urlscan.io logo urlscan.io
SecurityTrails logo

blog.polyswarm.io Open in urlscan Pro
2606:2c40::c73c:67fe  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tinyurl.com/232ujyv8
Effective URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Submission: On August 05 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 3 countries across 14 domains to perform 59 HTTP transactions. The main IP is 2606:2c40::c73c:67fe, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.polyswarm.io.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 12th 2022. Valid for: a year.
This is the only time blog.polyswarm.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
33 2606:2c40::c7... 209242 (CLOUDFLAR...)
1 2a02:26f0:11a... 20940 (AKAMAI-ASN1)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:2c40::c7... 209242 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a03:2880:f02... 32934 (FACEBOOK)
4 199.232.16.157 54113 (FASTLY)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 104.244.42.136 13414 (TWITTER)
5 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a03:2880:f10... 32934 (FACEBOOK)
59 16
1    2606:4700:10::6814:8b41 (United States)

ASN13335 (CLOUDFLARENET, US)
tinyurl.com
33    2606:2c40::c73c:67fe (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
blog.polyswarm.io
1    2a02:26f0:11a::6867:4868 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
platform.linkedin.com
1    2606:4700::6811:f0cc (United States)

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
1    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:2c40::c73c:671d (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
designers.hubspot.com
1    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700::6811:6d2 (United States)

ASN13335 (CLOUDFLARENET, US)
static.hsappstatic.net
2    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
4    199.232.16.157 (Vienna, Austria)

ASN54113 (FASTLY, US)
platform.twitter.com
4    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
app.hubspot.com
track.hubspot.com
1    2606:4700:4400::ac40:9a55 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
2    104.244.42.136 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
5    2606:4700:4400::ac40:9ad8 (United States)

ASN13335 (CLOUDFLARENET, US)
5737925.fs1.hubspotusercontent-na1.net
1    2a03:2880:f107:83:face:b00c:0:25de (Vienna, Austria)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
33 polyswarm.io
blog.polyswarm.io
2 MB
6 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 674
syndication.twitter.com — Cisco Umbrella Rank: 864
149 KB
5 hubspotusercontent-na1.net
5737925.fs1.hubspotusercontent-na1.net
14 MB
5 hubspot.com
designers.hubspot.com — Cisco Umbrella Rank: 112471
app.hubspot.com — Cisco Umbrella Rank: 5428
track.hubspot.com — Cisco Umbrella Rank: 2017
8 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 155
87 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
3 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 1927
20 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 1934
16 KB
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 6551
83 KB
1 gstatic.com
fonts.gstatic.com
27 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 67
892 B
1 hubspot.net
cdn2.hubspot.net — Cisco Umbrella Rank: 6647
2 KB
1 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 2714
160 KB
1 tinyurl.com
tinyurl.com — Cisco Umbrella Rank: 17894
448 B
59 14
Domain Requested by
33 blog.polyswarm.io blog.polyswarm.io
5 5737925.fs1.hubspotusercontent-na1.net blog.polyswarm.io
4 platform.twitter.com blog.polyswarm.io
platform.twitter.com
3 track.hubspot.com
2 syndication.twitter.com platform.twitter.com
2 connect.facebook.net blog.polyswarm.io
connect.facebook.net
1 www.facebook.com connect.facebook.net
1 js.hs-analytics.net blog.polyswarm.io
1 js.hs-banner.com blog.polyswarm.io
1 app.hubspot.com blog.polyswarm.io
1 static.hsappstatic.net designers.hubspot.com
1 fonts.gstatic.com fonts.googleapis.com
1 designers.hubspot.com blog.polyswarm.io
1 fonts.googleapis.com blog.polyswarm.io
1 cdn2.hubspot.net blog.polyswarm.io
1 platform.linkedin.com blog.polyswarm.io
1 tinyurl.com 1 redirects
59 17
Subject Issuer Validity Valid
blog.polyswarm.io
Cloudflare Inc ECC CA-3		 2022-05-12 -
2023-05-12		 a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2022-06-09 -
2023-06-09		 a year crt.sh
hubspot.net
Cloudflare Inc ECC CA-3		 2022-05-06 -
2023-05-06		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-07-11 -
2022-10-03		 3 months crt.sh
designers.hubspot.com
Cloudflare Inc ECC CA-3		 2022-05-06 -
2023-05-06		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-07-11 -
2022-10-03		 3 months crt.sh
hsappstatic.net
Cloudflare Inc ECC CA-3		 2022-05-10 -
2023-05-10		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-05-14 -
2022-08-12		 3 months crt.sh
platform.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-21 -
2023-08-21		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2022-03-08 -
2023-03-07		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-02 -
2023-06-01		 a year crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
hubspotusercontent-na1.net
Cloudflare Inc ECC CA-3		 2022-02-24 -
2023-02-23		 a year crt.sh

This page contains 4 frames:

Primary Page: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Frame ID: 6362D6CB1974D0EB18D9D6244764A60E
Requests: 55 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b1befbea3a1424bb94efd70105dfa52.html?origin=https%3A%2F%2Fblog.polyswarm.io
Frame ID: 4C1CA11BE5C6E45BBE162E0A3DB526FF
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3326cde971209%26domain%3Dblog.polyswarm.io%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.polyswarm.io%252Ff35871f729c2d38%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers&layout=button_count&locale=en_GB&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 7A0A93B23BA3E326C9D3305F8130FA51
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b1befbea3a1424bb94efd70105dfa52.en.html
Frame ID: B164A9571AE4FCCFA52C77FED57C8F0A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PennyWise Infostealer Targets Crypto and Browsers

Page URL History Show full URLs

  1. https://tinyurl.com/232ujyv8 HTTP 301
    https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

59
Requests

100 %
HTTPS

88 %
IPv6

14
Domains

17
Subdomains

16
IPs

3
Countries

17035 kB
Transfer

18652 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tinyurl.com/232ujyv8 HTTP 301
    https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

59 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request pennywise-infostealer-targets-crypto-and-browsers
blog.polyswarm.io/
Redirect Chain
  • https://tinyurl.com/232ujyv8
  • https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
112 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
f143c0357b27f45b41744e81e02032c5b0dd9cc9bbf77d91f994d94ca11b3efe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
s-maxage=14400, max-age=0
cf-h2-pushed
</hs/hsstatic/AsyncSupport/static-1.122/js/rss_listing_asset.js>,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>,</hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js>,</_hcms/forms/v2.js>
cf-ray
735cef3338bb9168-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 04:54:22 GMT
edge-cache-tag
CT-80451891767,CG-9132801831,P-5737925,L-11811979713,CW-11811907629,CW-11828756290,CW-29598158453,CW-9132114681,E-11811979805,E-29569734040,PGS-ALL,SW-2,GC-44308679179
etag
W/"84a010ae61161fc61824e42d77162d41"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Fri, 05 Aug 2022 04:25:51 GMT
link
</hs/hsstatic/AsyncSupport/static-1.122/js/rss_listing_asset.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script,</hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dzG4aans1Y3BOGzKoJlaU%2F%2FPYnjuIGxlswmwbjboH1wOpekq%2FkGvB5TZLbiLodjV2da7PUo2K4LNwsB0gwCrZw1p7WBmXVDhQBnY4y8fmUxGl9wG%2FNCEJrfQ%2B097%2FbEE4fXV0Ihaz5CLwnHpNiSi"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=14400, max-age=0
x-hs-cf-cache-status
MISS
x-hs-combine-css
Disabled
x-hs-content-campaign-id
65560164-7c8a-4586-a937-e83c886e1906
x-hs-content-id
80451891767
x-hs-hub-id
5737925
x-hs-prerendered
Fri, 05 Aug 2022 04:25:51 GMT
x-powered-by
HubSpot

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=0, public, s-max-age=900, stale-if-error: 86400
cf-cache-status
DYNAMIC
cf-ray
735cef2fabbf9bb8-FRA
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 04:54:21 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
referrer-policy
unsafe-url
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-powered-by
PHP/8.1.8
x-xss-protection
1; mode=block
rss_listing_asset.js
blog.polyswarm.io/hs/hsstatic/AsyncSupport/static-1.122/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs/hsstatic/AsyncSupport/static-1.122/js/rss_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b11a2a808c8ad60fe8be6443526f32924f0c51970bb12fe40ecd4ba75d45af59
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:22 GMT
via
1.1 048a65288aba3f3565a971a2e44151be.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
13610296
x-amz-server-side-encryption
AES256
cf-ray
735cef38cee09168-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"ac60b63e840dbff2cb77380d944c56f7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xjMTYqHP3cgdMga1w52Cx9vPxAeSb9PMyfmz2XLA7U%2BfICDhfkuEnHn6cksvqzX7o4TzWO%2BMVztGnY1Gnu7p7xkt5TUY3v%2BajEyszEmObWddiuTBC%2F%2F4qc4P1aV6TzafEdY8sbayQ%2BQAK07VFxrQ"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
lhWhd2Dvd2O45q4bkpzaDI8l3u3bPO5D
cache-control
public, max-age=31536000
x-amz-cf-pop
ZRH50-C1
content-type
application/javascript
x-amz-cf-id
vZiw9SLAXVxmFFAHorQY-bEUc2gIIABlAmLk0Jx3i4mg0nM3RNdnEQ==
expires
Sat, 05 Aug 2023 04:54:22 GMT
project.js
blog.polyswarm.io/hs/hsstatic/cos-i18n/static-1.53/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:22 GMT
via
1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
13619109
x-amz-server-side-encryption
AES256
cf-ray
735cef38cee19168-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uB5JffFURsu9BihMD3ZwVdQ3TuZYYzuor6c4170D01gFcP8liUxKuVw1PSBsT0g%2FBBmn4pte8MYsnsc5p3MEh2aQdbKjY1obFXpPyZpI33BGqcLE9l54t1gH%2B0bdXJF%2Fxp12ikDCbTZzfVYlBIiQ"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
application/javascript
x-amz-cf-id
lW4qF689P3Dc0HMw43ovy8wjZ74uhX_Wh4bq4rNr2huIwgx-yNd3Uw==
expires
Sat, 05 Aug 2023 04:54:22 GMT
post_listing_asset.js
blog.polyswarm.io/hs/hsstatic/AsyncSupport/static-1.122/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:22 GMT
via
1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
13616178
x-amz-server-side-encryption
AES256
cf-ray
735cef38cee29168-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"d95d7dafd49a1edc76a47120c287b579"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3zjQ9ej5tnGanXJ97cg0iYMyZU0TK%2FBLad9PZwZvQa%2Bpuy3ygrNxtIVynKVBXVo%2FOE8fnBQ0J2smT758dfaV4tz2%2FoQ2am54A1hvliRSnejI2mdqmuiRF5molg7AJ5Z4RPj9%2FoXGue6t6HLU%2BXt"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
nC1hzr07YsutChb9rCwKsMoiyxip8lR7
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
application/javascript
x-amz-cf-id
zVNxZf2Dg1wZCWtWJzxJCecOQzSUXe5bTkNXM94h040uwXz3FElVkQ==
expires
Sat, 05 Aug 2023 04:54:22 GMT
index.js
blog.polyswarm.io/hs/hsstatic/HubspotToolsMenu/static-1.138/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a50df52651133ee2b309daf0c3b921e9f5109067d5e11f2b8dd055f9ca3e66f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:22 GMT
via
1.1 5317564e96c9dceb46123f6c5f149a02.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
653782
x-amz-server-side-encryption
AES256
cf-ray
735cef38cee39168-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Wed, 27 Jul 2022 14:35:54 GMT
server
cloudflare
etag
W/"0d86ec7be24f2dff2308b8edf54c2f32"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VUzvAO5QItSeQf563vykJpy4lAe1hXegdsObpwkeZy8a4XkYLnnfRA1%2FuKr%2BcQVDLN6W2Nl6HZe4keHZMWnsNdXvggIspQ%2BxTROa4mU5znlD%2BRXIUzE4OMB4fckAP8%2By%2BoU2GHSbuF8PlTlM4KWK"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
k79.hN9WG526nViFF800Vr3DxQF_q.yo
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
HSb0vWYA6cup18rgH5ST0v0B7uXyg39Zyu6_fhWbspPcWqdgszRmdg==
expires
Sat, 05 Aug 2023 04:54:22 GMT
v2.js
blog.polyswarm.io/_hcms/forms/ 		585 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f26b5633d0577a58588a9c912e7a04badd4df1667411df0266516dedb2a3b7e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:22 GMT
via
1.1 0501dadffc52b06a0cf6aadc57586acc.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
467
x-amz-server-side-encryption
AES256
cf-ray
735cef38cee59168-FRA
x-cache
Hit from cloudfront
cache-tag
staticjsapp-FormsNext-web-prod,staticjsapp-prod
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Tue, 26 Jul 2022 10:57:52 UTC
server
cloudflare
etag
W/"8cfc2a51250daf33edd2e1dda3f1654b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hUN84JSTXREcm4grzsz1%2BWOXmFUuoPq1ks%2BvT6dDbKiaQliSh%2F2s94hD9s3kqCdDxdZ%2B9LFQH6wIk0SYeSoqW5tt6Osk%2BHCvjM94g9Co%2B1HZy2TVz9q4aT7N2q1oRAgPCTciSkXC78Pw3QIc1Pju"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
elWqSweed2C2dWtDipd3d9hhUaqI4uV.
access-control-allow-origin
*
cache-control
s-maxage=600, max-age=0
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-P1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
jT74cT__EzEp2tGuS0JXYs19HVpLeWKnUrdJBuJlhbgfPrgFpqm9sQ==
x-hs-target-asset
FormsNext/static-5.519/bundles/project_with_deps.js
jquery-1.7.1.js
blog.polyswarm.io/hs/hsstatic/jquery-libs/static-1.1/jquery/ 		92 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:22 GMT
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
13602030
cf-ray
735cef38ff0a9168-FRA
x-cache
Hit from cloudfront
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ILvy5e1aYUsd7NHK78w%2FXaBt1g0WfSZqGwgwo8RPlr22lgWqSJ2RZEwUujgHKw%2F55Ox0OF0oHIbqe4ReDHtnXDPDyjlXQTMS7tcCbjuT6YMKjOBxWTSo%2FOdkmDQpEgAPHamoxCbVztUjTYZKeeCc"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
i44cm0oGwhEhbb1Ts0RFB35EBFsTsnExeW87nuouoe1GM0_CQJ-O4Q==
expires
Sat, 05 Aug 2023 04:54:22 GMT
module_11811907629_PolySwarm_Shared_modules_PS_Header.min.css
blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/module_assets/1567016912202/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/module_assets/1567016912202/module_11811907629_PolySwarm_Shared_modules_PS_Header.min.css
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3a693684070a54b0735383fe5a07b64c962fbf57e50469302ff298eb568a16c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 9349b115ae66d16aae68deb9bb5eebc2.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
A252Q3JH38CA210W
x-amz-id-2
1dcd3X2kBNpVhHtHQvOQm4bKJITxs9jseK8EZWjqPfe+kJUQZn4BrUnG57/5pOBN8rMMmk9oUA8=
last-modified
Wed, 28 Aug 2019 18:28:33 GMT
server
cloudflare
etag
W/"f55b434f64a08e4a8ebfe8302d12a279"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjhROkxQZHl9wqWImO%2Fq1UjSFZ48P15OSLYqjOKcwHmYET2nsBNu2IqTkOwZA3MVP0Jn8iWVCytUJqihkv%2BuTq0PtreQwF03ej7fgZRgpmJw9qRy2gpsKj0qFJ3YziMqTR7AsLuu%2F2qQUZ01joFY"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
k3sfssVZWY8YR3wg2svHeoPCK7LuDIUO
cf-ray
735cef38ff0d9168-FRA
x-amz-cf-id
USNmIaccnuP--aSyxd4QqJisxQOmoahaYPiCaZotQe-PM4QZSVeHmw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
project.css
blog.polyswarm.io/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/ 		720 B
727 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:22 GMT
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
16580766
x-amz-server-side-encryption
AES256
cf-ray
735cef38ff0e9168-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Wed, 19 Aug 2020 22:47:10 GMT
server
cloudflare
etag
W/"a81c70764750950eb72d4537c41e781f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47S7XRAGeY2X%2B9pD9pU46odMR%2BKA6sE1CoxwX9CSDkoV1TFmhxGpuXgUq2panPBFBc38TpMNzzR3ZsbSwN15QzvpWtXFgfNnZrbAE83sSt5i8%2BdHAJOHcafq6kNhuZpGHDf31e9c0zZfzg0RKiRo"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
7bzlyDLBPgFUhJmnx6rYCRN4B2XAfbkA
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA56-P2
content-type
text/css
x-amz-cf-id
dgo92CP0AeFfn2L5OZcyNdbmuH94F1TjBHAkhginHFogS31QQ9pbbA==
expires
Sat, 05 Aug 2023 04:54:22 GMT
module_9132114681_Marketplace_HubSpotSiteSetup_Vast_Site_Setup_Custom_Modules_Vast_Tabber.min.css
blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/module_assets/1556211082667/ 		1015 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/module_assets/1556211082667/module_9132114681_Marketplace_HubSpotSiteSetup_Vast_Site_Setup_Custom_Modules_Vast_Tabber.min.css
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fea443567d574c2d255825487db717f6175b156fa34f8d05f4b21d374f04bc0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 9557da2570df16242f84a67f254d7f30.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
8NTPW4J52V8SVSTA
x-amz-id-2
0c78BBrcCAIgqx0UrTh7xvfNfV9zmRaG1FOjtCuq369gmjVYqYHlXddmQc+NEtiOvbEbtvBYUCo=
last-modified
Thu, 25 Apr 2019 16:51:23 GMT
server
cloudflare
etag
W/"bcdeb1a0945ba119a6547253d04c59ad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQRGy7N3vjszHJ5E%2BIjT35lATFYpb0qs%2Bg40ZQbVI1%2B%2B%2F0OzOQphMQlxfWIB9CK44%2FfdXG9qVaMC3aRzTf%2Ffilo7xBEQP2nmpfq7F5m41Ytq3pwYFnm%2BUVdNRPiXPJTZTOghpi4LC6YWw7uvjp0G"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
YX1R34H_H0LHtJdAU5ccCb7gGIxgRXT6
cf-ray
735cef38ff0f9168-FRA
x-amz-cf-id
N1NB1198oNqMVPe-aMJecCIZKBVThnPk7gvFG_NB5vTMDJ3-34KiBA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
rss_post_listing.css
blog.polyswarm.io/hs/hsstatic/AsyncSupport/static-1.122/sass/ 		910 B
817 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:22 GMT
via
1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
16580766
x-amz-server-side-encryption
AES256
cf-ray
735cef38ff109168-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"e1b521ec14a912d6d385c21388ec7d79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MsMBWoqk8BazGrA8jjrM0L4TVx3WygewifvJNZKMBTbQN7ClTY9CKwMsQYS5huu6UunC2JMomnzfolel7O7xJyjaWFiRXjzZEb5NdsEt82kecbQkj2zgh2x%2F0XJmj5a01TqFxiySfLqXvxVVBmTo"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA56-P2
content-type
text/css
x-amz-cf-id
7niHb3hMyBb4ZghZhzD3WYj7qf8oArAWjTAM0lDWqHozjYfMf6Mfig==
expires
Sat, 05 Aug 2023 04:54:22 GMT
module_11828756290_PS_CTA.min.css
blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/module_assets/11828756290/1617313218284/ 		485 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/module_assets/11828756290/1617313218284/module_11828756290_PS_CTA.min.css
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
72bfe353767416f8f1e119d7381f2e154253d1b57bdf11038a9340c677804753

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1617313218284
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 68261aebcfc232344da2ef3bf1d3f9ea.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
RAXNQBF9W9YJ6GGF
x-amz-id-2
xGvfMLy5otxzKNQ7FqVQP1DFh28dhw6v1xoA3UI5wZZzYoINIXNueA8k4dc9KbFKVROGeR3SaE0=
last-modified
Thu, 01 Apr 2021 21:40:19 GMT
server
cloudflare
etag
W/"e7e3bcb5dc2f16e94450a83ead07abdf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1WQdNSlrxeHgMXl69aAok2bWlvIZu15GZGt18mtDN9%2FdeXyuVJMi3DoPo8%2FWK2x4YzlTLF4geSIlIXOgOmXIidolQOH01bY4WJvatA0cOpkg0aDXk9mN4DDmbPWylIW086eaNOn68e7Z%2B9Dd%2Frht"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
Zd.zn5Vc2LcTXGcPmm4GqBTuNEmgdxWv
cf-ray
735cef38ff129168-FRA
x-amz-cf-id
4RoJb3ZJtt_Pf-P1ilig9bYDJG9zgRCncPi4Rmn8DMkiDG_1MRVznw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
module_29598158453_PS_Footer_copy.min.css
blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/module_assets/29598158453/1617911014870/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/module_assets/29598158453/1617911014870/module_29598158453_PS_Footer_copy.min.css
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea8022a9eea58471cd61094b0705f1504947d4fbe4d4719ad202abac14a34d7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1617911014870
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 a7a1b4c19abc42d237405ce4c4069f10.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
8NTGGGPY005A5PMG
x-amz-id-2
sOChTo3nAR/2ij28VsV9HJwk4IHH6AMTWLlKmByF+rMSrP63+8BEtIUrqcG2trxK2RE8fyQhIYc=
last-modified
Thu, 08 Apr 2021 19:43:35 GMT
server
cloudflare
etag
W/"e7ae7196f3c370be7096b88ef271d992"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fj3tAPAXVXJINstn6EAwZOoISeQMTGxXlddmETYE6lwjjVZ41SZL4Vr8o1bPzllobmkG7ThFsI5iiMdg2MjChmP3V3YmxBkPnCbfwwSrWColxlEQy7JuvBpHMAH4rfXpNRBY%2FGNiW0rnrHS8Q5Nb"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
8VyC0xequrGvLyW1pG6maIvtjNpB5NK8
cf-ray
735cef38ff159168-FRA
x-amz-cf-id
rZkoPpiElj0V0gegEHMOQBddcwgHpr-qzf2FnQyZG_TCuuWr-eWx8w==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
in.js
platform.linkedin.com/ 		507 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:11a::6867:4868 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Play /
Resource Hash
d3b928ddbb888850bf7141a85a87d812c7540cc6ee96c98273f19175ffde91b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
content-encoding
gzip
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn
AKAM
content-length
162500
x-li-uuid
AAXldrdSGBnIi4vIU0vbXw==
server
Play
x-li-pop
prod-ltx1-x
x-cdn-client-ip-version
IPV6
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type
text/javascript; charset=UTF-8
x-li-source-fabric
prod-ltx1
cache-control
public, max-age=3600
x-li-proto
http/1.1
x-li-fabric
prod-lva1
expires
Fri, 5 Aug 2022 05:15:28 GMT
layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1659615085991/hubspot/hubspot_default/shared/responsive/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1659615085991/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1933ab6999d81f1e20a5359269831cd249ed2ce23345081b27b850426c9b997

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1659615086952
date
Fri, 05 Aug 2022 04:54:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
60124
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtu4IiKe%2FBLDv0hS6tUFcn45L2pGmLAc8hqjxMcWBXW%2Bwru8zj%2BQ8D6wDPdUQZlzrYJtCmKIg2b9PcsExY%2FK7QWN1GBxtySt4xGk%2Ba33xT55T3UQAVo8mH4KbenfrjK%2FNEW06DPGQMZFM3SSVOU%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
last-modified
Thu, 04 Aug 2022 12:11:27 GMT
server
cloudflare
etag
W/"c48d0f5c8819d807ca7ce81c4aa6a71a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop
IAD89-P1
cf-ray
735cef393bcb9bb6-FRA
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
ps-main_copy_-_Edited_for_Blog_Bullet_points.min.css
blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/template_assets/29569734040/1589997105735/PolySwarm/Shared/assets/ 		43 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/template_assets/29569734040/1589997105735/PolySwarm/Shared/assets/ps-main_copy_-_Edited_for_Blog_Bullet_points.min.css
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccbc87a9972ba3a8aaf41f83185c4d4373ff5614aeab2960d9672f8750e6fb7b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
8NTTF318KD7GMKA8
x-amz-id-2
ZXpVQx+ZK83VM9bGXp9NvMmFXXZHah85OmPatV1B2scsR/0ICcofZdCzPevfnnArTJ7aX56yI1k=
last-modified
Wed, 20 May 2020 17:51:46 GMT
server
cloudflare
etag
W/"8116230ab0867d4173daafdd01a07260"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Egh1EYFO0VCzhRoVIJXVJgJ5uhdqiY09jQWhQjQ9WCEFiSR1ViqAq7tm6OAkavV57OnGW%2FMOk5EFRb9pRd5KyxJWlRacbPYGw6N3iIzIujTHWyLeLYKB%2BkO%2Fv20SYpPjFblr2%2Ft%2FTwQaGr23IlmC"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
I80NDJBhYigiACItgRakh7a0sqRu2AH5
cf-ray
735cef38ff169168-FRA
x-amz-cf-id
pavxytmExlWHCBIukXJ8VeI4I7n64UhJhpNSpo_MGcpP_LhwQSHehg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
polyswarm-logo.svg
blog.polyswarm.io/hubfs/ 		12 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hubfs/polyswarm-logo.svg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c8b28c6efb785053609c37357f374e27d852a4aa346c455208b5e5ef36d95f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11812209528,P-5737925,FLS-ALL
age
73738
edge-cache-tag
F-11812209528,P-5737925,FLS-ALL
cache-tag
F-11812209528,P-5737925,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
44KD0X3MKY59PH91
x-amz-id-2
630qhrycGyqErPFXmw+LS++zxwNgHGGAVKy4fikPx+Nc8Mfph1nPApSe3QDl+npjBYUQRbjbIg4=
last-modified
Sat, 03 Aug 2019 00:35:35 GMT
server
cloudflare
etag
W/"1cb2239459a46914f31854aa4d9ba47b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CxkoYn8jQxiQW%2F3ghn%2FE1G81Djmy%2BOrL818DW8d3Khv4Vw2XXPDVbE5fQfu0hHyqlb5PaoGvLse5H8hiizc6GGWjxiS69FZJM9GtT9IEQbXwtQpjJ7otAZHe8620Hp0Uvpmn8h3keZq%2Bi8mZRxgF"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
di_RbA3pAYHITObJXtuKVRyNOOaMG_Hw
x-amz-cf-pop
FRA2-C1
cf-ray
735cef3ae9549168-FRA
x-amz-cf-id
81_-S4LdXfHB_1G3xassbiUpplCyRlQBqH3yqwlwd-z2K2xHeS1_Uw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Social%20Icons_PS.png
blog.polyswarm.io/hs-fs/hubfs/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hs-fs/hubfs/Social%20Icons_PS.png?width=100&height=100&name=Social%20Icons_PS.png
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
021a449f6edc38e750e7578824a9d4cf3fac8221e1a48cf4fd295dd22355b13a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 979084a90b32fe3f5fdc377fb6e67b76.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
edge-cache-tag
F-11148809844,P-5737925,FLS-ALL
cache-tag
F-11148809844,P-5737925,FLS-ALL
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
3175
last-modified
Tue, 02 Aug 2022 00:43:49 GMT
server
cloudflare
etag
"466e106c4f6e62d19c2182538ffe3008"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PEZ2TZxxp0ocl1c1L4zFyXD2jN4sPRXO0GR631TAQFdkMoU5YviNBh%2F76gw%2FMraHIPadQNq%2FURQs9KlHkzT2wG2hxzYFnhZg1kdbEVwfW%2FFnM9d22NJOP8TqH0Axj41bTL%2BPTvNjinE4rqNG9LAD"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
735cef3ae9569168-FRA
x-amz-cf-id
xW2lijO6yTz5InCMhnnWaeoeGjFRlDRiddWS8-2ybXPX-0IkiQkHYA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
polyswarm-logo-purple.svg
blog.polyswarm.io/hubfs/ 		12 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hubfs/polyswarm-logo-purple.svg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
40081568a6580a3e82b3de532c92ba4f97a4f75060d007778dfd545c171abdff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11812205582,P-5737925,FLS-ALL
age
73738
edge-cache-tag
F-11812205582,P-5737925,FLS-ALL
cache-tag
F-11812205582,P-5737925,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
5VQVBN7AZ0S2HV9T
x-amz-id-2
+cpDGKQd7J6W8POOwRPb6J8/xM+8NBnI0EQZ2WUBAHPsmfxOB6tpewu9IBFII7yiw6E0w7H0PK4=
last-modified
Sat, 03 Aug 2019 01:25:10 GMT
server
cloudflare
etag
W/"544afa5f13d87c8ffb9d764bcac5044c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfxU0x%2BVKC8P6PEYYlMIRHM3jTmj3ks4BpCsd10AKFbvqYv85G3uE8KN%2FUJeb8Co1gQ6Ecvq%2B4t0uzfUSagmrrg2xjGGzFFOxxO3KbqQIQ%2BFYsPAuUKQzVAghy58qhsbVOhvg%2F3kIh1zO2rMlvap"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
tpDsqQPdTMbqdhELCKfXmn7NaV92H5ua
x-amz-cf-pop
FRA2-C1
cf-ray
735cef3ae9579168-FRA
x-amz-cf-id
f09Z2g09eTAwdw_sp_UKX8nPHSfGgGY9Sna0vZh3kZwt9U1ZSD-epw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
facebook.svg
blog.polyswarm.io/hubfs/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hubfs/facebook.svg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9da1e922d73d3aaf5a620ecb6467b2cb04d634c46cdf9147bb81f99a4624c411

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11828450173,P-5737925,FLS-ALL
age
73738
edge-cache-tag
F-11828450173,P-5737925,FLS-ALL
cache-tag
F-11828450173,P-5737925,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
RET3B7MAWJFZ5XH7
x-amz-id-2
3XKi+9O7ZcKq03IrIscVXU9wmD/BcWQUJQ68TZCvdRHm0p8DleFvfAQkk7TdKE8cQWldHkcOD5w=
last-modified
Sun, 04 Aug 2019 17:47:31 GMT
server
cloudflare
etag
W/"56e8cb03bd2b682c4539866f40a54921"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wxOob6g97kgk4rl%2BFC6RBPUoBvgJAtcfF3rqansU2T7kckA4My7mbER42iPeeiRRFHTRQlP0axERxAmNDin06bwmeiQHLYqkavj0WcQKaxzPmJD8A9aGYBGmJEweRhYBMllhPZTn11hp0UsPdkO"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
MTBWWwIBlsdDqRkCD5V6UIEehH5fplKv
x-amz-cf-pop
FRA2-C1
cf-ray
735cef3ae9589168-FRA
x-amz-cf-id
Q3MVzm86ZDnMAu9629kAOcHGPMWwjlMfzSURfLnRCxnbk4WBYyU9Cg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
twitter.svg
blog.polyswarm.io/hubfs/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hubfs/twitter.svg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
40b44002c2f9fabd3c95cbb3db2d5535db67a282f8c689b85d675cc9dfd64017

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11828450174,P-5737925,FLS-ALL
age
73738
edge-cache-tag
F-11828450174,P-5737925,FLS-ALL
cache-tag
F-11828450174,P-5737925,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
5VQH9K3572XDH8XK
x-amz-id-2
EMGoXQAFTF0fvOHmyHU+w9rAt/eVMttRuYwu5RC5guF+k0JbUHgsZz8P3EHbK0r55eVSoUwK8Lg=
last-modified
Sun, 04 Aug 2019 17:47:31 GMT
server
cloudflare
etag
W/"b60c1aa6bb4f1010d63290d2d087e277"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EnusFchEtxBEjo9tJHvYql6xnvFlF0LrKHwPmF9eG2z4DbqJFzftXtiNPalvWbjAKqwCS8vLm%2FRGzrOC9soo6xGn2wplzab70uWn4FCaKRcsA9mScNx08iQOf0Ev2SHan2RZgZHk9mGtXkU4DY%2FV"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
TRes91IXIT_k7LQMfUe_dN.WDZwdcqcE
x-amz-cf-pop
FRA2-C1
cf-ray
735cef3ae9599168-FRA
x-amz-cf-id
vS4qsZU8QDeFH9KJEVoCaBXprlLDpZws8aJtJ31KVcYeBEqrumRXMg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
linkedin.svg
blog.polyswarm.io/hubfs/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hubfs/linkedin.svg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
996f39b3789c237976ce92027f722435f1408856b6dd2cfbc4bc8598f6f6febe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 0b9e85cfe8fe19b385db56d32b4ce802.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11828549336,P-5737925,FLS-ALL
age
73738
edge-cache-tag
F-11828549336,P-5737925,FLS-ALL
cache-tag
F-11828549336,P-5737925,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
RET7PWKNZ1JNWZYZ
x-amz-id-2
t1OzW3Zu4wdmTvBv8sGYxoRG73iJBLrCDLvIioVr7pTUss3HqRFw8fJde8r1Fcmf5wLrZ2cub20=
last-modified
Sun, 04 Aug 2019 17:47:31 GMT
server
cloudflare
etag
W/"6c399e9919bb8b9af0dc5754ce6e60bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TC4kDJ3w8cHjx7AWixkbCCZbS5iYVi2B%2FST5VfzeTvLMbCKRnY6YqPItRQPDzjxK%2FC7ooc8rTPYIYFjTTCrU5FwQ89Bj9A9SGAxHqoM4sGUsnumysoQtJukfZplyJ8ojPRRdzVJfa2HjJmcn%2BFYd"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
7nNNS8avFwRQ0_B5wfBjHrduvcgPYBzp
x-amz-cf-pop
FRA2-C1
cf-ray
735cef3ae95a9168-FRA
x-amz-cf-id
atQyVebj91x0xrmqLZV4mrONhtJRUQCcy2r5IeyJE2vg5_HJ_HBvNw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
youtube.svg
blog.polyswarm.io/hubfs/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hubfs/youtube.svg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88b63bae75ac15dceaa33ebbaebb08229397c88b212f79d307053553c6101521

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 e0efba8a72628bfc3dc6d4d637b28302.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11828549084,P-5737925,FLS-ALL
age
73738
edge-cache-tag
F-11828549084,P-5737925,FLS-ALL
cache-tag
F-11828549084,P-5737925,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
5VQGJWKNCVDHJZJS
x-amz-id-2
4E4O9AH8rovvK5LI//vZRuQbOJh5Z+zOXB00WRSGioNJbB/e+dufYwHAlkJH+/+K557ewBXo7W0=
last-modified
Sun, 04 Aug 2019 17:47:31 GMT
server
cloudflare
etag
W/"f74dc65d9f758011300d77a6159b4c14"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5SUx%2FuzwqOeyHd8TvEmDE3IQGLtAv3xqSIHwAQGj1yBFlh46PSNv3WKlTcuiEnBYH%2BwYQUks4L84JzUd7ga7vne0MI5Esp%2FkjB5shpB3%2Bcw0VDcIQpDxh%2B2GUABY198HXGJEspBV%2BYkKKf%2BTK3f"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
QbYolQs_7Roe3u4OGZcw4O324wth9Wnp
x-amz-cf-pop
FRA2-C1
cf-ray
735cef3ae95b9168-FRA
x-amz-cf-id
uXas8C64pnjT6aRLk0EPbTAp97OSyhxpeCEyprZSiGJllPOWkJzOrw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
github.svg
blog.polyswarm.io/hubfs/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hubfs/github.svg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0b936f3e023e3b2c5185bf031b4ee4c4a4d283902a998977969504e0efb10dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 f046bfa1468bb4385e357c8c9128cf50.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11828550302,P-5737925,FLS-ALL
age
73738
edge-cache-tag
F-11828550302,P-5737925,FLS-ALL
cache-tag
F-11828550302,P-5737925,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
5VQW8GN6H505ZQEQ
x-amz-id-2
0KDbpg7keUj14pHTXNiXPm3WUeVr/uTCTlS9a9KI9db9AGGoJDqb6dzzUrskoXycVfEB2zFMsY4=
last-modified
Sun, 04 Aug 2019 17:47:31 GMT
server
cloudflare
etag
W/"fda199b0b072e52fb8ae251f2e19803e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vFYbPmitQEvvPKuVaKBfpcKXcMq3stpg0HvdinJHTwyTE1lNbsNt59Xb1sRX0p0gJZJj5hcMvAUd21sIpjqtMMwNPdHUrwVmQJnVX2XQj6EtNUOvsrJtELumJ11fpdY%2B7zmjC5Q%2BWRbrvzUaX8wC"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
SmK0eriI8fQNjYAsi1CVDXz3_d5U7gQF
x-amz-cf-pop
FRA2-C1
cf-ray
735cef3ae95c9168-FRA
x-amz-cf-id
2LGMlcQdVhR6INEUNMDBY_hAW6oKMAq41ox6_orQWGK3GI0zzxXpGQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
medium.svg
blog.polyswarm.io/hubfs/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hubfs/medium.svg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3297fbd2a7aa7de65820b32e82b73ff4c45ae25ebd3543969c8b483cc29fa738

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11828549335,P-5737925,FLS-ALL
age
73738
edge-cache-tag
F-11828549335,P-5737925,FLS-ALL
cache-tag
F-11828549335,P-5737925,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
5VQMK6GNHPXJB5BC
x-amz-id-2
gyWPIeZGxpNyMXJHZgGpkD7u5A75EuOPigdPqkSatt7WZrp7tceyYABBEi5Z1qLG4go2doh6vxs=
last-modified
Sun, 04 Aug 2019 17:47:31 GMT
server
cloudflare
etag
W/"c0c3e48346d645550c92774746c51ce7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RIUt3AkifiRc2nQ%2B6vwlbj%2FpVGbcNRpZk31WfTDrkcBChUwFVws0zoJoDgXcRk%2F8p6I5rWd6blALQlOP9uCdfB1lV0vvznmawIp1nAVp%2F9GrqZ%2B4%2BixW20NUV%2FaB8BVRcaiTL10J5a3r2NB9252x"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
oyu2yXnlsgg5Q0uLxv1Ycc4AvaW4on7L
x-amz-cf-pop
FRA2-C1
cf-ray
735cef3b096d9168-FRA
x-amz-cf-id
hcsg5qowNcqIHhsCzwp1jgpdXhgEJL7NbYZ6pmxuuHJEMy4mCbg-dw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
ps-main.js
blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/template_assets/11811979805/1569851368641/PolySwarm/Shared/assets/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/template_assets/11811979805/1569851368641/PolySwarm/Shared/assets/ps-main.js
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
30804f4979429628c305b4012f5b4bfb742dc2a128d62fc5c57873d87f25b730

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 e418fd5667de46c635f0321ea814c2e0.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
JR4E738TT5V30R24
x-amz-id-2
0/dwar1ExkzH3klH8lH8Vti5AYK6C4DPpWLpFOqyATsvuQGuBAxXHB6mr5a9haFbZY88Bwf+4QY=
last-modified
Mon, 30 Sep 2019 13:49:29 GMT
server
cloudflare
etag
W/"2955dfdfb525449c5ed4ac3552b6422d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c9zWX1CtwDOcoki3M%2F2iTmryjpVMS15hrEOmyymtT95FV1e1Kx56WH2VgeCqW2BIp1GiAo252wlUo80WhMsrDUT%2B6aSqVArBKs0v%2FR0kJWw8X%2F0rXrxuDJaXNacDqH8kV%2FEv7fhQLLxBVtHS4LTF"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
1K_4sp69p1hFKUOZd7YbBytmdNWQZuen
cf-ray
735cef3ab9269168-FRA
x-amz-cf-id
dzZnflvD6jE1yERVJTEMjzIiAMW0venyUrRCoJN8dGjFp3INU3poXg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
module_9132114681_Marketplace_HubSpotSiteSetup_Vast_Site_Setup_Custom_Modules_Vast_Tabber.min.js
blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/module_assets/1556211082587/ 		607 B
856 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/module_assets/1556211082587/module_9132114681_Marketplace_HubSpotSiteSetup_Vast_Site_Setup_Custom_Modules_Vast_Tabber.min.js
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a74fac55baaafbfdfd6e2f9b4463254336b7a44ae8c4c517370f76f6543691e1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 5e1f849553b1d58615d0d8f7c044078e.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
FTMCAQJ1C05J7PJ5
x-amz-id-2
QAh0wxjv4jqgcwJm2D5hb4wnO7/sF5Kyd4kTbVy5hInBr8g15PfmpaswhLSz2wLLZT1iQ0R4T3E=
last-modified
Thu, 25 Apr 2019 16:51:23 GMT
server
cloudflare
etag
W/"b703017299739727abae2beacb6e969a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OYpxLcsENXhNv7w2DzKWQypoE000d3NzZvopfND7ZK%2B0HC%2FmlgjxppK4I8bccImpXJRiZv0PMQ7fmlqYTftVi%2B9fHjFHjPDUIyYpeQ4I3PyCtt656XYKVo3H2cuBIKDczpQ3ofKu%2BUqF6yJxYJex"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
dT5VPJSAf2h0vI8J5F5AEcvQ0hO4BVO1
cf-ray
735cef3ae9529168-FRA
x-amz-cf-id
6VIZnQfUu30E1mta-i5lLCuGBiyJJxHxJAIwO0D-Bku48LoUYyGIIQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
5737925.js
blog.polyswarm.io/hs/scriptloader/ 		995 B
999 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/hs/scriptloader/5737925.js
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cb1c4e6559ec56cd3c0e12c13563560475676cfe7f87d12dc891efc39ff901e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
8774c64b-c7de-4306-be18-e3ca5b1598b3
last-modified
Thu, 04 Aug 2022 19:35:38 GMT
server
cloudflare
x-trace
2B18962012C6462559E863E7FF3753330C78587704000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DG1YTIb2nWLaOTgZWlKk1VfcT0BS4oLvJqHvwux6rWYLcf28j7ysp408jhAOBUUvkX3CAQf8hDPtjtZVSl5SS9gev65CzeCoV%2BDfTzIDZX%2BcP4HBO67hZt1SP34aJjZGE8JIcdJCr9BJJ%2FDjEXvx"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://blog.polyswarm.io
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
735cef3b096f9168-FRA
expires
Fri, 05 Aug 2022 04:55:23 GMT
css
fonts.googleapis.com/ 		3 KB
892 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Heebo:400,500,700,900&display=swap
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/template_assets/29569734040/1589997105735/PolySwarm/Shared/assets/ps-main_copy_-_Edited_for_Blog_Bullet_points.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
611203fc60da4036436c111ffb80eadeffc0376b2ae5ed103a453edb9bec449c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/template_assets/29569734040/1589997105735/PolySwarm/Shared/assets/ps-main_copy_-_Edited_for_Blog_Bullet_points.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 05 Aug 2022 04:54:23 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 05 Aug 2022 04:54:23 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 05 Aug 2022 04:54:23 GMT
font-awesome.css
designers.hubspot.com/hs-fs/hub/327485/file-2054199286-css/ 		26 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://designers.hubspot.com/hs-fs/hub/327485/file-2054199286-css/font-awesome.css
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/template_assets/29569734040/1589997105735/PolySwarm/Shared/assets/ps-main_copy_-_Edited_for_Blog_Bullet_points.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671d , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
93cf0138ab6e21fdf74500a3d9d5d519e726dd3e8cc76efebb5bb183d3558064

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/hs-fs/hub/5737925/hub_generated/template_assets/29569734040/1589997105735/PolySwarm/Shared/assets/ps-main_copy_-_Edited_for_Blog_Bullet_points.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 615f410a3a080a335933e9fa08c15260.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2537
edge-cache-tag
F-2054199286,P-327485,FLS-ALL
cache-tag
F-2054199286,P-327485,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
last-modified
Tue, 10 Oct 2017 01:13:09 GMT
server
cloudflare
etag
W/"164b5e1e801316562777bb5d25d9d857"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IPS6WtjaO%2F6p18wOzOrSqPodE4oelkMoNJqQSWCta6MsSjmMjHVVNgdIqZuF2otg5824U%2BjsBvlErp3q9U800%2FRTL9W3doy7DJS5rE35hlvDId9uwUMpyUupkqgNHa92dTrKAGgWKkQuTQFYG3ZQ8WPkLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=60
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-P1
cf-ray
735cef3cdbbb6910-FRA
x-amz-cf-id
_ZGOX_25GnBV8-_hk1TpOkcwGPEbjN0J-YoOCLwXjKfu8bHG1N03qQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
hexagon-bg-1.png
blog.polyswarm.io/hubfs/ 		890 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hubfs/hexagon-bg-1.png
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
60d18e27b503c5d6f4944763168dcfc5e3f157a13991b6c58c7a63df5db2069e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-11814310550,P-5737925,FLS-ALL
age
73738
edge-cache-tag
F-11814310550,P-5737925,FLS-ALL
content-disposition
inline; filename="hexagon-bg-1.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
5VQSA76EKPFHC0EW
cf-bgj
imgq:85,h2pri
etag
"4c7273830238ed07b32ec4ca2a7600c1"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA2-C1
cf-polished
origFmt=png, origSize=3488
x-cache
RefreshHit from cloudfront
cache-tag
F-11814310550,P-5737925,FLS-ALL
content-length
890
x-amz-id-2
+Z4Am2x2Bu/QX/f+FSX/M8RdA9YFPTSsuwV4ISmN1yhaC6M0iT7ohzuSDFaimmoyKPR521eF1w0=
last-modified
Sat, 03 Aug 2019 01:56:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LAUcIdCjMGPPnbb%2B%2BosJrVlpQcQWddbhwIwcwskxzdqZXg0Ocan4QdbbBgfTBsfOaKgYP7mY072nrFQOqTOZArARDHzMVxJs5GToOwMWuTDFx4iGYR9EGc05TYvT8kPlbjIANbnGldhKKk62YO0V"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
K7P9qkRrJenJ0L4v2UWtKJ68CQmv10w5
accept-ranges
bytes
cf-ray
735cef3d3b8c9168-FRA
x-amz-cf-id
kz8WewzhVyuRQ2lliY56RfZRncoyxagVj3pmvY6Ug-LFOoBZSdYFzg==
NGS6v5_NC0k9P9H2TbE.woff2
fonts.gstatic.com/s/heebo/v21/ 		26 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/heebo/v21/NGS6v5_NC0k9P9H2TbE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Heebo:400,500,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b38977ea35fde92fe200fa14ac7cc55e2edce54b998ce9a08734ba1dd9053fed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.polyswarm.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 01 Aug 2022 22:22:02 GMT
x-content-type-options
nosniff
age
282741
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27116
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 20:35:20 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 01 Aug 2023 22:22:02 GMT
fontawesome-webfont.woff
static.hsappstatic.net/content_shared_assets/static-1.3779/fonts/ 		82 KB
83 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/content_shared_assets/static-1.3779/fonts/fontawesome-webfont.woff?v=4.1.0
Requested by
Host: designers.hubspot.com
URL: https://designers.hubspot.com/hs-fs/hub/327485/file-2054199286-css/font-awesome.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:6d2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://designers.hubspot.com/
Origin
https://blog.polyswarm.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 05 Aug 2022 04:54:24 GMT
via
1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-type
application/octet-stream
x-amz-meta-access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
83760
last-modified
Wed, 24 Sep 2014 02:18:25 GMT
server
cloudflare
etag
"fdf491ce5ff5b2da02708cd0e9864719"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5RV0HinwTiwJ1v%2BLiZKAmcJ1wzjRDnBrm4n9y4GjW6bcVpy5SQpiKurol6I2QwLH8OKI49n3yKk5HSBglZHWCnrdMVYDDOrdmsaQr%2BafCHopibfLLEkF%2BNInL4p10HuOjEwpgVMbQ7sMe72xNlilqs%2BwpoQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
735cef3d9c3fbb35-FRA
x-amz-cf-id
q5oP-OdkaQ8p54UyQY8GYQppBmpK8VS4xn12J5HDa-9GQ_Nx17pceQ==
expires
Sat, 05 Aug 2023 04:54:24 GMT
pennywise_Blog.jpg
blog.polyswarm.io/hs-fs/hubfs/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.polyswarm.io/hs-fs/hubfs/pennywise_Blog.jpg?width=2766&height=1577&name=pennywise_Blog.jpg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f11ed6e43dc43e521e80e2142d29a4fb7ecfe93bf0deb28e7182d43619e4e5e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:24 GMT
via
1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
edge-cache-tag
F-80252275049,P-5737925,FLS-ALL
cache-tag
F-80252275049,P-5737925,FLS-ALL
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-length
2023193
last-modified
Thu, 28 Jul 2022 15:51:01 GMT
server
cloudflare
etag
"580ac78dbb6fceb8debca50c9bb61e50"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPCKYfzi1i7t%2F9VQp18yxAAaXYNjeMc50dUpEh6GLtpgHPzq0KXfYUNbTWVi3IR7rJLa2hLm4xUr%2FCdT2VUEJYvoPBA3ZBoY8lPyo2Q7aMTr3PAs9xTRfHZG9ND4Z2UcbE%2F7yJ74U8UMr7vp8mxC"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
735cef3e1ca89168-FRA
x-amz-cf-id
Xy81sEKMKVO-V6-NDWmxIjgaUXHRlDOncTIocufDEJUTVwIalY7tIQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
json
blog.polyswarm.io/_hcms/forms//embed/v3/form/5737925/28127e19-ea06-47f4-a7c2-70138ff98e23/ 		9 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/_hcms/forms//embed/v3/form/5737925/28127e19-ea06-47f4-a7c2-70138ff98e23/json?hutk=
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ef2173e19d375f8798bba501c0e7ac4a4f652575a24de5fde72ccec7ad873df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/javascript
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-origin-hublet
na1
date
Fri, 05 Aug 2022 04:54:23 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
2b167056-d52b-4795-80a5-e65b305e348a
cf-ray
735cef3e4cd89168-FRA
access-control-allow-methods
OPTIONS, GET
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
cloudflare
x-trace
2B0F1ED8C82C569099180BFFFB1F1815DE0D5E58CD000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2IVFkgfV0FqmzibQMneMpjFj4V8lmB%2B1ShNkeyw9jIJgboVfJZYuSJMZjvG76bfza%2FKv%2B6vdC1puoLYYFZnUfN7XzgtekZQQvMfSiuYS4I8HHad06qJX0HDI7W2dlT4l7DQQ9TJvBBd4bEqg2PhE"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
access-control-allow-headers
*
all.js
connect.facebook.net/en_GB/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/all.js
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6450cee5f12845abad9a522da260c7c3b1533792e138bf7aef593ce19a3bb88e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
vwRffrzNMjTRX2t1k+0Lrw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1686
x-fb-rlafr
0
x-fb-debug
BLA5tCWU3y15u1+zaa/U14ws2BAYT1FwL37tVDIPFiSCgv/vNy0rapvsuV33SCYYfpRFhfpuhtKSSVL8Ux0+kA==
x-fb-trip-id
2050670934
x-fb-content-md5
c7c45d65e86cd87147e31ffeab6ebbf6
x-frame-options
DENY
date
Fri, 05 Aug 2022 04:54:23 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"cf6bfb33d662d131c8dd897087f05e70"
timing-allow-origin
*
priority
u=1,i
expires
Fri, 05 Aug 2022 04:59:35 GMT
widgets.js
platform.twitter.com/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
71679b04fbd29b2c4fe5a7f200ccdc88d666d9b9b9253c4f2878ea06591dac71

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
content-encoding
gzip
last-modified
Wed, 03 Aug 2022 21:01:21 GMT
etag
"2db8c3ce16d9541818f0d180a9ea89b1+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=1800
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
29203
tw-cdn
FT
x-served-by
cache-iad-kjyo7100131-IAD, cache-vie6347-VIE
has-permission
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
758 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=5737925&callback=jsonpHandler
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-hs-worker-debug-mode
false
server
cloudflare
x-hubspot-correlation-id
b99bf5bf-b2a4-4bcf-86c4-a0937bb86fd0
x-trace
2B1B453BE51381268047F6FBB06E3EF97422141E90000000000000000000
date
Fri, 05 Aug 2022 04:54:23 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
cf-cache-status
DYNAMIC
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports?cfRay=735cef3eab71995a&resource=unknown"}]}
cache-control
max-age=0
access-control-allow-credentials
true
cf-ray
735cef3eab71995a-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
feed
blog.polyswarm.io/_hcms/rss/ 		2 KB
852 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/_hcms/rss/feed?feedId=NTczNzkyNTo5MTMyODAxODMxOjA%3D&limit=5&dateLanguage=ZW5fVVM%3D&dateFormat=TU1NIGQsIHl5eXk%3D&zone=QW1lcmljYS9Mb3NfQW5nZWxlcw%3D%3D&clickThrough=UmVhZCBtb3Jl&maxChars=200&property=link&property=title&property=date&property=published&property=featuredImage&property=featuredImageAltText&hs-expires=1691209550&hs-version=2&hs-signature=AJ2IBuGi6qzWEy72shRnQI4Og8Kp2Y-HCw
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/hs/hsstatic/AsyncSupport/static-1.122/js/rss_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd37f91a25726469c2713df583233f8d0758d1c732315d0da01b3c24d115c1f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray
735cef3e6cf79168-FRA
date
Fri, 05 Aug 2022 04:54:23 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 05 Aug 2022 04:54:23 GMT
server
cloudflare
x-hubspot-correlation-id
eb36c5c8-7f99-49cd-8226-62eafb52bf2e
x-trace
2B8BD63DC25CCE355F9CE3C8108FF7279FAB99447F000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mAnfjpetzW1RA8PUvzu1Db8lH%2Fw%2BLJfU040ZTNbxMuxVlMAMKU9FM7LwSJ0Igwa64mkXi0DIq4lL452Vcu6mCOEUIeY0UiSTbN4lnu9nTTaJyGLrXA8quwpurFf8oJmAECClcvDs3KQm%2FtOLNdEF"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-credentials
false
x-robots-tag
none
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
postlisting
blog.polyswarm.io/_hcms/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/_hcms/postlisting?blogId=9132801831&maxLinks=10&listingType=popular_all_time&orderByViews=true&hs-expires=1691209550&hs-version=2&hs-signature=AJ2IBuE1VufWGKOJxCdNKDrZ3mkIwb9aOw&currentUrl=https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
90fb2acda56e384ed7b5862c2994d61f82b44c20688038d479774d11aa2c86be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray
735cef3e6cf99168-FRA
date
Fri, 05 Aug 2022 04:54:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 05 Aug 2022 04:54:24 GMT
server
cloudflare
x-hubspot-correlation-id
60ec2353-f686-4785-9c29-d56d7f0c7ff6
x-trace
2B56B1410BA11D825CDDFEF30EE472E8761663FFE1000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZtvKRJNjsp5Ban87q6U%2B1eFqroTIg3ZFeYZe8EOxCW3g83P5tjUToJBAsML6oAW4O%2FBN5500AiOZGFhuinmWsa77q1RgpIwu0p%2FzY4fVOwLEu8emiRV2uE9T34AUMn97U1%2FPwf9g1%2F%2BQIDeGqEzg"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-credentials
false
x-robots-tag
none
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
postlisting
blog.polyswarm.io/_hcms/ 		1 KB
803 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/_hcms/postlisting?blogId=9132801831&maxLinks=5&listingType=recent&orderByViews=false&hs-expires=1691209550&hs-version=2&hs-signature=AJ2IBuF8qJA4p7dDDU2Okvhc2ZnYTMOOAA&currentUrl=https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a88d8c0907b1e06c4f354a957447e90dd1564872ddbdc4c4a1f5224191d135b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray
735cef3e6cfa9168-FRA
date
Fri, 05 Aug 2022 04:54:23 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 05 Aug 2022 04:54:23 GMT
server
cloudflare
x-hubspot-correlation-id
767e9c36-7e60-4739-b76e-ed5aff8db431
x-trace
2B613B1E5CF68AAD8EC8647C63279F2A951D31D875000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8zfBEskrE4ScYteno21ybb2t6W0MfURthX3czhuMeGIi%2BJvMHtEzNX20ZAQo8DN7wSqg9hFRxQl2W%2Fcb3Xl0uxGEM18s2hQ3V7qHXoMdu9K%2FSpD4ApmgPZb1uWn%2BSlVQBaXT0HAojaHZh2lGFWTs"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-credentials
false
x-robots-tag
none
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
5737925.js
js.hs-banner.com/ 		60 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/5737925.js
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/hs/scriptloader/5737925.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eca086481484db86636c5e0a163bc79f0245b3dbcdff4991fab234c207854910

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:24 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
HA5ZGC38878M33H5
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-id-2
lR/ke6X7tONskAmy/JJjTOJyMNmRmLlZkaiZoIA27k89cPZ9O+TZ0GK2zAbOQyJgatXNZWWXLZVdFMyG3On8uQ==
timing-allow-origin
*
last-modified
Wed, 27 Jul 2022 21:35:07 GMT
server
cloudflare
etag
W/"0e60cf8bb0b13b9b8ad297f8e4ac259e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
qB2AiUxq0QpcBpCCPKQm7QtdmrudAzRy
access-control-allow-origin
https://polyswarm.network
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
735cef3eb9d99156-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Fri, 05 Aug 2022 04:59:24 GMT
5737925.js
js.hs-analytics.net/analytics/1659675000000/ 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1659675000000/5737925.js
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/hs/scriptloader/5737925.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fd9a3d075801af98785719c9924ee50c59a6577234f2887a92479be152fd6ce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:23 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
83MWDDQY891A3NG8
x-amz-server-side-encryption
AES256
cf-ray
735cef3eac7c5c1a-FRA
x-amz-id-2
9rLsd/rG+bdUYlwXA0E4C/are+rbj1DtVx3MMNHoxk2P1fe/XiCSd0z6co46XbWPDeT+ts2GdPQ=
last-modified
Tue, 26 Jul 2022 15:02:31 GMT
server
cloudflare
etag
W/"ac706df7583acef2e6d246133fe777c7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Fri, 05 Aug 2022 04:59:23 GMT
all.js
connect.facebook.net/en_GB/ 		299 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/all.js?hash=4399d82bb7067417edd0cefc4dd4707d
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
053c91624ab078c3e59c2c85d71a304852c73af2190e531825be130a68c1adc5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Origin
https://blog.polyswarm.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
uBTH60ry1V+BmurfrkvfkA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
86248
x-fb-rlafr
0
x-fb-debug
+i9wdMUDCPAN3ftV2hwpu7zM06UHGwi+036oBOOl9GMtavofjFZKAdtpCIt9svRelKejwALOop5DvTqodp0uvw==
x-fb-content-md5
6a078457c6bc551900e62d4e8273e8f7
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 05 Aug 2022 04:54:23 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"c658a457a86ee52d3d136f14f631593d"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 05 Aug 2023 04:06:22 GMT
widget_iframe.2b1befbea3a1424bb94efd70105dfa52.html
platform.twitter.com/widgets/ Frame 4C1C 		320 KB
103 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.2b1befbea3a1424bb94efd70105dfa52.html?origin=https%3A%2F%2Fblog.polyswarm.io
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
public, max-age=315360000
content-encoding
gzip
content-length
105435
content-type
text/html; charset=utf-8
date
Fri, 05 Aug 2022 04:54:23 GMT
etag
"95e1b50b0c179aefb47b5b211bb347b5+gzip"
last-modified
Wed, 03 Aug 2022 20:59:13 GMT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn
FT
vary
Accept-Encoding
x-cache
HIT, HIT
x-served-by
cache-iad-kiad7000057-IAD, cache-vie6347-VIE
settings
syndication.twitter.com/ Frame 4C1C 		513 B
523 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=a7b540a85690d2a8b46de47ab8bc6d4585e45911
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b1befbea3a1424bb94efd70105dfa52.html?origin=https%3A%2F%2Fblog.polyswarm.io
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.136 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
6bfdae4a96ded74a8b76984a830bba5e90a6a14a529f56ca4a2bf75021fe45fd
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-response-time
106
date
Fri, 05 Aug 2022 04:54:24 GMT
content-encoding
gzip
last-modified
Fri, 05 Aug 2022 04:54:24 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
d65b42da399cdf59644614047e383122bcc19eeaac96780ff75a39321dc8b7f9
content-length
242
lilith_Twitter.jpg
5737925.fs1.hubspotusercontent-na1.net/hubfs/5737925/ 		654 KB
656 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://5737925.fs1.hubspotusercontent-na1.net/hubfs/5737925/lilith_Twitter.jpg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fed7524e51ed6a99eef7ec12e982bd115e97fa8f47ae44d74fa5001a8cdbc6a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-80895367335,P-5737925,FLS-ALL
age
35081
x-amz-server-side-encryption
AES256
edge-cache-tag
F-80895367335,P-5737925,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
520DVZCNTFSQP0SA
cf-bgj
h2pri
etag
"fa393f27fb8ea0e3e5663b7c0e2703f6"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis
1659460862715
date
Fri, 05 Aug 2022 04:54:23 GMT
via
1.1 cdcb559c2f25d8ad2ccf0419bee33b02.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA2-C1
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-80895367335,P-5737925,FLS-ALL
x-amz-meta-index-tag
none
content-length
670161
x-amz-id-2
rGRxazJe1Z7ABvZDkgKUQF5aD+H8pnFUKSXmN+B+cv5Vxg9DkrB87BR1xEVxS3CPP4jisCqWDPQ=
last-modified
Tue, 02 Aug 2022 17:21:03 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id
9lYU_BWeObvgMhzjulRXlq_qLUdE5WAY
accept-ranges
bytes
cf-ray
735cef3fdc799195-FRA
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
qafB7VPz_EAFc4UFiBdW91tjaa-Ee5NNzii4zaP1_q4Ps7mgZV2bmA==
ROBIN_Twitter.jpg
5737925.fs1.hubspotusercontent-na1.net/hubfs/5737925/ 		933 KB
935 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://5737925.fs1.hubspotusercontent-na1.net/hubfs/5737925/ROBIN_Twitter.jpg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64247f73ba311070af1cf971d4bc3eac6e3da4773c6a01ddff081b2aa404b3e9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-80767146329,P-5737925,FLS-ALL
age
197603
x-amz-server-side-encryption
AES256
edge-cache-tag
F-80767146329,P-5737925,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
QPE0CT1H7WY96GTJ
cf-bgj
h2pri
etag
"cc57735a5e86389beda1bef3cd84792a"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis
1659376101064
date
Fri, 05 Aug 2022 04:54:24 GMT
via
1.1 d425de744c8275c5016d8fd2fe6663a8.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
WAW50-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-80767146329,P-5737925,FLS-ALL
x-amz-meta-index-tag
all
content-length
955486
x-amz-id-2
ukoOxtJmuOCy6PO6H6TFaeNC4ZHMzFXiK/UDY+HxlGmHA8ZytFyOYMteTwAJKAPKN6G6ZQm9VnQ=
last-modified
Mon, 01 Aug 2022 17:48:22 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id
zJnpdXMicNIIkdQtA185O2rmvxLU7aMX
accept-ranges
bytes
cf-ray
735cef3fdc7b9195-FRA
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
P_4_Z9BqlC3PlRPnzlenSPl7wZ0G8v0be-rzeSQZO8Vy8tTKLqAkcg==
pennywise_Blog.jpg
5737925.fs1.hubspotusercontent-na1.net/hubfs/5737925/ 		9 MB
9 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://5737925.fs1.hubspotusercontent-na1.net/hubfs/5737925/pennywise_Blog.jpg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f427a3e4e5543ecc1c2b69c5acd7edd623894303324c0e3f0a428a2f4dc5c324

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-80252275049,P-5737925,FLS-ALL
age
197604
x-amz-server-side-encryption
AES256
edge-cache-tag
F-80252275049,P-5737925,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
NA2VBVRACAHCWNTS
cf-bgj
h2pri
etag
"558b42311fa20a56cdcc7d29de66c814"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis
1658855562634
date
Fri, 05 Aug 2022 04:54:24 GMT
via
1.1 ba9347086484f25b8da311dec69fb9c2.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
WAW50-C1
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-80252275049,P-5737925,FLS-ALL
x-amz-meta-index-tag
none
content-length
9280372
x-amz-id-2
s+CHz/Vk8FaxnEuJfxIJhBchE0Gobb0yhiD3wEn9Wa8Hy+FNwVz26F/IhIohWht9cDtvdn1lx9g=
last-modified
Tue, 26 Jul 2022 17:12:44 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id
58NHfUo4vBGoA_Kf2RkQS5k46g92plGl
accept-ranges
bytes
cf-ray
735cef3fdc7d9195-FRA
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
cv0Hc_QgC12voNXS2P1U68kFK4rOiJvNB78c1kTY9vMNBqsN8VSdmQ==
APT_Blog.jpg
5737925.fs1.hubspotusercontent-na1.net/hubfs/5737925/ 		863 KB
864 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://5737925.fs1.hubspotusercontent-na1.net/hubfs/5737925/APT_Blog.jpg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cf87c71248068f00d5ab3f74aa819e327a7f8f8982f7222b1095ef572eea61e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-79848277060,P-5737925,FLS-ALL
age
35081
x-amz-server-side-encryption
AES256
edge-cache-tag
F-79848277060,P-5737925,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
P72WHPKEHQZN1YGZ
cf-bgj
h2pri
etag
"416d50fe22725edc521e77a9bb0dbf67"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis
1658424021053
date
Fri, 05 Aug 2022 04:54:24 GMT
via
1.1 e976f829f2d1c4787d42d0595ae7cf74.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA2-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-79848277060,P-5737925,FLS-ALL
x-amz-meta-index-tag
none
content-length
883429
x-amz-id-2
N9pfRTjgwr0Vy6pdwe7drHWr3hISaVpsy/Sd5Iq8klXd5B+3mnF9xRev8FVvvA2B0/RGvfMaSlE=
last-modified
Thu, 21 Jul 2022 17:20:22 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id
ufqqk66xPrvBTKxuZkskemsPkXKBCKRV
accept-ranges
bytes
cf-ray
735cef3fdc7e9195-FRA
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
f93cxDuLPmlZmjhF6DEXCk9raybX7yA4tQ2lvI0AVywdS5FYqUbITg==
recent-ransomware_Blog.jpg
5737925.fs1.hubspotusercontent-na1.net/hubfs/5737925/ 		3 MB
3 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://5737925.fs1.hubspotusercontent-na1.net/hubfs/5737925/recent-ransomware_Blog.jpg
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cde790bf42d3aa7f8f60408168021a1652558ce3c200002dc56258340da18f5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-79625382294,P-5737925,FLS-ALL
age
35081
x-amz-server-side-encryption
AES256
edge-cache-tag
F-79625382294,P-5737925,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-request-id
P72SJ1NH7PT9B7SF
cf-bgj
h2pri
etag
"cfed40a56b0df764039a83bb6f8add2b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis
1658251307009
date
Fri, 05 Aug 2022 04:54:24 GMT
via
1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA2-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-79625382294,P-5737925,FLS-ALL
x-amz-meta-index-tag
none
content-length
2778072
x-amz-id-2
jwGr661vOxmyUEZXqrMgzffTo1PHwunMOj4j4lX4miCZ+x40cu0aW7mGqyOJ5FGv0uk3rgm6xQ8=
last-modified
Tue, 19 Jul 2022 17:21:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id
b5eZyqghfxfQNoRXDtBrPyvLUll0fJ5J
accept-ranges
bytes
cf-ray
735cef3fdc7f9195-FRA
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-cf-id
Ye7S6lKMOqVEAVQ4_Y2qlreuFH_dzW3TsKE4YBqz8JRL1mcxTXUzmA==
like.php
www.facebook.com/plugins/ Frame 7A0A 		0
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3326cde971209%26domain%3Dblog.polyswarm.io%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.polyswarm.io%252Ff35871f729c2d38%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers&layout=button_count&locale=en_GB&sdk=joey&share=true&show_faces=false&width=120
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js?hash=4399d82bb7067417edd0cefc4dd4707d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type
text/html;charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 05 Aug 2022 04:54:24 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
priority
u=3,i
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
HbC0B5NbcZnB1IbXj5Wy+ibatvpir48yGZ5GlLIDETBEzZ6axNJykHuHUdghjag3Mu8O8oSO7Qp1H1SPPjHy/Q==
x-xss-protection
0
__ptq.gif
track.hubspot.com/ 		45 B
525 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=17&fi=28127e19-ea06-47f4-a7c2-70138ff98e23&fci=7e8f4453-11c7-4415-bf47-4c59872349ea&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=51757497&v=1.1&a=5737925&pi=80451891767&ct=blog-post&ccu=https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers&cpi=80451891767&cgi=9132801831&lpi=80451891767&lvi=80451891767&lvc=en&pu=https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers&t=PennyWise+Infostealer+Targets+Crypto+and+Browsers&cts=1659675261897&vi=15f0d6277460c57413280deed2b27580&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:24 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
3bffee0a-8503-4313-a206-12e73d9f951e
cf-ray
735cef431f52995a-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kYMA6XrLRsAYOK1FtrHZwHr7%2BpR5eeIA3yGFxxGr9MP5NlnqtE1oRe7%2FiB6Yg8qdXGBCRwSymp2NM%2FOSkvesI%2Bege7c2wyRFXqhml9077uJyAuZ8WgVQabjJEzAdnTjlD45ONApA8tOgiODjhs2b"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
366 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=28127e19-ea06-47f4-a7c2-70138ff98e23&fci=7e8f4453-11c7-4415-bf47-4c59872349ea&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=51757497&v=1.1&a=5737925&pi=80451891767&ct=blog-post&ccu=https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers&cpi=80451891767&cgi=9132801831&lpi=80451891767&lvi=80451891767&lvc=en&pu=https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers&t=PennyWise+Infostealer+Targets+Crypto+and+Browsers&cts=1659675261900&vi=15f0d6277460c57413280deed2b27580&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:24 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
d9f9ef40-3009-4616-a6cf-76a8eeb4a872
cf-ray
735cef431f51995a-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XK9pZjDcAWkz4X5hUv%2FND5Z7KA6d8Ho%2F86EupYo55YBuxZGM%2B9Bc%2F8yKB%2BfNxB5mCdaAhRHWqPc7yQ5zRW0Mw1CdsYdM8r%2BNi3cw9o8shJvAn9%2B%2FVF52eFSzxbVffxe8a%2BGClRSMs7iOHzL9XJ7Y"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
364 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=51757497&v=1.1&a=5737925&pi=80451891767&ct=blog-post&ccu=https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers&cpi=80451891767&cgi=9132801831&lpi=80451891767&lvi=80451891767&lvc=en&pu=https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers&t=PennyWise+Infostealer+Targets+Crypto+and+Browsers&cts=1659675261902&vi=15f0d6277460c57413280deed2b27580&nc=true&ce=false&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:24 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
9f9abd76-2727-4b98-8c92-35235edd9a7e
cf-ray
735cef431f53995a-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUTUHMFneAImCWlk9tJhH%2BtbCLCokHJXKzgxzJlksT9I3m97i9oXQatO%2BMbqxshXI%2BHfrmdeZgoyMc%2FTuMBuWh%2BAOFFUgluUVO0KFRzB%2FEoIjBTN91lDMdEwfyMi94DDzC3ReypmBcXaJWdV%2FqiJ"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
button.fed83577e235944f1c02f314fdfd94dd.js
platform.twitter.com/js/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.fed83577e235944f1c02f314fdfd94dd.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dd73aaa40aaa3f68485ce0099ab91f2db304523f542b95da68397340d58d5c4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:24 GMT
content-encoding
gzip
last-modified
Tue, 19 Jul 2022 20:04:46 GMT
etag
"c1233079fb145bc77c712143fa5dcd65+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=315360000
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
2359
tw-cdn
FT
x-served-by
cache-iad-kcgs7200137-IAD, cache-vie6347-VIE
tweet_button.2b1befbea3a1424bb94efd70105dfa52.en.html
platform.twitter.com/widgets/ Frame B164 		37 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.2b1befbea3a1424bb94efd70105dfa52.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4b9ff99e15d41fd8c922c4e2a64694803ffff8eb112b5515e7977f0d57b71d24

Request headers

Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
public, max-age=315360000
content-encoding
gzip
content-length
13674
content-type
text/html; charset=utf-8
date
Fri, 05 Aug 2022 04:54:24 GMT
etag
"89c9e62200af53fd09664245d4ebf950+gzip"
last-modified
Wed, 03 Aug 2022 20:59:10 GMT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn
FT
vary
Accept-Encoding
x-cache
HIT, HIT
x-served-by
cache-iad-kcgs7200061-IAD, cache-vie6347-VIE
jot
syndication.twitter.com/i/ 		43 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.polyswarm.io%2Fpennywise-infostealer-targets-crypto-and-browsers%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22PolySwarm%22%2C%22widget_creator_screen_name%22%3A%22PolySwarm%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1659675262380%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22b7df0f50e1ec1%3A1659558317797%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=a7b540a85690d2a8b46de47ab8bc6d4585e45911
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.136 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 05 Aug 2022 04:54:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
113
pragma
no-cache
last-modified
Fri, 05 Aug 2022 04:54:25 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
d65b42da399cdf59644614047e383122bcc19eeaac96780ff75a39321dc8b7f9
x-transaction
e61784843aedb25a
expires
Tue, 31 Mar 1981 05:00:00 GMT
truncated
/ Frame B164 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/svg+xml
perf
blog.polyswarm.io/_hcms/ 		2 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.polyswarm.io/_hcms/perf
Requested by
Host: blog.polyswarm.io
URL: https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://blog.polyswarm.io/pennywise-infostealer-targets-crypto-and-browsers
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-type
application/json

Response headers

cf-ray
735cef559e869168-FRA
date
Fri, 05 Aug 2022 04:54:27 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
66bbd06e-098f-4e05-8a86-ea5e2025e139
x-trace
2B1525FDC4CBC10DE49ACA5672AF40A7C871E78BFA000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kGw3cZns2C%2Frsxcmsg53SAuq%2F7fsiHRHAI447mXo2ivuDNhbEt7NWl7ijp0FW5s7PV2QqFW%2B64kuFEu7lnmbhMe%2FVgOGa1pA7OTBG65A6PUkF0OA19yAzSMrAsylW59REXp%2BgNHxbfaV1UMeCAaK"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
access-control-allow-credentials
false
x-robots-tag
none
content-length
2

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| hsjQuery object| __core-js_shared__ object| Sslac object| IN object| hsVars function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage function| bindToWindowOnError object| globalRoot function| hns object| hubspot object| hbspt object| __hsRoot object| hspreserve undefined| React undefined| reqwestPatched function| OutpostErrorReporter undefined| Pikaday function| hns2 function| hmerge undefined| I18n undefined| ReactDOM undefined| require undefined| requirejs undefined| define undefined| exports undefined| module undefined| bootstrap object| HSFR object| _hsq undefined| module_7567979 function| i18n_getmessage function| i18n_getlanguage function| hsPopulateRssFeed function| hsOnReadyPopulateRssFeed_2000633115 object| hsPostListings function| hsPopulateListingFeed function| hsOnReadyPopulateListingFeed_2098842151_1659673550445 function| hsOnReadyPopulateListingFeed_1509871467_1659673550462 function| jsonpHandler object| jQuery171009414416077180521 object| _hsp object| FB object| __buffer object| __twttrll object| twttr object| __twttr object| _paq function| sanitizeKey boolean| _hstc_loaded boolean| _hspb_loaded boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| _hspb_ran

9 Cookies

Domain/Path Name / Value
.blog.polyswarm.io/ Name: __cfruid
Value: 7a06e166e18a86b5b8b15c51887a47210cf91373-1659675262
.blog.polyswarm.io/ Name: __cf_bm
Value: RJLVGvu2MyLxGA1tMsyP0pg99DfmgBKtJQtiDMmdqxk-1659675262-0-AUz3GhhWvkURJcdBYuAbzuuVlR/O/J+ccKdNIsQ1vgRUSHHnebk+BH/EpCxE8gzHa7tCvlTNPZjR+eohO+P2zQg=
.designers.hubspot.com/ Name: __cf_bm
Value: .Bpq0waWtLQ_baGbO6Az_iMTJKVbRut1TFWri.c1oUg-1659675263-0-AWsoZSN8034/J6X1O4CXNXhgbxl6WoSXpWegdGPefou+8hgr17HHxkZ+PtUyukPydhnyoNn3ESd4V+dUWBPzzMw=
.designers.hubspot.com/ Name: __cfruid
Value: 30b8f0fe337a0f1cc31825e88e15d8f521f56872-1659675263
.hubspot.com/ Name: __cf_bm
Value: yT2yk7gYv8ClzOe7xYpIrnSy.rBpJLqG53OxKi2M16w-1659675263-0-AeZd1/bfxLQS+Iht5Gnfcp4ncpowQKCwbuaKS8Fd6KEcit8su3EJhF0Q4TAL4cms2EzD+uYA5ZoH8xYWspHV5yo=
.polyswarm.io/ Name: __hstc
Value: 222807940.15f0d6277460c57413280deed2b27580.1659675261895.1659675261895.1659675261895.1
.polyswarm.io/ Name: hubspotutk
Value: 15f0d6277460c57413280deed2b27580
.polyswarm.io/ Name: __hssrc
Value: 1
.polyswarm.io/ Name: __hssc
Value: 222807940.1.1659675261895

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5737925.fs1.hubspotusercontent-na1.net
app.hubspot.com
blog.polyswarm.io
cdn2.hubspot.net
connect.facebook.net
designers.hubspot.com
fonts.googleapis.com
fonts.gstatic.com
js.hs-analytics.net
js.hs-banner.com
platform.linkedin.com
platform.twitter.com
static.hsappstatic.net
syndication.twitter.com
tinyurl.com
track.hubspot.com
www.facebook.com
104.244.42.136
199.232.16.157
2606:2c40::c73c:671d
2606:2c40::c73c:67fe
2606:4700:10::6814:8b41
2606:4700:4400::ac40:9a55
2606:4700:4400::ac40:9ad8
2606:4700::6811:44b0
2606:4700::6811:6d2
2606:4700::6811:f0cc
2606:4700::6813:9b53
2a00:1450:4001:801::2003
2a00:1450:4001:82a::200a
2a02:26f0:11a::6867:4868
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f107:83:face:b00c:0:25de
021a449f6edc38e750e7578824a9d4cf3fac8221e1a48cf4fd295dd22355b13a
053c91624ab078c3e59c2c85d71a304852c73af2190e531825be130a68c1adc5
0ef2173e19d375f8798bba501c0e7ac4a4f652575a24de5fde72ccec7ad873df
0f11ed6e43dc43e521e80e2142d29a4fb7ecfe93bf0deb28e7182d43619e4e5e
2fea443567d574c2d255825487db717f6175b156fa34f8d05f4b21d374f04bc0
30804f4979429628c305b4012f5b4bfb742dc2a128d62fc5c57873d87f25b730
3297fbd2a7aa7de65820b32e82b73ff4c45ae25ebd3543969c8b483cc29fa738
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
40081568a6580a3e82b3de532c92ba4f97a4f75060d007778dfd545c171abdff
40b44002c2f9fabd3c95cbb3db2d5535db67a282f8c689b85d675cc9dfd64017
4a88d8c0907b1e06c4f354a957447e90dd1564872ddbdc4c4a1f5224191d135b
4b9ff99e15d41fd8c922c4e2a64694803ffff8eb112b5515e7977f0d57b71d24
4fed7524e51ed6a99eef7ec12e982bd115e97fa8f47ae44d74fa5001a8cdbc6a
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
60d18e27b503c5d6f4944763168dcfc5e3f157a13991b6c58c7a63df5db2069e
611203fc60da4036436c111ffb80eadeffc0376b2ae5ed103a453edb9bec449c
64247f73ba311070af1cf971d4bc3eac6e3da4773c6a01ddff081b2aa404b3e9
6450cee5f12845abad9a522da260c7c3b1533792e138bf7aef593ce19a3bb88e
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
6bfdae4a96ded74a8b76984a830bba5e90a6a14a529f56ca4a2bf75021fe45fd
6cb1c4e6559ec56cd3c0e12c13563560475676cfe7f87d12dc891efc39ff901e
6cf87c71248068f00d5ab3f74aa819e327a7f8f8982f7222b1095ef572eea61e
71679b04fbd29b2c4fe5a7f200ccdc88d666d9b9b9253c4f2878ea06591dac71
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
72bfe353767416f8f1e119d7381f2e154253d1b57bdf11038a9340c677804753
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
88b63bae75ac15dceaa33ebbaebb08229397c88b212f79d307053553c6101521
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
8fd9a3d075801af98785719c9924ee50c59a6577234f2887a92479be152fd6ce
90fb2acda56e384ed7b5862c2994d61f82b44c20688038d479774d11aa2c86be
93cf0138ab6e21fdf74500a3d9d5d519e726dd3e8cc76efebb5bb183d3558064
996f39b3789c237976ce92027f722435f1408856b6dd2cfbc4bc8598f6f6febe
9a50df52651133ee2b309daf0c3b921e9f5109067d5e11f2b8dd055f9ca3e66f
9c8b28c6efb785053609c37357f374e27d852a4aa346c455208b5e5ef36d95f5
9da1e922d73d3aaf5a620ecb6467b2cb04d634c46cdf9147bb81f99a4624c411
a74fac55baaafbfdfd6e2f9b4463254336b7a44ae8c4c517370f76f6543691e1
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b11a2a808c8ad60fe8be6443526f32924f0c51970bb12fe40ecd4ba75d45af59
b1933ab6999d81f1e20a5359269831cd249ed2ce23345081b27b850426c9b997
b38977ea35fde92fe200fa14ac7cc55e2edce54b998ce9a08734ba1dd9053fed
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
ccbc87a9972ba3a8aaf41f83185c4d4373ff5614aeab2960d9672f8750e6fb7b
cde790bf42d3aa7f8f60408168021a1652558ce3c200002dc56258340da18f5d
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
d3a693684070a54b0735383fe5a07b64c962fbf57e50469302ff298eb568a16c
d3b928ddbb888850bf7141a85a87d812c7540cc6ee96c98273f19175ffde91b0
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd73aaa40aaa3f68485ce0099ab91f2db304523f542b95da68397340d58d5c4f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea8022a9eea58471cd61094b0705f1504947d4fbe4d4719ad202abac14a34d7a
eca086481484db86636c5e0a163bc79f0245b3dbcdff4991fab234c207854910
f0b936f3e023e3b2c5185bf031b4ee4c4a4d283902a998977969504e0efb10dc
f143c0357b27f45b41744e81e02032c5b0dd9cc9bbf77d91f994d94ca11b3efe
f26b5633d0577a58588a9c912e7a04badd4df1667411df0266516dedb2a3b7e5
f427a3e4e5543ecc1c2b69c5acd7edd623894303324c0e3f0a428a2f4dc5c324
fd37f91a25726469c2713df583233f8d0758d1c732315d0da01b3c24d115c1f7