Submitted URL: https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VW4K0B1rb6mWW6RdxxR906MrVW6hm-BV5dFtcGN3tskFg3lYMRW7lCdLW6lZ3mjW8rK4Zr6hR...
Effective URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe8...
Submission: On May 06 via manual from MA — Scanned from DE

Summary

This website contacted 26 IPs in 5 countries across 22 domains to perform 86 HTTP transactions. The main IP is 199.60.103.29, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.kandji.io.
TLS certificate: Issued by E1 on March 11th 2024. Valid for: 3 months.
This is the only time blog.kandji.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 25 199.60.103.29 209242 (CLOUDFLAR...)
1 2600:9000:211... 16509 (AMAZON-02)
11 2606:4700::68... 13335 (CLOUDFLAR...)
11 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
6 2600:1f18:e8a... 14618 (AMAZON-AES)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 104.19.175.188 13335 (CLOUDFLAR...)
2 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 142.250.185.99 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 142.250.181.232 15169 (GOOGLE)
1 2 142.250.186.34 15169 (GOOGLE)
2 2 142.250.186.98 15169 (GOOGLE)
2 2 142.250.184.228 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
4 5 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 2a03:2880:f17... 32934 (FACEBOOK)
1 2a01:111:202c... 8068 (MICROSOFT...)
86 26
Apex Domain
Subdomains
Transfer
25 kandji.io
email.kandji.io
blog.kandji.io
674 KB
11 hubspot.com
no-cache.hubspot.com — Cisco Umbrella Rank: 12774 Failed
app.hubspot.com — Cisco Umbrella Rank: 5794
track.hubspot.com — Cisco Umbrella Rank: 2393
11 KB
11 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 312
162 KB
7 testrobotflower.com
ob.testrobotflower.com — Cisco Umbrella Rank: 364650
obs.testrobotflower.com — Cisco Umbrella Rank: 301542
40 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 338
www.linkedin.com — Cisco Umbrella Rank: 619
px4.ads.linkedin.com — Cisco Umbrella Rank: 6419
4 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
497 KB
4 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3095
www.google.com — Cisco Umbrella Rank: 2
346 B
3 google.de
www.google.de — Cisco Umbrella Rank: 7810
191 B
3 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 89
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
301 B
3 hubspotusercontent-na1.net
5058330.fs1.hubspotusercontent-na1.net
215 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183
72 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 126
2 KB
2 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4333
forms-na1.hsforms.com — Cisco Umbrella Rank: 6937
2 KB
1 bing.com
bat.bing.com — Cisco Umbrella Rank: 345
13 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
274 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 803
17 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 3473
1 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2225
21 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3146
4 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2189
23 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 533
295 B
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 5709
6 KB
86 22
Domain Requested by
23 blog.kandji.io email.kandji.io
blog.kandji.io
cdn2.hubspot.net
11 cdn.cookielaw.org blog.kandji.io
cdn.cookielaw.org
8 track.hubspot.com
6 obs.testrobotflower.com ob.testrobotflower.com
blog.kandji.io
5 www.googletagmanager.com blog.kandji.io
www.googletagmanager.com
js.hsadspixel.net
4 px.ads.linkedin.com 3 redirects snap.licdn.com
3 www.google.de blog.kandji.io
3 5058330.fs1.hubspotusercontent-na1.net blog.kandji.io
2 connect.facebook.net js.hsadspixel.net
connect.facebook.net
2 www.google.com 2 redirects
2 googleads.g.doubleclick.net 2 redirects
2 www.googleadservices.com 1 redirects www.googletagmanager.com
2 region1.analytics.google.com www.googletagmanager.com
2 no-cache.hubspot.com blog.kandji.io
2 email.kandji.io 1 redirects
1 bat.bing.com www.googletagmanager.com
1 www.facebook.com
1 px4.ads.linkedin.com blog.kandji.io
1 www.linkedin.com 1 redirects
1 snap.licdn.com js.hsadspixel.net
1 api.hubapi.com js.hsadspixel.net
1 stats.g.doubleclick.net www.googletagmanager.com
1 forms-na1.hsforms.com blog.kandji.io
1 forms.hsforms.com blog.kandji.io
1 js.hs-analytics.net blog.kandji.io
1 js.hsadspixel.net blog.kandji.io
1 js.hs-banner.com blog.kandji.io
1 app.hubspot.com blog.kandji.io
1 geolocation.onetrust.com cdn.cookielaw.org
1 static.hsappstatic.net blog.kandji.io
1 ob.testrobotflower.com blog.kandji.io
86 31
Subject Issuer Validity Valid
email.kandji.io
E1
2024-03-11 -
2024-06-09
3 months crt.sh
blog.kandji.io
E1
2024-03-11 -
2024-06-09
3 months crt.sh
*.testrobotflower.com
Amazon RSA 2048 M02
2023-07-18 -
2024-08-16
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2024-03-01 -
2024-12-31
10 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3
2024-01-06 -
2024-12-31
a year crt.sh
hsappstatic.net
E1
2024-03-10 -
2024-06-08
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-04-16 -
2024-07-09
3 months crt.sh
hubspotusercontent-na1.net
Cloudflare Inc ECC CA-3
2023-12-26 -
2024-12-25
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2023-11-13 -
2024-11-12
a year crt.sh
hs-banner.com
E1
2024-04-01 -
2024-06-30
3 months crt.sh
hsadspixel.net
E1
2024-04-16 -
2024-07-15
3 months crt.sh
hs-analytics.net
GTS CA 1P5
2024-04-13 -
2024-07-12
3 months crt.sh
hsforms.com
GTS CA 1P5
2024-04-17 -
2024-07-16
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-04-16 -
2024-07-09
3 months crt.sh
*.google.de
GTS CA 1C3
2024-04-16 -
2024-07-09
3 months crt.sh
hubapi.com
E1
2024-05-04 -
2024-08-02
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2024-04-16 -
2024-07-09
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-01-30 -
2024-07-30
6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-02-13 -
2024-05-13
3 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02
2024-05-01 -
2024-06-27
2 months crt.sh

This page contains 1 frames:

Primary Page: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Frame ID: C87B32C3F3B7BB9B3C232FE5AE38B9B9
Requests: 86 HTTP requests in this frame

Screenshot

Page Title

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

Page URL History Show full URLs

  1. https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VW4K0B1rb6mWW6RdxxR906MrVW6hm-BV5dFtcGN3tskFg3lYMRW7l... Page URL
  2. https://email.kandji.io/events/public/v1/encoded/track/tc/ZS+113/cC6HP04/VW4K0B1rb6mWW6RdxxR906MrVW6... HTTP 307
    https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_k... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

86
Requests

93 %
HTTPS

70 %
IPv6

22
Domains

31
Subdomains

26
IPs

5
Countries

1762 kB
Transfer

4651 kB
Size

30
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VW4K0B1rb6mWW6RdxxR906MrVW6hm-BV5dFtcGN3tskFg3lYMRW7lCdLW6lZ3mjW8rK4Zr6hR197W7pMrlr8D4dWXVmn6vg1qPlNnN26v6PZp_lZ_W5CQLbb1GZVtHW6Fw7VQ62vHtbW8Zd_4F2vPPpLN8ZzcHm9z-PvVYD_0r2Dv-rzW2bpvx48tdcy6W8x0tNQ92L_QLW7pJD7s8NR9kcVyCnBl8kgXs5W7-4hzP1pq3JDW4csS_G1blVdDW20YznR1BdBNNW4Bt7SL3ckTT9W1HjsnW3s2gCSW2pTxcK6Mpf8_W3-myXt8TqM08W71DxC57_8mSQW3t1br6186Zt4W6P0s0v3HKk_4N46_mngSnT07f1WMC6x04 Page URL
  2. https://email.kandji.io/events/public/v1/encoded/track/tc/ZS+113/cC6HP04/VW4K0B1rb6mWW6RdxxR906MrVW6hm-BV5dFtcGN3tskFg3lYMRW7lCdLW6lZ3mjW8rK4Zr6hR197W7pMrlr8D4dWXVmn6vg1qPlNnN26v6PZp_lZ_W5CQLbb1GZVtHW6Fw7VQ62vHtbW8Zd_4F2vPPpLN8ZzcHm9z-PvVYD_0r2Dv-rzW2bpvx48tdcy6W8x0tNQ92L_QLW7pJD7s8NR9kcVyCnBl8kgXs5W7-4hzP1pq3JDW4csS_G1blVdDW20YznR1BdBNNW4Bt7SL3ckTT9W1HjsnW3s2gCSW2pTxcK6Mpf8_W3-myXt8TqM08W71DxC57_8mSQW3t1br6186Zt4W6P0s0v3HKk_4N46_mngSnT07f1WMC6x04?_ud=7116072c-6c7f-4912-9f6a-856dbdb01606&_jss=1&_fl=8&_pl=5&_hc=17&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
    https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47
  • https://www.googleadservices.com/pagead/conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=466254913&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI8LvMqcf4hQMV5omDBx12FQCSMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05NVFOMkZxX2tkbUVIWjNUOFRIM011YzN1SFhlODljckdya084NDl4WHktSFE5SEF1WWRtOW1nRThQTHdlY281VHg4OG5FUVNzckh2MHhTNV92VV9Cclg4RzU1dyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw HTTP 302
  • https://www.google.com/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=466254913&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI8LvMqcf4hQMV5omDBx12FQCSMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05NVFOMkZxX2tkbUVIWjNUOFRIM011YzN1SFhlODljckdya084NDl4WHktSFE5SEF1WWRtOW1nRThQTHdlY281VHg4OG5FUVNzckh2MHhTNV92VV9Cclg4RzU1dyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtq1bwGveT_UFmy9VHUL36uNpZcd021xw&random=169678855 HTTP 302
  • https://www.google.de/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=466254913&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI8LvMqcf4hQMV5omDBx12FQCSMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05NVFOMkZxX2tkbUVIWjNUOFRIM011YzN1SFhlODljckdya084NDl4WHktSFE5SEF1WWRtOW1nRThQTHdlY281VHg4OG5FUVNzckh2MHhTNV92VV9Cclg4RzU1dyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtq1bwGveT_UFmy9VHUL36uNpZcd021xw&random=169678855&ipr=y
Request Chain 57
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?random=1464918230&cv=11&fst=1714982407633&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=918873956.1714982408&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIl9TRqcf4hQMVWYeDBx09mg5tMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05NVFOMkZxX2tkbUVIWjNUOFRIM011YzN1SFhlODljckdya084NDl4WHktSFE5SEF1WWRtOW1nRThQTHdlY281VHg4OG5FUVNzckh2MHhTNV92VV9Cclg4RzU1dyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw HTTP 302
  • https://www.google.com/pagead/1p-conversion/781421631/?random=1464918230&cv=11&fst=1714982407633&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=918873956.1714982408&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIl9TRqcf4hQMVWYeDBx09mg5tMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05NVFOMkZxX2tkbUVIWjNUOFRIM011YzN1SFhlODljckdya084NDl4WHktSFE5SEF1WWRtOW1nRThQTHdlY281VHg4OG5FUVNzckh2MHhTNV92VV9Cclg4RzU1dyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqNLHOtEalq4S5USotOpXDxmCkU8Iytg&random=3446592224 HTTP 302
  • https://www.google.de/pagead/1p-conversion/781421631/?random=1464918230&cv=11&fst=1714982407633&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=918873956.1714982408&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIl9TRqcf4hQMVWYeDBx09mg5tMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05NVFOMkZxX2tkbUVIWjNUOFRIM011YzN1SFhlODljckdya084NDl4WHktSFE5SEF1WWRtOW1nRThQTHdlY281VHg4OG5FUVNzckh2MHhTNV92VV9Cclg4RzU1dyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqNLHOtEalq4S5USotOpXDxmCkU8Iytg&random=3446592224&ipr=y
Request Chain 58
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714982407786&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714982407786&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1329610%26time%3D1714982407786%26url%3Dhttps%253A%252F%252Fblog.kandji.io%252Fmalware-cuckoo-infostealer-spyware%253Futm_medium%253Demail%2526_hsenc%253Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%2526_hsmi%253D305522564%2526utm_content%253D305522564%2526utm_source%253Dhs_email%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714982407786&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714982407786&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&cookiesTest=true&liSync=true&e_ipv6=AQLkaylh2hdItwAAAY9M6tJRE1-P7_Gw14g_fRu1CmynMWTVbgy0NYmR4jExvRsA5MEI1Sk

86 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
VW4K0B1rb6mWW6RdxxR906MrVW6hm-BV5dFtcGN3tskFg3lYMRW7lCdLW6lZ3mjW8rK4Zr6hR197W7pMrlr8D4dWXVmn6vg1qPlNnN26v6PZp_lZ_W5CQLbb1GZVtHW6Fw7VQ62vHtbW8Zd_4F2vPPpLN8ZzcHm9z-PvVYD_0r2Dv-rzW2bpvx48tdcy6W8x0tNQ9...
email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/
8 KB
3 KB
Document
General
Full URL
https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VW4K0B1rb6mWW6RdxxR906MrVW6hm-BV5dFtcGN3tskFg3lYMRW7lCdLW6lZ3mjW8rK4Zr6hR197W7pMrlr8D4dWXVmn6vg1qPlNnN26v6PZp_lZ_W5CQLbb1GZVtHW6Fw7VQ62vHtbW8Zd_4F2vPPpLN8ZzcHm9z-PvVYD_0r2Dv-rzW2bpvx48tdcy6W8x0tNQ92L_QLW7pJD7s8NR9kcVyCnBl8kgXs5W7-4hzP1pq3JDW4csS_G1blVdDW20YznR1BdBNNW4Bt7SL3ckTT9W1HjsnW3s2gCSW2pTxcK6Mpf8_W3-myXt8TqM08W71DxC57_8mSQW3t1br6186Zt4W6P0s0v3HKk_4N46_mngSnT07f1WMC6x04
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
87f76f43282a2681-TXL
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Mon, 06 May 2024 08:00:05 GMT
last-modified
Mon, 06 May 2024 08:00:05 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=htiYeIKTdoB6eZpHhFlbZraUc7aQu3XFmYi3ssV1vsVvPyWgRK2xMI66wpMYDmxZE6gSYSSiWl237eFkbgrqQZ47e0Q%2BkGJOSpNKoArcKp0rZcBgUqXYk%2Ft4021ZbAWKjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
7
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-544dd46489-7cxbk
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
938fd1a3-f8c1-41cd-8670-9814c87dbfd7
x-request-id
938fd1a3-f8c1-41cd-8670-9814c87dbfd7
x-robots-tag
none
Primary Request malware-cuckoo-infostealer-spyware
blog.kandji.io/
Redirect Chain
  • https://email.kandji.io/events/public/v1/encoded/track/tc/ZS+113/cC6HP04/VW4K0B1rb6mWW6RdxxR906MrVW6hm-BV5dFtcGN3tskFg3lYMRW7lCdLW6lZ3mjW8rK4Zr6hR197W7pMrlr8D4dWXVmn6vg1qPlNnN26v6PZp_lZ_W5CQLbb1GZV...
  • https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=30552256...
162 KB
37 KB
Document
General
Full URL
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Requested by
Host: email.kandji.io
URL: https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VW4K0B1rb6mWW6RdxxR906MrVW6hm-BV5dFtcGN3tskFg3lYMRW7lCdLW6lZ3mjW8rK4Zr6hR197W7pMrlr8D4dWXVmn6vg1qPlNnN26v6PZp_lZ_W5CQLbb1GZVtHW6Fw7VQ62vHtbW8Zd_4F2vPPpLN8ZzcHm9z-PvVYD_0r2Dv-rzW2bpvx48tdcy6W8x0tNQ92L_QLW7pJD7s8NR9kcVyCnBl8kgXs5W7-4hzP1pq3JDW4csS_G1blVdDW20YznR1BdBNNW4Bt7SL3ckTT9W1HjsnW3s2gCSW2pTxcK6Mpf8_W3-myXt8TqM08W71DxC57_8mSQW3t1br6186Zt4W6P0s0v3HKk_4N46_mngSnT07f1WMC6x04
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
71f4d53fa42620ede25ea3ccf2180055cd8c67ab1ae978d486fd810bafbf6501
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VW4K0B1rb6mWW6RdxxR906MrVW6hm-BV5dFtcGN3tskFg3lYMRW7lCdLW6lZ3mjW8rK4Zr6hR197W7pMrlr8D4dWXVmn6vg1qPlNnN26v6PZp_lZ_W5CQLbb1GZVtHW6Fw7VQ62vHtbW8Zd_4F2vPPpLN8ZzcHm9z-PvVYD_0r2Dv-rzW2bpvx48tdcy6W8x0tNQ92L_QLW7pJD7s8NR9kcVyCnBl8kgXs5W7-4hzP1pq3JDW4csS_G1blVdDW20YznR1BdBNNW4Bt7SL3ckTT9W1HjsnW3s2gCSW2pTxcK6Mpf8_W3-myXt8TqM08W71DxC57_8mSQW3t1br6186Zt4W6P0s0v3HKk_4N46_mngSnT07f1WMC6x04
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=7200,max-age=5
cache-tag
CT-159120097439,CT-163759176078,CT-165936097429,CT-27579410748,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cf-cache-status
MISS
cf-ray
87f76f469e8d4504-TXL
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Mon, 06 May 2024 08:00:06 GMT
edge-cache-tag
CT-159120097439,CT-163759176078,CT-165936097429,CT-27579410748,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
last-modified
Mon, 06 May 2024 08:00:06 GMT
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TL3FemqCw0ivAk9mOT%2BOLFfUzm74oS2XesUahjfTBm8qVIgfNm4AxOALm4l96WEwN4%2Bf38nei5ERa70hnnNAlbWlNknGHNYuDqS98jOAQo5YHAuOKBdNxJhMuAiUBvbo"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
171
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/cms-30-39-td/envoy-proxy-5f8479db84-h5vxx
x-evy-trace-virtual-host
all
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
x-hs-content-id
165936097429
x-hs-hub-id
5058330
x-hubspot-correlation-id
b6d4eb84-3256-4291-bd63-2b31fb65760d
x-request-id
b6d4eb84-3256-4291-bd63-2b31fb65760d

Redirect headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
87f76f449c362681-TXL
content-security-policy
upgrade-insecure-requests
date
Mon, 06 May 2024 08:00:06 GMT
link
<https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email>; rel="canonical"
location
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5w3pg5s5RyyaJBUZHpevyPS%2Fomd5yzOiHCaHDJOEVVs6K0n7lOY0UOLAbfBVxyQpBqrmc2dQ10UcOUL7Q48IjLSmruIBfJNxNbDT9TvKjiEi%2BpItnAe1%2B1wWIO%2FovYrSIA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
30
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-544dd46489-xh4st
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
d9c15f0d-956f-4109-bf44-ab00cf1af053
x-request-id
d9c15f0d-956f-4109-bf44-ab00cf1af053
x-robots-tag
none
project.js
blog.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/
1 KB
1 KB
Script
General
Full URL
https://blog.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:06 GMT
strict-transport-security
max-age=31536000
via
1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
314407
x-amz-cf-pop
FRA56-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQt1IzgiOQeHVVvWVEPoi4AI27XMFnwkI8YEaCOgF6jRgWz19H1ise2Jwkp3Q%2Bk0eGEgUT8u0SAGAG3NfsX4wrHx52P%2BDjE3a%2FsY%2BnlD9gsOcgmonQgzaus30GkG3ZYr"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
87f76f49ef4f4504-TXL
x-amz-cf-id
vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires
Tue, 06 May 2025 08:00:06 GMT
v2.js
blog.kandji.io/_hcms/forms/
482 KB
160 KB
Script
General
Full URL
https://blog.kandji.io/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
453
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=87d96f164541bfcb-WAW
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"b0047a8901d8ed9f81db3dcb5982114e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5064/bundles/project-v2.js
date
Mon, 06 May 2024 08:00:06 GMT
strict-transport-security
max-age=31536000
via
1.1 309e9e958e8d35f7e17ae8ac267b7dea.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-amz-version-id
4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
x-amz-cf-pop
IAD12-P1
x-hubspot-correlation-id
96d6bda1-0825-4743-911f-095e64a5abc9
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
96d6bda1-0825-4743-911f-095e64a5abc9
last-modified
Wed, 03 Apr 2024 11:15:05 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iEn4bn0qarXPDuznpRgRxRT7yxcLpFszLM%2FnqO%2FFdkERWZN%2B%2Fcaz4CnNpYoLZiirsZpyge3wgpcbiP%2FDhQcSfg6fU1DeKp2GYYefN3T59KNivg9WOUu2i190kMAlCkKu"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-6q8hm
cf-ray
87f76f49ef564504-TXL
x-amz-cf-id
gQ8vN_gD3Hjwwo4Hhy3kZjyxbsWehEZ9Urn932GyO0R5u6UIpiYmaw==
130ddaec76c305292f6ec30ebef2d5ce.js
ob.testrobotflower.com/i/
102 KB
38 KB
Script
General
Full URL
https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:d800:10:9492:de80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Caddy /
Resource Hash
d283751d00bb83e4a94384ffe42fff66fcb83c4c84b055dc0eecfbb1351eac9a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 21:15:31 GMT
content-encoding
gzip
via
1.1 aff6ac5c98fa897349204752e5877c80.cloudfront.net (CloudFront)
server
Caddy
x-amz-cf-pop
FRA56-C2
age
38868
etag
"19756-ENz7GeJ5OacvINSh5pe3h6UYor4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=43200
content-length
38099
x-amz-cf-id
byvnGdEfkmoANJrCDA5uM_OxcitQBZsdItVWBB_BDNXav28AJjfqYQ==
expires
Mon, 06 May 2024 09:12:18 GMT
OtAutoBlock.js
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/
50 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/OtAutoBlock.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cea95b67c69f3eadce6a5ae44f8c92cdc25d9ecfd4f1f07abddbcc5609508f9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7026
content-md5
cZ3p4H6Oo0yMk5k3IdT0MQ==
content-length
6819
x-ms-lease-status
unlocked
last-modified
Thu, 15 Jun 2023 16:56:03 GMT
server
cloudflare
etag
0x8DB6DC167708395
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f03b4817-801e-007c-75bf-17177c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f76f4a8a9d3662-FRA
expires
Tue, 07 May 2024 08:00:06 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cfMMgqnnnYda745QhUdJrw==
age
12
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Thu, 02 May 2024 18:04:40 GMT
server
cloudflare
etag
0x8DC6AD2569D1DB7
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
81aa8688-601e-0010-3e74-9d778f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f76f4a8aa13662-FRA
expires
Tue, 07 May 2024 08:00:06 GMT
kandji.min.css
blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/
78 KB
15 KB
Stylesheet
General
Full URL
https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
608854bc9b4ff57f231d9b41b1b325b4a987f48eb56f26d928868acd8a2f30dc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
221
x-amz-request-id
F9HPZSY13693H32D
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"bf6969b4ed04d4ea3ce545ba141380ad"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1714606603151
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:00:06 GMT
strict-transport-security
max-age=31536000
via
1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
YQfeRzRYCP7qf_TbRR4YQdYoWaIep.Mc
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
fccf68c1-8cca-44eb-b1ca-a20ae782e7c0
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
192
alt-svc
h3=":443"; ma=86400
x-amz-id-2
iCaDhGep/cYFMzAK1kDnzm5YnoMUv88l3WY7SEHajJCwd3B6Ze+2FZOKIP0UYYHyCVGofDqAGic=
x-evy-trace-route-configuration
listener_https/all
x-request-id
fccf68c1-8cca-44eb-b1ca-a20ae782e7c0
last-modified
Wed, 01 May 2024 23:36:44 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=30VVnqeYy4W3nT5TJ0ZsDB9xvySeKI892WJ3aQhVbeP%2BGTWSIY4DyjjFVOpQ1V4fdgdmpN%2BjAK1nd%2FRvXzBzo3K%2FbCU%2B9ThxOA4q698JEluFfsexdW9Wum9TeX0JEbfp"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-7mxgq
access-control-allow-credentials
false
cf-ray
87f76f49ff6e4504-TXL
timing-allow-origin
blog.kandji.io
x-amz-cf-id
TzYK1goTY6genjB4tbroyyR_nWJHHGwaH9JPuAZCl_A5EDhoFssN5w==
2024.04.30%20Cuckoo%202.png
blog.kandji.io/hs-fs/hubfs/
17 KB
18 KB
Image
General
Full URL
https://blog.kandji.io/hs-fs/hubfs/2024.04.30%20Cuckoo%202.png?width=672&height=347&name=2024.04.30%20Cuckoo%202.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1567d2b9acd79cdc86589be269f601cbffcfa85dbee6ce63db97c8f3434da79
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:06 GMT
strict-transport-security
max-age=31536000
via
1.1 fecc88aab4864fba141da4bfceb073e8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-165961962245,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
17258
cf-resized
internal=ok/m q=0 n=1330+0 c=54+86 v=2024.4.1 l=17258
last-modified
Tue, 30 Apr 2024 18:02:29 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cf6yGpyB0EJrxo_quNgCZ1zhU7KVkZo0foeZqls5VvDQ:4d88a391e2bf20850f08bf6d422c3a96"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lKy7H0x5ni21l9mMADmnn76KPDXo3HfDLGfwrBQar2O5NlTbOjj4eSBuEmGtWHg5GX%2B8beLnp9cLFd73J7WTi9dUQy06DfvwEQKK0MCrOWGPLB0EcbcFNCYvKOaUMEwF"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f76f4a1fc24504-TXL
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
Untitled%20design%20(1).png
blog.kandji.io/hs-fs/hubfs/
454 B
1 KB
Image
General
Full URL
https://blog.kandji.io/hs-fs/hubfs/Untitled%20design%20(1).png?width=80&height=80&name=Untitled%20design%20(1).png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c77a58a32fba476a3d98e8200daea6916689fb18950cce6bd90e48e428caa6f0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:06 GMT
strict-transport-security
max-age=31536000
via
1.1 85b175d782816d34ed73f9ca030bf062.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-157917519700,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
454
cf-resized
internal=ok/m q=0 n=817+0 c=2+18 v=2024.4.0 l=454
last-modified
Thu, 22 Feb 2024 00:19:39 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfPFm93phRdC7Z74QB4VwWNervO7f-n0uC5YAbC82nDQ:11eb812ee9d202f5c27ede07174a49a0"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wzbWRTU1AL2Gqg%2Fik8TnXRJWhMDI5waNctK05AIgY%2BUp6I6XFTmT3A8BStm7nz4CMcka5ntAVXmmvgsYGpDyZSS5%2B5Linh1tsYJXRwOXVuAw0PTktpXKN58zgW%2BAnbuu"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f76f4afa004504-TXL
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
8bed3482-30c4-4ee2-85a9-6f0e2149b55c.png
no-cache.hubspot.com/cta/default/5058330/
0
0

current.js
blog.kandji.io/hs/cta/cta/
18 KB
8 KB
Script
General
Full URL
https://blog.kandji.io/hs/cta/cta/current.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
34d753f84b9e400b537366e47a9ebe10ec0ed56abe34174795bec29127d2ed79
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
198
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.285/bundles/current.js&cfRay=87d9f17b51578875-WAW
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"d86286755489ba85735d030c6a6ca5dc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
cta-embed-js/static-1.285/bundles/current.js
date
Mon, 06 May 2024 08:00:06 GMT
strict-transport-security
max-age=31536000
via
1.1 3f95374273631adbfd8e0d0a9f6d7b64.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-amz-version-id
.SaBlZes9qRhWaMqqCvaPXXAz4nOX23D
x-amz-cf-pop
IAD12-P1
x-hubspot-correlation-id
bea2776c-2363-4054-9ef6-6639df03009a
x-cache
Hit from cloudfront
cache-tag
staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
bea2776c-2363-4054-9ef6-6639df03009a
last-modified
Wed, 01 May 2024 11:35:03 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=alP0UIAG0h8CO4AwO1Pmi3dImszfTt0%2BibjssAaV%2Fes8RXR6YRyT1IeBhVJ88kEk8J2eQdRg%2BSex5D%2F7XkYrAlwiNiKfPC2bQC1X2VBTjQTm%2FuU6KYCnQPhNjR6Sl73x"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-72bsp
cf-ray
87f76f4ae9bc4504-TXL
x-amz-cf-id
Iws8hUscMujTiAzHTPIYq1X5MBON-nhwlKN_ZdnUWIgAboxWZXdzGA==
f9cbd4ff-31c8-46b4-914b-33c838de1b34.png
no-cache.hubspot.com/cta/default/5058330/
3 KB
4 KB
Image
General
Full URL
https://no-cache.hubspot.com/cta/default/5058330/f9cbd4ff-31c8-46b4-914b-33c838de1b34.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
631a0d62a719038670e8f56cc868da1bb3542376d251a781c6545cae129e2d7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
x-amz-version-id
tTGyEO0tJlODKY_zmzUuuYcp.joigpwa
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
R597T5GGK95M3S4K
x-amz-server-side-encryption
AES256
content-length
3266
x-amz-id-2
Wr3TPTdzpufQbRUk8B6559JbigUXt/MMhdkKfDKq3shJ5e5bnDpQ5uaYm1mXw9TqWUqrrxA7VgA=
last-modified
Fri, 02 Jun 2023 18:06:17 GMT
server
cloudflare
etag
"842097bab8692619d1384bba926c1149"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yg9qMdfbfq0lnd7zYFAlyLihKIkrlyvfumKSAQCPnYyipX1h4o2kI7dFRq2HR5Fg8zYrBI4aTsiXaLSAJ9s4GhnhWbh4JwE3Tf%2BtWw%2F3W0QGXxgRVGMvK7rF2YIDIVaoHw4jagnDDHGVlcz4PVc2D%2F7K"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
87f76f4b0fc16901-FRA
8b112eca-371f-41dd-bc10-130711c6d648.png
no-cache.hubspot.com/cta/default/5058330/
1 KB
2 KB
Image
General
Full URL
https://no-cache.hubspot.com/cta/default/5058330/8b112eca-371f-41dd-bc10-130711c6d648.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
047ad7989bc75b72ad38301072330f4109f8225a4e34bdde8bfa790edd0d5a0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
x-amz-version-id
f4WGBHOQ..wkPV9PgAGbh2HG2CnWNNPy
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
R595BB8ZNBT8CHGR
x-amz-server-side-encryption
AES256
content-length
1286
x-amz-id-2
5+mGoPCteMO6RYSEz5UkUyii7YZkUcDDG7ElFn5z4khpAOIZML1Wfli7Vx1jhjWkVDTJXBqf0h8=
last-modified
Fri, 08 Mar 2024 22:19:12 GMT
server
cloudflare
etag
"179d670d165cfa6f65deb404cccd7d89"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FpRAqmTsQhrpY3ym9r6pUHSJjqQXJ%2B%2BKKLLA%2F%2BTx2qKNglvhUhemNWu%2FZFewPwCMZ%2BFWgMnXXxTzAJFP40%2BEKUt0wo6E3sGch4RONm0GwnVdvY5X6XYX9YWGiWz5juukueSAjcoTSIkCpiNOzSXtFB2J"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
87f76f4b0fc36901-FRA
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.840/
13 KB
6 KB
Script
General
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.840/embed.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:ac5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:06 GMT
x-amz-version-id
e_mEpsTIjne7IZWFj8MkYDmouI7jSgMC
via
1.1 a2ce61e5ddc66736c9e2bfb6581fa2da.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P6
age
564419
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 01 Apr 2024 16:01:41 GMT
server
cloudflare
etag
W/"3a4474324e070674ecd017b9d44b9c99"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cHPIBqfRt9wjH%2FF%2FycF0g8%2FuYayNyIsifxl3wBfnA9vBMazGS3GYNWaLfpGsFbL5MicsiHq2WS6N8fDCI5xc0F0RvGDj9Y0BY2%2FXDGfTpTuav2w5keWBi8vGvIxIibGI1em10zS5EsqLNRVWprfCvuZ0zD0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
87f76f4b9b6c1b9f-FRA
x-amz-cf-id
uPbLZkmjrnCQRcy_jlXxA53kIIcKlWFGGfQZ_1GaMR0TsSieN4Mxjg==
expires
Tue, 06 May 2025 08:00:06 GMT
kandji.min.js
blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/
112 KB
36 KB
Script
General
Full URL
https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.min.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
953e94dc295871bac70da3981c02f89826b126b77678c770426e26e2020731c8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
220
x-amz-request-id
2HV1TG40DR1BA6SN
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"4cb530e790831873094e7ee81d06938a"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1710813314427
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:00:06 GMT
strict-transport-security
max-age=31536000
via
1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
tzPl9wZduJpEUTWWdXTe7fGP_WJ6sPj_
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
a8ac40e5-873a-4289-b0a7-f88f21e7b8b7
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
144
alt-svc
h3=":443"; ma=86400
x-amz-id-2
QB4MDy1Ai+EP1ZD7/+3lTVUlvlwkd/boUzEwoLmMHl8Vemj+b7NE3SmHDrg/DKmmXM3pp0xGqJE=
x-evy-trace-route-configuration
listener_https/all
x-request-id
a8ac40e5-873a-4289-b0a7-f88f21e7b8b7
last-modified
Tue, 19 Mar 2024 01:55:15 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zc%2B2T9MVWdS%2BqQQm1WbJhK%2BcwX86%2Bf7HZOb5YoFuew2hZH1603WyRw1aUq2WMwvoP3V3Y2c1wa1ipePIBjVb%2BB2qmdVmodaLH0npcjeEnV8LQsW1yOZczMCJi505uc9W"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-5c8495489f-wvfbh
access-control-allow-credentials
false
cf-ray
87f76f4af9fd4504-TXL
timing-allow-origin
blog.kandji.io
x-amz-cf-id
rcwZzpbmC9EKDI6aae1xb1lwHXUw3-2df65nvq9Cc5BvTwDwKTD_QQ==
5058330.js
blog.kandji.io/hs/scriptloader/
1 KB
1 KB
Script
General
Full URL
https://blog.kandji.io/hs/scriptloader/5058330.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2da8460e22d8ddf8965eae960d0690c0d31b8d5f5fc8071119a98df6458bcbd5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
d0bedefd-a6f9-485c-9a25-0179b9ec52af
content-encoding
br
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d0bedefd-a6f9-485c-9a25-0179b9ec52af
last-modified
Mon, 06 May 2024 07:55:16 GMT
server
cloudflare
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://blog.kandji.io
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-5d47c8d44f-lsm9l
cache-control
public, max-age=90
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DaCJfC6yD3ydlRRWt%2FoT12su1lgdDD4VQeo2aKoDVPMYweEEOpmmzF4lJMMpYgzioK5427jUlyHfkMgND2uILGsnmUdXWqH4h1e3GxPxYfQsx3KQtlXndNTIGgg59MJ4"}],"group":"cf-nel","max_age":604800}
cf-ray
87f76f4afa064504-TXL
expires
Mon, 06 May 2024 08:01:37 GMT
index.js
blog.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.321/js/
12 KB
5 KB
Script
General
Full URL
https://blog.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:06 GMT
strict-transport-security
max-age=31536000
via
1.1 44a23a2f4d4e9659f5b008d1f39e1318.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
308876
x-amz-cf-pop
WAW51-P3
x-amz-server-side-encryption
AES256
x-amz-version-id
1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 20 Mar 2024 15:59:57 GMT
server
cloudflare
etag
W/"5885ac5129ee80f8b7e1e228e142587d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bqvqYcdb2JIHb7MPMk%2FF2Va4XRKs92EIZ0s8FOjEdxgyPRsu%2BJxMad8vjlEI9bZZ1%2F%2BYagaoHUg3KFxDOTYUP9AvsVHstIRCfvosF8WUAxzMByLVX%2FZoIPYatRx%2BK4pA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
87f76f4afa0a4504-TXL
x-amz-cf-id
5LTyQyxZIRPK3NZXGJfmCy10Vf8EZlRquB0oSXT-gV1kjarqaNrJ5Q==
expires
Tue, 06 May 2025 08:00:06 GMT
52104b08-403c-474b-8e63-8560d38d0080.json
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/
4 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/52104b08-403c-474b-8e63-8560d38d0080.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bb5b82601b4d9a2d5c0c2114554c057cfcbd14758cbfcc4caabcd22ad9abe6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
38072
content-md5
6BMqikelNA/grYiNXxYYUQ==
content-length
1508
x-ms-lease-status
unlocked
last-modified
Thu, 15 Jun 2023 16:56:03 GMT
server
cloudflare
etag
0x8DB6DC1675F9622
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
36884402-a01e-007b-7e03-247b1f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f76f4b8a21bb59-FRA
expires
Tue, 07 May 2024 08:00:06 GMT
gtm.js
www.googletagmanager.com/
334 KB
106 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5cb815633de977612b3eafffebe4487f1f2fa795b87b304f01113e992a58e03e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
108592
x-xss-protection
0
last-modified
Mon, 06 May 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 06 May 2024 08:00:06 GMT
PPNeueMontreal-Variable.ttf
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/fonts/
190 KB
92 KB
Font
General
Full URL
https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/fonts/PPNeueMontreal-Variable.ttf
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
910f74967a8d03e18bdd8b4a46a1573653c71d374e9823f2d416d9bd250b1ea6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/
Origin
https://blog.kandji.io
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-95662839379,FD-95664176134,P-5058330,FLS-ALL
age
983341
x-amz-request-id
KKJPTSDK4KEG63EX
x-amz-server-side-encryption
AES256
edge-cache-tag
F-95662839379,FD-95664176134,P-5058330,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"61d5f1a1a93cc2b08ca4fc4032b9df1e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
font/ttf
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1671243819749
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:00:07 GMT
via
1.1 88fd4dc311317996718ed4ed98e5cbda.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-version-id
LseMZwrny9avZzv6GoE3a9pheWcyZ0eh
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-95662839379,FD-95664176134,P-5058330,FLS-ALL
x-amz-meta-index-tag
none
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-id-2
7uWEpvEevNESMUxrgs45hpkM0fx+NRC8MiHkR60dRKBT8DLKncDTZScwP9gUGdo8OhTrQU0Sv7k=
last-modified
Sat, 17 Dec 2022 02:23:40 GMT
server
cloudflare
cf-ray
87f76f4be98c2c18-FRA
timing-allow-origin
5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id
rGKAG_cjck9U5a6YZ1wQnsdxkFv2rQKz-P5dG2TbHN_BYW_3VSoVbw==
First%20screenshot_shadow.png
blog.kandji.io/hs-fs/hubfs/
80 KB
81 KB
Image
General
Full URL
https://blog.kandji.io/hs-fs/hubfs/First%20screenshot_shadow.png?width=895&height=700&name=First%20screenshot_shadow.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9164e39d63790c8764c886c09d0299cc3a3f13f42bf55f1b4cbdc4eea6c6359
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:06 GMT
strict-transport-security
max-age=31536000
via
1.1 7a6b4cd1254095c5b4b5ec2c3af1870a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-165936926823,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
82046
cf-resized
internal=ok/h q=0 n=16+196 c=0+0 v=2024.4.1 l=82046
last-modified
Tue, 30 Apr 2024 14:55:40 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfn-4rA8EuXDA7DQQOxyHyoLxndmRGB8yy55S65dU6DQ:749969da747907414f76c0dfb945f2b1"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1kWmfLVutFYWhfrJ8WsQPlmteRdaJ8WYatl%2FKBMB595NvLXLhJPOFgG2ua1s1VW088EQt6ulogG3cEwwvvERWLocS9f%2BmFn4q91xM3Eif%2BMeK6g%2FGdXRZ%2B09ugfhRA4"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f76f4b2a804504-TXL
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
2024.03.XX%20installers.png
blog.kandji.io/hs-fs/hubfs/
2 KB
3 KB
Image
General
Full URL
https://blog.kandji.io/hs-fs/hubfs/2024.03.XX%20installers.png?width=128&height=66&name=2024.03.XX%20installers.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e31e68652d40a182ba89f4af0ae2bc09c1a71bb893aa2bdd147a6278081d4ff
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000
via
1.1 f2b02f5afeb695ea85b659be98f49e92.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-160884535947,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
2412
cf-resized
internal=ok/h q=0 n=58+0 c=65+39 v=2024.4.1 l=2412
last-modified
Fri, 15 Mar 2024 15:49:20 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfvWXpEFLCQN_zZvbheJ2EmJLxdFxi2AAgjHEhntbsDQ:3c204f838ebc22dfc5014db1beca205b"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jMMmiBsQQLTG3dJzfTXOYzhNK5tVDcoiWiYn8%2BbWvgk58BvI3rLrEo%2FFbB1wJDdXPrEZQZOe354uQJis%2BSTn5aefA3S0XITMysI%2BiLTQOtyW1qkUmn4Qqui%2BTziAlLu3"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f76f4b4ad44504-TXL
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
2023.06.29%20security.png
blog.kandji.io/hs-fs/hubfs/
1 KB
2 KB
Image
General
Full URL
https://blog.kandji.io/hs-fs/hubfs/2023.06.29%20security.png?width=128&height=66&name=2023.06.29%20security.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4c8e87133644390cfb20c3cf3055dc631add2a8db9e05f6d23480df2d624399
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000
via
1.1 335b5d7a095dc0c2b19883021de7870e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-122688660010,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
1534
cf-resized
internal=ok/m q=0 n=739+0 c=26+16 v=2024.4.1 l=1534
last-modified
Wed, 28 Jun 2023 17:20:39 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfNCxsMukWtVp3OVsIX2njGMhLdFxi2AAgjHEhntbsDQ:c0131cccd4a63ec31e730507c1405caf"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yrd9vTVfoBVBU2q5UIN0YyPbr0nMeubmYUgQd0d7L8k8clkAhNxSIgOluZZKtuEXFSnkJ38IznIpLLZ%2Fsiw8YyehFYudOhpnsMSoO0F7thlDgUZZ07app225WFJpT5M%2B"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f76f4b4ad84504-TXL
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
2024.04.18%20Configurator.png
blog.kandji.io/hs-fs/hubfs/
1 KB
2 KB
Image
General
Full URL
https://blog.kandji.io/hs-fs/hubfs/2024.04.18%20Configurator.png?width=128&height=66&name=2024.04.18%20Configurator.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f9341805e550ac6c973ad2fb31797089b016f68d2482b10f7f975a61b403823
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:06 GMT
strict-transport-security
max-age=31536000
via
1.1 28de398d6bd20bc440c06f568b49c876.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-164794887495,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
1316
cf-resized
internal=ok/m q=0 n=1051+0 c=17+13 v=2024.4.1 l=1316
last-modified
Wed, 17 Apr 2024 22:10:35 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cftU2E2Jhvd8jr2j5bb1BXrMladFxi2AAgjHEhntbsDQ:884140d251f39ec2c0519828550c9614"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P719SdFN7LcwHFKC522NR3jbES3vjkxqRY1%2BaI6ZSuJvqwBfeCSP8wAkivQeIaFBHfYU3Wun8lVyTFWiP24zBAyVpjkUkhg7xeTOMGt9h5%2BNJ1P9zqmNl01TlA3EgaIi"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f76f4b4adb4504-TXL
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
Subscribe-Blog.png
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/
13 KB
13 KB
Image
General
Full URL
https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/Subscribe-Blog.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fc523fde3cc50b1d7b9e935d342b29b1e380d85f6d4b14aba2351838410bc83

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-meta-cache-tag
F-96062485125,FD-95861192563,P-5058330,FLS-ALL
age
2024581
x-amz-request-id
0R2CQ7QV965APF6H
x-amz-server-side-encryption
AES256
edge-cache-tag
F-96062485125,FD-95861192563,P-5058330,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Subscribe-Blog.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"ea57f01744259025dbbee871cdd1cb31"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1671621599617
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:00:07 GMT
via
1.1 99a0678067c9afa5ffc6dde34b960d40.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-version-id
CJxRHwMuRdpajywx_jTmK_D4quNoYBxx
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=16283
x-cache
RefreshHit from cloudfront
cache-tag
F-96062485125,FD-95861192563,P-5058330,FLS-ALL
x-amz-meta-index-tag
none
x-amz-storage-class
INTELLIGENT_TIERING
content-length
13174
x-amz-id-2
7ShcDXOmIn0A3jr5HIZUsghFp060kH08mbrCl0IOHBOMP/tCAG6DCWcugKK0Mro45RDssJQtwxY=
last-modified
Wed, 21 Dec 2022 11:20:00 GMT
server
cloudflare
accept-ranges
bytes
cf-ray
87f76f4beeec8f41-FRA
timing-allow-origin
5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id
OLdCt8sxfeU1nHIpMT4ZceLGZTeM5liPFOXoexx7ns8T-y1MpGeGTA==
json
blog.kandji.io/_hcms/forms/embed/v3/form/5058330/21f774d6-4c0b-4c25-b47a-35023464393a/
12 KB
4 KB
XHR
General
Full URL
https://blog.kandji.io/_hcms/forms/embed/v3/form/5058330/21f774d6-4c0b-4c25-b47a-35023464393a/json?hs_static_app=forms-embed&hs_static_app_version=1.5064&X-HubSpot-Static-App-Info=forms-embed-1.5064
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e11ac272157ff1d5e6572c3ba7ae3ab8a7dc780a1e50f1697dfbbbc65b1601f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-origin-hublet
na1
date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
8fb60d0d-4a33-4189-bc1f-e8bb82599fdb
content-encoding
br
x-envoy-upstream-service-time
27
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
8fb60d0d-4a33-4189-bc1f-e8bb82599fdb
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-max-age
180
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-kkb7j
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hgjg%2FlqDIiO%2BtRAyE1Oq1qmsacfWzqndy4KETKn6XfZr2KwfAyi3nyfUqO9HWqyTStT8jbFKue%2BF0TBQSx4VULlDV0Ud7WdW0onbXpbZ14u3n9ZOhLXh3XSh4xxEzU6k"}],"group":"cf-nel","max_age":604800}
cf-ray
87f76f4babd34504-TXL
access-control-allow-headers
*
x-robots-tag
none
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
59 B
295 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
accept
application/json
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
87f76f4c6f681c1e-FRA
access-control-allow-headers
Content-Type
has-permission-json
app.hubspot.com/content-tools-menu/api/v1/tools-menu/
0
959 B
XHR
General
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=5058330
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
no-sniff
cf-cache-status
DYNAMIC
x-hs-worker-debug-mode
false
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
00216221-c8a0-4191-8fdc-03c08d5a9f63
x-envoy-upstream-service-time
3
x-evy-trace-route-configuration
listener_https/all
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=87f76f4be8596901&resource=unknown"
x-evy-trace-listener
listener_https
x-request-id
00216221-c8a0-4191-8fdc-03c08d5a9f63
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin
https://blog.kandji.io
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-qbnbs
cache-control
max-age=0
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
cf-ray
87f76f4be8596901-FRA
right-laptopts.png
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/
109 KB
110 KB
Image
General
Full URL
https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/right-laptopts.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f336afca0db6e13235318d314c37a3f577c0c6219e57c1d44106d45313f0534e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-meta-cache-tag
F-134491805113,FD-95861192563,P-5058330,FLS-ALL
age
1104224
x-amz-request-id
PT1XPWF5CDQTCC07
x-amz-server-side-encryption
AES256
edge-cache-tag
F-134491805113,FD-95861192563,P-5058330,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="right-laptopts.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"d8f7fec81a5703b8fa569b8c7e09c1d2"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1694478484023
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:00:07 GMT
via
1.1 88fd4dc311317996718ed4ed98e5cbda.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-version-id
jjtaDQNzOAXVY5VvKDfKCQS8NeD2KgjS
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=181766
x-cache
Miss from cloudfront
cache-tag
F-134491805113,FD-95861192563,P-5058330,FLS-ALL
x-amz-meta-index-tag
none
x-amz-storage-class
INTELLIGENT_TIERING
content-length
111700
x-amz-id-2
uKc2AnpOPIB2NFf9GoYfuDLUZz9+3wQZKI0C3tl2HHb0QKbV7dIBHY9XuIh89OGm2EJfYhP7Ba0=
last-modified
Tue, 12 Sep 2023 00:28:05 GMT
server
cloudflare
accept-ranges
bytes
cf-ray
87f76f4c0f0b8f41-FRA
timing-allow-origin
5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id
5W5EiC1qjx9P7DZLpUvCnOgIjwCFfu1dbMAzhx9LidQXJ37pQW0U0g==
ct
obs.testrobotflower.com/
5 KB
2 KB
Script
General
Full URL
https://obs.testrobotflower.com/ct?id=57239&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1714982407103&hl=2&op=0&ag=2115704966&rand=838592510280220002701206971579819478624800005180967678216096148918107161777585270118&fs=1600x1200&fst=1600x1200&np=win32&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDUyOV0sWyJibmNoIiwxXSxbImFibmNoIiwxXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy04LCItIl0sWy0yOSwiLSJdLFstNDAsIjMzIl0sWy02NCwiWzAsXCJXaW4zMlwiLFt7XCJiXCI6XCJHb29nbGUgQ2hyb21lXCIsXCJ2XCI6XCIxMjRcIn0se1wiYlwiOlwiTm90OkEtQnJhbmRcIixcInZcIjpcIjhcIn0se1wiYlwiOlwiQ2hyb21pdW1cIixcInZcIjpcIjEyNFwifV1dIl0sWy0yNSwiLSJdLFstMjYsIntcInRqaHNcIjoxMjM1Mjg0NyxcInVqaHNcIjo4NTMzMTgzLFwiamhzbFwiOjQyOTQ3MDUxNTJ9Il0sWy01NywiV0UwWlYxeE9jVmhYWFZWY1N4Y0ZXbFpVU1V4TlhGMEhHV0pZU2hsWVNVbFZRR1FaRVZ4UFdGVVpXRTBaQlZoWFZsZEFWRlpNU2djWkVRTU9Bd2dNQ1FvSkFSQVZHUVZZVjFaWFFGUldURW9IQXdnQkF3b0pFQlZZVFJsNFMwdFlRQmRQWEJrUlVVMU5TVW9ERmhaV1d4ZE5YRXBOUzFaYlZrMWZWVlpPWEVzWFdsWlVGbEFXQ0FvSlhWMVlYRm9PRDFvS0NRd0xBQXRmRDF4YUNnbGNXMXhmQzEwTVdsd1hVMG9EQ0FNUERna0FDeEE9Il0sWy0yLCI2LGVBSFdYMS9mM3F6Q3Zia3V5bVF3Z2xJYUYzcEVzUkVFVHBvVmRGVkJRUXBSY1JCRlNLSUlnaVJJcjBLaEpScXBTQXRDQWtRSHBJenliYlhwbVpyLzUvZDk2YnpjdVNBUEovR3QiXSxbLTYzLCItIl0sWy0xNiwiMCJdLFstMTksIls3NzAsNzcwLDc3MCw3NzAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCIsMTYwMCwxMjAwXSJdLFstNTksImRlZmF1bHQiXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsNSx0cnVlLHRydWUsbnVsbCwwLHRydWUsdHJ1ZV0iXSxbLTEsIi0iXSxbLTQ5LCItIl0sWy0zNCwiLSJdLFstMTAsIi0iXSxbLTYwLDIwNF0sWy02NSwiLSJdLFstMTQsIi0iXSxbLTQ2LCIwIl0sWy01NSwiMiJdLFstMzMsIi0iXSxbLTcsIi0iXSxbLTQ4LCIwLDAiXSxbLTY4LCItIl0sWy01LCItIl0sWy0yMSwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstNiwie1wid1wiOltdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMjQsIltdIl0sWy02MSwie1wid2dzbFwiOlwiNDtyZWFkb25seV9hbmRfcmVhZHdyaXRlX3N0b3JhZ2VfdGV4dHVyZXM7cGFja2VkXzR4OF9pbnRlZ2VyX2RvdF9wcm9kdWN0O3VucmVzdHJpY3RlZF9wb2ludGVyX3BhcmFtZXRlcnM7cG9pbnRlcl9jb21wb3NpdGVfYWNjZXNzO1wiLFwicGNmXCI6XCJiZ3JhOHVub3JtXCJ9Il0sWy02NiwiZ2VvbG9jYXRpb24sc3RvcmFnZWFjY2VzcyxnYW1lcGFkLGNoZWN0LG1pZGksZGlzcGxheWNhcHR1cmUsdXNiLHBpY3R1cmVpbnBpY3R1cmUscHVibGlja2V5Y3JlZGVudGlhbHNnZXQsbG9jYWxmb250cyxvdHBjcmVkZW50aWFscyxlbmNyeXB0ZWRtZWRpYSxjaHNhdmVkYXRhLGNodWFmdWxsdmVyc2lvbmxpc3QsY2h1YXdvdzY0LGNoZG93bmxpbmssY2hwcmVmZXJzY29sb3JzY2hlbWUsc3luY3hocixjaHVhbW9kZWwsY2hwcmVmZXJzcmVkdWNlZHRyYW5zcGFyZW5jeSxzZXJpYWwsY2FtZXJhLGNocHJlZmVyc3JlZHVjZWRtb3Rpb24scHJpdmF0ZXN0YXRldG9rZW5pc3N1YW5jZSxpZGVudGl0eWNyZWRlbnRpYWxzZ2V0LGNodWFmdWxsdmVyc2lvbixmdWxsc2NyZWVuLGNoZHByLHVubG9hZCxrZXlib2FyZG1hcCxjaHVhcGxhdGZvcm0sZ3lyb3Njb3BlLGNodWFtb2JpbGUsd2luZG93bWFuYWdlbWVudCxjaHVhLHB1YmxpY2tleWNyZWRlbnRpYWxzY3JlYXRlLG1hZ25ldG9tZXRlcixhY2NlbGVyb21ldGVyLHByaXZhdGVzdGF0ZXRva2VucmVkZW1wdGlvbixjaHVhYXJjaCx4cnNwYXRpYWx0cmFja2luZyxjaHVhZm9ybWZhY3RvcnMsaWRsZWRldGVjdGlvbixjaHVhcGxhdGZvcm12ZXJzaW9uLGNod2lkdGgsY2xpcGJvYXJkcmVhZCxjaHZpZXdwb3J0d2lkdGgscGF5bWVudCxjaHZpZXdwb3J0aGVpZ2h0LGNocnR0LGF1dG9wbGF5LGNyb3Nzb3JpZ2luaXNvbGF0ZWQsaGlkLGNodWFiaXRuZXNzLHNjcmVlbndha2Vsb2NrLGNsaXBib2FyZHdyaXRlLGNoZGV2aWNlbWVtb3J5LG1pY3JvcGhvbmUiXSxbLTU4LCItIl0sWy00MywiMDAwMDAwMDEwMTAwMDAwMTAwMTExMDExMDAxMDExMDEwMDAwMDEiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNjIsIjgwIl0sWy0xNSwiLSJdLFstNDcsIkV1cm9wZS9CZXJsaW4sZGUtREUsbGF0bixncmVnb3J5Il0sWy01MCwiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTQ0LCIwLDAsMCw1Il0sWy0yOCwiZW4tVVMsZW4iXSxbLTUzLCIxMDAiXSxbLTY3LCItIl0sWy0zMSwiZmFsc2UiXSxbLTksIisiXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiLFwib2c6ZGVzY3JpcHRpb25cIixcIm9nOnRpdGxlXCIsXCJ0d2l0dGVyOmRlc2NyaXB0aW9uXCIsXCJ0d2l0dGVyOnRpdGxlXCJdfSJdLFstNTIsIi0iXSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImludGVsIGluYy5cIixcInJcIjpcImludGVsIGlyaXMgb3BlbmdsIGVuZ2luZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjo0LFwid2dsXCI6MSxcImdyZW5cIjpcIndlYmtpdCB3ZWJnbFwiLFwic2VmXCI6MTkzMDgyMDI3OSxcInNlY1wiOlwiXCJ9Il0sWy00NSwiLSJdLFstMzUsIlsxNzE0OTgyNDA3MTAwLC0yXSJdLFstNCwiPGh0bWwgbGFuZz1cImVuXCIgY2xhc3M9XCJzY3JvbGwtcHQtWzFyZW1dIG5hdlN3YXA6c2Nyb2xsLXB0LVs2cmVtXVwiPjxoZWFkPlxuICAgIDxtZXRhIGNoYXJzZXQ9XCJ1dGYtOFwiPlxuICAgIDxtZXRhIG5hbWU9XCJnb29nbGUtc2l0ZS12ZXJpZmljYXRpb25cIiBjb250ZW50PVwibDZzeHV1RFA4OF84RmF5SDFpMDlCWFVtR1o3UVZmeFVqd2VrWUI0bklmSVwiPlxuXG4gICAgXG5cbiAgICA8c2NyaXB0IGFzeW5jPVwiXCIgZGF0YS1vdC1pZ25vcmU9XCJcIiBjbGFzcz1cIm9wdGFub24tY2F0ZWdvcnktQzAwMDFcIiBzcmM9XCJodHRwczovL3d3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbS9ndG0uanM%2FaWQ9R1RNLVQ3R1pRM0xcIj48L3NjcmlwdD48c2NyaXB0PmZ1bmN0aW9uIGRvbVJlYWR5KGspe2lmKFsnaW50ZXJhY3RpdmUnLCdjb21wbGV0ZSddLmluZGV4T2YoZG9jdW1lbnQucmVhZHlTdGF0ZSk%2BPTApe2soKX1lbHNle2RvY3VtZW50LmFkZEV2ZW50TGlzdGVuZXIoJ0RPTUNvbnRlbnRMb2FkZWQnLGspfX08L3NjcmlwdD5cblxuICAgIDx0aXRsZT5NYWx3YXJlOiBDdWNrb28gQmVoYXZlcyBMaWtlIENyb3NzIEJldHdlZW4gSW5mb3N0ZWFsZXIgYW5kIFNweXdhcmU8L3RpdGxlPlxuICAgIDxsaW5rIHJlbD1cInNob3J0Y3V0IGljb25cIiBocmVmPVwiaHR0cHM6Ly9ibG9nLmthbmRqaS5pby9odWJmcy9mYXZpY29uLTMuaWNvXCI%2BXG4gICAgPG1ldGEgbmFtZT1cImRlc2NyaXB0aW9uXCIgY29udGVudD1cIkthbmRqaSdzIHRocmVhdCByZXNlYXJjaCB0ZWFtIGhhcyBkaXNjb3ZlcmVkIGEgcGllY2Ugb2YgbWFsd2FyZSB0aGF0IGNvbWJpbmVzIGFzcGVjdHMgb2YgYW4gaW5mb3N0ZWFsZXIgYW5kIHNweXdhcmUuIEhlcmUncyBob3cgaXQgd29ya3MuXCI%2BXG4gICAgXG4gICAgXG4gICAgXG4gICAgXG4gICAgXG5cbiAgICBcbiAgICA8c2NyaXB0PmZ1bmN0aW9uIG9uQ2hlcVJlc3BvbnNlKGEscil7d2luZG93LmNxX3JlcV9pZD1yfTwvc2NyaXB0PlxuICAgIDxzY3JpcHQgYXN5bmM9XCJcIiBzcmM9XCJodHRwczovL29iLnRlc3Ryb2JvdGZsb3dlci5jb20vaS8xMzBkZGFlYzc2YzMwNTI5MmY2ZWMzMGViZWYyZDVjZS5qc1wiIGRhdGEtY2g9XCJjaGVxNHBwY1wiIGNsYXNzPVwiY3RfY2xpY2t0cnVlXzU3MjM5XCI%2BPC9zY3JpcHQ%2BXG4gICAgXG5cbiAgICBcbiAgICA8c2NyaXB0IHR5cGU9XCJ0ZXh0L2phdmFzY3JpcHRcIiBzcmM9XCJodHRwczovL2Nkbi5jb29raWVsYXcub3JnL2NvbnNlbnQvNTIxMDRiMDgtNDAzYy00NzRiLThlNjMtODU2MGQzOGQwMDgwL090QXV0b0Jsb2NrLmpzXCI%2BPC9zY3JpcHQ%2BXG4gICAgPHNjcmlwdCBzcmM9XCJodHRwczovL2Nkbi5jb29raWVsYXcub3JnL3NjcmlwdHRlbXBsYXRlcy9vdFNES1N0dWIuanNcIiB0eXBlPVwidGV4dC9qYXZhc2NyaXB0XCIgY2hhcnNldD1cIlVURi04XCIgZGF0YS1kb21haW4tc2NyaXB0PVwiNTIxMDRiMDgtNDAzYy00NzRiLThlNjMtODU2MGQzOGQwMDgwXCI%2BPC9zY3JpcHQ%2BXG4gICAgPHNjcmlwdCB0eXBlPVwidGV4dC9qYXZhc2NyaXB0XCI%2BXG4gICAgICBmdW5jdGlvbiBPcHRhbm9uV3JhcHBlcigpIHsgfVxuICAgIDwvc2NyaXB0PlxuICAgIFxuXG4gICAgXG4gICAgPHNjcmlwdD4oZnVuY3Rpb24odyxkLHMsbCxpKXt3W2xdPXdbbF18fFtdO3dbbF0ucHVzaCh7J2d0bS5zdGFydCc6XG4gICAgICAgICAgbmV3IERhdGUoKS5nZXRUaW1lKCksZXZlbnQ6J2d0bS5qcyd9KTt2YXIgZj1kLmdldEVsZW1lbnRzQnlUYWdOYW1lKHMpWzBdLFxuICAgICAgICBqPWQuY3JlYXRlRWxlbWVudChzKSxkbD1sIT0nZGF0YUxheWVyJz8nJmw9JytsOicnO2ouYXN5bmM9dHJ1ZTtcbiAgICAgICAgai5zZXRBdHRyaWJ1dGVOb2RlKGQuY3JlYXRlQXR0cmlidXRlKCdkYXRhLW90LWlnbm9yZScpKTtcbiAgICAgICAgai5zZXRBdHRyaWJ1dGUoJ2NsYXNzJywnb3B0YW5vbi1jYXRlZ29yeS1DMDAwMScpO1xuICAgICAgICBqLnNyYz0naHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RtLmpzP2lkPScraStkbDtmLnBhcmVudE5vZGUuaW5zZXJ0QmVmb3JlKGosZik7XG4gICAgICB9KSh3aW5kb3csZG9jdW1lbnQsJ3NjcmlwdCcsJ2RhdGFMYXllcicsJ0dUTS1UN0daUTNMJyk7PC9zY3JpcHQ%2BXG4gICJdLFstMjMsIisiXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbMzcsIlszMzE2MjI0MDQ5LGZ1bmN0aW9uKG5ld1ZhbHVlKSB7XG4gICAgICAgICAgICAgIGFkZENvbnRlbnRXaW5kb3dQcm94eSh0aGlzKVxuICAgICAgICAgICAgICAvLyBSZXNldCBwcm9wZXJ0eSwgdGhlIGhvb2sgaXMgb25seSBuZWVkZWQgb25jZVxuICAgICAgICAgICAgICBPYmplY3QuZGVmaW5lUHJvcGVydHkoaWZyYW1lLCAnc3JjZG9jJywge1xuICAgICAgICAgICAgICAgIGNvbmZpZ3VyYWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgd3JpdGFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHZhbHVlOiBfc3JjZG9jXG4gICAgICAgICAgICAgIH0pXG4gICAgICAgICAgICAgIF9pZnJhbWUuc3JjZG9jID0gbmV3VmFsdWVcbiAgICAgICAgICAgIH1dIl0sWy0xNywiMTciXSxbLTMyLCItIl0sWy00MSwiLSJdLFstMTIsIm51bGwiXSxbLTEzLCItIl0sWy0yNywiWzUwLDEwLDAsXCI0Z1wiLG51bGxdIl0sWy0yMCwiLSJdLFstMTgsIlswLDAsMCwxXSJdLFstMzAsIltcInZcIiwwXSJdLFstMzgsImksLTEsLTEsMjUwLDAsMSwwLDI3LDQ0LDU4OCwtMSwwLDEwNjEuNSwxMDYxLjUsMTI1OSwxMjYwIl0sWy01MSwiLSJdLFstNTQsIntcImhcIjpbXCJfM1wiLFwiMjg3Mjg5OTMyMFwiLFwiXzFcIixcIjEwMzc5NzUxMDJcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTM2LCJbXCI0LzNcIixcIjQvM1wiXSJdLFsiZGRiIiwiMCw2LDAsMiwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDEsMCwxLDAsMCw1LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDMsMSwwLDAsMCwwLDAsMCwwIl0sWyJjYiIsIjAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDQsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwxLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCw3LDAsMCwwLDAsMCwwLDAsMSwwIl1d&dep=0&pre=0&sdd=%7B%7D&cri=CLOXnLv49y&pto=1262&ver=59&gac=-&mei=&ap=&fe=1&duid=1.1714982407.LqL1x8Dpkv8i90Gk&suid=1.1714982407.1V3G3gvOcP2ukSa4&tuid=1.1714982407.jMUcSAVFLGfWLpsl&fbc=-&gtm=WyJwYWdldmlldy5ibG9nX21hbHdhcmVfY3Vja29vX2luZm9zdGVhbGVyX3NweXdhcmUiLCJkb21fcmVhZHkiXQ%3D%3D&it=26%2C858%2C328&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-
Requested by
Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
8af1b0be3b224e2cef00e4e1d42385cb6ece31be342c45fad4304d780fb0ccd2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/javascript
pragma
no-cache
date
Mon, 06 May 2024 08:00:07 GMT
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
1983
expires
Fri, 01 Jan 1990 00:00:00 GMT
banner.js
js.hs-banner.com/v2/5058330/
71 KB
23 KB
Script
General
Full URL
https://js.hs-banner.com/v2/5058330/banner.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs/scriptloader/5058330.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6957528b73336870fef39c26e4c26a54274b20a6f4bcc72ced85acc62b35cea8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
x-amz-version-id
U18IpK875C1.kZkqgNYlPwP3nLAPfMuJ
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
S7ESB29YGNXZAV95
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
2805e18d-2373-4584-b946-9ec95f9abc8a
age
217
x-envoy-upstream-service-time
26
x-amz-id-2
liWB2BRxHvwatT1e7KrM+PsKLPQeHvzOthOZeLYDj4wvhKHMfVRkmFNQf9Z/McZ56GklPi0qyqM=
x-evy-trace-listener
listener_https
x-request-id
2805e18d-2373-4584-b946-9ec95f9abc8a
x-evy-trace-route-configuration
listener_https/all
last-modified
Mon, 15 Apr 2024 14:30:11 GMT
server
cloudflare
etag
W/"aa0a797298b2896ababed192ace38142"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.kandji.io
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-fp48c
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
87f76f4d1c7a3723-FRA
expires
Mon, 06 May 2024 08:01:29 GMT
fb.js
js.hsadspixel.net/
6 KB
4 KB
Script
General
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs/scriptloader/5058330.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c67d8ce90160a6586cfd2c2a936959738f5b1843ebdfbac4325c4d1a9b61224
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
x-amz-version-id
H75lIw.llLd5LbqLQfJpi4qQ6NOhCtlN
via
1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
582
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.551/bundles/pixels-release.js&cfRay=87f76116aab8bbf7-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
de33604e-b960-49a3-b447-899e804a7b7e
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
1
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
de33604e-b960-49a3-b447-899e804a7b7e
last-modified
Fri, 19 Apr 2024 14:01:51 UTC
server
cloudflare
etag
W/"65a4cdf8f8c613ea8f766101eea8e667"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-qbnbs
cf-ray
87f76f4d19145c62-FRA
x-amz-cf-id
zwYYiWriEw029QzxjCKaFN0LlI8xVrPujAA62mvdhwhYyIzvLIHkrg==
x-hs-target-asset
adsscriptloaderstatic/static-1.551/bundles/pixels-release.js
5058330.js
js.hs-analytics.net/analytics/1714982400000/
67 KB
21 KB
Script
General
Full URL
https://js.hs-analytics.net/analytics/1714982400000/5058330.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs/scriptloader/5058330.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f12dc284af1e9fe1ff422f71f892485263b9140dbf169882a7d8f82da5b5b12c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
PVQVZGRZSEAXBG68
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
d1c50e25-fd66-48db-bf3d-9f720ef2e8dc
x-envoy-upstream-service-time
17
x-amz-id-2
XKRtyt+jT99TKUm40sl21RqOjXLY2sEBw+dl88W8B5xjudgqozlGiMt4YR1umSWlLa4pigdJcLc=
x-evy-trace-listener
listener_https
x-request-id
d1c50e25-fd66-48db-bf3d-9f720ef2e8dc
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 24 Apr 2024 18:19:54 GMT
server
cloudflare
etag
W/"8f3df1a9325c8925bfb47bc8c68e83fa"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-2r68v
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
87f76f4d1f128ff5-FRA
expires
Mon, 06 May 2024 08:05:07 GMT
js
www.googletagmanager.com/gtag/
335 KB
107 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2c2408cc182cf4e2b168907aaaaca68d9c21ffd4589b34b6c446d6e935d53878
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109640
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 06 May 2024 08:00:07 GMT
js
www.googletagmanager.com/gtag/
335 KB
107 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f341a1af4cb80f6eb5b45f8f7f7b91cecf9319bbd87921a0eeb22cc51d69dd56
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109611
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 06 May 2024 08:00:07 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202303.1.0/
407 KB
98 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
099d33a1d679bcfa3722a172d91742af80d45166f760db1512e4944a9d95bc23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
12zQcT/rVMicuxojEvnp3g==
age
45486
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
100389
x-ms-lease-status
unlocked
last-modified
Tue, 18 Apr 2023 02:32:15 GMT
server
cloudflare
etag
0x8DB3FB51FD9A927
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
28d3babc-501e-0022-05ac-12fc9c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f76f4cdced3662-FRA
counters.gif
forms.hsforms.com/embed/v3/
35 B
885 B
Image
General
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
29f9eb08-d186-4756-a7e6-825253fe4e38
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
29f9eb08-d186-4756-a7e6-825253fe4e38
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-kkb7j
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
87f76f4d9da3c014-WAW
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
848 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
771693b5-94fc-4c6e-9869-5b0ba35acc87
x-envoy-upstream-service-time
4
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
771693b5-94fc-4c6e-9869-5b0ba35acc87
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-9gk7d
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
87f76f4dee15c014-WAW
collect
region1.analytics.google.com/g/
0
253 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4510v893716759za200&_p=1714982406859&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1702468715.1714982407&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&_s=1&cu=USD&dl=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26utm_content%3D305522564%26utm_source%3Dhs_email&dt=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&sid=1714982407&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&up.system_color_mode=Light&up.user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F124.0.0.0%20Safari%2F537.36&tfd=1464
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:00:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.kandji.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
253 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-V21CT0R1FX&cid=1702468715.1714982407&gtm=45je4510v893716759za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:00:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.kandji.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-V21CT0R1FX&cid=1702468715.1714982407&gtm=45je4510v893716759za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=133598090
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:00:07 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
en.json
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/1fb5c74a-9f40-42d3-9ca7-f3a03b8afa37/
100 KB
19 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/1fb5c74a-9f40-42d3-9ca7-f3a03b8afa37/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e41200427492c9d376344c7c1061ca5a2da82b1a6f2400d9c04b44723fa69ef9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
26284
content-md5
YPAwKbP0jKwGJCCAij8LUQ==
content-length
18986
x-ms-lease-status
unlocked
last-modified
Thu, 15 Jun 2023 16:56:05 GMT
server
cloudflare
etag
0x8DB6DC168C385F0
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3a2e9a05-001e-0010-1a0b-15fceb000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f76f4e2dbebb59-FRA
expires
Tue, 07 May 2024 08:00:07 GMT
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/
621 B
1 KB
XHR
General
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=5058330
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f06c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83afcd7bea4e4c7cf6e6c8147391aabca2b8b5a1fdce69981a9ee0b723c04904
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
0be01493-e20f-4142-a438-b00882d20fb9
content-encoding
br
x-envoy-upstream-service-time
13
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0be01493-e20f-4142-a438-b00882d20fb9
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.kandji.io
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-5d47c8d44f-sxctz
access-control-max-age
180
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yDfzgDNYcAOhFeaM8mHokD0wBbUDOSnamohTOBkSBDwRq%2BIl1qsIwaeEOWviUzNgJoWNnkxnRxrtJTVTS%2FCf39pbEheCrWfdYxybH0n2hMlvLwCkRRhiE6%2Ff69y1Bx%2BotUpxPnlGOUGKJzKl"}],"group":"cf-nel","max_age":604800}
cf-ray
87f76f4ecabd39ca-FRA
access-control-allow-headers
*
otFloatingFlat.json
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/
10 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/otFloatingFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
PubgfHj+VI+S8CXDj6L+0w==
age
12449
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2702
x-ms-lease-status
unlocked
last-modified
Tue, 18 Apr 2023 02:32:08 GMT
server
cloudflare
etag
0x8DB3FB51B88C45D
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
6b1ef2e5-001e-0062-1b69-79fba4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f76f4eae7fbb59-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/v2/
61 KB
12 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b382967162c482928529c765a21bf9ae4141dd1ccbdbf480140bdbd67eab8991
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
94mqEGmIxKb0iFeUZrbqtw==
age
12449
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12540
x-ms-lease-status
unlocked
last-modified
Tue, 18 Apr 2023 02:32:10 GMT
server
cloudflare
etag
0x8DB3FB51C6E493B
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
9475e437-101e-001c-2994-226be3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f76f4eae80bb59-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
XcxlleAcPGO2n5kTZrHH2Q==
age
55458
x-ms-lease-status
unlocked
last-modified
Tue, 18 Apr 2023 02:32:19 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
81f0c99d-101e-0033-67ce-216628000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87f76f4eae86bb59-FRA
js
www.googletagmanager.com/gtag/
257 KB
88 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-781421631&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
05eaf11e510cb2b752298aa494ac8b0dd0d89a441460341a5d5c2289349ffa61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89969
x-xss-protection
0
last-modified
Mon, 06 May 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 06 May 2024 08:00:07 GMT
/
www.google.de/pagead/1p-conversion/781421631/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=466254913&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnB...
  • https://www.google.com/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=466254913&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscr...
  • https://www.google.de/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=466254913&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd...
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=466254913&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI8LvMqcf4hQMV5omDBx12FQCSMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05NVFOMkZxX2tkbUVIWjNUOFRIM011YzN1SFhlODljckdya084NDl4WHktSFE5SEF1WWRtOW1nRThQTHdlY281VHg4OG5FUVNzckh2MHhTNV92VV9Cclg4RzU1dyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtq1bwGveT_UFmy9VHUL36uNpZcd021xw&random=169678855&ipr=y
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:00:08 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 06 May 2024 08:00:08 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=466254913&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI8LvMqcf4hQMV5omDBx12FQCSMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05NVFOMkZxX2tkbUVIWjNUOFRIM011YzN1SFhlODljckdya084NDl4WHktSFE5SEF1WWRtOW1nRThQTHdlY281VHg4OG5FUVNzckh2MHhTNV92VV9Cclg4RzU1dyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtq1bwGveT_UFmy9VHUL36uNpZcd021xw&random=169678855&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tc_imp.gif
obs.testrobotflower.com/tracker/
43 B
79 B
Image
General
Full URL
https://obs.testrobotflower.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126beace3de8438a9a9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5b168f6e2e17071a10acf9f29f671c80d78006283f12ff707e5281398d319402320020c603535667055894b8691b77be26bb25cb43e2916af05365ac097c7a1bdb50ef4ef497d7d63fbb2807ff7ecaa8556d8e0e3143714493d60264f260b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4a7a7908677a0ddc05afb35cd0e6f2094f79fb6f12a93daf07785715b90ebc33e1d11a26239abc61467e8dba8268b02f713bbd611961bc29e2cc33c37959c73d8778cc0b6a69de5e11b29f429aaa9bf6b0d26b6c13bd4f002f04f591e850105d2ce8acbcdfa8d3b8421ddd3ba8b76fb7f6b33cb793c959d9c4368dbe477a610f1944e9870bf3253594fd935af0a81d0b87085883fc117f08083dc688d524a29c0540554724821d5fc409856c2d4c87ff2ad49adb43fe78beff15aa588b6693c48a2b87153dae61e7038f3b6b935e64dd8b123e7e427fa14e92ced32dd6ca6ed5593472eb9f9e76e5f43275679545973e2e98432a763d4060c3b6ff8fc2cdaf75e6991ca9dd2b41bc7e8a3eae9a0ecac12423ffb4283b45b6b8547735e933e322233a83ffa285dcfe8c1668f62d5208daf3a88fc50f63850646251291ec4838b8e612a0cc60a5987878ca9bacb4f17dce5ec3ec9916171dbd11b207baa83d34455c235994dcd08e93e87009e9901f2be2ef0d9dd84cd0520baa229699064ba9fe3f304967e674e50d56c0310e2b1439db2458cc0cc991094d8d921042519ac21b952fb26eed83cc8763a7553306f62f3469cd76126e53695f9b14c8ddd479e6961b3033e708de2ba0959e76df68c16c60e31004ba0322c82accb61cb573c868413a1dfdde38142da5d563e14f277255480910c5cba3bfbffc12d8fdbf00f5d7ca16a3c0904cf1451fa98ee1812927e70d3978347d5d5bacf5d25a631bb076f56d04d3f62d6d8075d96d5e4dffeaf12e23eba73d623c1931fc2edf9372ae98644af82ace681aa82df3e508df824529a3b9b029f5ae1e335d48eb1d439baf295a3bd4e229de191a551dd46cb174f360062d8912737db64ee54dd8832ad1036e30b5db933e4c80027c565354a26cdf0ca31979f1b7b2d5526c2dec3bb9529921cb3ae363e919c4c756e120a4859955fc4ad1c2bbee48cd7f8b4e4eceadd228998960d68391e707f2b7a4fde5f135989ecbea533b4923420dfc115f3c9448d94dfdac8b8f20eec16da48ee3cef89fdd0c97c6fdb90d6e92b691565dd8182e27f5de381436702b830e573380cef4cfd7e971576c55853c598b8e489dfcfbb837dc34fc8c22d87a6afdf75fa8fff72478082d27cd467cd95d6506ccb882fdf907069f85c52a1&cri=CLOXnLv49y&ts=392&cb=1714982407495
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
date
Mon, 06 May 2024 08:00:07 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
1408d159-22df-482b-8edb-a2239474841b
https://blog.kandji.io/
261 B
0
Other
General
Full URL
blob:https://blog.kandji.io/1408d159-22df-482b-8edb-a2239474841b
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2e9242267c030bf3c993067878a94b4d05568918a9eabb9ada21f8520de2ce2

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length
261
Content-Type
a4e0f9a1-42a2-4438-89a0-2e69c3a32251
https://blog.kandji.io/
529 B
0
Other
General
Full URL
blob:https://blog.kandji.io/a4e0f9a1-42a2-4438-89a0-2e69c3a32251
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4bb60390950206001083823181e871a74c02c3850f6f8783e56d7fe373ea155

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length
529
Content-Type
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/
497 B
494 B
Fetch
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
65538
x-ms-lease-status
unlocked
last-modified
Thu, 02 May 2024 18:04:42 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
51c18e8b-f01e-0096-6065-9d235d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87f76f4f2f6abb59-FRA
logo_smaller.jpg
cdn.cookielaw.org/logos/88b1f9df-81c2-4d29-89cf-c98916e9bd0d/55e57800-c74c-4810-a41b-5e2afff8ac2a/7559b0a1-1d52-400b-a0ac-48786ae4e19f/
7 KB
7 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/88b1f9df-81c2-4d29-89cf-c98916e9bd0d/55e57800-c74c-4810-a41b-5e2afff8ac2a/7559b0a1-1d52-400b-a0ac-48786ae4e19f/logo_smaller.jpg
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5846533b4521c67fd6a587522d5dc150c85d870b1dfd635af7990317ace96f86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cWKZllORFmU1skGzXrJiWA==
age
3060
content-length
7067
x-ms-lease-status
unlocked
cf-bgj
h2pri
last-modified
Wed, 19 Apr 2023 22:05:49 GMT
server
cloudflare
etag
0x8DB41223BF0F461
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
50098723-701e-009c-504f-1494e5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f76f4f3f403662-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
5 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:00:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
27741
x-ms-lease-status
unlocked
last-modified
Thu, 02 May 2024 18:04:43 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
e029ff83-401e-0043-13c3-9c6b80000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87f76f4f3f423662-FRA
/
www.googleadservices.com/pagead/conversion/781421631/
3 KB
2 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/781421631/?random=1714982407633&cv=11&fst=1714982407633&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=918873956.1714982408&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-781421631&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
e4c15b087ec74b434a185a4e2a40f4ed0ab156aefc2b90db7e30de6a69e394b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:00:07 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
257 KB
88 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-781421631
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
b065e56ba58bbf210f7ff4abaaa6e3b988b287201893c863dafe6cc0dd8e742f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89991
x-xss-protection
0
last-modified
Mon, 06 May 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 06 May 2024 08:00:07 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
48 KB
17 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
05dce95eaa2457f1ed9076e0d32b59680b654cf7ca6a4e35f3fe682c78f460b0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-edgeconnect-origin-mex-latency
635
date
Mon, 06 May 2024 08:00:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 30 Apr 2024 10:06:07 GMT
x-cdn
AKAM
x-edgeconnect-midmile-rtt
0
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=42135
accept-ranges
bytes
content-length
17038
/
www.google.de/pagead/1p-conversion/781421631/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?random=1464918230&cv=11&fst=1714982407633&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sy...
  • https://www.google.com/pagead/1p-conversion/781421631/?random=1464918230&cv=11&fst=1714982407633&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u...
  • https://www.google.de/pagead/1p-conversion/781421631/?random=1464918230&cv=11&fst=1714982407633&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_...
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/781421631/?random=1464918230&cv=11&fst=1714982407633&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=918873956.1714982408&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIl9TRqcf4hQMVWYeDBx09mg5tMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05NVFOMkZxX2tkbUVIWjNUOFRIM011YzN1SFhlODljckdya084NDl4WHktSFE5SEF1WWRtOW1nRThQTHdlY281VHg4OG5FUVNzckh2MHhTNV92VV9Cclg4RzU1dyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqNLHOtEalq4S5USotOpXDxmCkU8Iytg&random=3446592224&ipr=y
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:00:08 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 06 May 2024 08:00:08 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/781421631/?random=1464918230&cv=11&fst=1714982407633&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&gtm_ee=1&npa=1&pscdl=noapi&auid=918873956.1714982408&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIl9TRqcf4hQMVWYeDBx09mg5tMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05NVFOMkZxX2tkbUVIWjNUOFRIM011YzN1SFhlODljckdya084NDl4WHktSFE5SEF1WWRtOW1nRThQTHdlY281VHg4OG5FUVNzckh2MHhTNV92VV9Cclg4RzU1dyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqNLHOtEalq4S5USotOpXDxmCkU8Iytg&random=3446592224&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714982407786&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_k...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714982407786&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_k...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1329610%26time%3D1714982407786%26url%3Dhttps%253A%252F%252Fblog.kandji.io%252Fmal...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714982407786&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_k...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714982407786&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_...
0
267 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714982407786&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&cookiesTest=true&liSync=true&e_ipv6=AQLkaylh2hdItwAAAY9M6tJRE1-P7_Gw14g_fRu1CmynMWTVbgy0NYmR4jExvRsA5MEI1Sk
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 176C478E8E8C49F5BE3D69043BC2663A Ref B: DUS30EDGE0919 Ref C: 2024-05-06T08:00:08Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYXxHVJvMn0SQrpMNEIJA==

Redirect headers

date
Mon, 06 May 2024 08:00:08 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: CB8FD09DB93345FE84BD34B53620E79E Ref B: DUS30EDGE0915 Ref C: 2024-05-06T08:00:08Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714982407786&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&cookiesTest=true&liSync=true&e_ipv6=AQLkaylh2hdItwAAAY9M6tJRE1-P7_Gw14g_fRu1CmynMWTVbgy0NYmR4jExvRsA5MEI1Sk
x-li-proto
http/2
content-length
0
x-li-uuid
AAYXxHVFcHuv2ndb8MVuDw==
/
blog.kandji.io/
0
18 KB
Other
General
Full URL
https://blog.kandji.io/
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:08 GMT
strict-transport-security
max-age=31536000
content-encoding
br
content-security-policy
upgrade-insecure-requests
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
edge-cache-tag
CT-89692465160,CG-5058330,CG-6850365017,P-5058330,CW-95728460932,CW-95831149845,CW-95982514497,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95710341535,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-96820535620,TS-95660243609
x-hs-prerendered
Sun, 05 May 2024 12:00:10 GMT
x-hs-cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400
x-hs-content-id
89692465160
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
referrer-policy
no-referrer-when-downgrade
x-hs-cache-control
s-maxage=10800, max-age=0
last-modified
Sun, 05 May 2024 12:00:10 GMT
server
cloudflare
x-hs-hub-id
5058330
etag
W/"fd842c554cac5d59832afca53db15b84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oR1O%2F%2BgLXVHUdWiYHUdsPoo1B1qw2WbaIQruk9v%2BrfNuCpkwUVGkbi7w2iGskZ0IPJBQs1y0%2BPO9%2F0JkpbgNcSr37jaT6vNhsVI4O3zFxw9ykPzBq%2F%2BJQtZwhovzMlA5"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
87f76f52bf254504-TXL
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
security
blog.kandji.io/tag/
0
15 KB
Other
General
Full URL
https://blog.kandji.io/tag/security
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:08 GMT
strict-transport-security
max-age=31536000
content-encoding
br
content-security-policy
upgrade-insecure-requests
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
edge-cache-tag
CT-89692465160,CG-6850365017,P-5058330,CW-95728460932,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95711748276,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,TS-95660243609,TG-154217753888
x-hs-prerendered
Sun, 05 May 2024 12:02:15 GMT
x-hs-cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400
x-hs-content-id
89692465160
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
referrer-policy
no-referrer-when-downgrade
x-hs-cache-control
s-maxage=10800, max-age=0
last-modified
Sun, 05 May 2024 12:02:15 GMT
server
cloudflare
x-hs-hub-id
5058330
etag
W/"d74db34e63d7f7569062dcef6f80c84d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VD3RRJlDrVvID04BzjZsb5syegZYV%2FAj8lWLaZcpLtWlDH2oLyXpk4DRMDFoNq2Zk6xIQ2z0zgnonVksdLAdEpXCjlEF1mKJj4Qge0zo2zG3bgDBFFgb0SWtWrEmoASC"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
s-maxage=10800, max-age=0
cf-ray
87f76f52cf314504-TXL
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
adam-kohler-christopher-lopez
blog.kandji.io/author/
0
15 KB
Other
General
Full URL
https://blog.kandji.io/author/adam-kohler-christopher-lopez
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:08 GMT
strict-transport-security
max-age=31536000
content-encoding
br
content-security-policy
upgrade-insecure-requests
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
edge-cache-tag
CT-89692465160,CG-6850365017,P-5058330,CW-95728460932,DB-5688587,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95711748276,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,TS-95660243609,AU-163759177072
x-hs-prerendered
Sun, 05 May 2024 12:02:13 GMT
x-hs-cf-cache-status
EXPIRED
alt-svc
h3=":443"; ma=86400
x-hs-content-id
89692465160
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
referrer-policy
no-referrer-when-downgrade
x-hs-cache-control
s-maxage=10800, max-age=0
last-modified
Sun, 05 May 2024 12:02:13 GMT
server
cloudflare
x-hs-hub-id
5058330
etag
W/"1525f3b506df0d5d68e2c3b8e9c32006"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=83o4%2Fm%2BteR4BnnrHnoVXlyEXayE0LDEUxd8WoYzifvFC%2BG7WofUPQPULcrFcq5k7orfRfnNeU4gdcVkHYE7vtMSQu5mrTRmZtwwziG%2FpJRtz9mQzM6%2BXNxRrkwzbzm4k"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
s-maxage=10800, max-age=0
cf-ray
87f76f52cf344504-TXL
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
mon
obs.testrobotflower.com/
0
146 B
XHR
General
Full URL
https://obs.testrobotflower.com/mon
Requested by
Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://blog.kandji.io
date
Mon, 06 May 2024 08:00:08 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
mon
obs.testrobotflower.com/
0
16 B
XHR
General
Full URL
https://obs.testrobotflower.com/mon
Requested by
Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://blog.kandji.io
date
Mon, 06 May 2024 08:00:08 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
cloudchat-infostealer
blog.kandji.io/
0
28 KB
Other
General
Full URL
https://blog.kandji.io/cloudchat-infostealer
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
15557ad7-0a9b-4b07-9e55-313f3374d5a9
content-encoding
br
edge-cache-tag
CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cache-tag
CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-envoy-upstream-service-time
173
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-hs-content-id
163759176078
x-request-id
15557ad7-0a9b-4b07-9e55-313f3374d5a9
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
referrer-policy
no-referrer-when-downgrade
x-hs-hub-id
5058330
last-modified
Mon, 06 May 2024 05:37:54 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MWXYoTBcuBnZ4lDWVPj%2FfbR%2FellrrkX6%2FXkwy6JTHcmLapxuQIJvVITdxoyd51CAgRggiQDZe5VcJId5JYGKF6tzGXZZ9TNv2yo8ax01Ws%2B7w9BubRq4GEo6pYYzlVEP"}],"group":"cf-nel","max_age":604800}
content-type
text/html;charset=utf-8
x-evy-trace-served-by-pod
iad02/cms-30-39-td/envoy-proxy-5f8479db84-78tn8
x-evy-trace-virtual-host
all
cache-control
s-maxage=7200,max-age=5
access-control-allow-credentials
false
cf-ray
87f76f588ee64504-TXL
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
apple-mitigates-vulnerabilities-installer-scripts
blog.kandji.io/
0
29 KB
Other
General
Full URL
https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
215
x-evy-trace-route-service-name
envoyset-translator
edge-cache-tag
CT-115070156673,CT-153270335865,CT-160875931283,CT-24097247610,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-evy-trace-listener
listener_https
referrer-policy
no-referrer-when-downgrade
x-hs-hub-id
5058330
vary
origin, Accept-Encoding
content-type
text/html;charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=7200,max-age=5
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
3c61123d-174b-4a68-9e5b-068a4e38d9a8
cache-tag
CT-115070156673,CT-153270335865,CT-160875931283,CT-24097247610,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-envoy-upstream-service-time
282
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
3c61123d-174b-4a68-9e5b-068a4e38d9a8
x-hs-content-id
160875931283
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
last-modified
Mon, 06 May 2024 05:35:40 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VAe3vPqnB5papFNzOU64Uaq8XLUh58qBJ5VpBDbjZPCgTjIKeEpV4FR4z0TE7QcMFi2DuM0cEcUghXZ7RUpNhvyUvbAyY4IdJ5bwhBYyxhIY8ET7qvaaCIZUkt6njEO5"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-30-39-td/envoy-proxy-5f8479db84-h5vxx
access-control-allow-credentials
false
cf-ray
87f76f588eeb4504-TXL
amos-macos-stealer-analysis
blog.kandji.io/
0
25 KB
Other
General
Full URL
https://blog.kandji.io/amos-macos-stealer-analysis
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
42a4cdfd-0741-43bc-82fc-9b73a77eb096
content-encoding
br
edge-cache-tag
CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cache-tag
CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-envoy-upstream-service-time
146
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-hs-content-id
159120097439
x-request-id
42a4cdfd-0741-43bc-82fc-9b73a77eb096
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
referrer-policy
no-referrer-when-downgrade
x-hs-hub-id
5058330
last-modified
Mon, 06 May 2024 06:02:38 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aQ27wH%2BrzdOLExY73UVHHrrnXhvRZZskQGeMu6XEqxIJzI3bSFMO9RnXpATxmLmuZYsCphSZdt9HEOHbhB9xKX9sEODeg%2FxuLc%2FYHs%2BCCiAxgb7kyS6U9gaI2gxwjgq6"}],"group":"cf-nel","max_age":604800}
content-type
text/html;charset=utf-8
x-evy-trace-served-by-pod
iad02/cms-30-39-td/envoy-proxy-5f8479db84-tx4mf
x-evy-trace-virtual-host
all
cache-control
s-maxage=7200,max-age=5
access-control-allow-credentials
false
cf-ray
87f76f588eee4504-TXL
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
/
px.ads.linkedin.com/wa/
0
266 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Accept
*
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 79FB47B7FDDB49D29F7752E3E0943129 Ref B: DUS30EDGE0915 Ref C: 2024-05-06T08:00:09Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
access-control-allow-origin
https://blog.kandji.io
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYXxHVMxU0ngLZd1yCVCg==
fbevents.js
connect.facebook.net/en_US/
218 KB
59 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 06 May 2024 08:00:09 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57845
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1294, tbw=2783, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
gDHaFcNfmNicOZGFCOwKf0QURVH6LiGHO4/+oAQgEgs5EC7+ZyBjr+HhhFkZlM4oRH2fBn9mjtjER3qAY7Emvg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
__ptq.gif
track.hubspot.com/
45 B
644 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714982409172&vi=80c16a66d189543a341bff392e559d66&nc=true&u=234561729.80c16a66d189543a341bff392e559d66.1714982409170.1714982409170.1714982409170.1&b=234561729.1.1714982409170&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
6bad2c3b-70ae-408f-9c8b-84b6b94cd181
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
6
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
6bad2c3b-70ae-408f-9c8b-84b6b94cd181
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W5JOLhmBpu1r4zUlBw8%2BVJvvKEUrQnHAJg4iZia%2FKmRtErKaTT%2B5dXf%2BRku8slnCsv%2BH%2BznwAJBd5g8agdLvNmGcvUL2%2BQlyjAIwlXbnT%2FGDt7xftr6dZWGdL8fsQjZyO16qaU9EmdeA4VgRxX8u"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-kqqtw
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f76f598b2d6901-FRA
x-robots-tag
none
__ptbe.gif
track.hubspot.com/
45 B
392 B
Image
General
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_analytic_event&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714982409172&vi=80c16a66d189543a341bff392e559d66&nc=true&u=234561729.80c16a66d189543a341bff392e559d66.1714982409170.1714982409170.1714982409170.1&b=234561729.1.1714982409170&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5c939be6-586b-43a3-a289-d66be8bdddce
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
14
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5c939be6-586b-43a3-a289-d66be8bdddce
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ys5a3ULR47Er3cH34EiudRG5b2yeepuSI4l%2BB5I%2FAHecvKKu1WBWYxVzugGOw5GgyUVlwdtYmz3qtXJjcbgUHT1eFopphDge9TiSch3zoNRvuAgaJwEqgaIrQSxfzbOuMqJtylBBfmy5RHEOaSux"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-c67ms
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f76f598b386901-FRA
x-robots-tag
none
__ptbe.gif
track.hubspot.com/
45 B
470 B
Image
General
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_definition_fetch_success&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714982409173&vi=80c16a66d189543a341bff392e559d66&nc=true&u=234561729.80c16a66d189543a341bff392e559d66.1714982409170.1714982409170.1714982409170.1&b=234561729.1.1714982409170&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
2d41c488-3bc0-4383-a22e-c306dca4c0e1
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
8
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
2d41c488-3bc0-4383-a22e-c306dca4c0e1
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cXYDq2XtdvOZsA1SzQqFDi9l%2BEqNqY0Eglofe9E86OVyAlVvC2esGh39S9bNl1MrCmIhPiqUnGV%2FlValiHUFQJXdy%2BjjT%2FZznNs1fJT7xdUM1LXRUgoQnfY1%2Bv0haE3aZlUfifPEG6Rt10UaB4Te"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-9rddg
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f76f598b356901-FRA
x-robots-tag
none
__ptbe.gif
track.hubspot.com/
45 B
439 B
Image
General
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_before_init&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714982409173&vi=80c16a66d189543a341bff392e559d66&nc=true&u=234561729.80c16a66d189543a341bff392e559d66.1714982409170.1714982409170.1714982409170.1&b=234561729.1.1714982409170&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
efff3f3a-56b0-48b1-afd7-0a4798994147
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
5
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
efff3f3a-56b0-48b1-afd7-0a4798994147
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wKxeYAJw85DYokn4I7ffJ9Xc%2Fc40Rp%2FI29Sl6XGNEKCnxRg3Je0NvWcHCd0x0AqFDpKPB4HbGspBYkj5xnwtdLhkquW9MvGmTViQ%2B7hXfydJsblsvZqKa%2FLdOQWYEUDj90ASIigjTCl3szZ0TcA8"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-fsl8l
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f76f598b376901-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/
45 B
468 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=21f774d6-4c0b-4c25-b47a-35023464393a&fci=ca25aa53-9212-402a-a5d5-4f803cdc700c&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714982409173&vi=80c16a66d189543a341bff392e559d66&nc=true&u=234561729.80c16a66d189543a341bff392e559d66.1714982409170.1714982409170.1714982409170.1&b=234561729.1.1714982409170&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
966e928b-b60d-4fdc-88e4-3c33dd5c5e44
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
6
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
966e928b-b60d-4fdc-88e4-3c33dd5c5e44
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nEU9O0TONkb6v0pciv3OjWx24ciwlowfPcWCWwbpMUwWfWIYPFA76rz2edzOZu66TNJqIMI4VXZR%2F4vmNh1%2B%2BF%2FeP3mBuhTipAEjNukHOZwoSJ4b5sdO44AY6ryR630cAM0SxoU1boMuy0Vhrw98"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-hch7x
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f76f598b2e6901-FRA
x-robots-tag
none
__ptbe.gif
track.hubspot.com/
45 B
580 B
Image
General
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_ready&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714982409174&vi=80c16a66d189543a341bff392e559d66&nc=true&u=234561729.80c16a66d189543a341bff392e559d66.1714982409170.1714982409170.1714982409170.1&b=234561729.1.1714982409170&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b5d58985-40f0-4a3e-b40b-1648046734a9
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
9
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b5d58985-40f0-4a3e-b40b-1648046734a9
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8db7%2F8NWxRzFrRUNBFCx18nY80s3av7vFCRXgKZo42njaU1NE5e2n56WhZcHguM8diIlWlQhO86HQmjxElVrJplFQUGbrrQO33pZD%2FO1DrH%2FUlq2bfiIiJRtPFCq3lTdD6vQP9V5ggQI21xBM1y"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-c67ms
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f76f598b316901-FRA
x-robots-tag
none
__ptbe.gif
track.hubspot.com/
45 B
682 B
Image
General
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_before_validation_init&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714982409174&vi=80c16a66d189543a341bff392e559d66&nc=true&u=234561729.80c16a66d189543a341bff392e559d66.1714982409170.1714982409170.1714982409170.1&b=234561729.1.1714982409170&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
8b5f24f7-90f3-461a-b357-1e1a7583c2f5
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
6
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
8b5f24f7-90f3-461a-b357-1e1a7583c2f5
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BAMH13Akr8wnCVXYY%2FgbJ2AP0Y2hjQoPF3nTzr2KCgURXrgSBDST%2F2%2F%2FvpipKeEuMPzy6cMsM%2BlISDXh6vaI8Y%2Bom0cR3WfSns%2F3mAYhPHutx69KL7K2TkvKqQgK3Ui%2FiJKJIssCdR7UptiotYHg"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-nmffp
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f76f5a9c126901-FRA
x-robots-tag
none
__ptbe.gif
track.hubspot.com/
45 B
440 B
Image
General
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_analytic_event&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714982409174&vi=80c16a66d189543a341bff392e559d66&nc=true&u=234561729.80c16a66d189543a341bff392e559d66.1714982409170.1714982409170.1714982409170.1&b=234561729.1.1714982409170&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
6b91e6e3-2837-4e4a-892b-b9bd517366ec
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
12
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
6b91e6e3-2837-4e4a-892b-b9bd517366ec
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lovsg1eMPVy1cKhZoMMCHsShAUB7MQMnzsIds3egu%2BESO8qIh7pvE%2Fc6y3VMRGVJ%2BbxU5Yzie3USgOKYXCosRMKh%2B8X%2F7BZToqDCqq6q2H8eY0VjaUk61IxtZkyf5kv4b4tz1AEv1926kfhhvnuV"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-fsl8l
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f76f5abc3a6901-FRA
x-robots-tag
none
favicon-3.ico
blog.kandji.io/hubfs/
15 KB
4 KB
Other
General
Full URL
https://blog.kandji.io/hubfs/favicon-3.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2d41a1b6c32ab456d18738bf61dc24c0e005cdae9b9a4217760ff8dad1e6c49
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-69125449986,P-5058330,FLS-ALL
age
261153
x-amz-request-id
Q5KS931P9A1A2F53
x-amz-server-side-encryption
AES256
edge-cache-tag
F-69125449986,P-5058330,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"a479d2e98cdbda4dffb71d43887dcac0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1647912952595
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000
via
1.1 a952a9f23f3cd76250ef3c22a1c48a20.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
YpH3jO4xnu2k6P.H5WyN2Y.XriWIZvyk
x-amz-cf-pop
TLV50-C2
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-69125449986,P-5058330,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
x-amz-id-2
oqNUHvqHQG35VBosY8T0fCoFZbrVZUAivxTdfxzbYkUBz5pe0gRUvdmfb5gKa5qA3rDbCsuDtpM=
last-modified
Tue, 22 Mar 2022 01:35:53 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wba7SrZ9%2B3jacPj9H%2FDehCdm1orN1p7kC78z0Oo1Qid6XurVmKp0XBm%2BPazJr3dlJupc4CEuWk2tRlIfVfFgVW%2BTaDlPeYCOgniPyAvakSnYaeKBtnt%2BbgTESqcIjaEP"}],"group":"cf-nel","max_age":604800}
cf-ray
87f76f5989814504-TXL
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
FxaLZWbdMB0wywdAD3Fz1gB9vC9PUZXFRO0-84I70nzDP2tn46-yfw==
v2.js
blog.kandji.io/_hcms/forms/
482 KB
160 KB
Script
General
Full URL
https://blog.kandji.io/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
If-None-Match
W/"b0047a8901d8ed9f81db3dcb5982114e"
If-Modified-Since
Wed, 03 Apr 2024 11:15:05 UTC
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
456
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=87d96f164541bfcb-WAW
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"b0047a8901d8ed9f81db3dcb5982114e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5064/bundles/project-v2.js
date
Mon, 06 May 2024 08:00:09 GMT
strict-transport-security
max-age=31536000
via
1.1 309e9e958e8d35f7e17ae8ac267b7dea.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-amz-version-id
4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
x-amz-cf-pop
IAD12-P1
x-hubspot-correlation-id
96d6bda1-0825-4743-911f-095e64a5abc9
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
96d6bda1-0825-4743-911f-095e64a5abc9
last-modified
Wed, 03 Apr 2024 11:15:05 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N3FlYsrCHunuMq8Ff%2BDr%2FeNWtjpxpX3sYfxFYcO8vbJnx2gN26ebVKROO%2F0ex%2BStv4z%2FhzzIWhXdwiHmR3DSmAnx2dvPN6dEivDcm7JmBngZ2RNJbETsH7LF1Z7Pg5w7"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-6q8hm
cf-ray
87f76f59a9e74504-TXL
x-amz-cf-id
gQ8vN_gD3Hjwwo4Hhy3kZjyxbsWehEZ9Urn932GyO0R5u6UIpiYmaw==
821678078239751
connect.facebook.net/signals/config/
66 KB
14 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/821678078239751?v=2.9.155&r=stable&domain=blog.kandji.io&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
17b3c66292df72b6c315c952f755b9272e0beaee2bb143457c937ec106578cee
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 06 May 2024 08:00:09 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=46, rtx=0, c=64, mss=1294, tbw=63309, tp=-1, tpl=-1, uplat=135, ullat=0
pragma
public
x-fb-debug
Z4+ncvw/ndE3T3lK6GgehgEbFZA5MhEMVApDWLHDBSAVJe+ggmwv/xq4s5Viw9NxQ17OojaVKAkp4lv313iZHg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=821678078239751&ev=PageView&dl=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&rl=&if=false&ts=1714982409637&sw=1600&sh=1200&ud[external_id]=80c16a66d189543a341bff392e559d66&v=2.9.155&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1714982409636.957707490&cs_est=true&ler=empty&cdl=API_unavailable&it=1714982409444&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=40, rtx=0, c=10, mss=1294, tbw=2774, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 06 May 2024 08:00:09 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
mon
obs.testrobotflower.com/
0
39 B
XHR
General
Full URL
https://obs.testrobotflower.com/mon
Requested by
Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://blog.kandji.io
date
Mon, 06 May 2024 08:00:10 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
collect
region1.analytics.google.com/g/
0
45 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4510v893716759za200&_p=1714982406859&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1702468715.1714982407&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&cu=USD&dl=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26utm_content%3D305522564%26utm_source%3Dhs_email&dt=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&sid=1714982407&sct=1&seg=0&_s=2&tfd=6301
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:00:12 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.kandji.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bat.js
bat.bing.com/
45 KB
13 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:111:202c::237 , United Kingdom, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Mon, 06 May 2024 08:00:11 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 966E1C2C32BA44088D4860161893AD04 Ref B: VIEEDGE1414 Ref C: 2024-05-06T08:00:12Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
mon
obs.testrobotflower.com/
0
39 B
XHR
General
Full URL
https://obs.testrobotflower.com/mon
Requested by
Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://blog.kandji.io
date
Mon, 06 May 2024 08:00:12 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
no-cache.hubspot.com
URL
https://no-cache.hubspot.com/cta/default/5058330/8bed3482-30c4-4ee2-85a9-6f0e2149b55c.png

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 function| domReady function| onCheqResponse object| OneTrustStub function| OptanonWrapper object| dataLayer object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady undefined| kandji object| Alpine object| hsVars object| options object| _hsq object| FPConfig function| __ctcg_ct_57239_exec object| _hsp object| google_tag_manager object| google_tag_data function| gtag function| onYouTubeIframeAPIReady string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| gaGlobal object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran boolean| PIXELS_RAN object| enabledEventSettings object| _paq function| sanitizeKey boolean| _hstc_loaded object| Optanon object| OneTrust object| _cq string| cq_req_id function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage object| GooglebQhCsO object| _linkedin_data_partner_ids function| lintrk boolean| _already_called_lintrk object| ORIBILI boolean| _hstc_ran string| __hsUserToken number| expireDateTime function| fbq function| _fbq function| UET function| UET_init function| UET_push object| uetq

30 Cookies

Domain/Path Name / Value
.email.kandji.io/ Name: __cf_bm
Value: hjK2utUvKZJDyNSlaL.2vCDQgyog.ZjAJXdYaHHu.1M-1714982405-1.0.1.1-NGSJISZTE.GEqbmM9fSethmXrrlWUcsNLd3Fmdfcick08Kxo11FP8tAUZ4WZkxY36dcZH2cnPNjJJDWeGUheLg
.email.kandji.io/ Name: __cfruid
Value: ae4188ae8878fc23c4628346eeaf62b08750d73f-1714982405
.blog.kandji.io/ Name: __cf_bm
Value: GJjNKufYl_n56oj6CDair6tiYZolKJOh4dFTtM_pevI-1714982406-1.0.1.1-wD_uUc71zbfXfLJJ05bbLCi8d28rYEpx2H3Pf_OSmpPBacfJGXzp3pxM1jxvPztVG0cs.KQK79wvwkJgPqxN6A
.blog.kandji.io/ Name: __cfruid
Value: c1d6f961eff193d611ca9d74e676b36a80299bc7-1714982406
.kandji.io/ Name: __kandji_utms
Value: {%22campaign%22:%22%22%2C%22source%22:%22hs_email%22%2C%22medium%22:%22email%22%2C%22term%22:%22%22%2C%22content%22:%22305522564%22}
.kandji.io/ Name: __kandji_lp
Value: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
.kandji.io/ Name: _cq_duid
Value: 1.1714982407.LqL1x8Dpkv8i90Gk
.kandji.io/ Name: _cq_suid
Value: 1.1714982407.1V3G3gvOcP2ukSa4
.hubspot.com/ Name: __cf_bm
Value: IIUlYalm6ZZFOHHP.AXriq0rdQQ1IEoTavOIVRZihQw-1714982407-1.0.1.1-Q_wvSN4R7BSS_uMQjpSTgUbCK.eo_Wxqzcp_ITkY7Bvy_G4U03pcLhQawolTxOMmFXzzRB9If_UBHF9au29_yw
.hubspot.com/ Name: _cfuvid
Value: s7NmmYcBLkT.G.1m.kB1mvuiOdb_C3befcZ2aUiRl4c-1714982407250-0.0.1.1-604800000
.kandji.io/ Name: _ga
Value: GA1.1.1702468715.1714982407
obs.testrobotflower.com/ Name: cg_uuid
Value: e2d91409189f62bcc6253eac9b17b62d
.kandji.io/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Mon+May+06+2024+10%3A00%3A07+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202303.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A0%2CC0004%3A0
.hsforms.com/ Name: __cf_bm
Value: Gp7jcoVzXMoTF6VVX79DrCWXWm2gxwflaVeBeQP0XPg-1714982407-1.0.1.1-Fndmz3rbz7PV6ndPZGvgJP22lNpXMAZZqdz8QkKObmqsesa5vmiXsiKL5bUx5MN2.k4D7JeWwI_L4s5JPP4n6g
.hsforms.com/ Name: _cfuvid
Value: I.IY6w_U4HII71.BdVw.CSTiRonbaWraaTAO2Q1qSro-1714982407510-0.0.1.1-604800000
.kandji.io/ Name: _gcl_au
Value: 1.1.918873956.1714982408
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.linkedin.com/ Name: li_sugr
Value: b8b1dd97-7851-4d76-a640-530673148013
.linkedin.com/ Name: bcookie
Value: "v=2&82fdca07-047e-47d2-8a51-13e75ec804e8"
.linkedin.com/ Name: lidc
Value: "b=TGST05:s=T:r=T:a=T:p=T:g=3015:u=1:x=1:i=1714982408:t=1715068808:v=2:sig=AQHdzY9072CzNkHwGBlN2Tv8Wd9W_tXl"
.linkedin.com/ Name: UserMatchHistory
Value: AQL0CxLf0fI8DAAAAY9M6tDP8pXt-Piynq7XdG8GIdmW0Fu_qPOj5Gv0h_NUVUVH68jg_kYpxXUZlQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQK7jVkigp633QAAAY9M6tDPw6wonekGc1wNmLz0cjer4Zqhh51cS_lRFGeka_FaubxwpuCXQvkCnQ1zoZjU8w
.www.linkedin.com/ Name: bscookie
Value: "v=1&20240506080008b5cfdb37-2577-4c7b-87a4-46c307599bdfAQEFT3XgI7dVd3Fmz9oNtITT59k5RTWV"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MTQ5ODI0MDg7MjswMjG1ad3TGwcs/NUghbrUwunoZxV1/TL6Co8B4uOOyfRFJQ==
.kandji.io/ Name: __hstc
Value: 234561729.80c16a66d189543a341bff392e559d66.1714982409170.1714982409170.1714982409170.1
.kandji.io/ Name: hubspotutk
Value: 80c16a66d189543a341bff392e559d66
.kandji.io/ Name: __hssrc
Value: 1
.kandji.io/ Name: __hssc
Value: 234561729.1.1714982409170
.kandji.io/ Name: _fbp
Value: fb.1.1714982409636.957707490
.kandji.io/ Name: _ga_V21CT0R1FX
Value: GS1.1.1714982407.1.0.1714982412.55.0.0

71 Console Messages

Source Level URL
Text
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
worker verbose URL: blob:https://blog.kandji.io/1408d159-22df-482b-8edb-a2239474841b(Line 1)
Message:
Error
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/821678078239751?v=2.9.155&r=stable&domain=blog.kandji.io&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 107)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-95QN2Fq_kdmEHZ3T8TH3Muc3uHXe89crGrkO849xXy-HQ9HAuYdm9mgE8PLweco5Tx88nEQSsrHv0xS5_vU_BrX8G55w&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5058330.fs1.hubspotusercontent-na1.net
api.hubapi.com
app.hubspot.com
bat.bing.com
blog.kandji.io
cdn.cookielaw.org
connect.facebook.net
email.kandji.io
forms-na1.hsforms.com
forms.hsforms.com
geolocation.onetrust.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
no-cache.hubspot.com
ob.testrobotflower.com
obs.testrobotflower.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
track.hubspot.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
no-cache.hubspot.com
104.19.175.188
13.107.42.14
142.250.181.232
142.250.184.228
142.250.185.99
142.250.186.34
142.250.186.98
199.60.103.29
2001:4860:4802:32::36
2600:1f18:e8a:cd08:3437:aff5:50c:d298
2600:9000:211e:d800:10:9492:de80:93a1
2606:4700:4400::6812:297c
2606:4700:4400::ac40:991b
2606:4700:4400::ac40:9b77
2606:4700::6810:7674
2606:4700::6811:ac5b
2606:4700::6811:afc9
2606:4700::6811:df98
2606:4700::6812:f06c
2606:4700::6813:b234
2620:1ec:21::14
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9b
2a01:111:202c::237
2a02:26f0:3500:16::215:149b
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
047ad7989bc75b72ad38301072330f4109f8225a4e34bdde8bfa790edd0d5a0e
05dce95eaa2457f1ed9076e0d32b59680b654cf7ca6a4e35f3fe682c78f460b0
05eaf11e510cb2b752298aa494ac8b0dd0d89a441460341a5d5c2289349ffa61
099d33a1d679bcfa3722a172d91742af80d45166f760db1512e4944a9d95bc23
0e11ac272157ff1d5e6572c3ba7ae3ab8a7dc780a1e50f1697dfbbbc65b1601f
179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533
17b3c66292df72b6c315c952f755b9272e0beaee2bb143457c937ec106578cee
1c67d8ce90160a6586cfd2c2a936959738f5b1843ebdfbac4325c4d1a9b61224
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
2c2408cc182cf4e2b168907aaaaca68d9c21ffd4589b34b6c446d6e935d53878
2da8460e22d8ddf8965eae960d0690c0d31b8d5f5fc8071119a98df6458bcbd5
34d753f84b9e400b537366e47a9ebe10ec0ed56abe34174795bec29127d2ed79
3fc523fde3cc50b1d7b9e935d342b29b1e380d85f6d4b14aba2351838410bc83
4f9341805e550ac6c973ad2fb31797089b016f68d2482b10f7f975a61b403823
5846533b4521c67fd6a587522d5dc150c85d870b1dfd635af7990317ace96f86
5cb815633de977612b3eafffebe4487f1f2fa795b87b304f01113e992a58e03e
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
608854bc9b4ff57f231d9b41b1b325b4a987f48eb56f26d928868acd8a2f30dc
631a0d62a719038670e8f56cc868da1bb3542376d251a781c6545cae129e2d7a
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6957528b73336870fef39c26e4c26a54274b20a6f4bcc72ced85acc62b35cea8
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
71f4d53fa42620ede25ea3ccf2180055cd8c67ab1ae978d486fd810bafbf6501
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
83afcd7bea4e4c7cf6e6c8147391aabca2b8b5a1fdce69981a9ee0b723c04904
8af1b0be3b224e2cef00e4e1d42385cb6ece31be342c45fad4304d780fb0ccd2
8bb5b82601b4d9a2d5c0c2114554c057cfcbd14758cbfcc4caabcd22ad9abe6e
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
910f74967a8d03e18bdd8b4a46a1573653c71d374e9823f2d416d9bd250b1ea6
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
953e94dc295871bac70da3981c02f89826b126b77678c770426e26e2020731c8
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9e31e68652d40a182ba89f4af0ae2bc09c1a71bb893aa2bdd147a6278081d4ff
9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1
b065e56ba58bbf210f7ff4abaaa6e3b988b287201893c863dafe6cc0dd8e742f
b2d41a1b6c32ab456d18738bf61dc24c0e005cdae9b9a4217760ff8dad1e6c49
b382967162c482928529c765a21bf9ae4141dd1ccbdbf480140bdbd67eab8991
b4c8e87133644390cfb20c3cf3055dc631add2a8db9e05f6d23480df2d624399
c1567d2b9acd79cdc86589be269f601cbffcfa85dbee6ce63db97c8f3434da79
c77a58a32fba476a3d98e8200daea6916689fb18950cce6bd90e48e428caa6f0
cea95b67c69f3eadce6a5ae44f8c92cdc25d9ecfd4f1f07abddbcc5609508f9e
d283751d00bb83e4a94384ffe42fff66fcb83c4c84b055dc0eecfbb1351eac9a
d2e9242267c030bf3c993067878a94b4d05568918a9eabb9ada21f8520de2ce2
d9164e39d63790c8764c886c09d0299cc3a3f13f42bf55f1b4cbdc4eea6c6359
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41200427492c9d376344c7c1061ca5a2da82b1a6f2400d9c04b44723fa69ef9
e4c15b087ec74b434a185a4e2a40f4ed0ab156aefc2b90db7e30de6a69e394b0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f12dc284af1e9fe1ff422f71f892485263b9140dbf169882a7d8f82da5b5b12c
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
f336afca0db6e13235318d314c37a3f577c0c6219e57c1d44106d45313f0534e
f341a1af4cb80f6eb5b45f8f7f7b91cecf9319bbd87921a0eeb22cc51d69dd56
f4bb60390950206001083823181e871a74c02c3850f6f8783e56d7fe373ea155
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52