cd1 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
2    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
4    2400:52e0:1e00::1082:1 (Germany)

ASN200325 (BUNNYCDN, SI)
consent.cookiefirst.com
1    2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)
platform.linkedin.com
16    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
no-cache.hubspot.com
app.hubspot.com
cta-service-cms2.hubspot.com
track.hubspot.com
forms.hubspot.com
1    2606:4700::6812:5ffd (United States)

ASN13335 (CLOUDFLARENET, US)
static.hsappstatic.net
4    2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    18.66.97.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-37.fra56.r.cloudfront.net
static.hotjar.com
1    2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
7    2606:2c40::c73c:671f (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
www.morphisec.com
1    52.222.236.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-43.fra56.r.cloudfront.net
script.hotjar.com
2    2a02:26f0:7100::1720:ef23 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    2606:4700::6811:129 (United States)

ASN13335 (CLOUDFLARENET, US)
scout-cdn.salesloft.com
4    2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
4    2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
2    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2606:4700::6812:b07d (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
perf.hsforms.com
3    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
4    2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
4    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2606:4700::6810:4fba (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
2    2606:4700::6811:579a (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
forms.hscollectedforms.net
1    2606:4700::6812:7a0c (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    104.244.42.197 (United States)

ASN13414 (TWITTER, US)
t.co
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
2    2606:4700::6811:eff9 (United States)

ASN13335 (CLOUDFLARENET, US)
perf.hsforms.com
3    2606:4700:4400::ac40:9284 (United States)

ASN13335 (CLOUDFLARENET, US)
1534169.fs1.hubspotusercontent-na1.net
1    2606:4700::6812:c07d (United States)

ASN13335 (CLOUDFLARENET, US)
forms-na1.hsforms.com
1    52.215.129.16 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-129-16.eu-west-1.compute.amazonaws.com
content.hotjar.io
2    54.209.155.178 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-209-155-178.compute-1.amazonaws.com
scout.salesloft.com
2    2600:9000:20eb:8200:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.linkedin.oribi.io
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
1    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    104.244.42.8 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
1    2a03:2880:f083:6:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
web.facebook.com
Apex Domain
Subdomains		 Transfer
65 morphisec.com
engage.morphisec.com
blog.morphisec.com
www.morphisec.com
919 KB
16 hubspot.com
no-cache.hubspot.com — Cisco Umbrella Rank: 13172
app.hubspot.com — Cisco Umbrella Rank: 6013
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 6967
track.hubspot.com — Cisco Umbrella Rank: 2655
forms.hubspot.com — Cisco Umbrella Rank: 5185
336 KB
7 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4840
perf.hsforms.com — Cisco Umbrella Rank: 14021
forms-na1.hsforms.com — Cisco Umbrella Rank: 7827
6 KB
7 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1142
analytics.twitter.com — Cisco Umbrella Rank: 864
syndication.twitter.com — Cisco Umbrella Rank: 1375
149 KB
6 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 3808
px.ads.linkedin.com — Cisco Umbrella Rank: 405
www.linkedin.com — Cisco Umbrella Rank: 636
px4.ads.linkedin.com — Cisco Umbrella Rank: 6338
166 KB
4 google.de
www.google.de — Cisco Umbrella Rank: 5643
685 B
4 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 96
352 B
4 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2541
www.google.com — Cisco Umbrella Rank: 2
772 B
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 186
178 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 62
345 KB
4 cookiefirst.com
consent.cookiefirst.com — Cisco Umbrella Rank: 35004
26 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
web.facebook.com — Cisco Umbrella Rank: 197
2 KB
3 hubspotusercontent-na1.net
1534169.fs1.hubspotusercontent-na1.net
169 KB
3 salesloft.com
scout-cdn.salesloft.com — Cisco Umbrella Rank: 11305
scout.salesloft.com — Cisco Umbrella Rank: 13262
4 KB
3 hubspot.net
cdn2.hubspot.net — Cisco Umbrella Rank: 9213
19 KB
2 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1139
748 B
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 5317
forms.hscollectedforms.net — Cisco Umbrella Rank: 5422
26 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 49
21 KB
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 909
9 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 793
script.hotjar.com — Cisco Umbrella Rank: 1084
59 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 249
32 KB
1 hotjar.io
content.hotjar.io — Cisco Umbrella Rank: 6939
161 B
1 t.co
t.co — Cisco Umbrella Rank: 580
378 B
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2531
16 KB
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 4954
86 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2517
22 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 862
15 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 58
2 KB
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 6281
6 KB
153 29
Domain Requested by
56 blog.morphisec.com engage.morphisec.com
blog.morphisec.com
cdnjs.cloudflare.com
7 track.hubspot.com
7 www.morphisec.com blog.morphisec.com
6 no-cache.hubspot.com blog.morphisec.com
4 www.google.de blog.morphisec.com
4 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
4 platform.twitter.com blog.morphisec.com
platform.twitter.com
4 connect.facebook.net blog.morphisec.com
engage.morphisec.com
connect.facebook.net
4 www.googletagmanager.com blog.morphisec.com
www.googletagmanager.com
www.google-analytics.com
4 consent.cookiefirst.com blog.morphisec.com
consent.cookiefirst.com
3 px.ads.linkedin.com 3 redirects
3 1534169.fs1.hubspotusercontent-na1.net blog.morphisec.com
3 perf.hsforms.com blog.morphisec.com
3 region1.analytics.google.com www.googletagmanager.com
3 forms.hsforms.com blog.morphisec.com
3 cdn2.hubspot.net blog.morphisec.com
2 syndication.twitter.com platform.twitter.com
blog.morphisec.com
2 www.facebook.com blog.morphisec.com
2 cdn.linkedin.oribi.io snap.licdn.com
2 scout.salesloft.com scout-cdn.salesloft.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 snap.licdn.com blog.morphisec.com
snap.licdn.com
2 cdnjs.cloudflare.com blog.morphisec.com
2 engage.morphisec.com 1 redirects
1 forms.hubspot.com js.hsleadflows.net
1 web.facebook.com connect.facebook.net
1 www.google.com blog.morphisec.com
1 forms.hscollectedforms.net js.hscollectedforms.net
1 px4.ads.linkedin.com blog.morphisec.com
1 www.linkedin.com 1 redirects
1 content.hotjar.io script.hotjar.com
1 forms-na1.hsforms.com blog.morphisec.com
1 analytics.twitter.com blog.morphisec.com
1 t.co blog.morphisec.com
1 js.hs-banner.com blog.morphisec.com
1 js.hsleadflows.net blog.morphisec.com
1 js.hscollectedforms.net blog.morphisec.com
1 js.hs-analytics.net blog.morphisec.com
1 cta-service-cms2.hubspot.com blog.morphisec.com
1 app.hubspot.com blog.morphisec.com
1 scout-cdn.salesloft.com blog.morphisec.com
1 static.ads-twitter.com blog.morphisec.com
1 script.hotjar.com static.hotjar.com
1 fonts.googleapis.com blog.morphisec.com
1 static.hotjar.com blog.morphisec.com
1 static.hsappstatic.net blog.morphisec.com
1 platform.linkedin.com blog.morphisec.com
153 47
Subject Issuer Validity Valid
engage.morphisec.com
GTS CA 1P5		 2023-07-25 -
2023-10-23		 3 months crt.sh
blog.morphisec.com
GTS CA 1P5		 2023-07-24 -
2023-10-22		 3 months crt.sh
hubspot.net
Cloudflare Inc ECC CA-3		 2023-04-06 -
2024-04-05		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.cookiefirst.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-01 -
2023-12-16		 a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2023-07-11 -
2024-07-10		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2023-02-05 -
2024-02-05		 a year crt.sh
hsappstatic.net
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh
www.morphisec.com
GTS CA 1P5		 2023-07-25 -
2023-10-23		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-21 -
2024-07-19		 a year crt.sh
salesloft.com
Sectigo RSA Domain Validation Secure Server CA		 2023-03-20 -
2024-04-18		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-06-17 -
2023-09-15		 3 months crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-28 -
2024-07-26		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
hubspotusercontent-na1.net
Cloudflare Inc ECC CA-3		 2023-01-26 -
2024-01-25		 a year crt.sh
*.hotjar.io
Amazon ECDSA 256 M02		 2023-03-02 -
2024-03-30		 a year crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01		 2023-06-08 -
2024-07-07		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.google.de
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Frame ID: 5E1D3C950463E72BE6E2DD73460B7A0E
Requests: 148 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fblog.morphisec.com
Frame ID: 57155B298353C715E6FD99FB46EF1718
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: EDE99B0E85E5B0C13094C9D870640FD0
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 86CB984378E774F6838C31DA8639F8CC
Requests: 1 HTTP requests in this frame

Frame: https://web.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff1e76949341ac%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff379e0082b66618%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 28C36759C4A7D6626D86BD250528F047
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Chae$ 4: New Chaes Malware Variant Targeting Financial and Logistics Customers

Page URL History Show full URLs

  1. https://engage.morphisec.com/e3t/Ctc/T5+113/c9M6y04/VVLcY91jycZDVRqW5S5Fy2lJW2nfwL3536cLWN3cFw6T3lYMRW95j... Page URL
  2. https://engage.morphisec.com/events/public/v1/encoded/track/tc/T5+113/c9M6y04/VVLcY91jycZDVRqW5S5Fy2lJW2n... HTTP 307
    https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

153
Requests

99 %
HTTPS

78 %
IPv6

29
Domains

47
Subdomains

40
IPs

4
Countries

2610 kB
Transfer

6473 kB
Size

36
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://engage.morphisec.com/e3t/Ctc/T5+113/c9M6y04/VVLcY91jycZDVRqW5S5Fy2lJW2nfwL3536cLWN3cFw6T3lYMRW95jsWP6lZ3mHVXxsJb309Gc4Vp7H_81kbJDjW5bMFqX4Wb5h0W4fpCn_1vXfNNW4-8b1376NcftW7XB76G16FDY4N46xW4_-dPzmW1-tKBl96sFmxW4T7jYQ8-M81wW4F-hst5NdGxwW8lrclN76swH6N6nb9PYVKH2vW4svyz-1hHqnPN5PYZr4l681MW3--HB84tLJv-N55bNDD5z_2mW6Y3wYK75Y7gKW1q9X_l2gcf6JW5LhDkR8rW6tpW7qq2Vg3pD-V-W7S2CpN4rBkhYW336v0n7JDJx7W3PxW5d4SslggW2lb7yr4t6bcDW33D80b1qkvRnW5K3fZ59dtLPsVbX9v51HWy-cW33S20Y4nLXTnW3V4znc6Rfgb6W4Xk0pD6HQrnMf1J8Nvj04 Page URL
  2. https://engage.morphisec.com/events/public/v1/encoded/track/tc/T5+113/c9M6y04/VVLcY91jycZDVRqW5S5Fy2lJW2nfwL3536cLWN3cFw6T3lYMRW95jsWP6lZ3mHVXxsJb309Gc4Vp7H_81kbJDjW5bMFqX4Wb5h0W4fpCn_1vXfNNW4-8b1376NcftW7XB76G16FDY4N46xW4_-dPzmW1-tKBl96sFmxW4T7jYQ8-M81wW4F-hst5NdGxwW8lrclN76swH6N6nb9PYVKH2vW4svyz-1hHqnPN5PYZr4l681MW3--HB84tLJv-N55bNDD5z_2mW6Y3wYK75Y7gKW1q9X_l2gcf6JW5LhDkR8rW6tpW7qq2Vg3pD-V-W7S2CpN4rBkhYW336v0n7JDJx7W3PxW5d4SslggW2lb7yr4t6bcDW33D80b1qkvRnW5K3fZ59dtLPsVbX9v51HWy-cW33S20Y4nLXTnW3V4znc6Rfgb6W4Xk0pD6HQrnMf1J8Nvj04?_ud=641b7438-acc3-411b-9393-53e24654d562&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
    https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 122
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136%2C3607898&time=1694144055945&url=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136%2C3607898&time=1694144055945&url=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32136%252C3607898%26time%3D1694144055945%26url%3Dhttps%253A%252F%252Fblog.morphisec.com%252Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%253Futm_medium%253Demail%2526_hsmi%253D273167937%2526_hsenc%253Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%2526utm_content%253D273167937%2526utm_source%253Dhs_automation%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136%2C3607898&time=1694144055945&url=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136%2C3607898&time=1694144055945&url=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true&e_ipv6=AQLEBhqM29YodQAAAYpy2s1_m5do-ruU3t4JO7Od3WvKXWLgwDRjlHn_0rxf6aiQJXNQieg

153 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
VVLcY91jycZDVRqW5S5Fy2lJW2nfwL3536cLWN3cFw6T3lYMRW95jsWP6lZ3mHVXxsJb309Gc4Vp7H_81kbJDjW5bMFqX4Wb5h0W4fpCn_1vXfNNW4-8b1376NcftW7XB76G16FDY4N46xW4_-dPzmW1-tKBl96sFmxW4T7jYQ8-M81wW4F-hst5NdGxwW8lrclN7...
engage.morphisec.com/e3t/Ctc/T5+113/c9M6y04/ 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://engage.morphisec.com/e3t/Ctc/T5+113/c9M6y04/VVLcY91jycZDVRqW5S5Fy2lJW2nfwL3536cLWN3cFw6T3lYMRW95jsWP6lZ3mHVXxsJb309Gc4Vp7H_81kbJDjW5bMFqX4Wb5h0W4fpCn_1vXfNNW4-8b1376NcftW7XB76G16FDY4N46xW4_-dPzmW1-tKBl96sFmxW4T7jYQ8-M81wW4F-hst5NdGxwW8lrclN76swH6N6nb9PYVKH2vW4svyz-1hHqnPN5PYZr4l681MW3--HB84tLJv-N55bNDD5z_2mW6Y3wYK75Y7gKW1q9X_l2gcf6JW5LhDkR8rW6tpW7qq2Vg3pD-V-W7S2CpN4rBkhYW336v0n7JDJx7W3PxW5d4SslggW2lb7yr4t6bcDW33D80b1qkvRnW5K3fZ59dtLPsVbX9v51HWy-cW33S20Y4nLXTnW3V4znc6Rfgb6W4Xk0pD6HQrnMf1J8Nvj04
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
8034226c9ba5048b-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Fri, 08 Sep 2023 03:34:13 GMT
last-modified
Fri, 08 Sep 2023 03:34:13 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kj3SUCxxxCB2%2Fb0HlsgKSGkEepZtWqwkvOxrmOBvyniHdXM0J1vJOQC7DQfd8pYNY3Jlmv5UPfn%2FzEACechQbjRmSr26LBGKG2rGs60j1vrw9OUDAq%2B%2Bes3tUcxeDxMx7zoA8HQZmn05W%2FQCfTmwxtmz"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
15
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-7b77464955-j7d7g
x-evy-trace-virtual-host
all
x-hs-https-only
worker
x-hubspot-correlation-id
a156c9ad-7d0b-482c-a8c8-a5d1632c4015
x-request-id
a156c9ad-7d0b-482c-a8c8-a5d1632c4015
x-robots-tag
none
Primary Request chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers
blog.morphisec.com/
Redirect Chain
  • https://engage.morphisec.com/events/public/v1/encoded/track/tc/T5+113/c9M6y04/VVLcY91jycZDVRqW5S5Fy2lJW2nfwL3536cLWN3cFw6T3lYMRW95jsWP6lZ3mHVXxsJb309Gc4Vp7H_81kbJDjW5bMFqX4Wb5h0W4fpCn_1vXfNNW4-8b13...
  • https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-...
103 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Requested by
Host: engage.morphisec.com
URL: https://engage.morphisec.com/e3t/Ctc/T5+113/c9M6y04/VVLcY91jycZDVRqW5S5Fy2lJW2nfwL3536cLWN3cFw6T3lYMRW95jsWP6lZ3mHVXxsJb309Gc4Vp7H_81kbJDjW5bMFqX4Wb5h0W4fpCn_1vXfNNW4-8b1376NcftW7XB76G16FDY4N46xW4_-dPzmW1-tKBl96sFmxW4T7jYQ8-M81wW4F-hst5NdGxwW8lrclN76swH6N6nb9PYVKH2vW4svyz-1hHqnPN5PYZr4l681MW3--HB84tLJv-N55bNDD5z_2mW6Y3wYK75Y7gKW1q9X_l2gcf6JW5LhDkR8rW6tpW7qq2Vg3pD-V-W7S2CpN4rBkhYW336v0n7JDJx7W3PxW5d4SslggW2lb7yr4t6bcDW33D80b1qkvRnW5K3fZ59dtLPsVbX9v51HWy-cW33S20Y4nLXTnW3V4znc6Rfgb6W4Xk0pD6HQrnMf1J8Nvj04
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
21023f5d054a83bc08f93ed07cd0aac874c7a6e6741374a6d81fd7b9fe14b636
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://engage.morphisec.com/e3t/Ctc/T5+113/c9M6y04/VVLcY91jycZDVRqW5S5Fy2lJW2nfwL3536cLWN3cFw6T3lYMRW95jsWP6lZ3mHVXxsJb309Gc4Vp7H_81kbJDjW5bMFqX4Wb5h0W4fpCn_1vXfNNW4-8b1376NcftW7XB76G16FDY4N46xW4_-dPzmW1-tKBl96sFmxW4T7jYQ8-M81wW4F-hst5NdGxwW8lrclN76swH6N6nb9PYVKH2vW4svyz-1hHqnPN5PYZr4l681MW3--HB84tLJv-N55bNDD5z_2mW6Y3wYK75Y7gKW1q9X_l2gcf6JW5LhDkR8rW6tpW7qq2Vg3pD-V-W7S2CpN4rBkhYW336v0n7JDJx7W3PxW5d4SslggW2lb7yr4t6bcDW33D80b1qkvRnW5K3fZ59dtLPsVbX9v51HWy-cW33S20Y4nLXTnW3V4znc6Rfgb6W4Xk0pD6HQrnMf1J8Nvj04
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=7200,max-age=5
cache-tag
CT-132418529282,CG-3742504875,P-1534169,L-111241817773,W-110459115301,W-110461035085,W-110617941043,W-17242827075,CW-109590708858,CW-111929326924,CW-6224157750,CW-96190736016,E-109591972187,E-109621200285,E-109629951254,E-109788822098,E-110333050473,E-110410292559,E-110414479364,E-110809165900,E-36272650673,E-6213834399,E-6224156614,E-6224925249,E-91587260036,MENU-110459115301,MENU-110461035085,MENU-110617941043,MENU-17242827075,PGS-ALL,SW-1,GC-109628533403,GC-111932574522
cf-cache-status
MISS
cf-ray
803422701f611e20-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Fri, 08 Sep 2023 03:34:14 GMT
edge-cache-tag
CT-132418529282,CG-3742504875,P-1534169,L-111241817773,W-110459115301,W-110461035085,W-110617941043,W-17242827075,CW-109590708858,CW-111929326924,CW-6224157750,CW-96190736016,E-109591972187,E-109621200285,E-109629951254,E-109788822098,E-110333050473,E-110410292559,E-110414479364,E-110809165900,E-36272650673,E-6213834399,E-6224156614,E-6224925249,E-91587260036,MENU-110459115301,MENU-110461035085,MENU-110617941043,MENU-17242827075,PGS-ALL,SW-1,GC-109628533403,GC-111932574522
last-modified
Fri, 08 Sep 2023 03:34:14 GMT
link
</hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script, </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=trnBKTwL8VNxSZzdAjYwU4BZfZRLrGvduV%2Fv4U4a9SxPSd4heH6vB%2BxFGC4Psrm9KePHu1t9%2BAfsPGPexqp%2F33wb%2FMjIsr0pbLRxJdILZMHhZTTJKLiMI81ALj%2F3veZt%2B8zXpyuvLksT6df0hS1NuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
232
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/cms-10-19-td/envoy-proxy-6fc989fd7b-jrvqf
x-evy-trace-virtual-host
all
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
x-hs-content-id
132418529282
x-hs-https-only
worker
x-hs-hub-id
1534169
x-hubspot-correlation-id
b73b97b3-fba3-4587-814d-74e0c1b07a78
x-request-id
b73b97b3-fba3-4587-814d-74e0c1b07a78
x-trace
2B1904BDC24B319341AFE499266D979196041048A6000000000000000000
x-xss-protection
1

Redirect headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
8034226dfc88048b-FRA
content-security-policy
upgrade-insecure-requests
date
Fri, 08 Sep 2023 03:34:13 GMT
link
<https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation>; rel="canonical"
location
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=menTobST5seyFR3s%2FwZ%2Fm3Duyg0gtqJwZA1D5OEHYpcz0VsUJGHhTWgBhRqu%2B8CCL3cvB06P6dwBYyjbckJOW8Ca%2Fgtnsam85lvuJ4KCGTGnmCzTQgqwa42%2BX952cf3wBaL1i6P5xj7Rkz5saLfLcmW1"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
45
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-7b77464955-9rl56
x-evy-trace-virtual-host
all
x-hs-https-only
worker
x-hubspot-correlation-id
862ed0e6-632e-40ab-b3fd-5ce25bea32df
x-request-id
862ed0e6-632e-40ab-b3fd-5ce25bea32df
x-robots-tag
none
index.js
blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 04a40fe66992666426f66bb0ade3912a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
12053338
x-amz-cf-pop
TXL50-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 21 Apr 2023 15:17:56 GMT
server
cloudflare
etag
W/"0bbd63c0750f141fd5cec04a9393647e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tg%2FMtZtO9fmVKvjLo%2FdVQYBSeA8kjHjIC5jawd4VHuT2FEt7Rhr84zVKLNzzNL9iBeWJPypkUs9T%2FI0YnCyAcwCjBrR5Xn7gZ3kXRZRTByBoMO5w8OX9zT1Z5QkInZpYh2lNabwZDk8TAqGi%2B2FL4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
80342275aafd1e20-FRA
x-amz-cf-id
8NRs2Wm2ubi5t9HUvpgx9SMwAJYAnsUpgxBkSQl1rau6_0XB0E7nLw==
expires
Sat, 07 Sep 2024 03:34:14 GMT
project.js
blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 d6af36beca3f7783d95ace5e26a5af90.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
19513649
x-amz-cf-pop
DFW55-C3
x-amz-server-side-encryption
AES256
x-amz-version-id
gEenO44eZUewxnIWfgj9q6LB.g9OszNv
content-encoding
br
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 19 Aug 2020 22:24:11 GMT
server
cloudflare
etag
W/"ef84f26c310485299d6b75777414eddb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HfMCzdRrDXVNoK1EnCXrZMqPOHlK%2FZfcEoFTRb6vk34UJYkxBRv9DbJG0wVG77aF1uZyqgTTJzA3njp3ybNWPi8AWHE9mVV%2BZn0XvyPV1GMhIcBByWVQzJcLBiqdp%2FfqIAl06LkIxcMOmCvncykDWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
80342275aafe1e20-FRA
x-amz-cf-id
wNaXQtIqGZm1_-PG4oCgAM-qPXSj8aubvUdgn4HsA3d1Llnfo1zPYw==
expires
Sat, 07 Sep 2024 03:34:14 GMT
project.js
blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
6637384
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7nldv7LTo8fSEE%2B1vPxRSZoF%2BcTOiGHCMtcPw6dHz%2BnG1ILqIZgfSvoXhOZq5I8C6jLvR%2BCyDb4eh6OhIWDP6VczNAvr4q3AooDmylp4s7ecITh9t36dCdInVOSap3R2i1l%2BuspLgxYzTBzRcw45Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
80342275aaff1e20-FRA
x-amz-cf-id
tyTcy9dgKTSNID40zzq7pAE5RO6j0NXSyXm_SEcHdFKq3bYxrnlF3A==
expires
Sat, 07 Sep 2024 03:34:14 GMT
post_listing_asset.js
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
19513520
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
nC1hzr07YsutChb9rCwKsMoiyxip8lR7
content-encoding
br
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"d95d7dafd49a1edc76a47120c287b579"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oPGNg2Y7zil78E5qtUkEnN37Ek16u73s8hS%2FkKEPINkKD1sGnqAT0vJ4t97inaJ5y4Yn%2FYwQM5ZHaKG99cWcwYcE1vK7wnzNiK4xHGF206CgwBC85N6GPucI7y3GGJp92hksngrjfy5tnjB%2Bar4eOw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
80342275ab011e20-FRA
x-amz-cf-id
INLC28-S2KFR-6xPKGXGkAHBQ8FXNbXnTSNgxaKoT4vj0frVV8g2yg==
expires
Sat, 07 Sep 2024 03:34:14 GMT
v2.js
blog.morphisec.com/_hcms/forms/ 		526 KB
172 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a310b7dbaf9f4c6bed4342cdbaeab0c4e611c71a79ea3da893597a707ada6df
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
366
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3699/bundles/project-v2.js&cfRay=8034198434441e5c-FRA
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-evy-trace-listener
listener_https
etag
W/"9d62b75c92ae0102719875dd9e4697a5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.3699/bundles/project-v2.js
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-amz-version-id
_C5KQMITJKtBCh4HMAlyij_acrW41qed
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
7303a967-7524-48b8-bfdb-d07a34fccfa6
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
7303a967-7524-48b8-bfdb-d07a34fccfa6
last-modified
Thu, 07 Sep 2023 03:24:59 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=79oQJfifWHBy4mMM3Io%2BANU33Km%2F40%2FJjEF0dUb08BmZGh3sko7nDBwf0TV0xr84Fb1lQ4amOug55%2FpEC40kgXYXVJGREwQ3RLSDBKDQUwWuwL%2FQiQiv6IZp4FS7YFWFI3vqpxWN5RZkDk%2BKLFjcNg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-4zxj4
cf-ray
80342275ab021e20-FRA
x-amz-cf-id
jFaSZjPFx64V53XrFvJvW1hYi7L15ME61060FUyxePjTSRM9inBspQ==
reset.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1682314374816/2023/CSS/ 		925 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1682314374816/2023/CSS/reset.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
35ec2b65620688dd66709cc76950315c1a71f5f8106bc7320c3997e350127d5d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
S52R9G8C1XKTEC1X
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"29815299355e84c6d751b6338f94cd0a"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1682314375737
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 814e6200dbb5865e94b7b0c1ba6129fe.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
hIwwOJ7IfvWJCpwzBzhb5acD4zmSVwcg
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
145
alt-svc
h3=":443"; ma=86400
x-amz-id-2
TOF5zcAJ2Ul3pt2o6oWC9bY+GtugOGjnpMCgbisMoL5EigwGi7qK9AQ4s2OJeTXI8fCc6zahpSc=
x-evy-trace-route-configuration
listener_https/all
x-request-id
f7182239-4e91-4174-b8e9-09c2bb1b85c6
last-modified
Mon, 24 Apr 2023 05:32:56 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LDB3zwGIQRF1z1IjzdXEZq4vJZUdGrOijk69zX%2BDgfzoI5HalbKgbBeW226kbM%2BaMBVWoZixO103twSj%2BzXI8ZZUMNX4XTvpxKBsN8UNT0wY7uoa0PCHms6R%2BGVD3WWnJRUhDCTaPXFFI8swztkwng%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials
false
cf-ray
80342275ab0a1e20-FRA
x-amz-cf-id
glbq51yncim23M0C7hqtOYBm9gEQCoXHX2rxxGPwzJlD-aZeAmfJKg==
fonts.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
YAMZRS5V66RYMTVE
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"129a23607bce2eee640430d3bbfef277"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1680693252902
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
dVLtzAKZg__B3uxHbu3a_2GX4VNB5e_S
x-amz-cf-pop
IAD12-P3
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
131
alt-svc
h3=":443"; ma=86400
x-amz-id-2
EtwrCJIAHLtZ/EQLJAQNFLDekpvRpdL0uJ/Cs9PXmqrOlKYDn0JJl6hDMwdJMU2EtLG2Nm2l85Y=
x-evy-trace-route-configuration
listener_https/all
x-request-id
85d6cd38-7b9d-4d1e-babb-01fc75c916df
last-modified
Wed, 05 Apr 2023 11:14:13 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5qNurxSERaknEhTqK3Syr0ffUFQXzcFizkBjeCuk4R7TjelAVSEsCJ6E5r%2BnDK9JHMj2%2BlqDQq5W6z7o7a2iSeavfWED5qA41xpnfrdzgNjfj3xC9YkLnXs7R0fQUNf%2FkAzTZw3cwKFqlp9rxGB4w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials
false
cf-ray
80342275bb0f1e20-FRA
x-amz-cf-id
ZJV1YOVtTKlyxF82KxocgQXIjmKHbVgIH59zMY8che0ztpIqrlxADQ==
custom.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/ 		280 B
893 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/custom.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
D953F3C1H6H1DQZF
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"5c5cddb5467e6fe854b7d0a6f51135e8"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1682414590689
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 7c4bbd97f5be908e33f403c3794f629a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Tnt1z7gJRW9yvpi1rPu2tP7PpekG4_IL
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
44773ca6-6b07-4119-98ce-b0ad4ce84e75
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
241
alt-svc
h3=":443"; ma=86400
x-amz-id-2
MWPo8Top5aRRBopa9UWd21jtt3hdQWSPxm7RBhu1hVJi7e5qKBnsACBcAyZz9nAZqQOkXLbp7JA=
x-evy-trace-route-configuration
listener_https/all
x-request-id
44773ca6-6b07-4119-98ce-b0ad4ce84e75
last-modified
Tue, 25 Apr 2023 09:23:11 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfMyNRlwl2ZX6Kuyf204fJc%2FI%2BOOrjqwblSTXBNCLe9eTh4orVaJY9y1rMlsrj1Hh5o%2FfaJ4UYkrSdekFOBEUG9oUZyj6R3eCk%2BRCu4j0HU%2FnK8QQQeSR2yxKKC6%2BHddvSopwLf%2Fn7DCSBR2UT0amw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9jn6n
access-control-allow-credentials
false
cf-ray
80342275bb101e20-FRA
x-amz-cf-id
pO4GLIKt9tRVWhi_BL4J-MksJEZlPDCHr3aWshtTYJfuX1SoYTQTyw==
slick.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/slick.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
1P8SHWY48SRZ88J3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"50424795a4c8f41eaba805785dcd11a3"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1681177549173
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 e880df37740c4e68e519f8478d14cb88.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
CSM7qjm5tr1tplGgJgxA9LlFMJy2.Rrt
x-amz-cf-pop
IAD89-P2
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
150
alt-svc
h3=":443"; ma=86400
x-amz-id-2
wWiS5q8cr35fYPD2uFeNFvJAy9zIz37mXt6MiyhZPAcPOKgecJq/5PcbK0Gif3OL6cyEodzXNDg=
x-evy-trace-route-configuration
listener_https/all
x-request-id
00036315-1c6a-4897-8937-f6da55edc5f7
last-modified
Tue, 11 Apr 2023 01:45:50 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2HR9ZWuN6Zgdj0abw5RjE6xFntNJkfu9%2B0TxZ0Z%2BiFVpDQKqYHoksSlKqAb7Kl3FdO5Tpkv4B1Q6bQGaKoe07pmZsr0Q47ZZ7W7swr0faa9AFBe%2B5EdHTqugvg2fXi6wK2vM6ToHpYzGjNiVNr3hoA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials
false
cf-ray
80342275bb111e20-FRA
x-amz-cf-id
rw2o6lPuUTWg0hUMdv4X4WYTe-r5QnnAA9iwYh0ubIq3ctsBkZDUOA==
module_109590708858_Header_-_Global.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1682515866099/ 		18 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1682515866099/module_109590708858_Header_-_Global.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f235825b5218615bdb1ee89f93390d93fc4ed4090e990602dc617aac6ef2b6ab
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
ZK5JS86ANCGF5ZK9
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"96a47ba561feef9764620a821be54492"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1682515866099
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Cl40oDczsNEbMgo0BuGH4J5m.KubDrIi
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
119
alt-svc
h3=":443"; ma=86400
x-amz-id-2
hsgIVpN3EPrzkJs/Cw6u+XKz2+uy076I7v+fw8xXcBQyVU7H04R2DG7S4OSrKnvgb9FdIOV3QfM=
x-evy-trace-route-configuration
listener_https/all
x-request-id
659cd453-44ee-4820-a80e-9f33878441fc
last-modified
Wed, 26 Apr 2023 13:31:07 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=74MjK78zv65f1j0q14CKsCLs5rWimvLOO%2FmhUivOjowQaSZZ5%2FmBd%2BeeyK7vh8%2B99Dpq3vjdDEX6QHZOsNuRt5SyVQth7s1xzuEDYTQHMvEamB8SFf4LMZNDJgcZR2pb1%2FzHvHvnZgiDnwTM1q2KDg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials
false
cf-ray
80342275bb121e20-FRA
x-amz-cf-id
WDHoEmvOscdr54dACS5ZtjCYazDA44jRDAqZX3KHdbPi7Nu4geMWbg==
project.css
blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/ 		720 B
997 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 cd9d9141cd83dabdc9d0a421d1efe1aa.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
11173245
x-amz-cf-pop
LHR50-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
7bzlyDLBPgFUhJmnx6rYCRN4B2XAfbkA
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 19 Aug 2020 22:47:10 GMT
server
cloudflare
etag
W/"a81c70764750950eb72d4537c41e781f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g3%2FVdbRLyW9Q0MPw0rciuP1O6uuclvilYqwPnlL%2FFkVC3dOJ8tjJHOKAtlKlyQVTG5am9hWmtaosRhe8RZFL1YJ8EYOLZQrgiMWQTfvIkB8C24GzK%2Bm5E6eWr%2BTmo8hWi%2BMI%2BOX6YmMmO%2FrXdDvvtg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
80342275eb331e20-FRA
x-amz-cf-id
ymH2-cb3T9WbD7Mo-GMQYgAIIZKXt7zKb0CwoIXdZ2br6cH_z7UwDw==
expires
Sat, 07 Sep 2024 03:34:14 GMT
module_-2712622_Site_Search_Input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1693613927242/ 		612 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1693613927242/module_-2712622_Site_Search_Input.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-encoding
br
age
529750
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"c708989561e0cdbfcf996d1b7f47482c"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1693613927242
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD66-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
ffd3252a-4b5e-42af-a0a3-f6d55ba77758
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
166
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
ffd3252a-4b5e-42af-a0a3-f6d55ba77758
last-modified
Sat, 02 Sep 2023 00:18:48 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4LDG6BedT0szId7uZxl6dg9m7sBobL264qATq7rVKikHZNDqH03k1cOBSP5ek7Fv6Zt%2BEE6TkhaNDIChxs8zDjk%2FziUjI49ctiqQ5tlPuKh1N0UF9IxJnATmDQ%2B0Me%2FNfpS%2Fuyu5mVwr8O7gWO8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray
803422765f08381b-FRA
rss_post_listing.css
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 		910 B
861 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
19513564
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"e1b521ec14a912d6d385c21388ec7d79"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6hX58Gyl%2Fx0ixoZSz%2BvSbLQIqnnL2eKRemuwhhiZBOHGrrk%2Bq3JI689uLXnYjEv8wRDle8A%2F%2ByVV7%2FTebRb2jeID8Em2tlJSNxulOkXYF2qG51iAtFFGfAefVenvGn%2BwU9Hxm7z4cf11Hu6hpdfx0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
80342275eb341e20-FRA
x-amz-cf-id
wRPq4gRubIHzANgCAz0wyem-7EHBI0sWOKp6XwIsrLR6avpBMEzHMA==
expires
Sat, 07 Sep 2024 03:34:14 GMT
module_111929326924_Footer_Global_2023.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1689082602505/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1689082602505/module_111929326924_Footer_Global_2023.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
44b0ef85aea4bec4e0ad2622bad380b0b4c6fa58b084b9da0cc05a35a956954b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
31W4AD39K2M8DZR5
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"202c74a2f63f4546f0990cde986067a7"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1689082602505
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
L.IFk7EtQvq_aY5Ezsv2KfSGUifxVAZw
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
8d526e7e-278b-4336-84a4-525c66a1afff
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
119
alt-svc
h3=":443"; ma=86400
x-amz-id-2
3YhCwQYCKRPRUR+J2ES/59VGEfOpYgsozUOuPniObQ9UHSdzES1/Ii/xSZe8/JhnwXyWvQoTzcA=
x-evy-trace-route-configuration
listener_https/all
x-request-id
8d526e7e-278b-4336-84a4-525c66a1afff
last-modified
Tue, 11 Jul 2023 13:36:43 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VKj3NsX8fJlkoVfckeWqMqbA1dgbAHLquvmnkDSDwHUfkGzth2ElYCBSEBjSHXMr8Ucr43%2BR05WSDR1Ua8czxOrvs5L6e0D%2B3B0gM4P7kaibW0mFxXUheO4JjbyyObn3KP92zYZ%2FppiDSlEsExLw5g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-fhfns
access-control-allow-credentials
false
cf-ray
80342275eb351e20-FRA
x-amz-cf-id
0wIaH58wMG-deOUDTeoGVP9elysgin-eVaxhqfKKUMB0QfC8VNLcSw==
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
12747
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
28007
last-modified
Thu, 22 Jun 2023 11:06:06 GMT
server
cloudflare
cf-cdnjs-via
cfworker/r2
etag
"64942b1e-6d67"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdUPwomDQ4HCuVy3%2B5HDZPHFPH7qGdigMbaQkpSjDrFBLfmN6CRRBmN0tGwvXYdGYXvVOyH%2F%2FZ0CgivUnH%2BT1MoBSuWx8nhoNoHbTcAZdjKfppBUEwajlBCrj0%2BQJNpAjtfoTOU6%2FaICqYs5Rzz4hjRb"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
803422763d541bc3-FRA
expires
Wed, 28 Aug 2024 03:34:14 GMT
jquery-migrate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/jquery-migrate.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3662425
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
3592
last-modified
Thu, 22 Jun 2023 11:06:02 GMT
server
cloudflare
cf-cdnjs-via
cfworker/r2
etag
"64942b1a-e08"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V0ryrkJGDZT2NYb7XyeLhiHIUS8tI4cTxLtfx8RGpeMc0flBf7pbP6VP9qcoa44V9gG%2FyWjW5wuAirBGvL%2FPHrfWx%2FMzRZuRFYcm%2Bked0TaheZTrv8kigFaC6MTGNRnLLTgS7LPXaq3DXZ6FEHK7LM4t"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
803422763d551bc3-FRA
expires
Wed, 28 Aug 2024 03:34:14 GMT
consent.js
consent.cookiefirst.com/sites/morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/sites/morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/consent.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
Cookie First CDN-DE1-1082 /
Resource Hash
88b21865946094fab59246a502be4f12fa3b9db1aba1049b94589ecbeec69699

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
content-encoding
br
cdn-edgestorageid
1082
cdn-storageserver
DE-661
cdn-cachedat
09/08/2023 03:34:14
cdn-pullzone
236985
visitor-location
DE
last-modified
Thu, 17 Aug 2023 01:24:21 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
657
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"64dd76c5-99f"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
BYPASS
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=30
cdn-requestid
d96b74280acee106169d092d0e7abba7
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
custom.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/ 		723 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/custom.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 87e02820e63ff6cf9cd98d9efbaab1fc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
IAD55-P5
x-amz-request-id
XPDY0H30J464TBDP
x-amz-server-side-encryption
AES256
x-amz-version-id
E6pXkgaUwSKGBww5g6OhIUrjEzq.3zLC
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
content-encoding
br
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
alt-svc
h3=":443"; ma=86400
x-amz-id-2
2uhsCL1gixVWeacVSv4j82Xb7pigYbsxO1RWjlceNki34KXOIAUHLZ8sJjsJaTqhoCP7bcSYDYU=
last-modified
Thu, 06 Apr 2023 09:44:57 GMT
server
cloudflare
etag
W/"aa1f7340688642df1a14a1ed11c7650d"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1680774296492
content-type
application/javascript; charset=utf-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1qp3P4c8QttOpRBDm%2B%2Fa3FIQ%2BZg5NddkQCLv6SDt8Hnb02D%2BpDqPXjdK7TVGaCMNMp9lBbf2UDR9%2BIubAnIcoDDM0B%2FIIjZZTZ88pNNGXNLanbAO67G2zNJurj1D%2F2tkIKdsxMmqmUKpgFASOWbCA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
80342275eb381e20-FRA
x-amz-cf-id
h-0l-BkSTce3ABXg3N44XEi3jiTexpzUk6YZz2UndHajtjDGRsdC1Q==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
font-awesome.min.css
blog.morphisec.com/hubfs/dynamic_esg/css/ 		20 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/dynamic_esg/css/font-awesome.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 85310f8b6878a9cfaa0218e021ae364e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
content-security-policy
upgrade-insecure-requests
age
1244360
x-amz-cf-pop
FRA56-P7
x-amz-request-id
6T7DWERECAH06MM1
content-encoding
br
edge-cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
x-amz-version-id
t80ZTUuyC2UKWRLSZGKnunSDBqf49hOf
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 18
alt-svc
h3=":443"; ma=86400
x-amz-id-2
DU4YfiyzQclHuMO9ZNmgCn9qvEsx2BYLD8Clm3MoXXGQ09K73OkXGFEGik6c7dc5Bmcaj7Mz/d4=
last-modified
Wed, 02 May 2018 21:34:26 GMT
server
cloudflare
etag
W/"aede50e4be8da8450a046f9d293e57a5"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jfsszRiFSaDtwxPSgj5J%2By64Zd3EaQ4eYkMrOaZ9rePGDyODQ5giKJ1Y2biU6w7yFhOlfiQgWlGCCyzxOlF67m%2BmrmlXZ3iX%2BFBpVVBabwJLAVKbc5%2F8IudBl49st2SPD8tRDe9iYEBdsNjNNoUeXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray
80342275eb361e20-FRA
x-amz-cf-id
cnT68Y9nDlRW2pCrIqmdu1zIlBo4JWo4BVrXbrXR0BnkOiWMvKqvqA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 18
in.js
platform.linkedin.com/ 		510 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frb/6722) /
Resource Hash
b94eb2ebe512bc0e3ae4c65de291e8963001dadcfd3ee6ef98a1c60caae70ffe
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV6
x-cdn
ECST
age
2733
x-cache
HIT
x-cdn-proto
HTTP2
content-length
163638
x-li-uuid
AAYE0AOucbdSCDq/t6hRhw==
last-modified
Fri, 08 Sep 2023 02:48:41 GMT
server
ECAcc (frb/6722)
x-li-pop
prod-ltx1-x
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
x-li-fabric
prod-ltx1
cache-control
public, max-age=3600
x-li-proto
http/1.1
accept-ranges
bytes
expires
Fri, 8 Sep 2023 03:48:41 GMT
layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1693492959105/hubspot/hubspot_default/shared/responsive/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1693492959105/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-encoding
br
age
651038
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"94daf62e7e6df83595c6251fb0c7c055"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1693492959707
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C3
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
9e383c69-6d37-44b3-9ee0-6615640cd06c
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
155
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
9e383c69-6d37-44b3-9ee0-6615640cd06c
last-modified
Thu, 31 Aug 2023 14:42:40 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2L9rmj3PTFJetlJJSOQYofq7jXAwVMItHVf7cj0rQIkSi%2FYfcabehqFzaVuxnhuoQCQwbNyP0Jnn8YP52KSF9MH%2Fc0jgBLBt%2BZgKEbk7ZNvwh%2FNuNf9xeVoDNdt%2BqQpEgAVzdTZKUD1UiFs5ajE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray
803422765f0a381b-FRA
old-style.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1692264044692/2023/CSS/ 		118 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1692264044692/2023/CSS/old-style.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
aabed34e2a0200a8efc45c28298905cb189a0fa6b2517aa2bb91197ce057c6f0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
1VJD4EP53BP30FB3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"e5e1a6a57b22463074ccfb28fab90796"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1692264046022
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 69d1fa5e076e71f2d4b957dec774cb8a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
AyMThgtZw89zZGGBZ0vaC0nVbimIXmS1
x-amz-cf-pop
IAD55-P1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
32e8a163-a65b-4e30-ba53-ac2c7ea17656
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
156
alt-svc
h3=":443"; ma=86400
x-amz-id-2
SXUL4icL6hZ1BR+4XsjtIVsKsONOJLLY5HCs1HV5DfrRa3bky+RTylGGoKDqyOyLVniUbB5k6YoLjBnkEf6/9Q==
x-evy-trace-route-configuration
listener_https/all
x-request-id
32e8a163-a65b-4e30-ba53-ac2c7ea17656
last-modified
Thu, 17 Aug 2023 09:20:47 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m1LYpZhCJtUtfSQnYWoTinGiGa8p5dT%2Bb7o7TAAod9nFktvWpu53P3Q6tgd%2FaHZwsSENTngMQDD7WazEv3egk6G0IKKojTi4uVo3lTLMhroWUoLmz1xoDILw5UPi9NHMqBjT7UwunWujlYogBHwLnw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-nlblb
access-control-allow-credentials
false
cf-ray
80342275eb371e20-FRA
x-amz-cf-id
WGT1J5kKHZllti95k_9GMFr85ofpFGRLZ5phITMQvtE6aHJY9Rz5Og==
ce3bb527-eba3-4078-9bbc-b76f40432fd5.png
no-cache.hubspot.com/cta/default/1534169/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/ce3bb527-eba3-4078-9bbc-b76f40432fd5.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a94c9721065f439be9cc925919bfaf1c7dc04686838fe3b717ae025f21ecb367
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
kuiYcR3RNigVocwaAk8rMnPptiDu4Evz
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
60HREZJNCNTSF3X1
x-amz-server-side-encryption
AES256
content-length
1539
x-amz-id-2
3dgx0mHfikPLyfaBawVCp7jsNxD6LcFOPu0eomxBWx+nZO6C5yWuU5HkJenusHRfcctmErzpAXc=
last-modified
Wed, 09 Aug 2023 17:01:28 GMT
server
cloudflare
etag
"ae8621ea6ec37f609dc3d94fccf6caa1"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8x8LA9t7EDVqFFVqe7ZagU04yrMXsVMjC%2BcNHEyCtOfT32ZXcf5Sifa8e7gIbQGum%2Fta8l9poZrAzTMr7JjhnrFl4M%2BmLB2C0uDAHJzOIqw%2B05W0boFGOrd5xdrWUiNjSWUVPz3tXcaDD6VJHNojVWvd"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
803422785f4937da-FRA
current.js
blog.morphisec.com/hs/cta/cta/ 		16 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/cta/current.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b212b5d5a1ff05906a7bbe45ec1192cb7f8cb096da65573b94eb19e3d853bccd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
582
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.202/bundles/current.js&cfRay=8034143ba4879bdd-FRA
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-evy-trace-listener
listener_https
etag
W/"926f957a3fac01f2a0f14b2b115f7f9a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
cta-embed-js/static-1.202/bundles/current.js
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-amz-version-id
9ig2rWbDeIcnXyn9E_XWedP2hWENxPRc
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
65d59d16-059a-4387-afa2-e38a711f4ebf
x-cache
Hit from cloudfront
cache-tag
staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
65d59d16-059a-4387-afa2-e38a711f4ebf
last-modified
Thu, 24 Aug 2023 03:17:03 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L7q7ka%2FRLYUor8vIDqUxmQdPBh15WCprDF6Ex703o2Oohl38MZu873diyMxuh3vk2l4et1qQOlYmmH%2BMEIYSWEy21vay5Tc8dTeAgtsM4jvgb1BOhm945cBwyBLy%2Fl%2B4o6O3oLTX6USIcs4YjmtwvA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-2zr9h
cf-ray
80342276c892046a-FRA
x-amz-cf-id
jYQnx77cHiPSlCBJB_mepuvMvXUlpPGMCEZJENICdI4h0QtLTQ72EQ==
logo.svg
blog.morphisec.com/hubfs/ 		6 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/logo.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b76d5259cb8aa380242c4a6e3ebae23893b5a3bf533e140286e7a1eff8e42d13
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109677659412,P-1534169,FLS-ALL
age
1778097
x-amz-request-id
ZEDFP1CBCJ0BYMMW
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109677659412,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"0580317a2320835ac13217ef733d9223"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680709192617
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
QOfG_EdU1IIjblPY7mW0vA0dKUSt6ypP
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109677659412,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
LqNePRlicacAszOSb79VPtQottaihcQe749hPWXlY52H/TIgnCWioIllIekHDRMKIHiZ+KEKics=
last-modified
Wed, 05 Apr 2023 15:39:53 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E7%2BEasj1CwOd7s0hlxaFnSIGaIvICyx15SVv2IjkkW12hpapcqtOtT%2B7u%2FGcvbnPj2ENqgQoAR2G9gpgQv8jYLFe%2BPzSRlj%2Frzj%2Bswl2tmBv5avBkvFH8dfUMWV5F2%2FRVuqcT728o0%2BCCjq7apnwlw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
80342277b939046a-FRA
x-amz-cf-id
jYcLpHIAwDMYkT_tqf_fB8Dnq8WGuqUvRLiB-Ku1EllhbSXuPwbjtg==
3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
no-cache.hubspot.com/cta/default/1534169/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
ulKQMNoMzME6ZWTBPDeq_A_qJjzsu_Xz
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
60HRZS8NRH5XZDPF
x-amz-server-side-encryption
AES256
content-length
1631
x-amz-id-2
POAbC9/QK/0fBWFIyZs8X76cfXJ0WaEYAy8LtbHG6IebCDW0wkaI5lFhhYS2z0hENyPSOOYPRvA=
last-modified
Wed, 05 Apr 2023 16:30:06 GMT
server
cloudflare
etag
"3d5f63abc7db36507720723f2c0d0e15"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lzJsd3sOcBdAdDLq4znhJ%2Bohc4880wrYrXKu%2FNX1kLSAP19wghLKIrlDwwKf7p%2FaJdZvIcOTVyNGBGchE28suKGuZJEGik5mUFtfCXyTyXcrQabupDnjipN1cygzjh%2B1i2es0JbYUnmsV33PlCGTklm%2B"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
803422785f4a37da-FRA
d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
no-cache.hubspot.com/cta/default/1534169/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
null
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
60HZS8T7ZEWEVNKG
x-amz-server-side-encryption
AES256
content-length
1384
x-amz-id-2
Mo0i/0ifDOFG+I2trJcDoCvzdpDKTKUSlb3UlB0/8wkPKBLFQiQoL88YR9JaLOe/OFRXgTsMILQ=
last-modified
Fri, 18 Nov 2022 14:30:06 GMT
server
cloudflare
etag
"eacaba2cc1bbf4de2a43469ab485d45e"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nU35Gx340TJxbhnqpsREERjoUlwYAqpYUC8fLylXFOo1ZHVBVAloAaU%2BNkI6ikEvWZ7DrFhUMS9n4wsCIQuMQCTdZWGmPKbDlhtJl5AfMNITImMXz2FYsN90SVi5NYtZQSoULpeF3HPjiR9MSFCKiM7P"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
803422785f4b37da-FRA
e658bf15-1881-4aa4-af39-691ff567ac14.png
no-cache.hubspot.com/cta/default/1534169/ 		155 KB
156 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/e658bf15-1881-4aa4-af39-691ff567ac14.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1d8ffa9b1cfeb7d15f3ed42fb7a2eb9fd7bd909adac067a12481459d2a05b97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
c4043dGowN6CPkw6wXdcQRgdahSSoCwx
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
60HGA4APRH59VMAJ
x-amz-server-side-encryption
AES256
content-length
158222
x-amz-id-2
A3zAWAqGJ52WW3sQgU1sZP8BIf3mN2E2jrdxcf95R02y/IqwbFlZL25Ew8m1x+hPaW+g9QEcAVY=
last-modified
Sat, 02 Sep 2023 14:10:48 GMT
server
cloudflare
etag
"a9f18672219cb3ec4bedd70214be6ca5"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u5L3aoNXvPKizjjvNrHw7GjappaDUHhrCvKHGKpKlxtKzfqN5A%2Bh6HuO%2Fpy9UPX84ORMXsLdHvXyom5vDixpTBlaapn03IyDnJI5s3qvbFpBLFkoVOa4NYh3ASbTRx5GvuoyTE1%2FnR3nFulYzZXUNWe9"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
803422785f4c37da-FRA
90e4b55e-7566-4ca0-84f9-3deaaa8c9ad2.png
no-cache.hubspot.com/cta/default/1534169/ 		107 KB
108 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/90e4b55e-7566-4ca0-84f9-3deaaa8c9ad2.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe3d59da6159a2cc838acab61857e76b71cfc9b55b224f65ee5134f3e8d685a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
yYp8eZGbwKrIqIEiA0oC87HfRQcEIk9.
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
60HJYW4XNMJPHHWE
x-amz-server-side-encryption
AES256
content-length
109530
x-amz-id-2
y9CrWhIMf77Lz41JdpcXKTEl++rSqpEKAsiKd+ukRNGBscu0uNfmS+VuQt2JpLMrdpaNxW5+vAgEvk2GuvthKRqLsDFv4cqp6EcihjJxSgE=
last-modified
Fri, 14 Jul 2023 19:34:50 GMT
server
cloudflare
etag
"5a342fa722a1fda7b16b8e816aaaf42a"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7lnohAuFloUKusp65iRr6lvceSLo7Mh0YTvH%2FmTmBOzr46eMTiWcQUDJNgNPN%2FRN7Iz0zltJKUt6okIohm%2FKamzzDFPgvxW4cpeImtzCOhllUC%2FB1JyBijJ%2F%2Bt1fnOQ%2B0wKYi8R5iWwSh3GN3%2BU94mj"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
803422785f4d37da-FRA
06461e49-d0ef-44ca-bcf3-ad6c8d5a8ff2.png
no-cache.hubspot.com/cta/default/1534169/ 		55 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1534169/06461e49-d0ef-44ca-bcf3-ad6c8d5a8ff2.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8afd372669afd5d07103428d24a962c21475f018ef944b5780aba65a20e3cbfd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
null
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
60HK8P1C2VW217PZ
x-amz-server-side-encryption
AES256
content-length
56279
x-amz-id-2
1X9HAAC2dzYe73q12Ip5Mkdor+lHl1xeTbm0xmi5JYFVKa2JAVs9FK+N8csg9Aza9mjTwJ1CEUc=
last-modified
Tue, 02 Aug 2022 13:53:29 GMT
server
cloudflare
etag
"529406a13372e910fa7b0e41a9726615"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MueSK11aIQK8ge8lqLVVEfJ1R0viiHSiR3Y9vCSKBvLJ2dpBiSbxrc6ZPFuh9fAy1w8RIAX4FHi9kkVN0yWT2UoYwyO9paYLwIQNYOT7mKy2hMD1Gan2B16RMFGfBftRgmqA4OUKoPjhgaWf9HcKBk%2FJ"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
803422785f4e37da-FRA
footer--logo.svg
blog.morphisec.com/hubfs/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/footer--logo.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a37df9b62b707ec5fdb35b353a69850e83187f8bf2147565a7cee3c8946d508
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-110463501949,P-1534169,FLS-ALL
age
701028
x-amz-request-id
5JAY8AS8ACADWSE4
x-amz-server-side-encryption
AES256
edge-cache-tag
F-110463501949,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"f98c98064d7613b17fb385dbe404c5aa"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1681215670117
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
eQuhGUafaD5A4rzeL7SnjlbswHfteF.J
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-110463501949,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
6a4Xlvby3LHjEW02P68Lhjs6kWH2f3M/n52EWTlFq0FNswN3o3C0eGYkku/VSe7MCWpDgucLnk0=
last-modified
Tue, 11 Apr 2023 12:21:11 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=epecjl%2FnUguVWZICXC89HKySGKwfnSkZ4f2kjLpv25%2FPr3mqUWtxsdHp%2FSMP5Vy20pCqtTXnEit7v24axz2ZjnlVbClJVyMPcEkisCwfTGkvi6baPBkKUmWW5hqGBzE4bkUm0yoRNazuOTRzecws3w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
80342277b93a046a-FRA
x-amz-cf-id
iS0e0DbUfsyPrJrTkVSqucjfNKTdHv5O3Glnu1c6zjGWS6mUqCFL9A==
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.388/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5ffd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via
1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
DUS51-P2
age
1948865
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 15 Aug 2023 19:48:57 GMT
server
cloudflare
etag
W/"8741985292d64b839be39c64b14f3783"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CXWWMyLgG1Hiz5yKIAh9q9lG0NkcV5tONIQ9hvPRUIlNPABF1mjgAXH%2BxJhAKTjE8zvtpFcHwuJfcGNo%2FBiNwIXR71XAVAccBXDy1k00DqpDo1qKIXqbVG%2FP6bxTmRNr%2BMiQGQxPh2W%2FmEOBS9Kp3olYA8w%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
803422784cc89274-FRA
x-amz-cf-id
wPYzpULuaMj49HnhSq9DCGfPKS4cOxbh-bH_kUMQKu9WYEdB65lO-Q==
expires
Sat, 07 Sep 2024 03:34:15 GMT
svgConvert.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/ 		668 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/svgConvert.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
2978
x-amz-request-id
TFF6M1D426NZRR32
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"1cb72e618cce9cc73c57265e9b726362"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1680697800276
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 1f388679bb0ce4d64f0beb74575c14c6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
SZXdPmhYHKeWP0u0ggYIHYhJ0L5KYvd5
x-amz-cf-pop
IAD55-P5
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
150
alt-svc
h3=":443"; ma=86400
x-amz-id-2
odC0z4BJnm7vqcGoCKXYtmB0bnnT2g4xXGvKhyKYSXEjgr4z9Q6+oZ50uqJOQSa0BglB29G2MjY=
x-evy-trace-route-configuration
listener_https/all
x-request-id
d40b0448-76f7-462f-8fd2-a1bea375495b
last-modified
Wed, 05 Apr 2023 12:30:01 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sc0GIZL2trpLWD93PhLv9e0UaUVpfp7gR6fmYRKsgyKPEgg0e%2Bo9lpULf7NTy83zRqN%2B1qCFdU1QWf1LPGa8BX%2FkjWLSe2cqjkDp7gxdmIUQPlW%2BSwbd9lRzguGSkyYEp1%2BRUCpBO%2BA5UWtCB03ftg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-bfv6p
access-control-allow-credentials
false
cf-ray
8034227758ef046a-FRA
x-amz-cf-id
TkxAW7rHo_SJqz4qwp5eX3ZxGg7JfpuahUv78mu8adq9OCqoj4sbaw==
lottie-player.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/ 		359 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/lottie-player.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
2978
x-amz-request-id
RGH0H0K84X7RHWCF
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"9540cac57a5805fdde520bb1869134b2"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1681491232806
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 776fbf9a4fc4b393f157f9f75dd29a06.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
CTo5DkzSjS7Z2UMEH7W3RDGvw45iU9vL
x-amz-cf-pop
IAD55-P5
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
171
alt-svc
h3=":443"; ma=86400
x-amz-id-2
Jcqaq/a9q/zI0+S532QfLeUpm5JBu6X9UfHQ4gYvqqEj70hUWnfB1pmzot6RWywELj0tw9hO5pw=
x-evy-trace-route-configuration
listener_https/all
x-request-id
a7091d82-53be-40a1-91b9-5d920dafad47
last-modified
Fri, 14 Apr 2023 16:53:53 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fc176K3WTabPiAspEzM7VYRUUmIdpHyppuhaYHrjZXUCUvQTUJDasrGdA8c5gMlRNOhlUscpyeeQQXMtISw50mE8bAscGf1AcS%2FQpSTYOA09tG0yoNswtSi18BkGPJR6z9tEcahZ5GeKbKpjfGYP0g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-vrvh9
access-control-allow-credentials
false
cf-ray
803422777915046a-FRA
x-amz-cf-id
g6-nSiz--hibDVpS5fydeDnmKlfnZbTZz-fU195ansxNUqLRXHm6Vw==
slick.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/ 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/slick.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
2979
x-amz-request-id
WZHNY3RZCMEBABDJ
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"f6085c5be1a35b91955cf9abd5b2b0ea"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1681177460907
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 14386bbe111197c789e1b85b0496361c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
uoS3eYGmK1dPCzG_bq7yGgNyq7YIozdd
x-amz-cf-pop
IAD55-P5
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
152
alt-svc
h3=":443"; ma=86400
x-amz-id-2
PnSrcFQvRLQqnbGsv0BxsMtGS+k2Wvt2hoG/jEVzR3rtEbZP2eDBlkNtY4lk0YnPP9/En4RzjIY=
x-evy-trace-route-configuration
listener_https/all
x-request-id
c1d4956f-58c3-44cd-8b79-b29ab9d4d1f3
last-modified
Tue, 11 Apr 2023 01:44:21 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1wGKGqHWCCN4fj15xR6mYq2%2F9NZx6JLA9RjVuejusMSWTM8%2FB%2BjLNZ7ltV3jYzCnEUoZjcwgXxT40M5RbTCA6k23kt6%2F2cK9zctO05zxGXB%2BUnozlYnQTDT4MRpg3mHc58%2B911zZ3uXT9OQCmF7Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-h7h5q
access-control-allow-credentials
false
cf-ray
80342277a933046a-FRA
x-amz-cf-id
5-xqxwiLxeeimTX9O86_JSRV8HjGbQ1Yz7TFjxoh_6WJMgYRWgpfoA==
module_109590708858_Header_-_Global.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1682515864316/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1682515864316/module_109590708858_Header_-_Global.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
142f773b0e0de427e4df32424ad6361fbbbde503562a5f14bb7ba5532e800f7a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
2979
x-amz-request-id
SXW06MVJ4ACPG9TX
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"9276d6d8ee0de6756302fa7ff51b60ff"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1682515864316
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
V7.YhNWd5.PGanA6WqTEwO8eCZVefu3w
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
160
alt-svc
h3=":443"; ma=86400
x-amz-id-2
CL/btdnHWoAZSsXKus6cM4Hufx7yycI98DQTrWkjYlC8gygEFeD96tYFwYY7d63QmcmujIjPcMM=
x-evy-trace-route-configuration
listener_https/all
x-request-id
ab6c2859-f2a7-49cf-9c11-d6ec0c56d972
last-modified
Wed, 26 Apr 2023 13:31:05 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4u%2FN6lSGdy%2BbZFy%2FAUM%2FEvoxx%2BRbtZPb%2B4gG%2B3w%2FZfFkOJ69m5BSC1oVCQ2NKCi0DOBTqrRwvPZDw8HCAmvwrFYNqo8AdlNAJ%2F5u8Nf3m4%2FQHQlOMSoRTqp6F%2B8J0Wk8VxX5k3BXR687ZU0D8itBQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials
false
cf-ray
80342277b938046a-FRA
x-amz-cf-id
iPIn9DxhnPFS-drxePLqRPKblxu5NjHYqLsTn8m_3gdqBUx8ebRhQw==
module_-2712622_Site_Search_Input.min.js
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1693613926310/ 		80 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1693613926310/module_-2712622_Site_Search_Input.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03e92e542d70afb9e6de527108a228da0be3b095602f3a161c71913f901177a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-encoding
br
age
529751
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"7f89f5fd3bfbf4f542c6aebe9a075049"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1693613926310
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:15 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD66-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
e5561632-40b9-4c8e-8b95-08934d7f8ce0
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
377
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
e5561632-40b9-4c8e-8b95-08934d7f8ce0
last-modified
Sat, 02 Sep 2023 00:18:47 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IE7bxDKX7vCXFnbd80GbmLke2KBo2erjPUh6IEYPyYXz%2BaWl6UrElf4mcxYebj7FAkrpeynhZZRwHlyStSgpkrplK5HFEORO0m0hAi0KLKW9%2Fo0cvywe1ZwLSsB%2B9MIxic44WbKfLt1uSEFAZRw%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray
80342277b817381b-FRA
lazyload-min.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/lazyload-min.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
2891
x-amz-request-id
H3JVCC4XD36ZGKRB
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"67744f609bc5dbc8a0fb9fe0d5005f25"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1603042259630
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 7e9d74c81117937f0703aa3977d2d998.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
4SGyaLwa93KERwdBmZy9UM4.3aqx9djg
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
817ab363-fe92-4ca2-871c-f350e5ca8bd7
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
161
alt-svc
h3=":443"; ma=86400
x-amz-id-2
ND0yQqKDFaFdRc+p2k9v3LdFlpd0xbek/I7l48m7CQGpNFzcDy/gLNLunN0o8uqW/Z0PylPJfqY=
x-evy-trace-route-configuration
listener_https/all
x-request-id
817ab363-fe92-4ca2-871c-f350e5ca8bd7
last-modified
Sun, 18 Oct 2020 17:31:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k8iBTAwRENbUv0Esv5%2FmfFGw%2FUoc2nJAuapko3o3m382%2BM6DDyHSwQXrtIAPdQcBf2qzNOzSW96R%2FWUW1fYvCL9hYp2D6p7rLk7vZM2lvCNZ%2FAZGEk9OzPztBZN6uvLVmY858prmAt0rhu1ZAH46Rw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-tfpt7
access-control-allow-credentials
false
cf-ray
80342277b93b046a-FRA
x-amz-cf-id
Ow7ya4zYct6aJW-Xho4j0IzOXI89D16dRpRDoSLmEXxVJrsLjC1sUQ==
vide.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/vide.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
2979
x-amz-cf-pop
IAD12-P3
x-amz-request-id
NCX8D9V6PMKT654B
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-version-id
xCDhIWpBzbsqxgnqK8jsUmPM_UWe2ml.
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
AosSGK43ZYDUFIL7xNEnCEEgyLOocEgtzVUtlqeOxw2V9jv/oJKrj4P9AUAwff5p0mc5i8qmRtI=
last-modified
Mon, 30 Sep 2019 05:35:31 GMT
server
cloudflare
etag
W/"901e2d8fd2af243d3d8dd68e38fa22da"
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5a2PKUuJe0dlwk%2F7EUjwaNY7Hw7nnpq5fWIgT1XAcmSZmUBGrIfpy1gLV%2BWSxBp5o6g6GBwM56dPMwuEjsm2j5fHAwgwG0NqNePUvo8l3otp%2FVlUPgYT%2FjyO%2FPvAf9gQIGxgIcj1LPuSPoqHF0CGUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
80342277b93c046a-FRA
x-amz-cf-id
GuyLCp5GSwqnBgFaYPlVHCsTkgEPqngvGllbuRHkUAe1w18V2_LN9Q==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
magnificpopup.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/magnificpopup.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 7c246f3a389d2701a9bf150d0e576cd0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
2979
x-amz-cf-pop
IAD66-C1
x-amz-request-id
9RHMFK7X89NEHAWA
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-version-id
AenlXmDNTXiJmWpCG4hF_X9US4k8ofw.
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
alt-svc
h3=":443"; ma=86400
x-amz-id-2
Mavvof++3gYXidNJqFwlZGYAL4Y+OlcuPZqWmo05gvOFlFePZY9OWynkLcMdY3JtDokPD/Qvg5c=
last-modified
Mon, 30 Sep 2019 05:35:31 GMT
server
cloudflare
etag
W/"ba6cf724c8bb1cf5b084e79ff230626e"
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B6Yimvizt2O3%2BIrV1EU5wxDUAf4Powc5AR%2BEn2Jnp8b6TB%2BAU3t7w4f5hpe5sfft0CmO%2FmVnmCv1rup%2B63GIrtyXGCPUxDc9SWYJaVMAxlJxWOwv2zqpt9orMABwXPlYYnPjqVsq%2FIopbfuyZoOo1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
80342277b93f046a-FRA
x-amz-cf-id
KHi_PPlmQbYLQnI6M-UX5tIcO9wxkW3D5ecnHIWi5Y0jtFqbxSAqbw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
Morphisec_Sept2018_script.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/ 		166 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/Morphisec_Sept2018_script.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
2979
x-amz-request-id
K5SQZ5CPD65XYTG3
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"f7327c38d9f5aeef245b0ee300152178"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1671716922383
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 6cf4081c1099e7ccfdba44532a13bc54.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
YMjvkoc5EhQ12za.7KqifcSwG8LKYS3S
x-amz-cf-pop
IAD55-P5
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
203
alt-svc
h3=":443"; ma=86400
x-amz-id-2
e1h6LEICHfwnvCarVY10SJsGSHyHAr3sIOyM/QmGZuBoifQmi23I6paXWRGiS3Xe9zx5Z6to4Mg=
x-evy-trace-route-configuration
listener_https/all
x-request-id
99b47f45-30fa-4d4b-87b4-e6551577db89
last-modified
Thu, 22 Dec 2022 13:48:43 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ZRG23q%2B8NwOW0exYMZlpTJH72mIQV1LaUDJe07OH%2BNhPA78p5EVmxXBb6dNZdrX3oVXAYoC3jaebnU5f1sqlboWqC4gkFlpFgkGrMBZhu98M2gKSMhbG4pd4T1FWk%2FY8PCfNg5vcCSQwirJcwy2cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials
false
cf-ray
80342277b940046a-FRA
x-amz-cf-id
CLMbFFrgjUM4snFXzw2YfKnfUMlB-Ze9XvlNy5a_t6XrWlj7SB506w==
1534169.js
blog.morphisec.com/hs/scriptloader/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/scriptloader/1534169.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8afd66def7352255098d4a54bdc0114afffdb5ae1f346e6d64e9d513fddb3d4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
4ec90e46-df5f-4170-9e63-95820fe88c8c
content-encoding
br
x-envoy-upstream-service-time
11
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
4ec90e46-df5f-4170-9e63-95820fe88c8c
last-modified
Fri, 08 Sep 2023 02:54:08 GMT
server
cloudflare
x-trace
2B9D2643452CE8A109866C18C69F6FA5364C57A721000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-6c94986c56-2mn9p
cache-control
public, max-age=60
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dk9R9uJUmDUb9RVECqiuqW0Ya9eP9VSHd2bOYbZoJB5ibrmtX8c0%2B%2BoiG%2FCjPbON%2BXvqgsScNNZE%2BX%2FNEyIlMou1%2Bl5RtspM3U0OTY84lQ3iXWft1Rnhm%2B5NqrE1fo7q9Ec4abKlfEx6h0rAat0Rxg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
80342277b941046a-FRA
expires
Fri, 08 Sep 2023 03:35:15 GMT
gtm.js
www.googletagmanager.com/ 		222 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2f54b7fda4cf19d8025a6e9eae10df1d10a13bd290021243b61c662940f706a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79000
x-xss-protection
0
last-modified
Fri, 08 Sep 2023 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 08 Sep 2023 03:34:15 GMT
banner.no-autoblock.js
consent.cookiefirst.com/ 		56 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/banner.no-autoblock.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/sites/morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/consent.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
Cookie First CDN-DE1-1082 /
Resource Hash
1a4052b7829a42968ea006f0edcd539c7a50d82b77866dab6288fcb401c26aeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-676
cdn-cachedat
09/08/2023 03:34:15
cdn-pullzone
236985
visitor-location
DE
last-modified
Tue, 05 Sep 2023 11:03:36 GMT
server
Cookie First CDN-DE1-1082
cdn-fileserver
657
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"64f70b08-e12e"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
BYPASS
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=300
cdn-requestid
1ee5e074c0903e0b63ff14c79e2fd242
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
200
cdn-requestpullsuccess
True
hotjar-3506314.js
static.hotjar.com/c/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-3506314.js?sv=6
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-37.fra56.r.cloudfront.net
Software
/
Resource Hash
e46b119e828fe0ea4fd278962f46850cdab8f2e1fbbf3ffe6c9e711bc11fe078
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 f4137273db9ae377298b8f8daf5b93f0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/0aca64c0eb31468e502c4cf5f027946f
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
07wYXhxQQVqcihj8to3-ykWOQYc1E_BnO0l_jDRkB1L7-cygHWg-7g==
font-awesome.min.css
blog.morphisec.com/hubfs/dynamic_esg/css/ 		20 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/dynamic_esg/css/font-awesome.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 318dc0d466d2a355ca0bbeb0721ef1b8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
content-security-policy
upgrade-insecure-requests
age
1414118
x-amz-cf-pop
TLV50-C2
x-amz-request-id
6T7DWERECAH06MM1
content-encoding
br
edge-cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
x-amz-version-id
t80ZTUuyC2UKWRLSZGKnunSDBqf49hOf
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 18
alt-svc
h3=":443"; ma=86400
x-amz-id-2
DU4YfiyzQclHuMO9ZNmgCn9qvEsx2BYLD8Clm3MoXXGQ09K73OkXGFEGik6c7dc5Bmcaj7Mz/d4=
last-modified
Wed, 02 May 2018 21:34:26 GMT
server
cloudflare
etag
W/"aede50e4be8da8450a046f9d293e57a5"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2FYXrxpfGWpFlSTSdxFHExS%2F31dxvtHWZyAqsoKBRBinZSKI7kmXRIMjc9TO0wq6B4LOT8CrpawbXbct96clbvXoVGkfaJpt2XfwVRfQDrqgZmZJfd4Laecib2sMSIvYTXgPGXlyg2cBokR%2Fy%2BPhdA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray
80342277b943046a-FRA
x-amz-cf-id
x6C2fkPRcK75iHlcvVd1KukHQLEH63WrzCC8ZvoZunnQxezKofmOaQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 18
css2
fonts.googleapis.com/ 		29 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1692264044692/2023/CSS/old-style.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
61eeaf3752ec4a775d833ab1ffe79787a750f59cb9c2933aad9cc276a36eb5fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1692264044692/2023/CSS/old-style.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 08 Sep 2023 02:13:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 Sep 2023 03:34:15 GMT
version.json
consent.cookiefirst.com/sites/blog.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/ 		678 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/sites/blog.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/version.json?v=1694144055052
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
Cookie First CDN-DE1-1082 /
Resource Hash
f62504abbb867b0d53b4d90d746313621819f2c5d39ceab4695ac2b0ef8cf223

Request headers

Accept
application/json
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-662
cdn-cachedat
09/08/2023 03:34:15
cdn-pullzone
236985
visitor-location
DE
server
Cookie First CDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
404
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cdn-cache
BYPASS
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=5
cdn-requestid
557ff0481850db851ceaf65eac3cdfcf
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
404
cdn-requestpullsuccess
True
logo.svg
blog.morphisec.com/hubfs/ 		6 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/logo.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b76d5259cb8aa380242c4a6e3ebae23893b5a3bf533e140286e7a1eff8e42d13
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109677659412,P-1534169,FLS-ALL
age
1778097
x-amz-request-id
ZEDFP1CBCJ0BYMMW
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109677659412,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"0580317a2320835ac13217ef733d9223"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680709192617
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
QOfG_EdU1IIjblPY7mW0vA0dKUSt6ypP
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109677659412,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
LqNePRlicacAszOSb79VPtQottaihcQe749hPWXlY52H/TIgnCWioIllIekHDRMKIHiZ+KEKics=
last-modified
Wed, 05 Apr 2023 15:39:53 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BPKvnyLll9%2BpLKBBHL9ILL2NRpwHHgIJb%2Fd75cTFXEAE62inkZ5oyRet38Mjtm7tBAFj3N9CKkpRyLUqQ6olVBGInGg6dhb3mdgKXOiWdfR3%2FmZhSConfl9E54Rgvu4nUMbZJRaEygiuZj3WFp2Rcg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
80342278da0d046a-FRA
x-amz-cf-id
jYcLpHIAwDMYkT_tqf_fB8Dnq8WGuqUvRLiB-Ku1EllhbSXuPwbjtg==
arrow.svg
www.morphisec.com/hubfs/ 		271 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.morphisec.com/hubfs/arrow.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1682515866099/module_109590708858_Header_-_Global.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=3628800; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109679247133,P-1534169,FLS-ALL
age
399211
x-amz-request-id
M3GWYWHD2C1VVE5D
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109679247133,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
etag
W/"4e0f4888e02de418e83ed88b0fb6b77b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680710835406
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=3628800; includeSubDomains; preload
via
1.1 4d5db5d8b78e0b583e041b582e55cfc6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
NbewtlYhb0U79FAEY4s37zmrf8HRhCTq
x-amz-cf-pop
TLV50-C2
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109679247133,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
OwMayoHWvEeRVeHtJCDFPwdctqNJ7uGQpP90bVctt4glZOdllbn7WjSxwtrGb7cmPAT+jwQsUTE=
last-modified
Wed, 05 Apr 2023 16:07:16 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LnxPSUxstRD3Lw3duKMDMW4tX8PiWYZdGD3yw%2FFW3BV58uoJNihG87%2BDVYYhdghxurS5IR4K8eQSlgKS%2B1BM3WuSLNAM5SmqMVVzNHfmpSWzvHOj2Ghwdy%2F%2FJbZ4guGQYWveip6NrFVXYSh%2BR3qu"}],"group":"cf-nel","max_age":604800}
cf-ray
80342279b8f137fb-FRA
x-amz-cf-id
oAVoiPAExFVI0NA615BGjECAjXDC9kC5H6l0InrpiuZZGb6w5VSE5g==
arrow-white.svg
blog.morphisec.com/hubfs/ 		349 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/arrow-white.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109627044436,P-1534169,FLS-ALL
age
28672
x-amz-request-id
FKD59GTSMPB54SW9
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680694543135
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
w3lhsSBfXgt/NlQtESevCf4GAcH2ry/dAX3Sob35P+JVLm6k+4vKt6RZQPmPDZAENan3kBo58kg=
last-modified
Wed, 05 Apr 2023 11:35:44 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNk7BCmPhvEB3I1x9REcf4swnXVEVWKFXSaJN%2BsWrVJKwChs4zIyL%2BPQEYBYl9WOEqhC31ZlmFpprE2f6bnM%2Fj9GIy50%2FTubmREe9PiVL2NTxFriHWXJ8Cm%2BIFHXJVk70AGho%2Fp8FeqyP1kfhsdWgg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
803422790a4c046a-FRA
x-amz-cf-id
ZuO-gkIyV03bvJlpEONyQJKkTq5YP2zUs97ppaaWnnul4uGajt_OfQ==
cybersecurity%20threat%20research%20blog.jpg
blog.morphisec.com/hubfs/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/cybersecurity%20threat%20research%20blog.jpg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-129397473892,P-1534169,FLS-ALL
age
657939
x-amz-request-id
X23PSD1E904WMYS9
x-amz-server-side-encryption
AES256
edge-cache-tag
F-129397473892,P-1534169,FLS-ALL
x-amz-replication-status
PENDING
x-hs-https-only
worker
content-disposition
inline; filename="cybersecurity%20threat%20research%20blog.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
cf-bgj
imgq:85,h2pri
etag
"2b7b7ed7eb036c12623f2218a7bab31b"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1691668529263
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 57e45f37e06f1f5dec8cc548e275e44a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
c0ZTjM3EuQi57sUJlqRjc9N65oFUDRbx
x-amz-cf-pop
MXP53-P2
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=26491
x-cache
RefreshHit from cloudfront
cache-tag
F-129397473892,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
3770
x-amz-id-2
fg3h9APsQ9AKKCio5pB3NVcAVYWvXmMdGe90GlWLcrcJm3nxg1GyHG/A3wEkfTQMEhb+X0gtI5s=
last-modified
Thu, 10 Aug 2023 11:55:30 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0F2K%2F7bnS%2FX9HVYwmwlYgMngUjw%2BCJBGSNENq7e11QMXM6GscIJIKiD8WQH1krpZkXxPmSKNF0tRDbf2Y7WrX%2FPc%2B7BNWz5rySpbFxnKw7GHKy1tajkeZTqxJ3v5ks72qIjyy5BX2nLTIDFN5ECecQ%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
803422790a54046a-FRA
x-amz-cf-id
dgMH1NNsprArMpn8Y3p6v60s0y74YjQDlD5QmT426qWDIE-FZxPecA==
footer-bg-01.svg
blog.morphisec.com/hubfs/ 		1010 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/footer-bg-01.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-110476466060,P-1534169,FLS-ALL
age
76018
x-amz-request-id
252HJF1GQVYM9N98
x-amz-server-side-encryption
AES256
edge-cache-tag
F-110476466060,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"2ede0c7ada32266a0c611cfc210050ce"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1681221340353
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
_gIdfKK3n3930Ooq3mAnm0BVYetLtdSX
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-110476466060,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
m4+3M14iPcRyqD+H+Lr3uSd8EGWTACjl9q1meiMQBWX5VwQs/PsSVQ/GOwAsJlHdLl2YNkbyfs8=
last-modified
Tue, 11 Apr 2023 13:55:41 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yVqkewMHlgPJg3%2BG9NFNiNaFy7fkpxfztAXsd9JCIs3gfS7cnLssAhRDtIkDkZOj5Cvtd9etpK%2FDXU%2BF5cRXGPi2Lp7C6BjtCRQflZhE%2FzQr7I0PrgGUkdjYwhIqYs1nn0EILYSHok6ENeuB%2FtpbtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
803422791a59046a-FRA
x-amz-cf-id
Qj-ytCWe236K9g8A5BSG_BibCngkydlShaOMbnM1FDSiGDddjNLcWw==
Montserrat-SemiBold.woff2
www.morphisec.com/hubfs/fonts/ 		65 KB
66 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-SemiBold.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=3628800; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
Origin
https://blog.morphisec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-109621325689,FD-109627043208,P-1534169,FLS-ALL
age
659266
x-amz-request-id
BNJ5TY9PDZJDX3MQ
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109621325689,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
etag
"09e9af57c990afbf2833f00d90880b6b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680693119436
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=3628800; includeSubDomains; preload
via
1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
N4AY2AcWVnuw91nHKeLaBhsvto1u2FqE
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109621325689,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
66104
x-amz-id-2
bf5YplGCl1drH35QaQoZ1TGkTsDwYo6L98YYvbsL3sZ5y7xK0t0X6TT47Swb/lyW1BnnWX05kztfrJgTeJWUTuWkgjW9kdS5tQWYwJGT4FM=
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0%2FHGVsrUPAf8gCvMdYxX4Hux20oTD8dU3sXl4G8bfbyX5MUH7DjmmbTdndqDsgK02KSQhQr9%2FKSToFSEH78kwYx4BxA%2BbBevGvrtw2yzmXXgDQuZy%2Bull4ROXZKXOQaiqow3nWQJ7f1KvBmabs9"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
80342279b9a918b9-FRA
x-amz-cf-id
46e7sN55Vet834mBT7oh6NsFZenHcINW66JAUNstjGiKiGIOvJwr7g==
Montserrat-Regular.woff2
www.morphisec.com/hubfs/fonts/ 		64 KB
66 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-Regular.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=3628800; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
Origin
https://blog.morphisec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-109620535302,FD-109627043208,P-1534169,FLS-ALL
age
1807767
x-amz-request-id
43CHY03DFW5TF5GR
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109620535302,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
"6b8307d4d485772acfa7afe8265fb942"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680693119101
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=3628800; includeSubDomains; preload
via
1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
nSDGlIqPXu9uV3l2fdqqNA5m3fzDIOo2
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109620535302,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
65900
x-amz-id-2
BkpczpWtpx5rMU4HbdwO/5V/dotOVfOvplSeqXfKqRYqE+jGK50E3ZeXUgDoyIjYcGtRcfrX5K0=
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2lhEMqxFmvjgmwd6p2bpPLNGpRNYk2Bivg5iVI2W69Ke8yUFfLZfo7eCXDpJywFXe6mZVWNzV7JzK0mkfOI%2FgmeRPzS%2BsHPiwKhzl2qAwm6ASuE5dZ%2FJQEnq4mHRsf2bQHHMsoTGbANVqSRjNv%2B3"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
80342279b9aa18b9-FRA
x-amz-cf-id
tOJD2FXUjIeSseTjT69fLyTV5xv5Xq2DnTPCQ6ymPE_HPpJfA4utxQ==
Montserrat-Light.woff2
www.morphisec.com/hubfs/fonts/ 		64 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-Light.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=3628800; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
Origin
https://blog.morphisec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-109627043216,FD-109627043208,P-1534169,FLS-ALL
age
2407
x-amz-request-id
Z2E335022YK1WMVT
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109627043216,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
"aab897981ce728bf9faaf8d7e9273e82"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680693119255
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=3628800; includeSubDomains; preload
via
1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
pc80gFZ4d8MJD6P02C8Utp.DAeRoai1s
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109627043216,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
65268
x-amz-id-2
IEJqUns8c6ZS/Ucmg3BbuZiQB4pZLBY21r6u9iMDUhWmMctRBzGZhJ0u0rurzppeEnvRyTES0vA=
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9Xm2fKaO2%2B%2BQEMjDVkClTXgqEanIeL7%2FeOFcj7oGEu05DcKcqUkk5q4LuERtz0q8Fiu2ggYIAzxDLa%2F26P0Tt3o2loLcsHYTmMji9w6dv6VKHw5o1vFfPrNDEP9UZ0NiimdrDPv0AQG3md6icAb"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
80342279b9ab18b9-FRA
x-amz-cf-id
cWwoRPWnZQ_5rtRRPDqOBs718vJfoeB8ciCCAqu8HmIB-voBTbns5g==
Montserrat-ExtraBold.woff2
www.morphisec.com/hubfs/fonts/ 		65 KB
67 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-ExtraBold.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=3628800; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
Origin
https://blog.morphisec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-109628007973,FD-109627043208,P-1534169,FLS-ALL
age
1781313
x-amz-request-id
K0K3173Q8SX7J4SJ
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
"4e861b47db165af12ec0447c91b0167f"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680693119362
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=3628800; includeSubDomains; preload
via
1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Ai1BLbuGpLfH9Dc8qMneVI9MZINf4ZFA
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
66876
x-amz-id-2
4GqwyfCdivx+3ot/TRMEQnk5CDZ50gwmuQNwJBUQAEvd9i5ais4lGSi2KTsDiD8Hij9uKDMIT2o=
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gech35iQUSl%2B77%2FhgDCjt4xCuDFLOviC0C99tUBA%2FCLtmidOR5m8dQuYput2VzVuxmubXpyCjGUeNAP40%2BQtzNbPiZQcFpHMxHkLoLfX1NI8uMK02SQC1Bon4Q5hhfHt4jNneiNcUVGtsdUeMgiA"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
80342279b9ac18b9-FRA
x-amz-cf-id
xBnpVIOnCiRv9t2DXVjIPpe1AqD53AO_JU5W-m4qbsjWhQFRmgTa0A==
Montserrat-Medium.woff2
www.morphisec.com/hubfs/fonts/ 		64 KB
66 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-Medium.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=3628800; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/
Origin
https://blog.morphisec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-109620535301,FD-109627043208,P-1534169,FLS-ALL
age
32538
x-amz-request-id
QG216VDH8TRC4W37
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
etag
"16c1a5b7a2037ec2bad9740c8b0ff8ee"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680693119004
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=3628800; includeSubDomains; preload
via
1.1 80566e72ab185c08a79ba1ca1348350a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
FUjuK6I4k.9p.Gx8MyhsJW6pvpTlo4q4
x-amz-cf-pop
CDG53-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
66036
x-amz-id-2
X5xHIMEs0XJ1G+W87eEjUfbTahehIHCLi0oPINcWXh/8fQC02GoDpRZK52rea9fRpNO426ScbLM=
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j5tV0pBlM3LD5H9pmVz4ud7v58KHDCQGK1MstK51q0KGaE4%2FWajrTvhakbCBVPhlWaKSMR89ZEXZBBqAjHq5E6GuHRfBNpMK8xQBzvtjlqpqfNbLO5n55W%2F0OAwswAHATvPwvKTdAXY1epOoRHYT"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
80342279b9ad18b9-FRA
x-amz-cf-id
a9scnNNnwjBt0EBETLnWVUkhSOt6S8p-kvhtAikLf2u8-fb6rTfw5w==
search_icon.svg
blog.morphisec.com/hubfs/ 		350 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/search_icon.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109619762806,P-1534169,FLS-ALL
age
28672
x-amz-request-id
VTZSS51V3G562TS7
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"3d95f4288550b5cf8de25c3fedbd715b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680691466397
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 62e7b24ca032b612bb93fa7f3437469c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
iE0Tzns/hrf7EjXq1mcSQKgsmyCo+paJvLNT94+K+Tf663O4Y2ssvGcs4IxUWr2U0ImT3HuqkJ4=
last-modified
Wed, 05 Apr 2023 10:44:27 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MwSTQwm55DVkpe5bO01odMAFjWdY4CN8J6Q0lkEeui%2BK%2FICpIbfCrZZ9kk9093Qgg1Tqq%2FWVNgXOzMKZfxnNxHDmzxXSWhS4FKahZOgtfMUUyeGVlEC0PQewMr9KzbFfrM%2FnCcnpA9hLYMOqxiFRsg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
803422795a92046a-FRA
x-amz-cf-id
a4-16_xdsr03gJyg9aSqQqKZgtekyPTtk4-xcGfEyG1Hs1axX1ROGw==
blog.svg
blog.morphisec.com/hubfs/ 		797 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hubfs/blog.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109682604959,P-1534169,FLS-ALL
age
28672
x-amz-request-id
THB1RTRGQHPM4HZZ
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680711424510
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
IwycbYo7Q3IyU8LHUf2F2oGc1yUSLLI4BVC42Mn9c5dc1psNxC9e8oM7xHa/5WzXLfyFXlMIzg8z69DiWMgjQylbuSaVfbMYfbMhJEUdSvI=
last-modified
Wed, 05 Apr 2023 16:17:05 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVDkpDNX4FMPXAPm2nj3BMbIEnJ9Ww%2Bq8ZQHib%2Fp4RXXfvbLdpr6rSKS1ggh6CybAwqNtEmKBbtfOAylJrw2y2yB8TeTeJppGmsyfTEOGMolaBgJn45HpDGiQDgBYYvC%2FwaEiPt%2FP7Yal4xrb2BR%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
803422795a95046a-FRA
x-amz-cf-id
YIu1kKeS3YSy8dnhPI5FV3s1VFXZtxAai9jPHLdME0PovtHA2BcFUw==
CHAE$%204%20malware.jpg
blog.morphisec.com/hs-fs/hubfs/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hs-fs/hubfs/CHAE$%204%20malware.jpg?width=790&height=413&name=CHAE$%204%20malware.jpg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
723c5d68ccd574fdda0dc2aa734d70ca1a64c4ab6787a816bea3f5d8736abe85
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-133385918320,P-1534169,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
35932
cf-resized
internal=ok/m q=0 n=585+0 c=3+58 v=2023.8.1 l=35932
last-modified
Tue, 05 Sep 2023 14:24:40 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cf03K0632dbpef6X5bS3Mrge8plFgeVDea3Vum30M5DQ:71ca5fad357cef1af438b48a5fef6bb0"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cm7AIF0pnzNJOs%2FaOObU3VhdW2c0VZfJGUwTYZt4VqCKXU3NBXApTk1nvinzc460WA1uVtZKWes3PKbe2F4B7H8HR8mgLaGGAMyXR9oYMCUzNTRvWPuzNHAM5X8mLAYThCa735qWHTnyq6kKsmIf8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
803422795a96046a-FRA
Lucifer_Blog.jpg
blog.morphisec.com/hs-fs/hubfs/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hs-fs/hubfs/Lucifer_Blog.jpg?width=600&height=606&name=Lucifer_Blog.jpg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c346d3ad9f8c70c306147651ee63945db5ed91de2f0df915dc16326de568358a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 4d25e683291a18aef178d8e4f9828b50.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-133338226833,P-1534169,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
44650
cf-resized
internal=ok/m q=0 n=901+0 c=13+74 v=2023.8.1 l=44650
last-modified
Tue, 05 Sep 2023 07:46:24 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfKCP3-5YpZhbxw-JOE7mFOwad5g5YhDk7LKnqcKNjDQ:13e3951109fa46e2b87151c3a303149f"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t39FQBCuqItLWBuHMHKS%2FIe2f3HyZ%2Bf3BVVOdPXmNonBjaU6kPpOdfai%2Fpvu2pR5CzkohzShLdVQYHHCAG4h%2F9T5LR%2Bd7z4N9EKc8CM96yEbQU%2FBmfZFK5nqoYcCbaQs%2BTVL0XEOrn0fohMraaUsUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
803422795a99046a-FRA
Chaes-Execution_Flow.png
blog.morphisec.com/hs-fs/hubfs/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.morphisec.com/hs-fs/hubfs/Chaes-Execution_Flow.png?width=790&height=549&name=Chaes-Execution_Flow.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
95108c46c4d90ea8e0cadd583ba6d218540e3516acd11af5847aea87c76500e7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 0f6f1904b6904f4881311d3f5570a9aa.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-133340049784,P-1534169,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
26444
cf-resized
internal=ok/h q=0 n=31+0 c=2+56 v=2023.8.1 l=26444
last-modified
Tue, 05 Sep 2023 07:46:47 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfbjdBZHTd3bbC6Ow_hvb5Wy9keuLzIG8nGykWdlwtDQ:819f73bb659c45fb154c0f8eb91dff7b"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RqyUqljawCwA7B9ZbkRRQd3MJVWubcCfQCFYPbbIvDrxNedd%2FgP8XHGnmBbi%2F%2B6j4XJ%2BKe8%2BQDUdzh0BOuSgGGlnx74dnm7GQqYH7%2BBrpq53%2FcfDl6JewaCBSdnHzWx%2BBBxZc0Ge4tNodFwudQGWOw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
803422795a9b046a-FRA
modules.c7962ba31267c30299df.js
script.hotjar.com/ 		223 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.c7962ba31267c30299df.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3506314.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-43.fra56.r.cloudfront.net
Software
/
Resource Hash
f5d7e440936d0aa4088a8bacc16206224b58b6fa1882dc54c3f953450fc75563
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Thu, 07 Sep 2023 08:53:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 c9499008aa7e1acd11e9fbc171281d82.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
age
67269
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55578
last-modified
Thu, 07 Sep 2023 08:52:45 GMT
etag
"628a0bf92690f9881613d19390363f0b"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
NpgK2_ROPHWLuZlwdswue3JEWMFen8lF15bxoQgzkzvuIYC3lRUIlg==
version.json
consent.cookiefirst.com/sites/*.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/ 		678 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://consent.cookiefirst.com/sites/*.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/version.json?v=1694144055052
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
Cookie First CDN-DE1-1082 /
Resource Hash
f62504abbb867b0d53b4d90d746313621819f2c5d39ceab4695ac2b0ef8cf223

Request headers

Accept
application/json
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-599
cdn-cachedat
09/08/2023 03:34:15
cdn-pullzone
236985
visitor-location
DE
server
Cookie First CDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
404
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cdn-cache
BYPASS
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
cache-control
public, max-age=5
cdn-requestid
a8fce7243fb278732800dc58dcc4337b
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-status
404
cdn-requestpullsuccess
True
json
blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/ 		10 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/json?hs_static_app=forms-embed&hs_static_app_version=1.3699&X-HubSpot-Static-App-Info=forms-embed-1.3699
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
191cabfcf48c25d8837d6b16a139db52d3a370e72424747a94365fcf8a4e7ed1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet
na1
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
3d53abb2-d1d3-4c9b-aa2c-58126348f664
content-encoding
br
x-envoy-upstream-service-time
33
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
3d53abb2-d1d3-4c9b-aa2c-58126348f664
server
cloudflare
x-trace
2B2C8136A9224E5774A6594B0737EA9AE8BDF2F671000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-max-age
180
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-tkdzf
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Cat8IPo03WA3qTw%2B9FxvyoFh9mJLrqL8DD8GmlpvTL%2F8seJGRj0zH0GQqc8AOzZfrZtuz%2B80tMU7kokFOQvsa2VNF49Z%2Bt%2Fat7OuurWIvKdQzhyuI74kM1olgdNipEKaMOQmHN1p%2BAWQ0dg4pCdXg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
80342279aad1046a-FRA
access-control-allow-headers
*
x-robots-tag
none
insight.min.js
snap.licdn.com/li.lms-analytics/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 05 Sep 2023 13:41:52 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=19221
accept-ranges
bytes
content-length
3822
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 16:56:53 GMT
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-etou8220087-FRA
sl.js
scout-cdn.salesloft.com/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-request-id
4CREYJZCFGM8Z5ZG
age
5522
alt-svc
h3=":443"; ma=86400
x-amz-id-2
+9rAQ6CbvXFqvFzpV6r6YzDo5Hg9DQHQpMENKJIobmJbR2v9L0F2Jb2acuLt/EclLt4KaPRVJZEl4RYrMntDup6fd7QnTN4229qaFCHkUe8=
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
server
cloudflare
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
8034227abfd59a0b-FRA
expires
Fri, 08 Sep 2023 07:34:15 GMT
all.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d6ded884075b5ffaa5a25ef9dd9a94a2389317dcc3b6357f1ddaeecae4ad52f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 08 Sep 2023 03:34:15 GMT
content-md5
AMiMfFSnE4VoxPtbX5EQJA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1685
x-fb-debug
ZC8YOZux/VNZP8TILnXmXj0ZWTumNDlWYvof0o9lN3EC6HRngKOd8+4B1L3Bw0Z0DbW57HD3VJbp4tC2VyIH2w==
x-fb-content-md5
0f4ac79c80c0336a4c56989ad4cf3d86
cross-origin-opener-policy
same-origin-allow-popups
etag
"a46d32f9b64711b3f5421e1103051b63"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Fri, 08 Sep 2023 03:37:43 GMT
widgets.js
platform.twitter.com/ 		91 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BC) /
Resource Hash
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Fri, 08 Sep 2023 03:34:15 GMT
Content-Encoding
gzip
Age
1347
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
27630
Last-Modified
Tue, 24 Jan 2023 21:41:51 GMT
Server
ECS (frb/67BC)
Etag
"9e99725b7a4cd730a934afba2a438bb5+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=1800
Vary
Accept-Encoding
js
www.googletagmanager.com/gtag/ 		280 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cfe51b3bf22969cd5b55965f4bb5106b56c5298f1f81fd00051736570eaeb5f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
94597
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 08 Sep 2023 03:34:15 GMT
js
www.googletagmanager.com/gtag/ 		271 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QY7QHR57BF&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
590be5bcdccaac42546828ac4dfaf4aee3a3badf11b38ec2c1c1cfcb4bf14973
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92344
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 08 Sep 2023 03:34:15 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 08 Sep 2023 01:49:43 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
6272
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 08 Sep 2023 03:49:43 GMT
fbevents.js
connect.facebook.net/en_US/ 		193 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: engage.morphisec.com
URL: https://engage.morphisec.com/e3t/Ctc/T5+113/c9M6y04/VVLcY91jycZDVRqW5S5Fy2lJW2nfwL3536cLWN3cFw6T3lYMRW95jsWP6lZ3mHVXxsJb309Gc4Vp7H_81kbJDjW5bMFqX4Wb5h0W4fpCn_1vXfNNW4-8b1376NcftW7XB76G16FDY4N46xW4_-dPzmW1-tKBl96sFmxW4T7jYQ8-M81wW4F-hst5NdGxwW8lrclN76swH6N6nb9PYVKH2vW4svyz-1hHqnPN5PYZr4l681MW3--HB84tLJv-N55bNDD5z_2mW6Y3wYK75Y7gKW1q9X_l2gcf6JW5LhDkR8rW6tpW7qq2Vg3pD-V-W7S2CpN4rBkhYW336v0n7JDJx7W3PxW5d4SslggW2lb7yr4t6bcDW33D80b1qkvRnW5K3fZ59dtLPsVbX9v51HWy-cW33S20Y4nLXTnW3V4znc6Rfgb6W4Xk0pD6HQrnMf1J8Nvj04
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 08 Sep 2023 03:34:15 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
52127
x-xss-protection
0
pragma
public
x-fb-debug
cdHTjjPtQbAut3wBziEXK0md5iNmLdUeYvalTNp2w/1F8rHd0sajTxRL4qqWhW7+EP+Hz35Iq2CdLmqscgIq3w==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
has-permission
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
475 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1534169&callback=jsonpHandler
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
no-sniff
cf-cache-status
DYNAMIC
x-hs-worker-debug-mode
false
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
00e383db-dbbf-4b36-8df3-665fde46237c
x-envoy-upstream-service-time
3
x-evy-trace-route-configuration
listener_https/all
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=8034227a489b37da&resource=unknown"
x-evy-trace-listener
listener_https
x-request-id
00e383db-dbbf-4b36-8df3-665fde46237c
server
cloudflare
x-trace
2B4F8F19105F3DF576B7B187EF4F19ADA6C66A618E000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
GET
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-6mr8p
x-evy-trace-virtual-host
all
cache-control
max-age=0
access-control-allow-credentials
true
cf-ray
8034227a489b37da-FRA
postlisting
blog.morphisec.com/_hcms/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/_hcms/postlisting?blogId=3742504875&maxLinks=10&listingType=recent&orderByViews=false&hs-expires=1725680054&hs-version=2&hs-signature=AJ2IBuED3lPPPvLKXtHlELpqXdNN3LbIGw&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
112db83f404a3f990c3c9a62a45d4449900c4b012e1be08968b4fe11e5fbb64e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
4f9ada84-946c-4fc3-a583-5ab2fd79b68a
content-encoding
br
x-envoy-upstream-service-time
28
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
4f9ada84-946c-4fc3-a583-5ab2fd79b68a
last-modified
Fri, 08 Sep 2023 03:34:15 GMT
server
cloudflare
x-trace
2B28AE3ECA9B1F1764945E8962F6B7AAF5984D1505000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iXmj0qzi2x0pXCNHhgMH%2BU9Mi0FR3qeqoTZI11p08V6nqc%2BrRWWuW90gVKIbrLW%2FgHZBxRoeHv%2B5Qhyku2aCV%2FpXU63PtXHBFSvUuFzEpxo12phNn0QwLLnNL0acj80J3YfMPj5IqY0CIHMXgqgitg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
x-evy-trace-served-by-pod
iad02/cms-10-19-td/envoy-proxy-6fc989fd7b-p5x9h
x-evy-trace-virtual-host
all
access-control-allow-credentials
false
cf-ray
8034227a1b36046a-FRA
x-robots-tag
none
arrow-white.svg
blog.morphisec.com/hubfs/ 		349 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/arrow-white.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109627044436,P-1534169,FLS-ALL
age
28672
x-amz-request-id
FKD59GTSMPB54SW9
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680694543135
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
w3lhsSBfXgt/NlQtESevCf4GAcH2ry/dAX3Sob35P+JVLm6k+4vKt6RZQPmPDZAENan3kBo58kg=
last-modified
Wed, 05 Apr 2023 11:35:44 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=66Y3defKl8Jzyt53kcCQJ4XaMB2FqQjp%2BGBtfzBkb1otiTp7hBDgIkEgA4UVQRmg0Ee8gs1BFxmAjwhfARoLodPzIlbUnFhIKnOh28VOX1SK329CiRbu76735NFJVeQZry5rk5Gl%2F5bNpmXKj819Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8034227a2b3b046a-FRA
x-amz-cf-id
ZuO-gkIyV03bvJlpEONyQJKkTq5YP2zUs97ppaaWnnul4uGajt_OfQ==
arrow-white.svg
blog.morphisec.com/hubfs/ 		349 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/arrow-white.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109627044436,P-1534169,FLS-ALL
age
28672
x-amz-request-id
FKD59GTSMPB54SW9
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"60bbbc0bc1edd1fb7cca1a100a63be01"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680694543135
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
KMw_AMABoswm8oNvOvnloHZvZpdq9inh
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
w3lhsSBfXgt/NlQtESevCf4GAcH2ry/dAX3Sob35P+JVLm6k+4vKt6RZQPmPDZAENan3kBo58kg=
last-modified
Wed, 05 Apr 2023 11:35:44 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2BwgVtT%2BPRqlOUIy4W3cRZGjlG%2Fp%2Fu6n5b8e8pnanq%2FzjC5wxG1jUcS5qlQnATScmZPHFLeoIDW8JgTNKNfnv5Si40adLU9Sdcu5U0VW7agf8eBOrJFRRKANhM04upDWJE5YeoMHTYDVqjvYuGsNbA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8034227a2b44046a-FRA
x-amz-cf-id
ZuO-gkIyV03bvJlpEONyQJKkTq5YP2zUs97ppaaWnnul4uGajt_OfQ==
close.svg
blog.morphisec.com/hubfs/ 		543 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/close.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109618525080,P-1534169,FLS-ALL
age
15255
x-amz-request-id
M6V1KHWJV6YZ6918
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109618525080,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
etag
W/"613d5e657a45fdd73680a2a43b1810a9"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680690377289
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ojcPDMW2kfX705kNgng7YRySVuOGEcf5
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109618525080,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
B98LzWzJx/DgK7wDqIKosf9yI4h5FQ9wnSVZb/NGJVx/wk+lrvknVa/TJoZ8OY+hqM60hvgjXsk=
last-modified
Wed, 05 Apr 2023 10:26:18 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XmjhwD%2BzletR%2BD9T386q9hLBvlhkT78G1aF3BVOL90Z4WRoZES3TUej0PmMSyyJAiPFsKKLERFiPBtGYlAVpno5vm4gFi1qsvAoKLreelMITkb4mF1NtfXteMcW8G%2F%2BUnMijRggQvQ4qJSl8p1nCkw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8034227a2b46046a-FRA
x-amz-cf-id
ZYE3VLwHlc8-47S5qAdKoQX3FlspZ1JlY92eU9yOpOKhEDL19k9qiw==
search_icon.svg
blog.morphisec.com/hubfs/ 		350 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/search_icon.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109619762806,P-1534169,FLS-ALL
age
28672
x-amz-request-id
VTZSS51V3G562TS7
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"3d95f4288550b5cf8de25c3fedbd715b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680691466397
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 62e7b24ca032b612bb93fa7f3437469c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
iE0Tzns/hrf7EjXq1mcSQKgsmyCo+paJvLNT94+K+Tf663O4Y2ssvGcs4IxUWr2U0ImT3HuqkJ4=
last-modified
Wed, 05 Apr 2023 10:44:27 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7UEnYOj7uNHBFDS6bGsUOUu%2B9UDH5%2F5MfL45eSyJr4zZT%2F6m%2BQxD16al4o72Wc6xQzEP1vJvQpxkoEZ3EfimjvcwpsQz2kobO13%2FTVBMSOADscNoRX7zwjOWMJZa6EfNOYYCQc%2BRcWP6UBj%2B88dH0w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8034227a2b47046a-FRA
x-amz-cf-id
a4-16_xdsr03gJyg9aSqQqKZgtekyPTtk4-xcGfEyG1Hs1axX1ROGw==
blog.svg
blog.morphisec.com/hubfs/ 		797 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/blog.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109682604959,P-1534169,FLS-ALL
age
28672
x-amz-request-id
THB1RTRGQHPM4HZZ
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680711424510
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
IwycbYo7Q3IyU8LHUf2F2oGc1yUSLLI4BVC42Mn9c5dc1psNxC9e8oM7xHa/5WzXLfyFXlMIzg8z69DiWMgjQylbuSaVfbMYfbMhJEUdSvI=
last-modified
Wed, 05 Apr 2023 16:17:05 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SEzIYzivBSoOtWUO%2BHp%2BxeC4up%2Bu69z1Wf6ECp9Se9jxcBiGbE22HBjly4%2FPdY%2BE7%2F%2FZez5P1rMT%2Bi6GCVtalFvE5TKI%2BFJNZ0cg9rKzLbnt6U3Da2xpz1eELOIdmXR68za0K3EB%2BLB6SAoidHsing%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8034227a2b48046a-FRA
x-amz-cf-id
YIu1kKeS3YSy8dnhPI5FV3s1VFXZtxAai9jPHLdME0PovtHA2BcFUw==
search_icon.svg
blog.morphisec.com/hubfs/ 		350 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/search_icon.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109619762806,P-1534169,FLS-ALL
age
28672
x-amz-request-id
VTZSS51V3G562TS7
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"3d95f4288550b5cf8de25c3fedbd715b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680691466397
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 62e7b24ca032b612bb93fa7f3437469c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
iE0Tzns/hrf7EjXq1mcSQKgsmyCo+paJvLNT94+K+Tf663O4Y2ssvGcs4IxUWr2U0ImT3HuqkJ4=
last-modified
Wed, 05 Apr 2023 10:44:27 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YjlNFxm4fwMCgBD40zyIH%2Bl3ABLB1zuf9frMq0lcBS3wxmOZ50x7bDl%2Bph7XYcE1QxuBTA0tdUfxynQCq7bIFdJdwOgSEq2OpazuYimYvB4KcEpeYhIpkpcXtmAQ9v11JkXNN2zDKlRfrDTqAN0Q3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8034227a2b49046a-FRA
x-amz-cf-id
a4-16_xdsr03gJyg9aSqQqKZgtekyPTtk4-xcGfEyG1Hs1axX1ROGw==
blog.svg
blog.morphisec.com/hubfs/ 		797 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hubfs/blog.svg
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109682604959,P-1534169,FLS-ALL
age
28672
x-amz-request-id
THB1RTRGQHPM4HZZ
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
etag
W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680711424510
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
IwycbYo7Q3IyU8LHUf2F2oGc1yUSLLI4BVC42Mn9c5dc1psNxC9e8oM7xHa/5WzXLfyFXlMIzg8z69DiWMgjQylbuSaVfbMYfbMhJEUdSvI=
last-modified
Wed, 05 Apr 2023 16:17:05 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q00L1hS%2BTM0Ckk4Xvb7lI6ef1jfFqL1O2buDoO%2B%2FE1uEM8xlhgxdv3Vz8kfN7iL0p%2BruPhCTQgJDbVWxmROd47I0DxfTPzpo9aj%2BfEbVvXMVqH7mJj0FC9B2uLelcHYeOHt9qeuRNDHq9Ac7tIasiA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8034227a2b4a046a-FRA
x-amz-cf-id
YIu1kKeS3YSy8dnhPI5FV3s1VFXZtxAai9jPHLdME0PovtHA2BcFUw==
cta-json
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 		18 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers&pageId=132418529282&pid=1534169&sv=cta-embed-js-static-1.202&utm_medium=email&rdy=1&cos=1&df=t&pg=ce3bb527-eba3-4078-9bbc-b76f40432fd5&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=e658bf15-1881-4aa4-af39-691ff567ac14&pg=90e4b55e-7566-4ca0-84f9-3deaaa8c9ad2&pg=06461e49-d0ef-44ca-bcf3-ad6c8d5a8ff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
308806899774b77d9b9d7e9f49fc60a9263d45ec901d671199a27866fb56801a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet
na1
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
8e992f85-08c4-478f-8ce3-b6fa1eb1bf5f
content-encoding
br
x-envoy-upstream-service-time
96
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
8e992f85-08c4-478f-8ce3-b6fa1eb1bf5f
server
cloudflare
x-trace
2B7D23CF6B0D32122EACA7DF58D98367EFA0267799000000000000000000
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-pzkjr
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dHwgMarGv3x8wJ6wqOAFBcdY9kB6hCOv3fOtmarO26KzzUMVtrwtUgyX%2FYocyjDYvX8j3wWWv%2BJk5vufYrdtvDaPcfoGYul%2BcY067Z9hVxfm4aaJAqXwbCicghRjru1JEfKmI4k3IpOj4Qc9wq02a5Bcy06lZyZ5aS8%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
8034227a288b37da-FRA
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Fri, 08 Sep 2023 03:34:15 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
9090c1e6-a802-45f2-9210-8445c05c05f2
x-envoy-upstream-service-time
1
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
9090c1e6-a802-45f2-9210-8445c05c05f2
Server
cloudflare
X-Trace
2BCA326FBAD979943152E1A645DA2E0DC9B038C7A9000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-p9jdw
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
8034227bbddc3a54-FRA
collect
region1.analytics.google.com/g/ 		0
256 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HFVX4VZHCS&gtm=45je3960&_p=2018648052&_gaz=1&cid=1836493932.1694144056&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1694144055&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&dt=Chae%24%204%3A%20New%20Chaes%20Malware%20Variant%20Targeting%20Financial%20and%20Logistics%20Customers&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:15 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.morphisec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
256 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HFVX4VZHCS&cid=1836493932.1694144056&gtm=45je3960&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:15 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.morphisec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HFVX4VZHCS&cid=1836493932.1694144056&gtm=45je3960&aip=1&z=517427798
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
insight.old.min.js
snap.licdn.com/li.lms-analytics/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 28 Aug 2023 12:14:15 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=23367
accept-ranges
bytes
content-length
4862
1534169.js
js.hs-analytics.net/analytics/1694143800000/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1694143800000/1534169.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4fba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ae57cc3ee92cd4b19b19c70d7d703a6028a2c9fce97ec45c90027637d11a605

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
60HWCAFSPMFQE010
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
d3f24cb8-60f9-434e-8579-32bfff2fe367
x-envoy-upstream-service-time
33
x-amz-id-2
senfCrfGZuDLsIN7zVfXcZdr9grpFs5spzrPFzC8q8PkeEEMmhz3yJ18MfuQiF0mJW1nL+a1aiI=
x-evy-trace-listener
listener_https
x-request-id
d3f24cb8-60f9-434e-8579-32bfff2fe367
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 07 Sep 2023 09:55:16 GMT
server
cloudflare
etag
W/"9de2702fe4b411b488a7869ce77a1358"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-wrchw
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
8034227c58f203e4-FRA
expires
Fri, 08 Sep 2023 03:39:15 GMT
collectedforms.js
js.hscollectedforms.net/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:579a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
026c249acda71b64fe2510542d88ae26073694f89b595b1fd0e9f3ad501bf6b4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Origin
https://blog.morphisec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
EcjZkyUfgxNGQ.xnv1Vqq9Oda2f1T.dE
via
1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-amz-cf-pop
IAD12-P3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
593c2f1c-83bb-420e-997d-887c79ea4483
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.394/bundles/project.js&cfRay=8034227c3ecbbba1-FRA
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
3
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
593c2f1c-83bb-420e-997d-887c79ea4483
last-modified
Wed, 09 Aug 2023 09:05:38 UTC
server
cloudflare
etag
W/"6fb5b8aa66d730f2a49b41a9c712ffa7"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
x-hs-cache-status
HIT
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-6mr8p
cf-ray
8034227c3ecbbba1-FRA
x-amz-cf-id
9COD3aIeT_1zgRIDBkzDNTt_YnmerH96iLDs3zJEtm0uJgdo14qOig==
x-hs-target-asset
collected-forms-embed-js/static-1.394/bundles/project.js
leadflows.js
js.hsleadflows.net/ 		540 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:7a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Origin
https://blog.morphisec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-encoding
br
age
31120
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js&cfRay=80312ab7d80a3624-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"b41828c438dcec976b93ddee1edebd6d"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js
date
Fri, 08 Sep 2023 03:34:15 GMT
x-amz-version-id
w9qtR_oGTBab1H9Wt5L5qiHDqxRKIaLE
via
1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
53dea398-3716-4cea-817c-c0085872d958
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
6
x-evy-trace-route-configuration
listener_https/all
x-request-id
53dea398-3716-4cea-817c-c0085872d958
last-modified
Mon, 04 Sep 2023 12:55:59 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-89hzd
cf-ray
8034227c5cff362d-FRA
x-amz-cf-id
dDz9rOj1PledSrMHCYNgoBfTT9eHl8VYiDInwaQxD8OKxLF0wmLuNQ==
1534169.js
js.hs-banner.com/ 		62 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/1534169.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b013edca6df70d9cad84e7930f49d232928ded92c964dc6503eae3dadf5aba4e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:16 GMT
x-amz-version-id
TamVJ9N907MAtods5Y9LTHpgbsU.i5Ny
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
1MYX599N66ANXDS5
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
abb4f2c6-0f2d-4d63-9a03-a5f354f4836a
x-envoy-upstream-service-time
62
x-amz-id-2
4MTG0lCjILqDyXxkAOYZairOjblJG+MYWQAZfznkSLu5hbvYTIqTjfvRLBGL1h8MJDu/nk5xc8k=
x-evy-trace-listener
listener_https
x-request-id
abb4f2c6-0f2d-4d63-9a03-a5f354f4836a
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 07 Sep 2023 09:55:12 GMT
server
cloudflare
etag
W/"3cb5827e31b97b1c5bf8f9012b19c2d2"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-qh8zw
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
8034227c3e2037e3-FRA
expires
Fri, 08 Sep 2023 03:39:16 GMT
adsct
t.co/i/ 		43 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=c56e3ae1-8402-4155-a016-723d253ac7ba&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b94c07ab-0eec-4902-8ff5-d35d5a5bcd6d&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.29
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-response-time
183
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
0a9b5088af0a2d8b
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
a022faacf406e394d4efd1f69b462e43289836bed72272d2d69b11c5257c3b51
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=c56e3ae1-8402-4155-a016-723d253ac7ba&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b94c07ab-0eec-4902-8ff5-d35d5a5bcd6d&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.29
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-response-time
190
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
697bd9aacd8256dd
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
5cf8e00948c5e5703fd35423fe8b85e676bf7a3890a91e7799a6de5de9a54aed
content-length
43
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-QY7QHR57BF&gtm=45je3960&_p=2018648052&_gaz=1&cid=1836493932.1694144056&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1694144055&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&dt=Chae%24%204%3A%20New%20Chaes%20Malware%20Variant%20Targeting%20Financial%20and%20Logistics%20Customers&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QY7QHR57BF&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:15 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.morphisec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QY7QHR57BF&cid=1836493932.1694144056&gtm=45je3960&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QY7QHR57BF&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:15 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.morphisec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QY7QHR57BF&cid=1836493932.1694144056&gtm=45je3960&aip=1&z=839214355
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1694144055152&dt=1694144055156&at=1694144055818&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet
na1
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c5be58dc-0806-401c-bc36-c25124827e0f
x-envoy-upstream-service-time
24
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c5be58dc-0806-401c-bc36-c25124827e0f
last-modified
Fri, 08 Sep 2023 03:34:15 GMT
server
cloudflare
x-trace
2B20494A2581F3E88CB9EDE82120AE17C6151E4346000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cc8XbW%2FAGUB8wGWEetOtSJoxrwbG69K31OM6tdQO0ZEvADBRn50FCnCFcRHX0UCZBrNZBYaZGSv6xG3CjmM4OagEqqb4Rt%2BCxGLpaqUkEixSarfdm4KiEbmIH2Z2w7skSUlYSkHwpv0L4May9hyeZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-hgnfq
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8034227cfd87046a-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1694144055152&dt=1694144055156&at=1694144055819&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet
na1
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
da2dd416-8713-444d-8511-804b6f10f625
x-envoy-upstream-service-time
5
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
da2dd416-8713-444d-8511-804b6f10f625
last-modified
Fri, 08 Sep 2023 03:34:15 GMT
server
cloudflare
x-trace
2B1D1C1F7DA2AC46CE14C3E67842E1CE0A8DBB7A10000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fh3AogRGaLO70h0cd3%2F1G9rojHrk86VV6PiVXXs%2FOGR0Sc8CHnfoagRYt1OPU0DyAalZjvtu8WybuGFCpvKkg10Nljygawu3ZAGqYR2mzcjJ3YAp8HfZLToTC8yaP6SowxlSv1z%2Fx%2FXmExAhEXA3IA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-t4r9m
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8034227cfd89046a-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=90e4b55e-7566-4ca0-84f9-3deaaa8c9ad2&lt=1694144055163&dt=1694144055165&at=1694144055820&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet
na1
date
Fri, 08 Sep 2023 03:34:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
534dc0da-59f6-4617-bbc8-f2b38db6bb19
x-envoy-upstream-service-time
5
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
534dc0da-59f6-4617-bbc8-f2b38db6bb19
last-modified
Fri, 08 Sep 2023 03:34:16 GMT
server
cloudflare
x-trace
2B9404C83BDA18820F454AC5E7B95C2CCE02717D8A000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3L%2Bx62NVTUAk1XSyH2lacSNFbCOJos7r7LRtowV5oDcrAS6mS6Xh7nVT6Th7CPIaGdZN%2BNot1wfQtyoMv9f2udZC0rnXvUMSRZLfiY7TZXdkX8fkJtBY1KzOvZU38XOdT%2F%2BKOXoNODA%2B8T12PoNBGg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-lvqkb
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8034227cfd8a046a-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&lt=1694144055151&dt=1694144055155&at=1694144055821&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet
na1
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
2bf8cc38-bac8-4195-983c-4944f69a2d93
x-envoy-upstream-service-time
11
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
2bf8cc38-bac8-4195-983c-4944f69a2d93
last-modified
Fri, 08 Sep 2023 03:34:15 GMT
server
cloudflare
x-trace
2B4C05D4BE7B3BB09DB42A9CB040075B27BCC322D1000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fm270H1udTISU6QJmzjayp4aCnd4B5U5cxjIns1l3IIg%2BmIcuiZmT7Zr4vNbdiZKTHwqCH5i7epYEpMog4fdlecY2nhZiN4T43d1UytSb5WnGYIZH8h4%2BUBhSTr9hYXRwsOpmBGgJiUa0xPpPi3Ltw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-m2kqt
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8034227cfd90046a-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&lt=1694144055151&dt=1694144055155&at=1694144055822&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet
na1
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5f67053b-e4cf-4c3e-ba82-62a6f72e1ffe
x-envoy-upstream-service-time
2
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5f67053b-e4cf-4c3e-ba82-62a6f72e1ffe
last-modified
Fri, 08 Sep 2023 03:34:15 GMT
server
cloudflare
x-trace
2BEE4793C30F1821D9BC3D628A74195A3639DCB8DF000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3z4H3jzpARwjpBS64L1e6d9Y4gFl8aUmUJjWbcrFOXv5D3L%2FPiPhbu5aAG9LD8U4O7WL8iCVK7myz%2FOeomhp4ehbfqjIsvXMaEB%2BzgULNhFkx6Aq24uYHFXVxRUgE7Tzqfpc0tF8lC3hve844vXMqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-p9jdw
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8034227cfd93046a-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=ce3bb527-eba3-4078-9bbc-b76f40432fd5&lt=1694144055148&dt=1694144055149&at=1694144055822&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet
na1
date
Fri, 08 Sep 2023 03:34:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
78671e5f-3b55-4f0d-bc34-557efc2e7ae5
x-envoy-upstream-service-time
3
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
78671e5f-3b55-4f0d-bc34-557efc2e7ae5
last-modified
Fri, 08 Sep 2023 03:34:16 GMT
server
cloudflare
x-trace
2B8F823F890740A4A6768DA9057E541578D6B7A1A9000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2FnrsozIc5svbwt%2F4WH3dMLzgakPRXjzOaUDxBVfJETIu0kx9TtayVqgY8W6uUjA9gUwuZVNtZmRe%2FjggzuV8K8pFczDGf%2BvwYQkrdPTC19GAMIzD%2B5zC4wejO7LEbLI9zuMIonqZ1%2BcypCQ6wT3MQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-t4r9m
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8034227cfd96046a-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=06461e49-d0ef-44ca-bcf3-ad6c8d5a8ff2&lt=1694144055166&dt=1694144055167&at=1694144055823&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet
na1
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
44c9e852-66b0-4372-b966-f9c054bc828c
x-envoy-upstream-service-time
3
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
44c9e852-66b0-4372-b966-f9c054bc828c
last-modified
Fri, 08 Sep 2023 03:34:15 GMT
server
cloudflare
x-trace
2BC9363BBBCE8BBEF3A485BDB372C08AD64C9DF09B000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WpOyxY3jddK0BO1AM2%2BNivJJX5v5lARxWCV%2Ba%2FejTVpccdGQ5bu1ukT4EytvRifXXF4a%2BjeRnMyK1JORXRDSI9Hpe255plNKlv5fMB24Bg0arVOFD0Kr2mRCZQ0lERO2Gb4Oe7BY5KFyIkmVvco7uA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-p9jdw
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8034227cfd9c046a-FRA
x-robots-tag
noindex, follow
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 		0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=e658bf15-1881-4aa4-af39-691ff567ac14&lt=1694144055158&dt=1694144055158&at=1694144055824&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet
na1
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
34ff7081-9d80-4595-a9d7-9417a0c2de31
x-envoy-upstream-service-time
3
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
0
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
34ff7081-9d80-4595-a9d7-9417a0c2de31
last-modified
Fri, 08 Sep 2023 03:34:15 GMT
server
cloudflare
x-trace
2B5C6DDB767A8FCB1E2CCE13CB3638F21654AB32CB000000000000000000
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HUri8HZQFxLjwmUs5H%2FR4wSvOm46LjnnNnFObEkJq8hZVXNJT7%2FkeD9m2ORMjqUjy8bxz1iFhuXSlj0c0ctwN4B0evgrfMP%2BPNhnZgJzyOlQZa5jZWfn35S6PD7AihJgjQettskSwkaGsXv2xo%2FBUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-8hpn4
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
cf-ray
8034227d0d9e046a-FRA
x-robots-tag
noindex, follow
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Fri, 08 Sep 2023 03:34:16 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
MISS
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
01bd92df-9af3-493c-8095-d22c702f976c
x-envoy-upstream-service-time
1
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
01bd92df-9af3-493c-8095-d22c702f976c
Last-Modified
Fri, 08 Sep 2023 03:34:16 GMT
Server
cloudflare
X-Trace
2BA63D8AF2EBA385D196F651EC5E3CB94F3E0579E2000000000000000000
Vary
origin, Accept-Encoding
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-tkh7m
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
X-Robots-Tag
none
CF-RAY
8034227dad6a2c7e-FRA
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Fri, 08 Sep 2023 03:34:16 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
MISS
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
7dd22fd7-9f12-4816-9241-0040e8626053
x-envoy-upstream-service-time
2
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
7dd22fd7-9f12-4816-9241-0040e8626053
Last-Modified
Fri, 08 Sep 2023 03:34:16 GMT
Server
cloudflare
X-Trace
2B8D07C4AA76926B3E2EFA2A72BB5E445A3D5E042A000000000000000000
Vary
origin, Accept-Encoding
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-pzkjr
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
X-Robots-Tag
none
CF-RAY
8034227daa632c52-FRA
df458c0b-7c81-40ec-9da9-2af54da3019d.png
1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/ 		61 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/df458c0b-7c81-40ec-9da9-2af54da3019d.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
678d195957e8d3bad46dda34465ebd1ffe24b7fcf5a3faa5836aad8d0de56264

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:16 GMT
via
1.1 56317bf75183e752b06c880e8a1e502a.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-version-id
joMYvhC0KSJ8tc5aB9xiTpDHnm7rWNE.
age
223106
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=109530
x-amz-request-id
VCH32V3QT770KAZZ
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="df458c0b-7c81-40ec-9da9-2af54da3019d.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
content-length
62960
x-amz-id-2
oiinAODurb9oBz6diCdF6SLJL0qZqDcS1gCRgEeDt7gy9MvLVC9jI2vt3Yv3Xy3i7eR9ihcKu0C92z1vk8RIu5ROEr6XqhpqhthH1itXnz0=
last-modified
Fri, 14 Jul 2023 19:34:49 GMT
cf-bgj
imgq:85,h2pri
server
cloudflare
etag
"5a342fa722a1fda7b16b8e816aaaf42a"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
8034227dbdb918d6-FRA
x-amz-cf-id
cHwbBQH-_TB0cUlnf3ZPVoz66KCANc0FdbL2LVsiqs5VjzZAEWRkkA==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
8cb9893b-7e56-4085-8364-e48ae7a205a3.png
1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/8cb9893b-7e56-4085-8364-e48ae7a205a3.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
107e363c9031994290ee6ab8547f15ead1327c6029da79ed50f8cc11e25a3362

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:16 GMT
via
1.1 fde85e7daa13f95cf6b8f5fa09c62ef6.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-version-id
e5suKRCyNEkiWRXEAuJ.oNKbsCXYYsJR
age
513153
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=56279
x-amz-request-id
YKTB1SW3FSGKF1PB
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="8cb9893b-7e56-4085-8364-e48ae7a205a3.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
content-length
30502
x-amz-id-2
N4NcA6T3YbYtdfySIEPsXDe/CZVA50Qcq0V3ONoFfW42LlqJ00NjbPM54S4Qd6sJJF5i2a0t6S8=
last-modified
Tue, 02 Aug 2022 13:53:27 GMT
cf-bgj
imgq:85,h2pri
server
cloudflare
etag
"529406a13372e910fa7b0e41a9726615"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
8034227dadb818d6-FRA
x-amz-cf-id
E3FbhYG0FpE0VvMsilw1nBVVOwHbkroqxjB39dUS_Okoi_ogCudBCQ==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
0dec2e7f-e3e3-4077-8ae8-2fdceaceff59.png
1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/ 		76 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/0dec2e7f-e3e3-4077-8ae8-2fdceaceff59.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3310869461fffafb4d0189434d4e760cc3a1ccac9c6104c3c91aacd616b964d7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:16 GMT
via
1.1 9a8ac33fc9fddfdee2faf662aa337e6a.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-version-id
ehiY9BXt4Rg5xFZ.qg4UkRNT0bM6c.UG
age
223106
x-amz-cf-pop
SOF50-P1
cf-polished
origFmt=png, origSize=158222
x-amz-request-id
V1SVCMWJ4JEAD4R4
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="0dec2e7f-e3e3-4077-8ae8-2fdceaceff59.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
content-length
77974
x-amz-id-2
QfOMogOrGQNeBV2+/vZs7WqzwRsO7K3HeV64nMT5O7g+2U6E5LTSc8CK1HqImivRZ/DpJEG59M2CIceVBXWIqiKUUUs8VqbwjMN06ZRBxC4=
last-modified
Sat, 02 Sep 2023 14:10:47 GMT
cf-bgj
imgq:85,h2pri
server
cloudflare
etag
"a9f18672219cb3ec4bedd70214be6ca5"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
8034227dbdba18d6-FRA
x-amz-cf-id
YTN-BmZ-l6OhMB6Qb0_Lz4Ag7E4ULl-iS2fu8oceDCDFPugHV5RUxQ==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
arrow-white-1.svg
www.morphisec.com/hubfs/ 		393 B
976 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.morphisec.com/hubfs/arrow-white-1.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1682515866099/module_109590708858_Header_-_Global.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=3628800; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-109682673984,P-1534169,FLS-ALL
age
1004510
x-amz-request-id
KSYRPWSYCHT6F09A
x-amz-server-side-encryption
AES256
edge-cache-tag
F-109682673984,P-1534169,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
etag
W/"f6b8983a7a9f44be13760be2a7d47927"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1680712961922
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=3628800; includeSubDomains; preload
via
1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ZWYxcYkJ3fJQSXhQh1nDTahxfuzH5ivg
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-109682673984,P-1534169,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
pESbB95gbNRswWK3Iyx6f0d8qpZB+Rrl34qepohJyrDmvtc8OF3Scab04ykic/h65IV72GfcC+JeKbfLTDEdkNJXhBeg39fnkghvM2aCrN4=
last-modified
Wed, 05 Apr 2023 16:42:42 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VCnsWK7meno3hBZZfP6VDoeat260suNb%2F2EngqCwptZoXTbqq1HKYnr8L9kpYGIlv%2FpdLlmdzK6H6n%2ByPP7xkp3TP4eE8mgNWJn5sErBUI%2F3iU5sbm6CUH64eYnptzPZrccMGHSALGWPDgto7kF%2F"}],"group":"cf-nel","max_age":604800}
cf-ray
8034227d1b6637fb-FRA
x-amz-cf-id
_hKcJoSlvcLNS30iSkhb94ipxaz_CaXc0sf_EMNCXayb7x-F7dy9Ow==
collect
www.google-analytics.com/j/ 		16 B
224 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2018648052&t=pageview&_s=1&dl=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&ul=en-us&de=UTF-8&dt=Chae%24%204%3A%20New%20Chaes%20Malware%20Variant%20Targeting%20Financial%20and%20Logistics%20Customers&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=873975630&gjid=824838119&cid=1836493932.1694144056&tid=UA-60065248-1&_gid=2029878690.1694144056&_r=1&_slc=1&gtm=45He3960n81PQBJZ8K&z=904518539
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8d1ab314c5802e0fb9580452bd6e3c67918198a9a5ed8bcb3697959e785a7d9f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:15 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.morphisec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
885880844953016
connect.facebook.net/signals/config/ 		148 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/885880844953016?v=2.9.125&r=stable&domain=blog.morphisec.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f286c63e76a725ae4828e53781893dd948809f4bd03c56535965fa98601fc3c2
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 08 Sep 2023 03:34:15 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
0YMgLy3781ZsLs6aEEASKki+H2fnlBVLkovgAbzszxnTsoafgNwV3L1pfMW+70+ujQ3UymR9q1RxlIsbCN3FWA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
counters.gif
forms-na1.hsforms.com/embed/v3/ 		35 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Fri, 08 Sep 2023 03:34:16 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
0db49217-bcc5-4a21-bb43-7c94ed6dd863
x-envoy-upstream-service-time
4
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0db49217-bcc5-4a21-bb43-7c94ed6dd863
Server
cloudflare
X-Trace
2BEA15D2EA7D67BE6EE31B6C1489CD2C1786FE05D7000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-bgnx4
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
8034227ddc6c37d1-FRA
/
content.hotjar.io/ 		56 B
161 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.hotjar.io/?gzip=1
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.c7962ba31267c30299df.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
52.215.129.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-129-16.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
a2d84a07a098bb2a22abfc81c00f283ebffcad9fb732548b0ad085d4738838de

Request headers

Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 08 Sep 2023 03:34:16 GMT
content-length
56
vary
Origin
content-type
application/json
r
scout.salesloft.com/ 		41 B
359 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDQ1MTF9.eiHnDZAhBhx__pSttlATzaQdSltPIpahvpYGdr_Bfrg
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.209.155.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-209-155-178.compute-1.amazonaws.com
Software
/
Resource Hash
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
7a2443d813c698349e3f21fb9a06c2ad
all.js
connect.facebook.net/en_US/ 		304 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js?hash=4ada06c7b94eab0fcc6f630b71fc56a5
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b280879646e8850786317c15ddfe965343be21cd90d048139cf8abf8bf3a0259
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Origin
https://blog.morphisec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 08 Sep 2023 03:34:15 GMT
content-md5
vObQKrMsX7LKcI2G0Dq5Cw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
87351
x-fb-debug
03r8BSPtHsFaQQ8TJeh2j8N+McXMqWRjfAvrxZ6duOyPaHVzok3zg9cgXp8VN7CW5su0C1PkcHhDO/+EWT/waA==
x-fb-content-md5
33e5340885751a809d7201aba1949adc
cross-origin-opener-policy
same-origin-allow-popups
etag
"213fa6b07ea1f6413f57705575af60d1"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
priority
u=3,i
expires
Sat, 07 Sep 2024 00:59:24 GMT
widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html
platform.twitter.com/widgets/ Frame 5715 		320 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fblog.morphisec.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674C) /
Resource Hash
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
1895993
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105435
Content-Type
text/html; charset=utf-8
Date
Fri, 08 Sep 2023 03:34:15 GMT
Etag
"95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified
Tue, 24 Jan 2023 21:41:13 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/674C)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
token
cdn.linkedin.oribi.io/partner/32136,3607898/domain/blog.morphisec.com/ 		36 B
375 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.linkedin.oribi.io/partner/32136,3607898/domain/blog.morphisec.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:8200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 02:44:16 GMT
content-encoding
gzip
via
1.1 c3b74c81fdcb7942211a6c721efa13fc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
3000
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=3600
x-amz-cf-id
bOFHQP1XLy_kiuntKTBVIBeQ9oENeJXqL8wRXV_DF1T_lErH6ovJpQ==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136%2C3607898&time=1694144055945&url=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-custo...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136%2C3607898&time=1694144055945&url=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-custo...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32136%252C3607898%26time%3D1694144055945%26url%3Dhttps%253A%252F%252Fblog.morphis...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136%2C3607898&time=1694144055945&url=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-custo...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136%2C3607898&time=1694144055945&url=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-cust...
0
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136%2C3607898&time=1694144055945&url=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true&e_ipv6=AQLEBhqM29YodQAAAYpy2s1_m5do-ruU3t4JO7Od3WvKXWLgwDRjlHn_0rxf6aiQJXNQieg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:17 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 519D0831B6E445DAA0362D7C2ED4DE29 Ref B: FRAEDGE1314 Ref C: 2023-09-08T03:34:16Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYE0Ka27BoQPOkcliDSjg==

Redirect headers

date
Fri, 08 Sep 2023 03:34:16 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 3CA8AC53148C4F528549403B7E1FCFB5 Ref B: DUS30EDGE0810 Ref C: 2023-09-08T03:34:16Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136%2C3607898&time=1694144055945&url=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true&e_ipv6=AQLEBhqM29YodQAAAYpy2s1_m5do-ruU3t4JO7Od3WvKXWLgwDRjlHn_0rxf6aiQJXNQieg
x-li-proto
http/2
content-length
0
x-li-uuid
AAYE0Kayo3EuJa0XWskfqQ==
token
cdn.linkedin.oribi.io/partner/32136,3607898/domain/blog.morphisec.com/ 		36 B
373 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.linkedin.oribi.io/partner/32136,3607898/domain/blog.morphisec.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:8200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 02:44:16 GMT
content-encoding
gzip
via
1.1 c3b74c81fdcb7942211a6c721efa13fc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
age
3000
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=3600
x-amz-cf-id
lpfZXpq0Z6IitAp9o4t3QkZQwXaAzrQ5LjNDiRarqOzbaBCSwASkGA==
collect
stats.g.doubleclick.net/j/ 		4 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-60065248-1&cid=1836493932.1694144056&jid=873975630&gjid=824838119&_gid=2029878690.1694144056&_u=YADAAEAAAAAAACAAI~&z=1335076757
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 08 Sep 2023 03:34:15 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.morphisec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		243 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-4GZ4VXKYJ8&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e1bef1dffc4dacd8c9119e46d19dea9065d1f185d98f0ef66a6c68f79bac4965
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
86291
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 08 Sep 2023 03:34:15 GMT
json
forms.hscollectedforms.net/collected-forms/v1/config/ 		115 B
458 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=1534169&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:579a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
601ac623c8af6ceed2d055af95a959570f130af7d96636500314f114513eee0f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
77d4e542-fc1d-4d42-8bf8-35d594a1279c
x-envoy-upstream-service-time
6
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
77d4e542-fc1d-4d42-8bf8-35d594a1279c
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-lhvpx
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
8034227e1813bba1-FRA
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-60065248-1&cid=1836493932.1694144056&jid=873975630&_u=YADAAEAAAAAAACAAI~&z=1467221843
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-60065248-1&cid=1836493932.1694144056&jid=873975630&_u=YADAAEAAAAAAACAAI~&z=1467221843
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&rl=&if=false&ts=1694144056023&sw=1600&sh=1200&v=2.9.125&r=stable&ec=0&o=30&fbp=fb.1.1694144056019.874521420&cs_est=true&it=1694144055867&coo=false&rqm=GET
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 08 Sep 2023 03:34:16 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
settings
syndication.twitter.com/ Frame 5715 		869 B
659 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=351fb66a64a65c90eb715e61485e3ec7f6782c53
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fblog.morphisec.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-response-time
109
date
Fri, 08 Sep 2023 03:34:15 GMT
content-encoding
gzip
strict-transport-security
max-age=631138519
last-modified
Fri, 08 Sep 2023 03:34:16 GMT
server
tsa_o
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
x-transaction-id
568305dc7159bec6
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
perf
7626143928
x-connection-hash
a41566ed76e6d497742d11acac90e5f58b3e6675319c9d5465ab8e5308df3239
content-length
337
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-4GZ4VXKYJ8&_ono=1&gtm=45je3960&_p=2018648052&_gaz=1&ul=en-us&sr=1600x1200&cid=1836493932.1694144056&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&dt=Chae%24%204%3A%20New%20Chaes%20Malware%20Variant%20Targeting%20Financial%20and%20Logistics%20Customers&sid=1694144056&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4GZ4VXKYJ8&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:16 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.morphisec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&_ono=1&tid=G-4GZ4VXKYJ8&cid=1836493932.1694144056&gtm=45je3960&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4GZ4VXKYJ8&cx=c&_slc=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:16 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.morphisec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-4GZ4VXKYJ8&cid=1836493932.1694144056&gtm=45je3960&aip=1&z=476402943
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Sep 2023 03:34:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
625 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
cb20cad0-5388-420e-b2e4-6bb06fe75a13
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
cb20cad0-5388-420e-b2e4-6bb06fe75a13
server
cloudflare
x-trace
2B30842FDDED90F1923B8115AED6D3AAC3DE11FDF0000000000000000000
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-dgnsg
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
8034227f7fcd046a-FRA
i
scout.salesloft.com/ 		48 B
467 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.209.155.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-209-155-178.compute-1.amazonaws.com
Software
/
Resource Hash
8b97840740de7b08fb1327504bbd3419a2530037b41c9e41968e4f1d08be70da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
445a8f5cc82e36a88f9d82793dd21bb5
button.e7f9415a2e000feaab02c86dd5802747.js
platform.twitter.com/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.e7f9415a2e000feaab02c86dd5802747.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BC) /
Resource Hash
ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Fri, 08 Sep 2023 03:34:16 GMT
Content-Encoding
gzip
Age
1895994
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
2618
Last-Modified
Tue, 24 Jan 2023 21:41:06 GMT
Server
ECS (frb/67BC)
Etag
"506673dbdb9085e7201e137e893cc152+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=315360000
tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
platform.twitter.com/widgets/ Frame EDE9 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BC) /
Resource Hash
a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
1895994
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13592
Content-Type
text/html; charset=utf-8
Date
Fri, 08 Sep 2023 03:34:16 GMT
Etag
"28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified
Tue, 24 Jan 2023 21:41:10 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67BC)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
embeds
syndication.twitter.com/i/jot/ 		43 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22morphisec%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1694144056361%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22aaf4084522e3a%3A1674595607486%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=351fb66a64a65c90eb715e61485e3ec7f6782c53
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-response-time
110
date
Fri, 08 Sep 2023 03:34:15 GMT
strict-transport-security
max-age=631138519
last-modified
Fri, 08 Sep 2023 03:34:16 GMT
server
tsa_o
vary
Origin
content-type
image/gif
x-transaction-id
4bf2b3c3e499b8f2
cache-control
must-revalidate, max-age=600
perf
7626143928
x-connection-hash
a41566ed76e6d497742d11acac90e5f58b3e6675319c9d5465ab8e5308df3239
content-length
43
truncated
/ Frame EDE9 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type
image/svg+xml
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
589 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
4d6028e3-c5ba-4b6a-b241-d7725e9e46d3
x-envoy-upstream-service-time
6
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
4d6028e3-c5ba-4b6a-b241-d7725e9e46d3
server
cloudflare
x-trace
2BCA2C1A77518010D1D7E5FD85E1F14C251680023F000000000000000000
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-kw4z4
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
803422817948046a-FRA
/
www.facebook.com/tr/ Frame 86CB 		0
51 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://blog.morphisec.com
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://blog.morphisec.com
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Fri, 08 Sep 2023 03:34:16 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
__ptq.gif
track.hubspot.com/ 		45 B
627 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4254527045&v=1.1&a=1534169&pi=132418529282&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers&cpi=132418529282&cgi=3742504875&lpi=132418529282&lvi=132418529282&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&t=Chae%24+4%3A+New+Chaes+Malware+Variant+Targeting+Financial+and+Logistics+Customers&cts=1694144057091&vi=489078618d31f4e664e94d28daa26116&nc=true&u=182053752.489078618d31f4e664e94d28daa26116.1694144057085.1694144057085.1694144057085.1&b=182053752.1.1694144057086&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
a1274af0-fed0-4f45-9432-3782b5c5ab5b
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
a1274af0-fed0-4f45-9432-3782b5c5ab5b
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5KS%2BoA8a4a1S43lE9Mu1zogEEfT4s%2FEnaX8DbmD31I14LBm7t%2BXJKor0FGTI2PvcpvmS7n8FpfcZgsM0Jqrf2WD7B2Y6lb7QKI1NQhw%2FtT1ajtdPdgfOYhrz9zgWkXbMum9gADHRwcuCD50Vqz3G"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-p7d9d
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
803422851fcd37da-FRA
x-robots-tag
none
counters.gif
perf.hsforms.com/embed/v3/ 		35 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
40def224-c048-4885-b83d-9f5edb4d2a89
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
40def224-c048-4885-b83d-9f5edb4d2a89
last-modified
Fri, 08 Sep 2023 03:34:17 GMT
server
cloudflare
x-trace
2BC61F5041AAC1940EA2938D315179178E5ECCB5EC000000000000000000
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-p9jdw
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
803422851ca2046a-FRA
__ptq.gif
track.hubspot.com/ 		45 B
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=54e6a766-3e12-488f-9311-62bb00903d66&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4254527045&v=1.1&a=1534169&pi=132418529282&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers&cpi=132418529282&cgi=3742504875&lpi=132418529282&lvi=132418529282&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&t=Chae%24+4%3A+New+Chaes+Malware+Variant+Targeting+Financial+and+Logistics+Customers&cts=1694144057110&vi=489078618d31f4e664e94d28daa26116&nc=true&u=182053752.489078618d31f4e664e94d28daa26116.1694144057085.1694144057085.1694144057085.1&b=182053752.1.1694144057086&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
a4b9706f-5595-4bec-a991-f24de702c6f1
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
9
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
a4b9706f-5595-4bec-a991-f24de702c6f1
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZALNNmEd950fUpoqS9Vwxm68fIvDQsdb0zUDdS%2FZCJYM%2FcvrDDN5wVNoK%2Fk58Q%2FblS%2FpMSLGzYIunxgoZQEArlv3bYvUsY%2Fk6ZK6ULEQUnXb0eqlrRCrkC0EQNXjWuNsshoHk2Rl1xVuKbakd2ls"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-85gwf
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
803422855feb37da-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
579 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=17&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=54e6a766-3e12-488f-9311-62bb00903d66&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4254527045&v=1.1&a=1534169&pi=132418529282&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers&cpi=132418529282&cgi=3742504875&lpi=132418529282&lvi=132418529282&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&t=Chae%24+4%3A+New+Chaes+Malware+Variant+Targeting+Financial+and+Logistics+Customers&cts=1694144057112&vi=489078618d31f4e664e94d28daa26116&nc=true&u=182053752.489078618d31f4e664e94d28daa26116.1694144057085.1694144057085.1694144057085.1&b=182053752.1.1694144057086&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
56bd6464-7554-4535-ad2e-37ae647d687e
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
11
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
56bd6464-7554-4535-ad2e-37ae647d687e
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J0Y6dRQ%2BkZUmc%2F9PQ5DonOb4%2B%2BoO1L1484Z6TdBWivf%2BaYznE%2FDQQ1tXOxc9ZCFLSveHr8mIusVA97LlD7JJdFo95TMfZaSBQTAsGMEVt5J7F4Tl7xfYU9AK148%2BmfngEotwbUQjn2p%2FQbyqOL1O"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-w76pp
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
803422855fec37da-FRA
x-robots-tag
none
like.php
web.facebook.com/plugins/ Frame 28C3 		0
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff1e76949341ac%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff379e0082b66618%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=4ada06c7b94eab0fcc6f630b71fc56a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:6:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 08 Sep 2023 03:34:17 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/web.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
TKFG8C3xCKJMTC6nboTqwwXfQQ1ozQ+D//6fPWIN082PDkVxaAXviTXUZze4nV0SkuwEKdlpC2ix6di5xABczw==
x-xss-protection
0
__ptq.gif
track.hubspot.com/ 		45 B
468 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3%22%2C%22c5b10fd2-1f83-4c8f-b33b-106296dbd6da%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4254527045&v=1.1&a=1534169&pi=132418529282&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers&cpi=132418529282&cgi=3742504875&lpi=132418529282&lvi=132418529282&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&t=Chae%24+4%3A+New+Chaes+Malware+Variant+Targeting+Financial+and+Logistics+Customers&cts=1694144057098&vi=489078618d31f4e664e94d28daa26116&nc=true&u=182053752.489078618d31f4e664e94d28daa26116.1694144057085.1694144057085.1694144057085.1&b=182053752.1.1694144057086&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e7189f72-a70b-450f-8311-d8642d23a8a3
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
11
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e7189f72-a70b-450f-8311-d8642d23a8a3
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rRG1wGiGvAYEfTieOgT3oM1kBtxVktUz%2B3ryAC1kWN0jbrSXeSP%2ByW1qtrDo%2BR8abzn7v5f2wCxRHUjci9P2jWH9Mt6i14vfvP51uMrJ4C1A8DvjKLVPeUHcNw8RxaflOAnuj25qqvs0hetQ7Z7i"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-jpkw5
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
80342285881837da-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
663 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%223c83d6d5-0c56-47b7-8aee-ae6edf73c360%22%2C%2264affa5c-d696-47c5-9e88-09336d256046%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4254527045&v=1.1&a=1534169&pi=132418529282&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers&cpi=132418529282&cgi=3742504875&lpi=132418529282&lvi=132418529282&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&t=Chae%24+4%3A+New+Chaes+Malware+Variant+Targeting+Financial+and+Logistics+Customers&cts=1694144057103&vi=489078618d31f4e664e94d28daa26116&nc=true&u=182053752.489078618d31f4e664e94d28daa26116.1694144057085.1694144057085.1694144057085.1&b=182053752.1.1694144057086&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
40f3ff37-bdde-4e41-9dfb-7af930af05db
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
10
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
40f3ff37-bdde-4e41-9dfb-7af930af05db
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3dewDsh%2F%2F%2B4npMvUh%2FFwPCWokLMOjd4KFHr4CZAhor6lgkPLKOVv41WIpDKtIFgW0qmEnaFjs5sgVyL6UOUmuNQZZnWYOO7B2raiyWq6ix4mDxeRUuBS6r9QiMHC2TY4luE0Xl%2B925E1WcxuOn91"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-c27v2
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
80342285881937da-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%2206461e49-d0ef-44ca-bcf3-ad6c8d5a8ff2%22%2C%223748b58d-cb4b-43c4-aa1d-004c790bbe6a%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4254527045&v=1.1&a=1534169&pi=132418529282&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers&cpi=132418529282&cgi=3742504875&lpi=132418529282&lvi=132418529282&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&t=Chae%24+4%3A+New+Chaes+Malware+Variant+Targeting+Financial+and+Logistics+Customers&cts=1694144057106&vi=489078618d31f4e664e94d28daa26116&nc=true&u=182053752.489078618d31f4e664e94d28daa26116.1694144057085.1694144057085.1694144057085.1&b=182053752.1.1694144057086&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
aa033706-ef94-4845-9e1a-86971cd6346b
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
8
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
aa033706-ef94-4845-9e1a-86971cd6346b
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VklPRcQ8g0UmWkNgiUBb9YhZukxUnCmFxqFLVAZnHJBqeZVyhA4cP2MZ4MLzAjbsNR4c7km%2BoHHJZEe9xGaDzUJTRv%2BVm5leBEO2O34IE8Y8XqmrAXGymi94vgoNpXCOl5Zx%2FfPjiDaqPUEvul4N"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-s99qq
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
80342285881b37da-FRA
x-robots-tag
none
json
forms.hubspot.com/lead-flows-config/v1/config/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1534169&utk=489078618d31f4e664e94d28daa26116&__hstc=182053752.489078618d31f4e664e94d28daa26116.1694144057085.1694144057085.1694144057085.1&__hssc=182053752.1.1694144057086&contentId=132418529282&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
505da359dc2968009a505b1c0de5207aeccd0f39b7ccf3086293c37a45f758e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
396cd150-df66-4b0b-a9f0-c8abb05bfe10
content-encoding
br
x-envoy-upstream-service-time
39
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
396cd150-df66-4b0b-a9f0-c8abb05bfe10
server
cloudflare
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2j2aUgGGiwPf08lhw1p2MLxWGHXxPB38CjYX8S4OT1I8xG7B6Kja%2FHC9AaiPPkmNXOwcKT7K2lOpxhkKQ2T2K8IHGhqFi%2Bhwdscy%2FMCJf9o5d3gfaLs6XJ22rU4y2qYKmFctcMNEhwH8ZBI1S%2FO%2B"}],"group":"cf-nel","max_age":604800}
x-robots-tag
none
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
8034228638fb9a33-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-tkdzf
__ptq.gif
track.hubspot.com/ 		45 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=16&fi=793c7b55-5354-40a5-a09f-5c8f3e0c1a23&lfi=147151&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4254527045&v=1.1&a=1534169&pi=132418529282&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers&cpi=132418529282&cgi=3742504875&lpi=132418529282&lvi=132418529282&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&t=Chae%24+4%3A+New+Chaes+Malware+Variant+Targeting+Financial+and+Logistics+Customers&cts=1694144057493&vi=489078618d31f4e664e94d28daa26116&nc=true&u=182053752.489078618d31f4e664e94d28daa26116.1694144057085.1694144057085.1694144057085.1&b=182053752.1.1694144057086&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers?utm_medium=email&_hsmi=273167937&_hsenc=p2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ&utm_content=273167937&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Fri, 08 Sep 2023 03:34:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
d6a90030-386c-4aec-975e-72803becd4a8
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
13
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d6a90030-386c-4aec-975e-72803becd4a8
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IsCw%2Bd60jfM0E3VDVZJHb3HubIFgANAWdLDMl9IpLwIAlTT%2BksTCGl9UNDZwequshG2ZJt%2BrgvRcMLp6Gw2YNtB8rWq%2BUGB99S469UcjsxbJCcrT1%2BWpouvdiM3drLGAflTYYVXnRWaOI0CG6q26"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-78r47
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
80342287796737da-FRA
x-robots-tag
none
collect
region1.analytics.google.com/g/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
region1.analytics.google.com
URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HFVX4VZHCS&gtm=45je3960&_p=2018648052&cid=1836493932.1694144056&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1694144055&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fchaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers%3Futm_medium%3Demail%26_hsmi%3D273167937%26_hsenc%3Dp2ANqtz--TvNTs4L08C9P3L5DU_Bf7HIyij9FIJxUzgSgRAabNjl-1cjNUhmzIP9SOLd41bnzYc2KU6eVKMCb6yQxmcidk7fHdrQ%26utm_content%3D273167937%26utm_source%3Dhs_automation&dt=Chae%24%204%3A%20New%20Chaes%20Malware%20Variant%20Targeting%20Financial%20and%20Logistics%20Customers&en=10percent&_et=1590

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| documentPictureInPicture function| $ function| jQuery object| dataLayer string| src object| s object| __COOKIE_BANNER_SETTINGS__ function| hj object| _hjSettings object| __core-js_shared__ object| Sslac object| IN object| chunkCB function| addCFGTMConsentListener number| __COOKIE_BANNER_INIT_TIME__ object| _hsq object| hbspt object| hsVars function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage object| lottie-player object| reactiveElementVersions object| litHtmlVersions object| litElementVersions undefined| module_109590708858 function| i18n_getmessage function| i18n_getlanguage object| hubspot object| HubSpotForms object| hsFormsOnReady object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| options undefined| module_2712622 object| hsPostListings function| hsPopulateListingFeed function| hsOnReadyPopulateListingFeed_1511797933_1694144054447 string| _linkedin_partner_id object| _linkedin_data_partner_ids function| twq string| SLScoutObject function| slscout object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| fbq function| _fbq function| lintrk function| LazyLoad object| imgLazy function| stickyHeader object| vid function| playVid function| pauseVid function| setHeight function| mixitup function| jsonpHandler function| onYouTubeIframeAPIReady object| gaGlobal object| process object| _hsp object| regeneratorRuntime object| twttr object| gaplugins object| gaData object| FB object| __twttrll object| __twttr boolean| _already_called_lintrk object| __hsCollectedFormsDebug object| _paq function| sanitizeKey boolean| _hstc_loaded object| globalRoot undefined| hns function| bindToWindowOnError object| leadflows function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive undefined| hns2 undefined| jade undefined| I18n undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| __buffer boolean| _hspb_ran boolean| _hspb_loaded boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| LEAD_FLOW_DOCUMENT_READY_RAN

36 Cookies

Domain/Path Name / Value
.engage.morphisec.com/ Name: __cf_bm
Value: XoG54xxhvW96eJSCc6Gc_0D1.RiJl6ea6c9QC4n25uM-1694144053-0-AY6XzhWe+5spkhyBsb/0qEfGQJi/hkzhT+Awz77SgQrkNunW0aV9X/2RuFA7NCv1FUJLWIzvVf7Gwn1m0ijmTvg=
.engage.morphisec.com/ Name: __cfruid
Value: 87f238222c629e38b9a9da2f8766ed9c6661a672-1694144053
.blog.morphisec.com/ Name: __cf_bm
Value: 5w9S_JS9XH0YNkZ_8wateyWM2QlJKOdY3Wcq1BiRwjI-1694144054-0-ATvfmnIhLjD3/OxLLf25U2GWuNO/JwhViD3AVbsOOXhJ0X+dF3cHL75za25cRoeImbObXdoaLUAqXeUTHSVtRHA=
.blog.morphisec.com/ Name: __cfruid
Value: 681361f6bed80654bb06b8f5c36c3dfe2225e220-1694144054
.www.morphisec.com/ Name: __cf_bm
Value: iYYamQy.GU.jNDdhFa6ECm9zlQrdC0umsOsQZRuYt_w-1694144055-0-Acg0GLXUHYQkyH8y7vObj4zq2dienG9MlaiWbtjRSMBKfqsmEAHpbqEyw6OS9Sf2QVvMhxrjUQLlFIgLmSTBkLk=
.www.morphisec.com/ Name: __cfruid
Value: 9599a4298a604687ca60bb26400617eb8a74e2d0-1694144055
.hubspot.com/ Name: __cf_bm
Value: pBKLBIpR7EzcU0jn69fERgh3f1EptujMCfLCBvOGWhI-1694144055-0-AVqN3exrJkxbEfJydDTETw1QBRFC1Ppp6yC5kQL08aJKdPw242NvLAYI276Gb3C7xlgTb3mebVnCYNKcMalHSjk=
.morphisec.com/ Name: _ga_QY7QHR57BF
Value: GS1.1.1694144055.1.0.1694144055.60.0.0
.morphisec.com/ Name: _hjSessionUser_3506314
Value: eyJpZCI6IjVkOTYyMDA3LTc5ZWYtNTZlYi1hMDU3LTM1NGNlZGM1Mzg0OSIsImNyZWF0ZWQiOjE2OTQxNDQwNTU3MjAsImV4aXN0aW5nIjpmYWxzZX0=
.morphisec.com/ Name: _hjFirstSeen
Value: 1
.morphisec.com/ Name: _hjIncludedInSessionSample_3506314
Value: 1
.morphisec.com/ Name: _hjSession_3506314
Value: eyJpZCI6IjlkMmIyOGFhLTliZWItNDJhZi04NTdhLTAyOGRiZTk5MDIyOSIsImNyZWF0ZWQiOjE2OTQxNDQwNTU3MjIsImluU2FtcGxlIjp0cnVlfQ==
.morphisec.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.morphisec.com/ Name: _ga
Value: GA1.2.1836493932.1694144056
.morphisec.com/ Name: _gid
Value: GA1.2.2029878690.1694144056
.morphisec.com/ Name: _gat_UA-60065248-1
Value: 1
.t.co/ Name: muc_ads
Value: e2c3290f-6661-4a9b-8d3f-e833ac9a97d4
.morphisec.com/ Name: _fbp
Value: fb.1.1694144056019.874521420
blog.morphisec.com/ Name: ln_or
Value: eyIzMjEzNiwzNjA3ODk4IjoiZCJ9
.twitter.com/ Name: personalization_id
Value: "v1_ihWr49w3mOb9rQnRhheAzQ=="
.morphisec.com/ Name: _ga_4GZ4VXKYJ8
Value: GS1.2.1694144056.1.0.1694144056.60.0.0
.linkedin.com/ Name: li_sugr
Value: ff5a9b55-0db2-4fd3-b783-82ded8024509
.linkedin.com/ Name: bcookie
Value: "v=2&867af7ad-8f75-46d0-8211-e066b5c1b42c"
.linkedin.com/ Name: lidc
Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2591:u=1:x=1:i=1694144056:t=1694230456:v=2:sig=AQEc10NEUrmm0KuVC5wHAJaxf38a0ZI7"
blog.morphisec.com/ Name: slireg
Value: https://scout.us2.salesloft.com
blog.morphisec.com/ Name: sliguid
Value: 83aa44bb-9c85-4550-b24c-a90c3774f2bb
blog.morphisec.com/ Name: slirequested
Value: true
.linkedin.com/ Name: UserMatchHistory
Value: AQIubmlqfMJNFQAAAYpy2sv6tYdgJEzg5zqVpZxyzkDX-l6E0uWp1ScW6F2cEQ6wWx1wTr3huwh5gA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJsH45lLr7-UgAAAYpy2sv60SqXCRfC-wBORFeEiZVF4z_SgfVzCfGSAkXM_tGjwK2XFKAubOsRJpHX1VY6Fg
.www.linkedin.com/ Name: bscookie
Value: "v=1&202309080334166a128374-aed2-4215-85e1-e240ef4fe1d7AQH9YZjxWWULk5D5CsJMbV_eIKwi8lgd"
.linkedin.com/ Name: li_gc
Value: MTswOzE2OTQxNDQwNTY7MjswMjEmGvVEfCah3upRzJl1BlmjE8sPbpncOBwlTm0+sm3s+A==
.morphisec.com/ Name: __hstc
Value: 182053752.489078618d31f4e664e94d28daa26116.1694144057085.1694144057085.1694144057085.1
.morphisec.com/ Name: hubspotutk
Value: 489078618d31f4e664e94d28daa26116
.morphisec.com/ Name: __hssrc
Value: 1
.morphisec.com/ Name: __hssc
Value: 182053752.1.1694144057086
.morphisec.com/ Name: _ga_HFVX4VZHCS
Value: GS1.1.1694144055.1.0.1694144057.58.0.0

2 Console Messages

Source Level URL
Text
network error URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/version.json?v=1694144055052
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://consent.cookiefirst.com/sites/*.morphisec.com-e09f147d-1c6f-4132-9a2b-2a82974b5289/version.json?v=1694144055052
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1534169.fs1.hubspotusercontent-na1.net
analytics.twitter.com
app.hubspot.com
blog.morphisec.com
cdn.linkedin.oribi.io
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
consent.cookiefirst.com
content.hotjar.io
cta-service-cms2.hubspot.com
engage.morphisec.com
fonts.googleapis.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
js.hs-analytics.net
js.hs-banner.com
js.hscollectedforms.net
js.hsleadflows.net
no-cache.hubspot.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
track.hubspot.com
web.facebook.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.morphisec.com
region1.analytics.google.com
104.244.42.195
104.244.42.197
104.244.42.8
13.107.42.14
146.75.120.157
18.66.97.37
2001:4860:4802:34::36
2400:52e0:1e00::1082:1
2600:9000:20eb:8200:2:53b2:240:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:2c40::c73c:671f
2606:2c40::c73c:67e1
2606:4700:4400::ac40:9284
2606:4700:4400::ac40:991b
2606:4700::6810:4fba
2606:4700::6810:6cd1
2606:4700::6811:129
2606:4700::6811:180e
2606:4700::6811:579a
2606:4700::6811:eff9
2606:4700::6812:5ffd
2606:4700::6812:7a0c
2606:4700::6812:b07d
2606:4700::6812:c07d
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:801::2008
2a00:1450:4001:80e::200a
2a00:1450:4001:828::2004
2a00:1450:4001:829::200e
2a00:1450:4001:82b::2003
2a00:1450:400c:c00::9a
2a02:26f0:7100::1720:ef23
2a03:2880:f083:6:face:b00c:0:2
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
52.215.129.16
52.222.236.43
54.209.155.178
026c249acda71b64fe2510542d88ae26073694f89b595b1fd0e9f3ad501bf6b4
03e92e542d70afb9e6de527108a228da0be3b095602f3a161c71913f901177a3
107e363c9031994290ee6ab8547f15ead1327c6029da79ed50f8cc11e25a3362
112db83f404a3f990c3c9a62a45d4449900c4b012e1be08968b4fe11e5fbb64e
142f773b0e0de427e4df32424ad6361fbbbde503562a5f14bb7ba5532e800f7a
191cabfcf48c25d8837d6b16a139db52d3a370e72424747a94365fcf8a4e7ed1
1a4052b7829a42968ea006f0edcd539c7a50d82b77866dab6288fcb401c26aeb
1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c
21023f5d054a83bc08f93ed07cd0aac874c7a6e6741374a6d81fd7b9fe14b636
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd
2a37df9b62b707ec5fdb35b353a69850e83187f8bf2147565a7cee3c8946d508
2f54b7fda4cf19d8025a6e9eae10df1d10a13bd290021243b61c662940f706a7
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
308806899774b77d9b9d7e9f49fc60a9263d45ec901d671199a27866fb56801a
3310869461fffafb4d0189434d4e760cc3a1ccac9c6104c3c91aacd616b964d7
3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
35ec2b65620688dd66709cc76950315c1a71f5f8106bc7320c3997e350127d5d
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117
3ae57cc3ee92cd4b19b19c70d7d703a6028a2c9fce97ec45c90027637d11a605
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56
40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13
44b0ef85aea4bec4e0ad2622bad380b0b4c6fa58b084b9da0cc05a35a956954b
44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786
46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
505da359dc2968009a505b1c0de5207aeccd0f39b7ccf3086293c37a45f758e3
590be5bcdccaac42546828ac4dfaf4aee3a3badf11b38ec2c1c1cfcb4bf14973
5a310b7dbaf9f4c6bed4342cdbaeab0c4e611c71a79ea3da893597a707ada6df
601ac623c8af6ceed2d055af95a959570f130af7d96636500314f114513eee0f
61eeaf3752ec4a775d833ab1ffe79787a750f59cb9c2933aad9cc276a36eb5fb
636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8
678d195957e8d3bad46dda34465ebd1ffe24b7fcf5a3faa5836aad8d0de56264
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72
6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545
71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33
723c5d68ccd574fdda0dc2aa734d70ca1a64c4ab6787a816bea3f5d8736abe85
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88b21865946094fab59246a502be4f12fa3b9db1aba1049b94589ecbeec69699
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
8afd372669afd5d07103428d24a962c21475f018ef944b5780aba65a20e3cbfd
8b97840740de7b08fb1327504bbd3419a2530037b41c9e41968e4f1d08be70da
8d1ab314c5802e0fb9580452bd6e3c67918198a9a5ed8bcb3697959e785a7d9f
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
95108c46c4d90ea8e0cadd583ba6d218540e3516acd11af5847aea87c76500e7
9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c
9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b
a2d84a07a098bb2a22abfc81c00f283ebffcad9fb732548b0ad085d4738838de
a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b
a94c9721065f439be9cc925919bfaf1c7dc04686838fe3b717ae025f21ecb367
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
aabed34e2a0200a8efc45c28298905cb189a0fa6b2517aa2bb91197ce057c6f0
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65
afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf
b013edca6df70d9cad84e7930f49d232928ded92c964dc6503eae3dadf5aba4e
b212b5d5a1ff05906a7bbe45ec1192cb7f8cb096da65573b94eb19e3d853bccd
b280879646e8850786317c15ddfe965343be21cd90d048139cf8abf8bf3a0259
b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
b76d5259cb8aa380242c4a6e3ebae23893b5a3bf533e140286e7a1eff8e42d13
b94eb2ebe512bc0e3ae4c65de291e8963001dadcfd3ee6ef98a1c60caae70ffe
be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c1d8ffa9b1cfeb7d15f3ed42fb7a2eb9fd7bd909adac067a12481459d2a05b97
c346d3ad9f8c70c306147651ee63945db5ed91de2f0df915dc16326de568358a
c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
cfe51b3bf22969cd5b55965f4bb5106b56c5298f1f81fd00051736570eaeb5f6
d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c
d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24
d6ded884075b5ffaa5a25ef9dd9a94a2389317dcc3b6357f1ddaeecae4ad52f2
d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e1bef1dffc4dacd8c9119e46d19dea9065d1f185d98f0ef66a6c68f79bac4965
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46b119e828fe0ea4fd278962f46850cdab8f2e1fbbf3ffe6c9e711bc11fe078
ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f235825b5218615bdb1ee89f93390d93fc4ed4090e990602dc617aac6ef2b6ab
f286c63e76a725ae4828e53781893dd948809f4bd03c56535965fa98601fc3c2
f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96
f5d7e440936d0aa4088a8bacc16206224b58b6fa1882dc54c3f953450fc75563
f62504abbb867b0d53b4d90d746313621819f2c5d39ceab4695ac2b0ef8cf223
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8afd66def7352255098d4a54bdc0114afffdb5ae1f346e6d64e9d513fddb3d4
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe3d59da6159a2cc838acab61857e76b71cfc9b55b224f65ee5134f3e8d685a7