urlscan.io logo urlscan.io
SecurityTrails logo

www.forcepoint.com Open in urlscan Pro
2a04:4e42:200::740  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Submission: On May 17 via api from TR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 12 domains to perform 130 HTTP transactions. The main IP is 2a04:4e42:200::740, located in United States and belongs to FASTLY, US. The main domain is www.forcepoint.com. The Cisco Umbrella rank of the primary domain is 265993.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on November 22nd 2023. Valid for: a year.
This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
109 2a04:4e42:200... 54113 (FASTLY)
5 104.17.25.14 13335 (CLOUDFLAR...)
3 2600:9000:235... 16509 (AMAZON-02)
1 104.18.142.119 13335 (CLOUDFLAR...)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 2 37.252.173.215 29990 (ASN-APPNEX)
1 2600:9000:206... 16509 (AMAZON-02)
6 104.18.80.204 13335 (CLOUDFLAR...)
1 159.89.102.253 14061 (DIGITALOC...)
1 2602:816:5001... 54113 (FASTLY)
1 2400:52e0:1e0... 200325 (BUNNYCDN)
1 162.247.243.29 54113 (FASTLY)
1 212.8.253.238 49981 (WORLDSTREAM)
130 12
109    2a04:4e42:200::740 (United States)

ASN54113 (FASTLY, US)
www.forcepoint.com
5    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    2600:9000:235a:6000:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)
tags.tiqcdn.com
1    104.18.142.119 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hsforms.net
1    68.67.153.60 (Secaucus, United States)

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net
s.ml-attr.com
2    37.252.173.215 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
1    2600:9000:206f:6c00:5:7a81:86c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
attr.ml-api.io
6    104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
forms-na1.hsforms.com
1    159.89.102.253 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
geolocation-db.com
1    2602:816:5001::39 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    2400:52e0:1e00::1080:1 (Germany)

ASN200325 (BUNNYCDN, SI)
scripts.simpleanalyticscdn.com
1    162.247.243.29 (United States)

ASN54113 (FASTLY, US)
bam.nr-data.net
1    212.8.253.238 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 212-8-253-238.hosted-by-worldstream.net
queue.simpleanalyticscdn.com
Apex Domain
Subdomains		 Transfer
109 forcepoint.com
www.forcepoint.com — Cisco Umbrella Rank: 265993
2 MB
6 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4333
forms-na1.hsforms.com — Cisco Umbrella Rank: 6937
16 KB
5 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237
96 KB
3 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1304
115 KB
2 simpleanalyticscdn.com
scripts.simpleanalyticscdn.com — Cisco Umbrella Rank: 75864
queue.simpleanalyticscdn.com — Cisco Umbrella Rank: 53374
5 KB
2 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 482
2 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 245
603 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 636
18 KB
1 geolocation-db.com
geolocation-db.com — Cisco Umbrella Rank: 16204
256 B
1 ml-api.io
attr.ml-api.io — Cisco Umbrella Rank: 17338
280 B
1 ml-attr.com
s.ml-attr.com — Cisco Umbrella Rank: 15638
283 B
1 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 6801
155 KB
130 12
Domain Requested by
109 www.forcepoint.com www.forcepoint.com
5 cdnjs.cloudflare.com www.forcepoint.com
4 forms.hsforms.com js.hsforms.net
www.forcepoint.com
3 tags.tiqcdn.com www.forcepoint.com
tags.tiqcdn.com
2 forms-na1.hsforms.com www.forcepoint.com
js.hsforms.net
2 secure.adnxs.com 2 redirects
1 queue.simpleanalyticscdn.com
1 bam.nr-data.net js-agent.newrelic.com
1 scripts.simpleanalyticscdn.com www.forcepoint.com
1 js-agent.newrelic.com www.forcepoint.com
1 geolocation-db.com cdnjs.cloudflare.com
1 attr.ml-api.io www.forcepoint.com
1 s.ml-attr.com 1 redirects
1 js.hsforms.net www.forcepoint.com
130 14
Subject Issuer Validity Valid
forcepoint.com
Sectigo RSA Organization Validation Secure Server CA		 2023-11-22 -
2024-11-21		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02		 2024-03-19 -
2025-04-17		 a year crt.sh
hsforms.net
GTS CA 1P5		 2024-04-15 -
2024-07-14		 3 months crt.sh
hsforms.com
GTS CA 1P5		 2024-04-17 -
2024-07-16		 3 months crt.sh
geolocation-db.com
R3		 2024-04-11 -
2024-07-10		 3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1		 2024-03-21 -
2025-04-22		 a year crt.sh
scripts.simpleanalyticscdn.com
R3		 2024-04-06 -
2024-07-05		 3 months crt.sh
*.nr-data.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-29 -
2024-10-01		 a year crt.sh
queue.simpleanalyticscdn.com
R3		 2024-04-13 -
2024-07-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Frame ID: F51C9B6D2AB33F8454887CE2EE0FC3CB
Requests: 151 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Exploring the Metamorfo Banking Trojan

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

130
Requests

99 %
HTTPS

38 %
IPv6

12
Domains

14
Subdomains

12
IPs

4
Countries

2340 kB
Transfer

5791 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=7536246229799030399

130 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request exploring-metamorfo-banking-malware
www.forcepoint.com/blog/x-labs/ 		133 KB
43 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
74948a425531d76301a98ea8fab548a09d9af38094ea6e71ab48ee6bbec31437
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com conversions-config.reddit.com *.g2crowd.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
1830
cache-control
public, max-age=3600
content-encoding
gzip
content-language
en
content-length
38253
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com conversions-config.reddit.com *.g2crowd.com; report-uri /admin/config/system/seckit/csp-report
content-type
text/html; charset=utf-8
date
Fri, 17 May 2024 02:09:01 GMT
etag
W/"1715909910-0"
expires
Sun, 19 Nov 1978 05:00:00 GMT
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
http_x_geo_region
DE-BY
last-modified
Fri, 17 May 2024 01:38:30 GMT
link
</sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff>; rel=preload; as=font; crossorigin; type="font/woff"; nopush,</misc/throbber-inactive.png>; rel=preload; as=image; type="image/png"; nopush,</misc/throbber-active.gif>; rel=preload; as=image; type="image/gif"; nopush,</misc/grippie.png>; rel=preload; as=image; type="image/png"; nopush,</misc/draggable.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree.png>; rel=preload; as=image; type="image/png"; nopush,</misc/tree-bottom.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-ok.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-warning.png>; rel=preload; as=image; type="image/png"; nopush,</misc/message-24-error.png>; rel=preload; as=image; type="image/png"; nopush,</misc/help.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-expanded.png>; rel=preload; as=image; type="image/png"; nopush,</misc/menu-collapsed.png>; rel=preload; as=image; type="image/png"; nopush,</misc/progress.gif>; rel=preload; as=image; type="image/gif"; nopush,</sites/all/libraries/chosen/chosen-sprite.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/libraries/chosen/chosen-sprite@2x.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png>; rel=preload; as=image; type="image/png"; nopush,</sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png>; rel=preload; as=image; type="image/png"; nopush
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=18410000; includeSubDomains; preload
vary
Accept-Encoding, x-geo-country, Cookie, Cookie
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, HIT, MISS
x-cache-hits
0, 0, 0
x-content-type-options
nosniff
x-drupal-cache
MISS
x-frame-options
SAMEORIGIN
x-generator
Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname
styx-fe1-b-5c49f7f666-gvpnx
x-served-by
cache-chi-kigq8000037-CHI, cache-fra-eddf8230096-FRA, cache-fra-etou8220045-FRA
x-styx-req-id
2a5366f9-13ee-11ef-8f04-220b1857b0a0
x-timer
S1715911742.957678,VS0,VE6
x-ua-compatible
IE=Edge,chrome=1
x-xss-protection
1
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized// 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized//Hoves_DemiBold.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 14 May 2025 18:16:10 GMT
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-548957645b-rs4rr
content-length
18868
x-served-by
cache-chi-kigq8000062-CHI, cache-fra-etou8220029-FRA, cache-fra-etou8220045-FRA
last-modified
Sun, 12 May 2024 23:50:15 GMT
server
nginx
x-timer
S1715911742.011127,VS0,VE5
etag
"664155b7-49b4"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
e0180fbb-1154-11ef-8348-6aea2c69341f
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 1837, 0
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 14 May 2025 18:16:10 GMT
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
229356
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-548957645b-4jv47
content-length
18868
x-served-by
cache-chi-kigq8000080-CHI, cache-fra-etou8220023-FRA, cache-fra-etou8220045-FRA
last-modified
Sun, 12 May 2024 23:50:15 GMT
server
nginx
x-timer
S1715911742.011750,VS0,VE9
etag
"664155b7-49b4"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
e018ccb5-1154-11ef-8906-86427a64123a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 514, 0
Hoves_Medium.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Medium.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 14 May 2025 18:16:10 GMT
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-548957645b-8bgp9
content-length
18688
x-served-by
cache-chi-klot8100083-CHI, cache-fra-etou8220123-FRA, cache-fra-etou8220045-FRA
last-modified
Sat, 11 May 2024 20:45:05 GMT
server
nginx
x-timer
S1715911742.011730,VS0,VE7
etag
"663fd8d1-4900"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
e018a710-1154-11ef-86c3-ca3d95833cd9
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 2015, 0
Hoves_Regular.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Regular.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 14 May 2025 18:16:10 GMT
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-668bdc8fc7-snb78
content-length
18436
x-served-by
cache-chi-klot8100104-CHI, cache-fra-eddf8230135-FRA, cache-fra-etou8220045-FRA
last-modified
Sun, 12 May 2024 09:22:26 GMT
server
nginx
x-timer
S1715911742.011694,VS0,VE8
etag
"66408a52-4804"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
e01949b3-1154-11ef-9c56-82e2b7620d85
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 2011, 0
Hoves_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		19 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Italic.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 14 May 2025 18:16:10 GMT
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-548957645b-8lxmb
content-length
19656
x-served-by
cache-chi-klot8100074-CHI, cache-fra-etou8220119-FRA, cache-fra-etou8220045-FRA
last-modified
Sun, 12 May 2024 23:50:15 GMT
server
nginx
x-timer
S1715911742.011679,VS0,VE3
etag
"664155b7-4cc8"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
e0192f94-1154-11ef-9322-167b6398b3f4
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 2016, 0
Hoves_Light.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 14 May 2025 18:16:10 GMT
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287572
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-668bdc8fc7-n72ps
content-length
18600
x-served-by
cache-chi-kigq8000086-CHI, cache-fra-etou8220108-FRA, cache-fra-etou8220045-FRA
last-modified
Sun, 12 May 2024 22:12:23 GMT
server
nginx
x-timer
S1715911742.011668,VS0,VE6
etag
"66413ec7-48a8"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
e018f384-1154-11ef-936c-7e57ee547a30
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 2012, 0
Hoves_Light_Italic.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_Light_Italic.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 14 May 2025 18:16:10 GMT
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287572
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-548957645b-rs4rr
content-length
19360
x-served-by
cache-chi-klot8100179-CHI, cache-fra-eddf8230097-FRA, cache-fra-etou8220045-FRA
last-modified
Sun, 12 May 2024 19:21:32 GMT
server
nginx
x-timer
S1715911742.011653,VS0,VE4
etag
"664116bc-4ba0"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
e0192e77-1154-11ef-8348-6aea2c69341f
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 2008, 0
Hoves_ExtraLight.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_ExtraLight.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 14 May 2025 18:16:10 GMT
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287572
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-668bdc8fc7-vwc4w
content-length
17944
x-served-by
cache-chi-kigq8000066-CHI, cache-fra-eddf8230083-FRA, cache-fra-etou8220045-FRA
last-modified
Sun, 12 May 2024 23:50:15 GMT
server
nginx
x-timer
S1715911742.011639,VS0,VE7
etag
"664155b7-4618"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
e018dc36-1154-11ef-acea-f6bba15d4c75
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 2011, 0
throbber-inactive.png
www.forcepoint.com/misc/ 		140 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/throbber-inactive.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img04-europe-west2
age
1385389
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=320 idim=15x13 ifmt=png ofsz=140 odim=15x13 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-stjgw
content-length
140
x-served-by
cache-chi-kigq8000107-CHI, cache-ams21025-AMS, cache-ams12782-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.050439,VS0,VE1
etag
"CYYfXWQxa+SPObSsE32Xk7Do+LMPmm8BZYCZJK1ZEUA"
vary
Accept
content-type
image/webp
x-styx-req-id
d2013ab4-0758-11ef-98b3-564b3e61d328
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:19:13 GMT
throbber-active.gif
www.forcepoint.com/misc/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/throbber-active.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4d58ffb4437135b1a4f7b8cbf01321ea85fe244416aed493ea942462f3d58c86
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img03-europe-west2
age
1389206
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1233 idim=15x13 ifmt=gif ofsz=1233 odim=15x13 ofmt=gif ofrm=12
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-stjgw
content-length
1233
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-klot8100061-CHI, cache-ams21051-AMS, cache-ams12734-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.050422,VS0,VE1
etag
"cciM0uPCYoc09vCSqOmHV4nMniFUM15FCTn0mYxlwCQ"
vary
Accept
content-type
image/gif
x-styx-req-id
eecd9c97-074f-11ef-98b3-564b3e61d328
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 00:15:36 GMT
grippie.png
www.forcepoint.com/misc/ 		56 B
436 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/grippie.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img05-europe-west2
age
775407
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=106 idim=27x5 ifmt=png ofsz=56 odim=27x5 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-qk47f
content-length
56
x-served-by
cache-chi-klot8100115-CHI, cache-ams21049-AMS, cache-ams21073-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.052073,VS0,VE1
etag
"kt9RZLYHWjv58VxK34gY2gtJI3NheIs+DTYX4JV5AGA"
vary
Accept
content-type
image/webp
x-styx-req-id
76960fe1-0759-11ef-8e2f-ce1bcc5ca899
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
draggable.png
www.forcepoint.com/misc/ 		268 B
652 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/draggable.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img04-europe-west2
age
1385113
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=268 idim=15x60 ifmt=png ofsz=268 odim=15x60 ofmt=png
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
268
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000056-CHI, cache-ams21037-AMS, cache-ams12734-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051594,VS0,VE1
etag
"KWIpRFdw6XY1xKLUIvevvjFCVB7MVHDdktcCcAkddP0"
vary
Accept
content-type
image/png
x-styx-req-id
76898ab5-0759-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
tree.png
www.forcepoint.com/misc/ 		82 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/tree.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img01-europe-west2
age
1385113
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=130 idim=80x81 ifmt=png ofsz=82 odim=80x81 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-x5bd7
content-length
82
x-served-by
cache-chi-kigq8000035-CHI, cache-ams21045-AMS, cache-ams21043-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051732,VS0,VE1
etag
"Z35FTfoaAVemLhiXshryO4rkEzH1KA6bO8GIRsSVaO0"
vary
Accept
content-type
image/webp
x-styx-req-id
769d270e-0759-11ef-ae8b-0a204bd69ae8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
tree-bottom.png
www.forcepoint.com/misc/ 		78 B
436 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/tree-bottom.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img08-europe-west2
age
1389206
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=129 idim=80x81 ifmt=png ofsz=78 odim=80x81 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-5wssg
content-length
78
x-served-by
cache-chi-klot8100109-CHI, cache-ams21021-AMS, cache-ams21028-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051526,VS0,VE1
etag
"JyOt5s8au+dKwuKYWT9ybz2cVW6ZbelcJx3DlTABXvE"
vary
Accept
content-type
image/webp
x-styx-req-id
eef36650-074f-11ef-8b93-f2f52e1bfc3f
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 00:15:36 GMT
message-24-ok.png
www.forcepoint.com/misc/ 		902 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/message-24-ok.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img06-europe-west2
age
1396515
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1058 idim=24x24 ifmt=png ofsz=902 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-sp4l8
content-length
902
x-served-by
cache-chi-klot8100043-CHI, cache-ams21069-AMS, cache-ams12750-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051787,VS0,VE1
etag
"60PoYDt+1vFXU4yAkaVKB1clxMNlUR3MuNzEGSZ9U9Y"
vary
Accept
content-type
image/webp
x-styx-req-id
e9d0538a-073e-11ef-a6dd-5e6873469e9c
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 22:13:46 GMT
message-24-warning.png
www.forcepoint.com/misc/ 		612 B
976 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/message-24-warning.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img09-europe-west2
age
1390800
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=753 idim=24x24 ifmt=png ofsz=612 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-2snzw
content-length
612
x-served-by
cache-chi-klot8100163-CHI, cache-ams21073-AMS, cache-ams12751-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051868,VS0,VE1
etag
"etN9kWF1zriHIse4xor9Tv/e40PLoR3lRGg8xe6tRQE"
vary
Accept
content-type
image/webp
x-styx-req-id
38c734ce-074c-11ef-bd21-e6711c542c27
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 23:49:02 GMT
message-24-error.png
www.forcepoint.com/misc/ 		614 B
973 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/message-24-error.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img03-europe-west2
age
1385112
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=733 idim=24x24 ifmt=png ofsz=614 odim=24x24 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-wwn9v
content-length
614
x-served-by
cache-chi-kigq8000043-CHI, cache-ams21054-AMS, cache-ams12747-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051231,VS0,VE2
etag
"gVoMZ8dd1QgL/2SjIwn0GwzJENiBt143AYaoiF4Ws6M"
vary
Accept
content-type
image/webp
x-styx-req-id
76864225-0759-11ef-96e8-7ad7a55b083e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
help.png
www.forcepoint.com/misc/ 		192 B
543 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/help.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img05-europe-west2
age
1385112
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=294 idim=16x16 ifmt=png ofsz=192 odim=16x16 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-nfg5w
content-length
192
x-served-by
cache-chi-klot8100132-CHI, cache-ams21052-AMS, cache-ams12742-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051192,VS0,VE1
etag
"v6al66PXjd/2WqSfHyL2pCCxkfKAcJfvgCU3I6pbO+4"
vary
Accept
content-type
image/webp
x-styx-req-id
7684955d-0759-11ef-bfc9-82a8b8e523a0
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
menu-expanded.png
www.forcepoint.com/misc/ 		46 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/menu-expanded.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 55, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img03-europe-west2
age
1385113
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=106 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-rvvcb
content-length
46
x-served-by
cache-chi-klot8100163-CHI, cache-ams21032-AMS, cache-ams12749-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051176,VS0,VE2
etag
"lnOeF6KlRRR5aM+MCm3C8DB9Vu1cySrSTIEOJY+eTS4"
vary
Accept
content-type
image/webp
x-styx-req-id
767b0174-0759-11ef-b67f-0ae317fe726a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
menu-collapsed.png
www.forcepoint.com/misc/ 		46 B
459 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/menu-collapsed.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img01-europe-west2
age
1385114
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=105 idim=7x7 ifmt=png ofsz=46 odim=7x7 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-x5bd7
content-length
46
x-served-by
cache-chi-kigq8000091-CHI, cache-ams21034-AMS, cache-ams21028-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051169,VS0,VE1
etag
"HJgRuOhWhAFgOazVOW2HjRFb16cHmG+HSX+vLor86a0"
vary
Accept
content-type
image/webp
x-styx-req-id
75fa540b-0759-11ef-ae8b-0a204bd69ae8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:48 GMT
progress.gif
www.forcepoint.com/misc/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/misc/progress.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
91997f03543fdd296c85e60feede1e3df0e950aca03698583ff2870869a2dc0b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img05-europe-west2
age
1385113
http_x_geo_region
DE-BY
x-cache
HIT, HIT, HIT, HIT
fastly-io-info
ifsz=5872 idim=20x40 ifmt=gif ofsz=5872 odim=20x40 ofmt=gif ofrm=20
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
5872
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-klot8100021-CHI, cache-ams21053-AMS, cache-ams21022-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051151,VS0,VE1
etag
"KSQIcjJuPSqTVV6Yjqa330VSb5j46NEcKLjR3ejGL1A"
vary
Accept
content-type
image/gif
x-styx-req-id
769b8111-0759-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/ 		430 B
786 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 5, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img07-europe-west2
age
1394966
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
430
x-served-by
cache-chi-klot8100058-CHI, cache-ams21062-AMS, cache-ams12724-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051160,VS0,VE1
etag
"pCuJ3WEDsPQPzkbIkY90U4TfuAo3yBgHEEN2IOPELGY"
vary
Accept
content-type
image/webp
x-styx-req-id
860e9f46-0742-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 22:39:37 GMT
chosen-sprite@2x.png
www.forcepoint.com/sites/all/libraries/chosen/ 		628 B
981 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 5, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img06-europe-west2
age
1385112
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=738 idim=104x74 ifmt=png ofsz=628 odim=104x74 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-969xc
content-length
628
x-served-by
cache-chi-klot8100088-CHI, cache-ams21032-AMS, cache-ams12759-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.051131,VS0,VE1
etag
"1954vZ3omyWtqZWjx3EPpQPU3ZMgJvFFfwvKeF5rhm0"
vary
Accept
content-type
image/webp
x-styx-req-id
7697473a-0759-11ef-8c7d-8e78efa3e15b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:23:49 GMT
ui-bg_flat_75_ffffff_40x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 		44 B
439 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 5, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img07-europe-west2
age
1378479
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, HIT
fastly-io-info
ifsz=178 idim=40x100 ifmt=png ofsz=44 odim=40x100 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
44
x-served-by
cache-chi-kigq8000066-CHI, cache-ams21029-AMS, cache-ams12723-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.059640,VS0,VE1
etag
"O9SdHkbja5Mmzi4DWOWJdZgUQirITGa5uuAK5R/QoyM"
vary
Accept
content-type
image/webp
x-styx-req-id
e880855f-0768-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 03:14:23 GMT
ui-bg_highlight-soft_75_cccccc_1x100.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 		54 B
448 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 0, 5, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img03-europe-west2
age
1342586
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=101 idim=1x100 ifmt=png ofsz=54 odim=1x100 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-z9kn6
content-length
54
x-served-by
cache-chi-kigq8000036-CHI, cache-ams21053-AMS, cache-ams12766-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.058341,VS0,VE1
etag
"SVL3LfYtpcUTzNEo8mHT+EoBDkNcvK2l7xiLlLE7P6w"
vary
Accept
content-type
image/webp
x-styx-req-id
79be48f5-07bc-11ef-b06b-3246cedab68e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:34 GMT
ui-bg_glass_75_e6e6e6_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 		78 B
435 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 0, 5, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img01-europe-west2
age
1342587
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=110 idim=1x400 ifmt=png ofsz=78 odim=1x400 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-vj962
content-length
78
x-served-by
cache-chi-kigq8000098-CHI, cache-ams21026-AMS, cache-ams12763-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.059177,VS0,VE1
etag
"4s1MwOZKDfGEu/a/SFo57USn639l3MbW8dYbzZPyEag"
vary
Accept
content-type
image/webp
x-styx-req-id
79be7b6b-07bc-11ef-891e-fad2edf62dbb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:34 GMT
ui-bg_glass_75_dadada_1x400.png
www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ 		84 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 0, 5, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img07-europe-west2
age
1385796
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=111 idim=1x400 ifmt=png ofsz=84 odim=1x400 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-m45gq
content-length
84
x-served-by
cache-chi-klot8100024-CHI, cache-ams21047-AMS, cache-ams21038-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.058911,VS0,VE2
etag
"msf+sm6St45S//5aPCnGaIqq4DmKLsS3uxv+ikcGyuY"
vary
Accept
content-type
image/webp
x-styx-req-id
df701124-0757-11ef-9cb5-de9f5536d504
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 01:12:26 GMT
css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__YZMmyCjxADNsxWJVyzxskiYBiPsGboww8DDJoAv1iVA__PqGVjSeXe3e-YM4xspxCavDlyydtEB28TRpZPTEwV5I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1404, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
2109
x-served-by
cache-chi-kigq8000159-CHI, cache-fra-etou8220141-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000159_CHI
last-modified
Tue, 05 Mar 2024 06:05:49 GMT
server
nginx
x-timer
S1715911742.015279,VS0,VE5
etag
W/"65e6b63d-1797"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e591bfd4-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__qi8YWDPFPT47Hua3Uo8V-CwYV79O8gYOw4xRshlFw2o__U0zx4V0QLKPamBJbsVKK0D54d038-KcpyqeXppQL9AI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 1577, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-l79x9
content-length
2662
x-served-by
cache-chi-kigq8000165-CHI, cache-fra-eddf8230033-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000165_CHI
last-modified
Tue, 05 Mar 2024 06:05:43 GMT
server
nginx
x-timer
S1715911742.015195,VS0,VE4
etag
W/"65e6b637-2d9a"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d7fb4f8a-f1d7-11ee-a7b0-d6145dabcebb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:03 GMT
css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		789 B
766 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__umS_7iB8OLqD-AIc28jz7stMtgRnPBrMHXbg802aJVI__42_FYiRnR5OQaV2U3Sr9cY21EIjnMGdJsPXMEFLQPCo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 1745, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
405
x-served-by
cache-chi-kigq8000114-CHI, cache-fra-eddf8230127-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000114_CHI
last-modified
Tue, 05 Mar 2024 06:05:43 GMT
server
nginx
x-timer
S1715911742.037327,VS0,VE5
etag
W/"65e6b637-315"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d80591ea-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:03 GMT
css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__T7twZATSz9YDtA4CEs3XoRq-lmvsWC1-9rzLrGpoWuY__jYMOyCwkeeWX4KvLeu7GhjzHVkW5HDKp2hWWBDkyRSE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1745, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
2632
x-served-by
cache-chi-klot8100179-CHI, cache-fra-eddf8230036-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100179_CHI
last-modified
Tue, 05 Mar 2024 06:05:45 GMT
server
nginx
x-timer
S1715911742.037139,VS0,VE8
etag
W/"65e6b639-3962"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d721e3ae-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		512 B
616 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__cPPXTJ7LS3TkqOr2dWhu9Zyqf3tfJ7ROJIBrc4faLpI__FwTXCQ-S705F3IVDki0NUMzBJ8oRlS2Lb0Atw9pp7LE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 315, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
154940
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-m255z
content-length
230
x-served-by
cache-chi-kigq8000068-CHI, cache-fra-etou8220042-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000068_CHI
last-modified
Tue, 05 Mar 2024 06:05:46 GMT
server
nginx
x-timer
S1715911742.037138,VS0,VE3
etag
W/"65e6b63a-200"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d804a972-f1d7-11ee-976d-4e9dd3d547b2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:03 GMT
css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__RtPfTjThw7JiCEZr8aCFs0ovY-ZonvJYBpW2tzv6iRI__hoYIfBUPIWctuKqU_lrnnqDtJnf9B9QEu7jjix36RIM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1389, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
1172
x-served-by
cache-chi-kigq8000154-CHI, cache-fra-etou8220065-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000154_CHI
last-modified
Tue, 05 Mar 2024 06:05:52 GMT
server
nginx
x-timer
S1715911742.036778,VS0,VE8
etag
W/"65e6b640-c8c"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e591a2ff-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		506 B
456 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__UYLIEJhZ7iPfgPAKjuslVw3CRCFKt3OfxTJjge8A6Hg__fjua13AgyzmqodcGsNUIVue50ndbutts1ntJbzGK_o4__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1399, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-fn6sp
content-length
175
x-served-by
cache-chi-kigq8000153-CHI, cache-fra-etou8220116-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000153_CHI
last-modified
Tue, 05 Mar 2024 06:05:53 GMT
server
nginx
x-timer
S1715911742.037142,VS0,VE5
etag
W/"65e6b641-1fa"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e596f71a-f1d7-11ee-89fc-2e39b17a00a2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		454 B
544 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__aUSIons1JLpznAkAWe4wYFCe4_fmTTJTOhtdC4xIAuM__HAl4ITsYWBEO7VRahEwWwi88zkLUBwPm3j4nnx8DeS0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 311, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
229355
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-97hrc
content-length
221
x-served-by
cache-chi-klot8100165-CHI, cache-fra-etou8220130-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100165_CHI
last-modified
Tue, 05 Mar 2024 06:05:54 GMT
server
nginx
x-timer
S1715911742.037123,VS0,VE3
etag
W/"65e6b642-1c6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e59403e9-f1d7-11ee-9c8c-7a18807b770d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		502 B
579 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__DJVWsB9CJVs_1IGdy-_cGuq4r6SVVaWbEnbS1U2p6y4__7g40UeM74r8hkrzDC6Hbb7RReIGNu-Jsb5XAbAPKIeA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1400, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287572
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
252
x-served-by
cache-chi-klot8100023-CHI, cache-fra-eddf8230057-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100023_CHI
last-modified
Tue, 05 Mar 2024 06:05:55 GMT
server
nginx
x-timer
S1715911742.036700,VS0,VE4
etag
W/"65e6b643-1f6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e592fe3d-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__o5tk1Sc0QNaikp-qb6PDIJi_LXPkfQZHTxlvWxiG4cA__afd6HnnR0psI0sfippmnwgZS958AUTsIqEne3K05XvQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 377, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287558
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
2091
x-served-by
cache-chi-klot8100098-CHI, cache-fra-etou8220066-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100098_CHI
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1715911742.036673,VS0,VE5
etag
W/"65e6b644-1218"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e5943fb9-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		128 B
445 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__ZDvn-N8wxxyBR7KgfbRzIHM0mGwT9doN0fs3f10b_Go__b98SsVi1Bn9KY5Ur3SIgLXOvEMppxbzl1YiFYp9d4Lw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1624, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287560
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-j9qgk
content-length
118
x-served-by
cache-chi-kigq8000036-CHI, cache-fra-eddf8230055-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000036_CHI
last-modified
Tue, 05 Mar 2024 06:05:47 GMT
server
nginx
x-timer
S1715911742.036669,VS0,VE3
etag
W/"65e6b63b-80"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e599bfb1-f1d7-11ee-8caf-72f948985f1d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		203 B
456 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__dn-cpI1YtkU_iLHgA5WhlkxgYWyat_IxjF_B-WSYrpE__a9hIbt0eaZ7d5nhwnm2weG8R_2eXK4EvoOx9dOxouHE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 343, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
154940
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
137
x-served-by
cache-chi-klot8100122-CHI, cache-fra-etou8220150-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100122_CHI
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1715911742.036656,VS0,VE4
etag
W/"65e6b644-cb"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e59b82f5-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		99 B
424 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__ipUqqBUxEUOLXG_AXF5OCY1hi5eq8oz7Wu0QleOzxj4__-6ZHnf2EVvcL4izgd6S5myiQ-LuyKAuDqa-1hfKmAoI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1393, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
100
x-served-by
cache-chi-klot8100084-CHI, cache-fra-etou8220147-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100084_CHI
last-modified
Tue, 05 Mar 2024 06:05:58 GMT
server
nginx
x-timer
S1715911742.036641,VS0,VE4
etag
W/"65e6b646-63"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e593f98b-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		493 KB
118 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__A19mhhFH8iX9Ft_oM_oZIcxue6YTAguNiWQN5VaIXQY__dFQUh1vb7jTgHR4jKzrw8DrsdYIarxRbpVmMKCWYgXU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 446, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
120174
x-served-by
cache-chi-kigq8000100-CHI, cache-fra-etou8220150-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000100_CHI
last-modified
Tue, 05 Mar 2024 06:05:48 GMT
server
nginx
x-timer
S1715911742.036623,VS0,VE3
etag
W/"65e6b63c-7b4f7"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
d80a6483-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:04 GMT
css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		2 MB
300 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9219b05e4c197d7fe7cbb2301573adec1a2c0f470df05258da7b95321c5b98a6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 01 May 2025 18:10:24 GMT
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-sp4l8
content-length
306849
x-served-by
cache-chi-kigq8000074-CHI, cache-fra-etou8220112-FRA, cache-fra-etou8220045-FRA
last-modified
Tue, 30 Apr 2024 18:10:01 GMT
server
nginx
x-timer
S1715911742.036609,VS0,VE6
etag
W/"663133f9-1f6e90"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
ea48a7c5-071c-11ef-a6dd-5e6873469e9c
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
6, 0, 0
forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 763, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-668bdc8fc7-vwc4w
content-length
783
x-served-by
cache-chi-klot8100172-CHI, cache-fra-eddf8230106-FRA, cache-fra-etou8220045-FRA
last-modified
Sun, 12 May 2024 19:21:32 GMT
server
nginx
x-timer
S1715911742.036597,VS0,VE3
etag
W/"664116bc-6ad"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
e01a0f2d-1154-11ef-acea-f6bba15d4c75
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 14 May 2025 18:16:10 GMT
about_us_0.svg
www.forcepoint.com/sites/default/files/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/about_us_0.svg?itok=3xrS9jXe
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
6, 890, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-8gp4k
content-length
866
x-served-by
cache-chi-kigq8000108-CHI, cache-fra-etou8220154-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000108_CHI
last-modified
Wed, 18 Oct 2023 11:53:36 GMT
server
nginx
x-timer
S1715911742.036588,VS0,VE5
etag
W/"652fc740-76e"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d8a73d5e-f1d7-11ee-96a4-d2ef4ea261cb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:05 GMT
our_approach_0.svg
www.forcepoint.com/sites/default/files/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/our_approach_0.svg?itok=XjvgKmGS
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 985, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
1012
x-served-by
cache-chi-klot8100045-CHI, cache-fra-eddf8230075-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100045_CHI
last-modified
Wed, 18 Oct 2023 11:53:58 GMT
server
nginx
x-timer
S1715911742.045789,VS0,VE3
etag
W/"652fc756-a97"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d725995a-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
our_customers_0.svg
www.forcepoint.com/sites/default/files/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/our_customers_0.svg?itok=pljm0BZO
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
7, 988, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
913
x-served-by
cache-chi-kigq8000075-CHI, cache-fra-etou8220064-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000075_CHI
last-modified
Wed, 18 Oct 2023 11:54:19 GMT
server
nginx
x-timer
S1715911742.045865,VS0,VE5
etag
W/"652fc76b-9af"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db834eb6-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon_12.svg
www.forcepoint.com/sites/default/files/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon_12.svg?itok=mLSyqP7-
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
7, 989, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-l79x9
content-length
725
x-served-by
cache-chi-kigq8000075-CHI, cache-fra-etou8220141-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000075_CHI
last-modified
Mon, 18 Mar 2024 16:01:42 GMT
server
nginx
x-timer
S1715911742.059380,VS0,VE4
etag
W/"65f86566-5ed"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db750a4b-f1d7-11ee-a7b0-d6145dabcebb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon-hover_12.svg
www.forcepoint.com/sites/default/files/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_12.svg?itok=lvMOGlA6
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
7, 338, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287569
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
737
x-served-by
cache-chi-kigq8000131-CHI, cache-fra-eddf8230026-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000131_CHI
last-modified
Mon, 18 Mar 2024 16:01:47 GMT
server
nginx
x-timer
S1715911742.058326,VS0,VE4
etag
W/"65f8656b-5fb"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db770500-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon_0.svg
www.forcepoint.com/sites/default/files/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon_0.svg?itok=eKi29PlI
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
7, 987, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-z27mm
content-length
725
x-served-by
cache-chi-klot8100050-CHI, cache-fra-etou8220025-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100050_CHI
last-modified
Wed, 18 Oct 2023 11:35:43 GMT
server
nginx
x-timer
S1715911742.058341,VS0,VE5
etag
W/"652fc30f-5ed"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
db7b0db8-f1d7-11ee-8a97-36bf4d504f37
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:09 GMT
fp_one_icon-hover_0.svg
www.forcepoint.com/sites/default/files/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/fp_one_icon-hover_0.svg?itok=ecRnPBsZ
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
6, 988, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-6v4d5
content-length
737
x-served-by
cache-chi-kigq8000145-CHI, cache-fra-eddf8230132-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000145_CHI
last-modified
Wed, 18 Oct 2023 11:35:50 GMT
server
nginx
x-timer
S1715911742.057843,VS0,VE4
etag
W/"652fc316-5fb"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d8a93da4-f1d7-11ee-b900-62d8d57276c4
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:05 GMT
cyber_edu_icon.svg
www.forcepoint.com/sites/default/files/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/cyber_edu_icon.svg?itok=XXkKE01K
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 987, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-vp8bw
content-length
813
x-served-by
cache-chi-klot8100039-CHI, cache-fra-etou8220137-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100039_CHI
last-modified
Wed, 18 Oct 2023 12:02:27 GMT
server
nginx
x-timer
S1715911742.058321,VS0,VE6
etag
W/"652fc953-9a9"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
d721c0d1-f1d7-11ee-835d-6255bad32892
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
cyber_edu_icon-hover.svg
www.forcepoint.com/sites/default/files/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/cyber_edu_icon-hover.svg?itok=ymKcsOZ4
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
7, 0, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287569
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-5zbrs
content-length
869
x-served-by
cache-chi-kigq8000036-CHI, cache-fra-etou8220138-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000036_CHI
last-modified
Wed, 18 Oct 2023 12:02:37 GMT
server
nginx
x-timer
S1715911742.057810,VS0,VE6
etag
W/"652fc95d-b0c"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
dc5b370e-f1d7-11ee-bbb7-623f168e5bfe
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:11 GMT
metamorfo.jpg
www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/1180x346_sc/public/hero/metamorfo.jpg?itok=x9n2FPsw&timestamp=1715862746
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36bcc52e2af6ad0f4f4d27b50505c5b5efd760544f458d404704bd56216caf56
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240193
age
47966
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=37075 idim=1180x346 ifmt=jpeg ofsz=34466 odim=1180x346 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-7dd7d79886-2shgx
content-length
34466
x-served-by
cache-chi-klot8100037-CHI, cache-ams21032-AMS, cache-ams12726-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.057782,VS0,VE1
etag
"OFNpo+u8hZlCvokpeJa6YxoELlmssE1AcRMLH7SmseI"
vary
Accept
content-type
image/webp
x-styx-req-id
bfb9fa64-1382-11ef-93ac-4a2a0c700796
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:49:35 GMT
banking_trojan_i_1.png
www.forcepoint.com/sites/default/files/ 		166 KB
167 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_1.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bca38ca047c2a2923c2380ee37cff8a764d822d926d40a4e3213817fe5e8a77e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img01-europe-west3
age
48211
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=216109 idim=721x294 ifmt=png ofsz=170378 odim=721x294 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-7dd7d79886-n4dlj
content-length
170378
x-served-by
cache-chi-klot8100077-CHI, cache-ams21031-AMS, cache-ams21022-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.057779,VS0,VE1
etag
"aTXoYCf1eRRg8XqBRdBMhkPJCVxst5YKFJAZETV8xsI"
vary
Accept
content-type
image/webp
x-styx-req-id
2df7fedf-1382-11ef-a512-b26bb304b0c2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:45:30 GMT
banking_trojan_i_2.png
www.forcepoint.com/sites/default/files/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_2.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cd06dbad34877d2f21750d32c0b54c60c92120dcc6b9422c0d57975a57f4dd0f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img05-europe-west3
age
47966
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=34050 idim=624x453 ifmt=png ofsz=21004 odim=624x453 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-8688d6cf87-z2vtz
content-length
21004
x-served-by
cache-chi-klot8100099-CHI, cache-ams21066-AMS, cache-ams12736-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.058340,VS0,VE2
etag
"pmD+ru3xRGRTiQLYHjU5pD1bfbr/xHE3JwrRmm9pUK0"
vary
Accept
content-type
image/webp
x-styx-req-id
bfbb898a-1382-11ef-91bf-b21ab1eef56b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:49:35 GMT
banking_trojan_i_3.png
www.forcepoint.com/sites/default/files/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_3.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d9860f79383e14b650769d292da0e71518d2bd747e83bdbd5ebe4bb95fb95493
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240192
age
47966
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=23680 idim=374x244 ifmt=png ofsz=13916 odim=374x244 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-8688d6cf87-j5f6k
content-length
13916
x-served-by
cache-chi-klot8100101-CHI, cache-ams21028-AMS, cache-ams21079-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.058890,VS0,VE1
etag
"BlEKkglyR1ACa2Wwy+SZqMuNtPKODIEbxX4U3MxBD68"
vary
Accept
content-type
image/webp
x-styx-req-id
bfb9efd9-1382-11ef-9304-4e7a1612d6c8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:49:35 GMT
banking_trojan_i_4.png
www.forcepoint.com/sites/default/files/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_4.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7aba06718d078119bbf30235f808fbbf3998b4708d4b482304cb3cd08acf1dc8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240194
age
48224
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=15070 idim=665x90 ifmt=png ofsz=9720 odim=665x90 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-7dd7d79886-mmkz9
content-length
9720
x-served-by
cache-chi-klot8100035-CHI, cache-ams21057-AMS, cache-ams21067-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.058932,VS0,VE1
etag
"3q16AZv0MG3s3mn21OV6mkPmIXAgy1f0jtcZyq+rv6U"
vary
Accept
content-type
image/webp
x-styx-req-id
2647c348-1382-11ef-9a02-b64800cf7fb7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:45:18 GMT
banking_trojan_i_5.png
www.forcepoint.com/sites/default/files/ 		57 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_5.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2dfb2ca6dd5987a83d6f8dc506806417016c8f82ce8198f8b6e66cb03b8beb1d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240195
age
48170
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=80205 idim=723x175 ifmt=png ofsz=58588 odim=723x175 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-7dd7d79886-mmkz9
content-length
58588
x-served-by
cache-chi-klot8100031-CHI, cache-ams21077-AMS, cache-ams12730-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.058942,VS0,VE2
etag
"luW5XiAsYg5LY0xZCXipGLIjv8f6Q4LWIPOpzIlNymw"
vary
Accept
content-type
image/webp
x-styx-req-id
46086b29-1382-11ef-9a02-b64800cf7fb7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:46:11 GMT
banking_trojan_i_6.png
www.forcepoint.com/sites/default/files/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_6.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
40f0bac99f9964610ee9769ab6e64ce6d66299bc9e1c75101c236422427495c9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240195
age
47966
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=29775 idim=624x92 ifmt=png ofsz=22996 odim=624x92 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-7dd7d79886-mmkz9
content-length
22996
x-served-by
cache-chi-klot8100080-CHI, cache-ams21077-AMS, cache-ams12725-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.058689,VS0,VE1
etag
"l+Oi/FTtw15cJ/CXEEMP15TJ8P+uC/226TBihYPsdEE"
vary
Accept
content-type
image/webp
x-styx-req-id
c009a4b1-1382-11ef-9a02-b64800cf7fb7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:49:36 GMT
banking_trojan_i_7.png
www.forcepoint.com/sites/default/files/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_7.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0b2a73eec34e9aa7c29e85c502791df39daade9a5b44aaca8c86870d337e62e5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
fastly-io-error
invalid status
date
Fri, 17 May 2024 02:09:02 GMT
age
0
fastly-io-served-by
vpop-etou8240192
http_x_geo_region
DE-BY
x-cache
MISS, MISS, MISS, MISS
http_x_geo_continent
EU
fastly-stats
io=1
content-length
32239
x-served-by
cache-chi-klot8100033-CHI, cache-ams21076-AMS, cache-ams21030-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.057723,VS0,VE179
vary
Accept
content-type
text/html; charset=UTF-8
x-styx-req-id
6e0f40bd-13f2-11ef-b112-6edc75dc88f8
cache-control
public, max-age=30
accept-ranges
bytes
x-pantheon-styx-hostname
styx-fe1-b-5c49f7f666-kkz4h
banking_trojan_i_8.png
www.forcepoint.com/sites/default/files/ 		164 KB
165 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_8.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9946a9c60957d840023e1a9e2da4d05d64e30a40812b23e1eccb2f54c7635259
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240194
age
48222
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=241626 idim=734x282 ifmt=png ofsz=168000 odim=734x282 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-7dd7d79886-5rjhk
content-length
168000
x-served-by
cache-chi-kigq8000125-CHI, cache-ams21056-AMS, cache-ams12767-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.057682,VS0,VE3
etag
"mFkqKIpbSKLNSTd6oHsBSWSclXsowCLoAVAJ92TTVNg"
vary
Accept
content-type
image/webp
x-styx-req-id
26eea041-1382-11ef-8258-52ee939d356d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:45:19 GMT
banking_trojan_i_9.png
www.forcepoint.com/sites/default/files/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_9.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
12bdd38cb369b7e56860cf0cbbd9769f14417b4680e58b7b2564083add79d7f2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240195
age
48211
http_x_geo_region
DE-BY
x-cache
MISS, HIT, HIT, HIT
fastly-io-info
ifsz=119592 idim=624x283 ifmt=png ofsz=79928 odim=624x283 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-8688d6cf87-z2vtz
content-length
79928
x-served-by
cache-chi-kigq8000145-CHI, cache-ams21067-AMS, cache-ams12733-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.057661,VS0,VE2
etag
"OW8dKeS/mXpo5HaQebOjaIXEVOIOUGxEK6arwXhxTUI"
vary
Accept
content-type
image/webp
x-styx-req-id
2dbdd1c7-1382-11ef-91bf-b21ab1eef56b
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:45:30 GMT
banking_trojan_i_10.png
www.forcepoint.com/sites/default/files/ 		69 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_10.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1903bc7b06a690ebd02ed71854c39bfb5d372bd2bccf4c0af8e920fd3d1288c7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img03-europe-west3
age
48221
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=105575 idim=624x294 ifmt=png ofsz=71134 odim=624x294 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-8688d6cf87-vk8lh
content-length
71134
x-served-by
cache-chi-klot8100138-CHI, cache-ams21062-AMS, cache-ams21081-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.057661,VS0,VE1
etag
"pzgjjogdKkA89AXnZAdzstuNyukriQY/74uJuUWDRfY"
vary
Accept
content-type
image/webp
x-styx-req-id
279cfb3d-1382-11ef-b326-da2cc1022086
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:45:20 GMT
banking_trojan_i_11.png
www.forcepoint.com/sites/default/files/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_11.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bb5970d31af88f2d4b8e9a0d5d09423f60fdeaf8467e76558749b01175e29bff
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240195
age
48169
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=46144 idim=624x144 ifmt=png ofsz=31418 odim=624x144 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-8688d6cf87-vk8lh
content-length
31418
x-served-by
cache-chi-kigq8000053-CHI, cache-ams21024-AMS, cache-ams21083-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.057640,VS0,VE2
etag
"1TZ+HO17YiwbX8Q3iCi1wJbUQGra7E1QFy7W/v+45Sw"
vary
Accept
content-type
image/webp
x-styx-req-id
469ef483-1382-11ef-b326-da2cc1022086
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:46:12 GMT
banking_trojan_i_12.png
www.forcepoint.com/sites/default/files/ 		133 KB
134 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_12.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9ef8f1f38a81a0aaf92984a8b88a75ede700f72084a6436bd3def955c79996bd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img01-europe-west3
age
48213
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=193038 idim=624x303 ifmt=png ofsz=136582 odim=624x303 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-8688d6cf87-vrdl9
content-length
136582
x-served-by
cache-chi-klot8100136-CHI, cache-ams21054-AMS, cache-ams12736-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.057618,VS0,VE3
etag
"MFMvKbKO1PMKt2PrSdcETnGieYZo3/f+9ZZmyw+h5tw"
vary
Accept
content-type
image/webp
x-styx-req-id
2cab79f7-1382-11ef-8bd4-c263bcbaff8d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:45:28 GMT
banking_trojan_i_13.png
www.forcepoint.com/sites/default/files/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_13.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1317d5f2a1260ea3a75891b24403639555c22f68d5605d64060cc5b818f8d5c6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240194
age
48223
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=27187 idim=624x54 ifmt=png ofsz=19622 odim=624x54 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-7dd7d79886-vhgw4
content-length
19622
x-served-by
cache-chi-klot8100025-CHI, cache-ams21062-AMS, cache-ams21067-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.057614,VS0,VE4
etag
"ak8Ia+pB/1v1vVRf+/G/2t3XYFpVxuQhhIvMk7e14uA"
vary
Accept
content-type
image/webp
x-styx-req-id
2691ea0f-1382-11ef-ac11-d2f9e6e95395
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:45:18 GMT
banking_trojan_i_14.png
www.forcepoint.com/sites/default/files/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banking_trojan_i_14.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
196cf16bdf33243c9b0b16685b08f159492453aeb97d7ae8635681d6576dff90
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 2, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240194
age
48217
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=57136 idim=624x246 ifmt=png ofsz=42382 odim=624x246 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-8688d6cf87-vrdl9
content-length
42382
x-served-by
cache-chi-kigq8000155-CHI, cache-ams21027-AMS, cache-ams12758-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.057604,VS0,VE3
etag
"woHWBS2hcOsrHGwObF9XOPKj+miF/sz3EsX19cH+OfM"
vary
Accept
content-type
image/webp
x-styx-req-id
2a69cea1-1382-11ef-8bd4-c263bcbaff8d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sat, 17 May 2025 12:45:25 GMT
placeholder_image.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 		34 B
508 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/placeholder_image.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img08-europe-west2
age
1395122
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1272 idim=20x20 ifmt=png ofsz=34 odim=20x20 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-5j69z
content-length
34
x-served-by
cache-chi-kigq8000157-CHI, cache-ams21040-AMS, cache-ams21022-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.060559,VS0,VE2
etag
"1Cw1g26qcqy/qXiETpkqMbr8ayhbr57dIxJ0jC+RrrE"
vary
Accept
content-type
image/webp
x-styx-req-id
28491965-0742-11ef-8b9d-16ab02f7e8e2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 22:36:59 GMT
docs_to_scripts_hero.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/docs_to_scripts_hero.jpg?itok=cdZqYsSR&timestamp=1715628713
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f86e30c6fa77d034c9b5160f39c1443f7aea4e6ec22f646edff5147e46fb0851
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
vpop-etou8240192
age
218965
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=24755 idim=570x270 ifmt=jpeg ofsz=24620 odim=570x270 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-548957645b-96cpt
content-length
24620
x-served-by
cache-chi-klot8100032-CHI, cache-ams21030-AMS, cache-ams12731-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.059796,VS0,VE2
etag
"bzwLlr14NWE3k4iz4bjVeIm51YD0czbu3xbO2XlaH9k"
vary
Accept
content-type
image/webp
x-styx-req-id
9c495f95-11f4-11ef-ab6c-82ae20a853c0
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 15 May 2025 13:19:36 GMT
agent-tesla-header.jpg
www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/570x270_sc/public/hero/agent-tesla-header.jpg?itok=mdFQz7py&timestamp=1708868891
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a883175288ea1293b396c31c793cc9a19c3d30ea2977f097bd05fad1269cd4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img09-europe-west2
age
1182422
http_x_geo_region
DE-BY
x-cache
HIT, MISS, MISS, HIT
fastly-io-info
ifsz=9731 idim=570x270 ifmt=jpeg ofsz=8070 odim=570x270 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-6zx56
content-length
8070
x-served-by
cache-chi-klot8100024-CHI, cache-ams21051-AMS, cache-ams12742-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.060038,VS0,VE1
etag
"qpKDA8esiG2SZi0eQF9LK6YMtsLkZ4wm+RQwZ3Umqhc"
vary
Accept
content-type
image/webp
x-styx-req-id
63e7732a-0931-11ef-a6fd-3a8be9a6877a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Sun, 04 May 2025 09:42:00 GMT
metamorfo.jpg
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/ 		3 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/metamorfo.jpg?itok=2sm7gn6j
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9cc7d9f633d3ad6930112f95653d6e9dcb6d2e090acdf0e6be9e7cbaf6d013a2
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com conversions-config.reddit.com *.g2crowd.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 942, 0
content-security-policy
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com conversions-config.reddit.com *.g2crowd.com; report-uri /admin/config/system/seckit/csp-report
strict-transport-security
max-age=18410000; includeSubDomains; preload
x-content-type-options
nosniff
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
fastly-io-served-by
vpop-etou8240192
age
47416
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, MISS
fastly-io-info
ifsz=3523 idim=199x111 ifmt=jpeg ofsz=3523 odim=199x111 ofmt=jpeg
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
http_x_geo_continent
EU
fastly-stats
io=1
expires
Sun, 19 Nov 1978 05:00:00 GMT
content-length
3523
x-xss-protection
1
fastly-io-warning
Failed to shrink image
x-served-by
cache-chi-kigq8000121-CHI, cache-ams21071-AMS, cache-ams12759-AMS, cache-fra-etou8220045-FRA
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-timer
S1715911742.059715,VS0,VE9
etag
"R4uokDzPgtbWcuXUvjcbdkBcLKLA8dMlG3e7xShBQy4"
x-frame-options
SAMEORIGIN
vary
Accept
content-type
image/jpeg
x-styx-req-id
9b6c34f3-1380-11ef-adc6-3e3f9a9080cd
cache-control
no-cache, must-revalidate
accept-ranges
bytes
x-drupal-cache
MISS
x-pantheon-styx-hostname
styx-fe1-a-7dd7d79886-4h9dl
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/ 		88 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
726346
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
28035
last-modified
Wed, 08 Mar 2023 16:05:42 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6408b256-6d83"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IwhfgHZyi8OpDF8Ebxe%2F%2BWegAxNf6E24AMxqf%2BXzNltgbhxG2SwBFBlJYLhstiXQuSGs9fs15h9MI9%2FwjxvXEPxufNz0RQ7lxsmkNEBmbmsOCtv7IcT33RJpIV69%2BOshjGwcggFz"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
88501023ea0230ed-FRA
expires
Wed, 07 May 2025 02:09:02 GMT
jquery-migrate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.4.1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.4.1/jquery-migrate.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
41272
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4374
last-modified
Fri, 24 Feb 2023 02:37:49 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"63f822fd-1116"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBY1ib8J0EVFst8Z8g4KQlzz9ZarKoVf9Jq1j6zNgTQ0P7lm32Kda2YXe%2BSYhr5Zs2P7thB%2FVKos9xxgfRV42WVOQWFlAmUvImlRDEgs7Wt0MboOtwNS%2FKfLNrUCQTpc4lwVgd7D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
88501023e9fe30ed-FRA
expires
Wed, 07 May 2025 02:09:02 GMT
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/ 		249 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
259309
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
56990
last-modified
Fri, 29 Jul 2022 20:40:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62e445d5-de9e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q9xwE2Ks8Wet3FuBt4MOpduDrfCKASv7yVYuX3QkwXguWPGAV7EYDxdTm034AOm2aMtQqBXQhIIEREJLSivHv6obi18sj81DW7PP7%2Bak0eYvXfNRE7gJCGeDgUByA9e3gmfLnmkE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
88501023e9fc30ed-FRA
expires
Wed, 07 May 2025 02:09:02 GMT
jquery.cookie.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
702378
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
591
last-modified
Mon, 04 May 2020 16:11:45 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec1-514"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iXy0zGmuoX3GslhjL7sYZRMp8k7w1563brOncGyxb12zThhwtLtP0QX9Cb51PrD9pSh5whOOcN4TFY8HLzrz6NzMuKkrQg1w9h%2BqFJttdMrlKpClDWGduOSg8fe7vzFgPNTBjyPC"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
88501023e9ff30ed-FRA
expires
Wed, 07 May 2025 02:09:02 GMT
jquery.form.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.form/4.3.0/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.form/4.3.0/jquery.form.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
40858
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5719
last-modified
Sun, 07 Jun 2020 05:05:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5edc7595-42c6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OYGj7MO7dVF4R5zxOZru5sI%2BZAND5bWLl3Ky6KTrJU5FS4yrNMvc469QzUyR0e0L7WBEG2OHFVVcONnDJybY2R%2FS%2B26zKIEHo73OTJPN7zxpL8mqXm%2B%2BDm2GPMlzZtKhS00wVXeF"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
88501023ea0030ed-FRA
expires
Wed, 07 May 2025 02:09:02 GMT
utag.sync.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:6000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
75efcb64d60b45157ca306a2f68cfb2e3995e8074c33714f18cb5498124d9f80

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
8nw7c0YJTNqDiZeB.S8Za9OeNzJ93Fei
content-encoding
br
via
1.1 3677df2c828d68a6a84555cd8a40cf50.cloudfront.net (CloudFront)
date
Fri, 17 May 2024 02:06:43 GMT
last-modified
Wed, 15 May 2024 13:26:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
140
x-amz-server-side-encryption
AES256
etag
W/"4241502d6c2d7a13a9a97c80a9686ab5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
47FGX7O7g3DN6LwWYVMwjDzI12Z5BYamj9t5vHyNN2CynwqnUFGYwQ==
v2.js
js.hsforms.net/forms/ 		482 KB
155 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
age
541
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=885002f28c883656-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"b0047a8901d8ed9f81db3dcb5982114e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5064/bundles/project-v2.js
date
Fri, 17 May 2024 02:09:02 GMT
x-amz-version-id
4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
via
1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
d59467bb-1348-42f3-8f0a-ec3aea2cca8b
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
d59467bb-1348-42f3-8f0a-ec3aea2cca8b
last-modified
Wed, 03 Apr 2024 11:15:05 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2FJwjjNUCuF5%2F4HvPn9oDmmZFpnwguB4cp9Xpw%2FZhmUnrAUflO1R1j4UL%2B5Sm%2FMi2CGVXikYtbBfzZ%2BcXUhWRJ4DheOXtbucKxagFdnHCLnyxN6eAiE4U6tTr523FGv7"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-wlmbb
cf-ray
88501023fe311e54-FRA
x-amz-cf-id
L7eeNdPH6V2N9FC9v-X2mbu8byUHHCfQQuO5hhphJ01uM4v0J-f6Gw==
css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
www.forcepoint.com/sites/default/files/advagg_css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_css/css___VkyRO3B5Aq6aNIr0ttm3Is69Rc7XYN_AdFjRz9E6sA__VcIbQquJvVVOuzIFHQnbacZLWNY0lFxoxf5twuCo0Bc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1389, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
1421
x-served-by
cache-chi-kigq8000092-CHI, cache-fra-eddf8230025-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000092_CHI
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1715911742.059645,VS0,VE3
etag
W/"65e6b647-19a6"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e5937e66-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__W3yM6WBe6ndCsZPBg4n630CPZFPltBmeCyjdVT1DY70__bDRoZCuiGZ0Z97B2lHvbrvG8HsJo-CC3-a0Ia2Sx5bE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f443007354af04e5d9f0aea2ce21303442752753ce63ab035a6c76d4f06d5d52
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1458, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-m255z
content-length
4874
x-served-by
cache-chi-kigq8000024-CHI, cache-fra-etou8220151-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000024_CHI
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1715911742.061594,VS0,VE3
etag
W/"65e6b647-2a50"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e593445d-f1d7-11ee-976d-4e9dd3d547b2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZyeOaiFuDejQQbhUV7yg7atYZnj4WLfH77o0scv4068__jeShjS1-sEwOx4dbB-NSBsCnxWfNslS1Nkgx4CZngGA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff79200e9d0486ad1207f01f3c5918eea0771ded9b1681694da8caaae4c74c1a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1804, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-fddpv
content-length
4854
x-served-by
cache-chi-kigq8000072-CHI, cache-fra-eddf8230115-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000072_CHI
last-modified
Tue, 05 Mar 2024 06:05:49 GMT
server
nginx
x-timer
S1715911742.061588,VS0,VE3
etag
W/"65e6b63d-343a"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d721c50f-f1d7-11ee-a6cf-faab7e7aaaa3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		547 B
641 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__2rjlAbBND-YDbAq2rT4GT0FCGSz_kyEdQdZyOStVQdU__SGggvtYH6KAFWT2NGquosWK1SoWokfbyhZ2MaWmzq9I__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
634b615987ef6bc5cf11ff7eb78673aebf61e436dc7a56de0f4b4aa543ccb577
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1236, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287569
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
294
x-served-by
cache-chi-klot8100132-CHI, cache-fra-etou8220155-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100132_CHI
last-modified
Tue, 05 Mar 2024 06:06:00 GMT
server
nginx
x-timer
S1715911742.059673,VS0,VE4
etag
W/"65e6b648-223"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e597477d-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__5zhFBHWG8cFOCNCpDlj7pwNwFoSGFvQEfYJiiLp0EY8__TNItwctO0QcNBYn10Ft2xshT-_PqYf8Vv6JB7nZ2xKs__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
033ea4cefced423a11d0cc62afb56c3b09c16913abe8a891fc578b2f2327a101
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 848, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
7981
x-served-by
cache-chi-kigq8000113-CHI, cache-fra-etou8220066-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000113_CHI
last-modified
Tue, 05 Mar 2024 06:05:55 GMT
server
nginx
x-timer
S1715911742.063375,VS0,VE3
etag
W/"65e6b643-6d75"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd156f92-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__MK7MzOuOm6Wn1gEArVsBZG7dh82EREyAMIm9mRlUqq8__dORmwcviulacbj4TEHhv8s4qzj-5oUCjfNEX8y-ZUFM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b2da29ed5ab13ba88c22a51b412428640f8b495c40e0225d712d16eb6ea8351e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1239, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ltjwf
content-length
7765
x-served-by
cache-chi-kigq8000098-CHI, cache-fra-eddf8230071-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000098_CHI
last-modified
Tue, 05 Mar 2024 06:06:01 GMT
server
nginx
x-timer
S1715911742.059655,VS0,VE3
etag
W/"65e6b649-59a3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e59287d2-f1d7-11ee-a4f1-16a0ed7bd780
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		730 B
701 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__YT6D1B_BKxvm6JCH_t9sZNI5L6yITa_DlU5QcSlOkAU__OXobH7d1IP1o3WABlniIrU_-pcJacVSIPUv9bpD-6pQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
67138202cdb85739d98743e8226b60fbef18366ce3da88902bee16dacd0f0959
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 1618, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ph6zp
content-length
381
x-served-by
cache-chi-klot8100120-CHI, cache-fra-etou8220105-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100120_CHI
last-modified
Tue, 05 Mar 2024 06:05:56 GMT
server
nginx
x-timer
S1715911742.063355,VS0,VE3
etag
W/"65e6b644-2da"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd343a59-f1d7-11ee-89af-8edf77054182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__udVKtMVyYcbvVHDJ0nPML4nntXexNWL2oMqAdYSCgWM__DGF7DhDt4X72RMZfC0gLtM1DzR4cKNX-xUUTDHAODaQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		27 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__udVKtMVyYcbvVHDJ0nPML4nntXexNWL2oMqAdYSCgWM__DGF7DhDt4X72RMZfC0gLtM1DzR4cKNX-xUUTDHAODaQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c3af792cf17fc9da7b301e6ec8a24dcec9e7b4d3ef83622c2417329f658e8848
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:31 GMT
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-dfscd
content-length
10066
x-served-by
cache-chi-klot8100144-CHI, cache-fra-eddf8230027-FRA, cache-fra-etou8220045-FRA
last-modified
Tue, 16 Apr 2024 13:54:18 GMT
server
nginx
x-timer
S1715911742.059602,VS0,VE5
etag
W/"661e830a-6bc3"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d99a5f32-fbf8-11ee-84c5-c204ae6b7bc4
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1399, 0
js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		710 B
607 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__chJL213YSkJch-IjytLyUqW7uGPnNqOcHGrVBTtmWRc__yn2ExM-BDbvoDYxfwBKmliyRc5GwBZkfllb5p--ixOE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1f81387d932ab97c0ddff8edfc8e1ca4e37201b3cfb5d3911bc25a04e4087ae7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 1556, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-ph6zp
content-length
306
x-served-by
cache-chi-klot8100117-CHI, cache-fra-etou8220152-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100117_CHI
last-modified
Tue, 05 Mar 2024 06:05:57 GMT
server
nginx
x-timer
S1715911742.063150,VS0,VE5
etag
W/"65e6b645-2c6"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd2ddb29-f1d7-11ee-89af-8edf77054182
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		798 B
835 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__vqZqTxUxqDoVSZOh60EjSleoZgwIzSlhamQKjS1JngU__S91yqV9ubUDMxzCK2GLBYdp1SFL3v48MFVTVZ3OSXjc__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0af941ad21ab4dc704f04bdf8d21825869cfe27eb61b3a37e295f70697c48c88
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1423, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
428
x-served-by
cache-chi-klot8100128-CHI, cache-fra-eddf8230056-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100128_CHI
last-modified
Tue, 05 Mar 2024 06:06:02 GMT
server
nginx
x-timer
S1715911742.062988,VS0,VE5
etag
W/"65e6b64a-31e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e59612e5-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		981 B
854 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__A3z98XA9ArlnbHREYTcp6hgmi5Oz2wY1MqcLV75pq8Q__z2dbLyr7KaPpYQrjLtDeNRJ8Dddotk1Rd-5bC2zRyWo__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
33df7d1430b49b83528e5df930e1da6d9bf492fb32b37ff2b9fd4d97834a0abd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 333, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287569
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-kk5rj
content-length
452
x-served-by
cache-chi-klot8100097-CHI, cache-fra-eddf8230050-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100097_CHI
last-modified
Tue, 05 Mar 2024 06:06:03 GMT
server
nginx
x-timer
S1715911742.062987,VS0,VE3
etag
W/"65e6b64b-3d5"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e5927087-f1d7-11ee-b87b-f2654297ce89
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9e815610f978cad8bc6a72832b206c68e17bf6799cd0c937b2b3c30014243f73
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 1793, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-5zbrs
content-length
1539
x-served-by
cache-chi-klot8100066-CHI, cache-fra-etou8220025-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100066_CHI
last-modified
Tue, 19 Mar 2024 19:19:24 GMT
server
nginx
x-timer
S1715911742.062777,VS0,VE3
etag
W/"65f9e53c-d5a"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
dd2cb700-f1d7-11ee-bbb7-623f168e5bfe
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:12 GMT
js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		32 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__6FQAqJmB1yKdAJYwsXAk_hJnargJPvMPkf9xl2Aoo0E__LRcB_jb8iwtqJJbRU0etTiWNPUen87vOM9Rlp7OZGiI__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6806cdcdd3c7f06950968eeebc5ed11dc261adde18cfefd541532fcf5e59ddff
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1455, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-h68w5
content-length
14177
x-served-by
cache-chi-klot8100139-CHI, cache-fra-eddf8230145-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100139_CHI
last-modified
Tue, 05 Mar 2024 06:06:03 GMT
server
nginx
x-timer
S1715911742.062765,VS0,VE7
etag
W/"65e6b64b-81b7"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e592268a-f1d7-11ee-9fa0-220fea7644ee
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__awDE3dco34o6B5V5PT-wcPX9t75VGt6sjYxNLg-Ibew__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZAA5lMeZXVSyc2jkDQc3qK2xTFroqEhe0Vhijw7cweY__awDE3dco34o6B5V5PT-wcPX9t75VGt6sjYxNLg-Ibew__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c654220d555e70fb63334836085ed53e9a9d2982e79824664fba6d89e6dc490e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:31 GMT
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287571
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-c4v2w
content-length
2104
x-served-by
cache-chi-klot8100167-CHI, cache-fra-etou8220057-FRA, cache-fra-etou8220045-FRA
last-modified
Tue, 16 Apr 2024 13:54:19 GMT
server
nginx
x-timer
S1715911742.062591,VS0,VE5
etag
W/"661e830b-183e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d99b81fb-fbf8-11ee-9c93-fae8d33dc845
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
0, 1806, 0
js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__VVbwMK3NMLbfvdLXAKRCOGZ9jqUjWHfUrPnJSWIlxkM__4Q4SNExXEfBJWUuxQzqhfoyno0u2-1mPRJyQnRmGPTQ__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
61deedef5519831c5ba93b5ea4ccbe1d3a6a544c37709704271d05871caf1a02
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 297, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287556
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-fddpv
content-length
1194
x-served-by
cache-chi-kigq8000035-CHI, cache-fra-eddf8230056-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000035_CHI
last-modified
Tue, 05 Mar 2024 06:06:26 GMT
server
nginx
x-timer
S1715911742.062588,VS0,VE3
etag
W/"65e6b662-f33"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e5d6cc25-f1d7-11ee-a6cf-faab7e7aaaa3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:27 GMT
js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ZW8o7ZZZ2WVdbdwiWGu52bSrkEFZV2xhp5aNyZR5USA__3tGfK_b3yc_EcnR78FUS1iLe24uT_kFOG0Zgxin4wcM__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7a06dd94021db644db9732192dd8c6b062b80d3f99488e35ce495e82f0ccf961
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 817, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287556
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-srsz5
content-length
1541
x-served-by
cache-chi-klot8100156-CHI, cache-fra-eddf8230134-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100156_CHI
last-modified
Tue, 05 Mar 2024 06:06:04 GMT
server
nginx
x-timer
S1715911742.062378,VS0,VE5
etag
W/"65e6b64c-f24"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e594d3d7-f1d7-11ee-83a9-32c190c1efda
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__UCtXJrNvJbqWwTkauUyH6r0OmkrsjVeSImxlI3C6DJc__edC3yUE0SEy7im3t18SA-W_kx6imM-y8IQCkdmyHAt0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fd08b09bb992ad9d8eb1fa512716a782939ee1df7c7b10ebecef57bc7b023626
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 541, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287556
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
1260
x-served-by
cache-chi-kigq8000118-CHI, cache-fra-eddf8230107-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000118_CHI
last-modified
Tue, 05 Mar 2024 06:06:05 GMT
server
nginx
x-timer
S1715911742.062191,VS0,VE5
etag
W/"65e6b64d-ebd"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ea32fd72-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:34 GMT
js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__AV6-fb8rJ2QD61i8dwhUQihn7pc-Lp_VvhfmIjW8oHw__RUm4kKahOBCnrDpJWbA1cDqNhTD7qsBmlLW9ebsLhz0__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a167f660daaa2f0abba7204685eb46f7127b490d936f10747a2f8c5daba26b83
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 1750, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
1853
x-served-by
cache-chi-klot8100113-CHI, cache-fra-eddf8230156-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100113_CHI
last-modified
Tue, 05 Mar 2024 06:05:50 GMT
server
nginx
x-timer
S1715911742.063583,VS0,VE5
etag
W/"65e6b63e-1377"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ddfed7c4-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:13 GMT
js__RKHlmU6t0RLUncGnTujiufoFCC5MbSOoksjftmO9T3k__zuc6_saw4GugjJbkXjhIWvD6QUdji5PLzz5KMmYf8SA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__RKHlmU6t0RLUncGnTujiufoFCC5MbSOoksjftmO9T3k__zuc6_saw4GugjJbkXjhIWvD6QUdji5PLzz5KMmYf8SA__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
706bcb95e6eec4ff78ac6d9647ad0e0e7163134b73c45f0fc5b801ca529127d2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:51 GMT
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287569
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-6494bdc54b-252xz
content-length
2348
x-served-by
cache-chi-kigq8000179-CHI, cache-fra-etou8220030-FRA, cache-fra-etou8220045-FRA
last-modified
Tue, 16 Apr 2024 13:54:32 GMT
server
nginx
x-timer
S1715911742.062183,VS0,VE6
etag
W/"661e8318-1965"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e54bdec9-fbf8-11ee-9577-c280e6ba379a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
6, 287, 0
js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__g6mKbcakHxQkz4ZHYaxdO_xqONINvRMgsHh1zAK-fr0__ATHtEmHaeZ0jidpGU22EkhmPDBSgjD8z0bVDQMI-BIY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ac12f243172f3c8376a67f24942257093fd70d0c10212a58bf8df60f372be24e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
1, 1523, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287568
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
762
x-served-by
cache-chi-kigq8000175-CHI, cache-fra-eddf8230041-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000175_CHI
last-modified
Tue, 05 Mar 2024 06:05:59 GMT
server
nginx
x-timer
S1715911742.062017,VS0,VE4
etag
W/"65e6b647-76d"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
de004b55-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:14 GMT
js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__YDKn5kOzd1mgJhYu7UkUXBFTO-WC5n-FhasqlgTZXKY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__zwOQL0xjQu_jInUCc5HDDX7DuqNXThdgsBzScvBN6zY__YDKn5kOzd1mgJhYu7UkUXBFTO-WC5n-FhasqlgTZXKY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0eb42d32c51e79e9d48a5694328c0ce8889f58a2c25bf13f239a8d818226a96a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 17 Apr 2025 13:54:51 GMT
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287499
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-5b88b49ff7-c4v2w
content-length
3791
x-served-by
cache-chi-kigq8000049-CHI, cache-fra-eddf8230084-FRA, cache-fra-etou8220045-FRA
last-modified
Tue, 16 Apr 2024 13:54:33 GMT
server
nginx
x-timer
S1715911742.061762,VS0,VE5
etag
W/"661e8319-262c"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e54d52df-fbf8-11ee-9c93-fae8d33dc845
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
7, 879, 0
js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		1017 B
911 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__XtFha_knURVT5YLGKmVYz2S732sgaVuOjO801TC1X90__Iiz_LtHOgN-NEjf_Wqk78-4FPz8AQR7Ygonew_LemTU__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2db23bd96dca0757b0f0d309acb62fe766c08348c86c195ed79658f7f7b456c3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1735, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
566
x-served-by
cache-chi-kigq8000115-CHI, cache-fra-eddf8230091-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000115_CHI
last-modified
Tue, 05 Mar 2024 06:05:51 GMT
server
nginx
x-timer
S1715911742.062003,VS0,VE4
etag
W/"65e6b63f-3f9"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
d721917e-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:02 GMT
js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		2 KB
949 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__ANAjsl90aU8V_JJuHtJWcRsK1EGBFuMwHq693fURsXU__F1FPONSTf0yEH0Y9VHtO8-UlYOiMFKhCksEr6rzCrMg__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3180fea88eaa47e87effdffd92cc7f52249a701909b6b617b2d0c55b7a0e7c98
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 338, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
245301
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-h68w5
content-length
629
x-served-by
cache-chi-kigq8000137-CHI, cache-fra-etou8220058-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000137_CHI
last-modified
Tue, 05 Mar 2024 06:06:01 GMT
server
nginx
x-timer
S1715911742.059414,VS0,VE3
etag
W/"65e6b649-61e"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
ddd9505b-f1d7-11ee-9fa0-220fea7644ee
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:13 GMT
js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__M-G9HjQnRkIvfDUQ2d_iUncmyceph8xR9Cdf00-6rCE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__1DBjoSMQlQ4ixA_cuaJfS5Px949O7h4aDn8Z9xtRW7Q__M-G9HjQnRkIvfDUQ2d_iUncmyceph8xR9Cdf00-6rCE__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c8d27fc54324f4e6bba51414c1d4ccc83eff5ef97a93bc2854db3f4e4d72ac53
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 01 May 2025 18:08:31 GMT
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-vj962
content-length
5932
x-served-by
cache-chi-klot8100043-CHI, cache-fra-eddf8230159-FRA, cache-fra-etou8220045-FRA
last-modified
Tue, 30 Apr 2024 18:08:11 GMT
server
nginx
x-timer
S1715911742.061795,VS0,VE4
etag
W/"6631338b-49cc"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
a751539d-071c-11ef-891e-fad2edf62dbb
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
9, 1748, 0
js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		1 KB
870 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__5JgaXR8D2C00E22GhU2eB1lVAKgbz2L03t9_2mjtbvU__jsf8gUmjQabawiet5xN7FARmhje4S0BRk0UtxOVEzLY__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76d9063e5a28081ce23c52ce4c500f8a39674afbedf24aad5f304df8f00a84df
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 1064, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287570
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-69554747b9-2j9t5
content-length
495
x-served-by
cache-chi-kigq8000088-CHI, cache-fra-eddf8230076-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_kigq8000088_CHI
last-modified
Tue, 05 Mar 2024 06:06:09 GMT
server
nginx
x-timer
S1715911742.068042,VS0,VE5
etag
W/"65e6b651-40c"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e594266c-f1d7-11ee-aed0-566d988ffce8
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__bunscNd0XY0JtFyEPHN8vrG4QmOdFsldeaRN0v3VA9M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
www.forcepoint.com/sites/default/files/advagg_js/ 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/default/files/advagg_js/js__QEUI7Yv_wakfcc6JBvi15ovY1U6doRpL4VmJGHt4na4__bunscNd0XY0JtFyEPHN8vrG4QmOdFsldeaRN0v3VA9M__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2da781a6191588a46eeb8e47e2d5c4fd2d49a2eceeb1e6e061dbac289e63dc7c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
119154
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-64b977755d-p72wq
content-length
26917
x-served-by
cache-chi-klot8100116-CHI, cache-fra-etou8220069-FRA, cache-fra-etou8220045-FRA
backend-ip-port
fastlyshield--shield_ssl_cache_chi_klot8100116_CHI
last-modified
Mon, 18 Mar 2024 14:45:01 GMT
server
nginx
x-timer
S1715911742.068042,VS0,VE5
etag
W/"65f8536d-13c91"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e5945f6d-f1d7-11ee-b1db-162c3c5c54d7
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 04 Apr 2025 16:33:26 GMT
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=7536246229799030399
4 B
280 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=7536246229799030399
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Server
2600:9000:206f:6c00:5:7a81:86c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.forcepoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
content-type
application/json
alt-svc
h3=":443"; ma=86400
content-length
4
apigw-requestid
X5JZ3gw8oAMESbA=
x-amz-cf-id
SnlpBJvHHrHT29gs9hQU8utIG8Fr9KkWTzmcXp3pGIWG9aXw93pmpA==

Redirect headers

pragma
no-cache
date
Fri, 17 May 2024 02:09:02 GMT
an-x-request-uuid
10dee792-5d4d-42d1-be31-f13bccf94d90
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=7536246229799030399
x-proxy-origin
217.114.218.22; 217.114.218.22; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
utag.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 		434 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:6000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3016d1c6efa3769cafb9d4460f1569c19129058de4159546b41ba3a791f53489

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
A6mqUKTttk5E0ESh31cB7FCFihvt1Eg.
content-encoding
br
via
1.1 3677df2c828d68a6a84555cd8a40cf50.cloudfront.net (CloudFront)
date
Fri, 17 May 2024 02:06:43 GMT
last-modified
Wed, 15 May 2024 13:26:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
140
x-amz-server-side-encryption
AES256
etag
W/"36d04344f1e3ca3136ac41d6f651ffb9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
BFePMAUZizdmjrR3FZZbYvp4UkpZ0sGeguTl8q3Km7jSeqMVCBciGw==
forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 763, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname
styx-fe1-b-668bdc8fc7-vwc4w
age
287571
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
content-length
783
x-served-by
cache-chi-klot8100172-CHI, cache-fra-eddf8230106-FRA, cache-fra-etou8220045-FRA
last-modified
Sun, 12 May 2024 19:21:32 GMT
server
nginx
x-timer
S1715911742.036597,VS0,VE3
etag
W/"664116bc-6ad"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
e01a0f2d-1154-11ef-acea-f6bba15d4c75
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 14 May 2025 18:16:10 GMT
placeholder_image.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 		34 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/placeholder_image.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1, 0
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-5j69z
fastly-io-served-by
img08-europe-west2
age
1395122
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=1272 idim=20x20 ifmt=png ofsz=34 odim=20x20 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
content-length
34
x-served-by
cache-chi-kigq8000157-CHI, cache-ams21040-AMS, cache-ams21022-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.060559,VS0,VE2
etag
"1Cw1g26qcqy/qXiETpkqMbr8ayhbr57dIxJ0jC+RrrE"
vary
Accept
content-type
image/webp
x-styx-req-id
28491965-0742-11ef-8b9d-16ab02f7e8e2
cache-control
max-age=31622400
accept-ranges
bytes
expires
Thu, 01 May 2025 22:36:59 GMT
truncated
/ 		166 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		450 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		141 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		187 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		660 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		372 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		372 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		248 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
chevron-right-xxs.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 		213 B
528 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/chevron-right-xxs.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
11, 997, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287569
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-668bdc8fc7-csgfc
content-length
174
x-served-by
cache-chi-kigq8000176-CHI, cache-fra-eddf8230157-FRA, cache-fra-etou8220045-FRA
last-modified
Sat, 11 May 2024 20:45:06 GMT
server
nginx
x-timer
S1715911742.276666,VS0,VE5
etag
W/"663fd8d2-d5"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
e1930168-1154-11ef-a1b7-b66266015f3e
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 14 May 2025 18:16:13 GMT
truncated
/ 		636 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		636 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		636 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
banner-woman.jpg
www.forcepoint.com/sites/default/files/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/default/files/banner-woman.jpg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img10-europe-west2
age
1342144
http_x_geo_region
DE-BY
x-cache
MISS, HIT, MISS, HIT
fastly-io-info
ifsz=139269 idim=591x426 ifmt=jpeg ofsz=12712 odim=591x426 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-6zx56
content-length
12712
x-served-by
cache-chi-klot8100073-CHI, cache-ams21065-AMS, cache-ams12723-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.283326,VS0,VE2
etag
"N0lQYBtHe5ciagpRVpui8m2mvIrccgSXz/6JZdtfgoA"
vary
Accept
content-type
image/webp
x-styx-req-id
c380a60e-0635-11ef-be95-3a8be9a6877a
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 30 Apr 2025 14:35:45 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		750 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 		365 B
738 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
195211df418c32079abb41bb0ebd2ea3aace287509a9c49702d80f1350313527
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 4, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img01-europe-west2
age
1342566
http_x_geo_region
DE-BY
x-cache
MISS, MISS, HIT, HIT
fastly-io-info
ifsz=404 idim=43x11 ifmt=gif ofsz=365 odim=43x11 ofmt=gif ofrm=4
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-a-867f44b44b-2w9x6
content-length
365
x-served-by
cache-chi-klot8100112-CHI, cache-ams21072-AMS, cache-ams21053-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.285482,VS0,VE1
etag
"c9vdSz1SobFgJvEEIebuVOe3obQGnXd87HeEFJfv0io"
vary
Accept
content-type
image/gif
x-styx-req-id
86b514b5-07bc-11ef-bee0-eaad830a048d
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:12:56 GMT
bg-blog-podcast-final-plea.png
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/ 		136 KB
137 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/backgrounds/bg-blog-podcast-final-plea.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 0, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img03-europe-west2
age
1342143
http_x_geo_region
DE-BY
x-cache
MISS, MISS, MISS, HIT
fastly-io-info
ifsz=236236 idim=580x458 ifmt=png ofsz=139710 odim=580x458 ofmt=webp
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
139710
x-served-by
cache-chi-kigq8000133-CHI, cache-ams21029-AMS, cache-ams12730-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.285502,VS0,VE1
etag
"J4HM7COV6lmZQG/n7TaO0MtxZmafgyzKI2fNbOojs8E"
vary
Accept
content-type
image/webp
x-styx-req-id
82115b34-07bd-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 13:19:58 GMT
f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 		257 B
531 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 905, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287569
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-b-668bdc8fc7-n72ps
content-length
187
x-served-by
cache-chi-klot8100146-CHI, cache-fra-etou8220152-FRA, cache-fra-etou8220045-FRA
last-modified
Mon, 13 May 2024 09:15:57 GMT
server
nginx
x-timer
S1715911742.285860,VS0,VE3
etag
W/"6641da4d-101"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
e1a393f1-1154-11ef-936c-7e57ee547a30
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 14 May 2025 18:16:13 GMT
truncated
/ 		442 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 		655 B
644 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
2, 549, 0
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287568
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
x-pantheon-styx-hostname
styx-fe1-a-548957645b-hrjk6
content-length
400
x-served-by
cache-chi-kigq8000077-CHI, cache-fra-eddf8230034-FRA, cache-fra-etou8220045-FRA
last-modified
Mon, 13 May 2024 10:56:57 GMT
server
nginx
x-timer
S1715911742.286517,VS0,VE8
etag
W/"6641f1f9-28f"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-styx-req-id
e1a4121e-1154-11ef-ae6e-6299bb9686bb
cache-control
max-age=31622400
accept-ranges
bytes
expires
Wed, 14 May 2025 18:16:13 GMT
truncated
/ 		383 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		558 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		356 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		431 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		688 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
Hoves_DemiBold.woff
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/ 		18 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves-optimized/Hoves_DemiBold.woff
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/sites/default/files/advagg_css/css__5_J1g-IzxVB2kAmpTJT-GhoR88E1teSy_bXl1NQCXaI__wzNMdA920OY-V7LGoAml4k3p4i_29azHRf5BsFScFlw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.css
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Wed, 14 May 2025 18:16:10 GMT
date
Fri, 17 May 2024 02:09:02 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname
styx-fe1-a-548957645b-4jv47
age
229356
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
content-length
18868
x-served-by
cache-chi-kigq8000080-CHI, cache-fra-etou8220023-FRA, cache-fra-etou8220045-FRA
last-modified
Sun, 12 May 2024 23:50:15 GMT
server
nginx
x-timer
S1715911742.011750,VS0,VE9
etag
"664155b7-49b4"
content-type
font/woff
access-control-allow-origin
*
x-styx-req-id
e018ccb5-1154-11ef-8906-86427a64123a
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
1, 514, 0
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
431 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=websense/forcepoint-2018/202405151325&cb=1715911742422
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:6000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date
Fri, 17 May 2024 01:59:14 GMT
via
1.1 3677df2c828d68a6a84555cd8a40cf50.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
age
589
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
server
AmazonS3
etag
"7bc0ee636b3b83484fc3b9348863bd22"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
1QERgrA7vxnGCILC39cb3ujr-o0PFYvSj1_oC1nwv1jgIdKf25p8Bw==
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/ 		47 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.5064&X-HubSpot-Static-App-Info=forms-embed-1.5064
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35876d0e2744260a82f4c866be911a970fa37d63f2eab8450ef39d042c08fa5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-origin-hublet
na1
date
Fri, 17 May 2024 02:09:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b97e476f-ea40-4616-b871-b04e7e0f3a9c
x-envoy-upstream-service-time
16
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b97e476f-ea40-4616-b871-b04e7e0f3a9c
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.forcepoint.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
885010268ccd03d8-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-rxkvm
json
forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/ 		47 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/20987017/16d5bf15-75bb-43be-a7ff-4e4e9779520e/json?hs_static_app=forms-embed&hs_static_app_version=1.5064&X-HubSpot-Static-App-Info=forms-embed-1.5064
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cfa9b9aa84249b05ae1ca5d642b1e3941a69895f3142a996adf0ef3fd7477ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-origin-hublet
na1
date
Fri, 17 May 2024 02:09:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
77edc103-a752-4f64-a8ec-3565d2222c27
x-envoy-upstream-service-time
18
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
77edc103-a752-4f64-a8ec-3565d2222c27
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.forcepoint.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
885010276d3703d8-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-fl6gb
loading.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 		76 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/loading.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3f3a06c93db350a7a9d3616a3dbbd6c252e702ade48978256c8a125fc2981d2d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0, 1, 0
strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date
Fri, 17 May 2024 02:09:02 GMT
fastly-io-served-by
img04-europe-west2
age
1351991
http_x_geo_region
DE-BY
x-cache
HIT, MISS, HIT, HIT
fastly-io-info
ifsz=80522 idim=200x200 ifmt=gif ofsz=78253 odim=200x200 ofmt=gif ofrm=30
http_x_geo_continent
EU
fastly-stats
io=1
x-pantheon-styx-hostname
styx-fe1-b-66d79b4b7-zpn9k
content-length
78253
x-served-by
cache-chi-kigq8000130-CHI, cache-ams21037-AMS, cache-ams21030-AMS, cache-fra-etou8220045-FRA
server
nginx
x-timer
S1715911742.452387,VS0,VE1
etag
"Nxhc6+NYNokf+oi4tit7qUckgh54LwQ6JJFLiU/ddPg"
vary
Accept
content-type
image/gif
x-styx-req-id
94ec1476-07a6-11ef-88e7-fe9735e210a3
cache-control
max-age=31622400
accept-ranges
bytes
expires
Fri, 02 May 2025 10:35:51 GMT
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
885 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 02:09:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
8699da72-f834-426b-a6b8-d9f59286549b
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
8699da72-f834-426b-a6b8-d9f59286549b
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-rbtjd
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
88501027acce9249-FRA
truncated
/ 		133 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
geolocation-db.com/json/ 		146 B
256 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation-db.com/json/
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
a9376e05b43cb71f21a603eaaee1195d57375aa94fd33d50761aa50d1f43da34

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Fri, 17 May 2024 02:09:02 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
counters.gif
forms-na1.hsforms.com/embed/v3/ 		35 B
880 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 02:09:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b0c571ab-8f51-4111-b849-5a173014dc14
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b0c571ab-8f51-4111-b849-5a173014dc14
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-rbtjd
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
88501027face9112-FRA
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
537 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 02:09:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
43c9d569-48a5-4184-8101-3d04fc4c833a
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
43c9d569-48a5-4184-8101-3d04fc4c833a
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-jbmqh
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
885010295d749249-FRA
counters.gif
forms-na1.hsforms.com/embed/v3/ 		35 B
535 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 02:09:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5ecacc51-c6ec-45f7-8bc4-312bafaf2572
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5ecacc51-c6ec-45f7-8bc4-312bafaf2572
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-jr25j
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
885010298b4d9112-FRA
nr-rum-1.260.0.min.js
js-agent.newrelic.com/ 		50 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-rum-1.260.0.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:816:5001::39 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
00f201a5d775905421f60c5daf7875d305482d23e1441e31ece8052df4ca4318
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Origin
https://www.forcepoint.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
PHhaUkNeXeJnjzOBWMAzC.1dTsiS0ABs
content-encoding
br
via
1.1 varnish
date
Fri, 17 May 2024 02:09:03 GMT
strict-transport-security
max-age=300
x-amz-request-id
VYK78YWRDPFQM55J
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
17438
x-amz-id-2
E6YDRu1IMdR4T2+lxZ+WNGcz3mvnFwwBb4/O0DlwXcetKFCP+fvFO8igfTFbljibVzEh2vMiqh0=
x-served-by
cache-fra-eddf8230111-FRA
last-modified
Mon, 13 May 2024 21:56:00 GMT
server
AmazonS3
etag
"4a84a8fcc768c33188c67998b4f61db6"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
53484
latest.js
scripts.simpleanalyticscdn.com/ 		7 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scripts.simpleanalyticscdn.com/latest.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/advagg_js/js__BsJj-J0DDipBFUM6jWq6jBgbLlOJHFUDm1oaCirTN8s__3ytciCoM4ry2VdZVK_RnAXm_cZfbyZ0Tj9DCUWBKchw__qaStjG1sZu8P344AWI6vFGGyB8OkDEJ3a-IBx5FlKT0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 17 May 2024 02:09:03 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-680
cdn-cachedat
04/30/2024 19:00:38
cdn-pullzone
103822
last-modified
Mon, 10 Jul 2023 03:50:47 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
635
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"64ab8017-1d5b"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
621ef7c8-45de-46e4-8237-2eca0c3a2d75
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=604800
simple-analytics
true
cdn-requestid
dfc298a893bfa39f4fe2ab740369e51d
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
favicon.ico
www.forcepoint.com/sites/all/themes/custom/fp/assets/icons/favicon/ 		15 KB
976 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/icons/favicon/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::740 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
59a410a623d86c98b190b07e27d0cf4e36455f184fc85cc1a4021aac1bc8a860
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-pantheon-styx-hostname
styx-fe1-b-668bdc8fc7-pkhg8
date
Fri, 17 May 2024 02:09:03 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=300
age
287569
http_x_geo_region
DE-BY
x-cache
HIT, HIT, MISS
http_x_geo_continent
EU
expires
Wed, 14 May 2025 18:16:13 GMT
content-length
606
x-served-by
cache-chi-klot8100165-CHI, cache-fra-etou8220135-FRA, cache-fra-etou8220045-FRA
last-modified
Sat, 11 May 2024 20:45:05 GMT
server
nginx
x-timer
S1715911743.091853,VS0,VE7
etag
"663fd8d1-3aee"
vary
Accept-Encoding
content-type
image/x-icon
x-styx-req-id
e1e4f436-1154-11ef-9fc2-3eb5abe1e95e
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
19, 722, 0
NRJS-922263b7f65c352c48b
bam.nr-data.net/1/ 		150 B
603 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/NRJS-922263b7f65c352c48b?a=477262540&v=1.260.0&to=YFEDbUMFXBBXB0RbXlkbNEtYSx0KWABVSh9HXBE%3D&rst=1286&ck=0&s=6c95fac3388bd124&ref=https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware&ptid=239896c90ef953a2&ap=1663&be=111&fe=1101&dc=446&at=TBYAGwsfTx4%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1715911741866,%22n%22:0,%22f%22:0,%22dn%22:15,%22dne%22:15,%22c%22:15,%22s%22:44,%22ce%22:76,%22rq%22:76,%22rp%22:112,%22rpe%22:138,%22di%22:545,%22ds%22:552,%22de%22:557,%22dc%22:1211,%22l%22:1211,%22le%22:1212%7D,%22navigation%22:%7B%7D%7D&fp=366&fcp=452
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.260.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d216f3dbe0416b7af16fff78f49d7553afd17126ef0bd290bbc0895a19f3d246

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 17 May 2024 02:09:03 GMT
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
text/plain
access-control-allow-origin
https://www.forcepoint.com
access-control-expose-headers
Date
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
Connection
keep-alive
timing-allow-origin
https://www.forcepoint.com
Content-Length
150
x-served-by
cache-fra-eddf8230033-FRA
simple.gif
queue.simpleanalyticscdn.com/ 		43 B
410 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://queue.simpleanalyticscdn.com/simple.gif?version=cdn_latest_11&hostname=www.forcepoint.com&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F125.0.0.0%20Safari%2F537.36&https=true&timezone=Europe%2FBerlin&page_id=af398688-684e-4b15-9d31-36f7c4785725&session_id=6b5a53e8-03c1-4155-8a6e-90f2dfb0dd45&sri=false&mobile=false&brands=%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22125%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22125%22%7D%5D&os_name=Win32&os_version=10.0.0&path=%2Fblog%2Fx-labs%2Fexploring-metamorfo-banking-malware&viewport_width=1600&viewport_height=1200&language=de-DE&screen_width=1600&screen_height=1200&unique=true&id=af398688-684e-4b15-9d31-36f7c4785725&type=pageview&time=1715911743169
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.8.253.238 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
212-8-253-238.hosted-by-worldstream.net
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.forcepoint.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Fri, 17 May 2024 02:09:03 GMT
Simple-Analytics-Feedback
Thanks for sending this page view!
Simple-Analytics-Location
not_set
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
43
Expires
0

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| NREUM object| webpackChunk:NRBA-1.260.0.PROD object| newrelic object| utag_data undefined| $ function| jQuery number| _vis_opt_account_id string| _vis_opt_protocol string| _vis_opt_script1src string| _vis_opt_script1id string| _vis_opt_script2src string| _vis_opt_script2id undefined| scriptsInitialized function| _vis_opt_loadScript function| _vis_opt_loadScript_write function| loadTopBottomScript function| vwoSyncCode function| consentCookie function| vwoConsentGiven object| consentFunctionalCookie boolean| hasSessionStorageConsent number| prevScrollPos function| shouldRunScript object| body function| insertModalInBody boolean| hasScrolled boolean| hasSpentTime boolean| hasExitIntent boolean| hasDSEOpened boolean| scrolledUp function| userScrolledUp function| userInteracted function| userSpentTime function| userLeavesPage function| closeModal object| forresterUrls undefined| hasOpenedForrester undefined| forresterModalOpenedInSession undefined| imgSrc undefined| titleContent undefined| linkTo undefined| forresterModalString undefined| forresterModal undefined| modalCloseBtn undefined| modalLinkBtn undefined| forresterModalContent object| dseUrls undefined| newScript undefined| dseModalOpened undefined| title undefined| video undefined| linkUrl undefined| linkText undefined| dseModalString undefined| dseModal undefined| dseModalCloseBtn undefined| dseModalContent undefined| dseModalLinkBtn object| utag_err boolean| utag_condload string| url object| utag function| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap object| _linkedin object| _qevents function| _tealium_old_error boolean| __tealium_twc_switch object| adobe function| Visitor object| s_c_il number| s_c_in number| s_objectID number| s_giq object| _linkedin_data_partner_ids string| gtagRename object| dataLayer function| gtag function| rdt object| md5 function| fbq function| _fbq object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady function| advagg_mod_2 function| advagg_mod_2_check function| advagg_mod_defer_1 function| init_drupal_core_settings object| html5 object| Modernizr object| Drupal function| DOMPurify function| lazyloaderDebounceOrThrottle object| echo function| Waypoint object| AOS object| picturefillCFG function| picturefill function| tealiumGetResourceSearchData function| tealiumTrackResourceSearch object| tealFuncs object| options object| _hsq boolean| sa_event_loaded boolean| sa_loaded function| sa_event

12 Cookies

Domain/Path Name / Value
.hsforms.net/ Name: __cf_bm
Value: .EfL9A.5Zk9qM4DNARLp.ZyrZ_NDMU3PCeLdZOL0hgA-1715911742-1.0.1.1-CNqMLl98YdKPNdmxrFuRaqvT.pzQ2SCW6n1j58N5Qd1uYEGpdpngGFAJu6j7RnxrWLfmYRpv.pZP3n66wrfyNw
.forcepoint.com/ Name: utag_main__sn
Value: 1
.forcepoint.com/ Name: utag_main__se
Value: 1%3Bexp-session
.forcepoint.com/ Name: utag_main__ss
Value: 1%3Bexp-session
.forcepoint.com/ Name: utag_main__st
Value: 1715913542322%3Bexp-session
.forcepoint.com/ Name: utag_main_ses_id
Value: 1715911742322%3Bexp-session
.forcepoint.com/ Name: utag_main__pn
Value: 1%3Bexp-session
.adnxs.com/ Name: XANDR_PANID
Value: E4XnEXBvkYcjOgssdHceXuQsVwYUQtRmhXPCYcUZKjcuE3ihTdqiHpNEBvHOM4EYi0sVGyGDONzA7sB6S0P1YonBv3b1hT2XknwBIxrGYMo.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 7536246229799030399
.hsforms.com/ Name: __cf_bm
Value: d8YT9Rd.FO2nR1JwZVCDl2BvroMISEou.1YPbNeMH6Q-1715911742-1.0.1.1-K0oPmVMQAoK_wk2QGfS.zQDPGsE59c1LcgE3AsGUx7TXeeI9Qil5Pa9lnTCupsnBsf0pe0TK3g96Cc0wzJApaw
.hsforms.com/ Name: _cfuvid
Value: Om.7JQgieOJ3C0FkldjUJ9IWmYXsLgHIstfrzP9aDUM-1715911742817-0.0.1.1-604800000

32 Console Messages

Source Level URL
Text
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://www.forcepoint.com/sites/default/files/banking_trojan_i_7.png
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_highlight-soft_75_cccccc_1x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/help.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/message-24-warning.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/message-24-error.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/menu-expanded.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/tree-bottom.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/menu-collapsed.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/message-24-ok.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite@2x.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/throbber-inactive.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/draggable.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/grippie.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_flat_75_ffffff_40x100.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_dadada_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/tree.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/throbber-active.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/images/ui-bg_glass_75_e6e6e6_1x400.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.forcepoint.com/blog/x-labs/exploring-metamorfo-banking-malware
Message:
The resource https://www.forcepoint.com/misc/progress.gif was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
security error URL: https://scripts.simpleanalyticscdn.com/latest.js(Line 2)
Message:
Refused to connect to 'https://queue.simpleanalyticscdn.com/append' because it violates the following Content Security Policy directive: "connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com conversions-config.reddit.com *.g2crowd.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com scripts.simpleanalyticscdn.com queue.simpleanalyticscdn.com simpleanalyticsbadges.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com dn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com *.googlesyndication.com *.linkedin.com *.redditstatic.com conversions-config.reddit.com *.g2crowd.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

attr.ml-api.io
bam.nr-data.net
cdnjs.cloudflare.com
forms-na1.hsforms.com
forms.hsforms.com
geolocation-db.com
js-agent.newrelic.com
js.hsforms.net
queue.simpleanalyticscdn.com
s.ml-attr.com
scripts.simpleanalyticscdn.com
secure.adnxs.com
tags.tiqcdn.com
www.forcepoint.com
104.17.25.14
104.18.142.119
104.18.80.204
159.89.102.253
162.247.243.29
212.8.253.238
2400:52e0:1e00::1080:1
2600:9000:206f:6c00:5:7a81:86c0:93a1
2600:9000:235a:6000:7:2bfb:7c00:93a1
2602:816:5001::39
2a04:4e42:200::740
37.252.173.215
68.67.153.60
00f201a5d775905421f60c5daf7875d305482d23e1441e31ece8052df4ca4318
033ea4cefced423a11d0cc62afb56c3b09c16913abe8a891fc578b2f2327a101
0af941ad21ab4dc704f04bdf8d21825869cfe27eb61b3a37e295f70697c48c88
0b2a73eec34e9aa7c29e85c502791df39daade9a5b44aaca8c86870d337e62e5
0eb42d32c51e79e9d48a5694328c0ce8889f58a2c25bf13f239a8d818226a96a
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
10aa7853a3babe185246e6f1fad2c5800902a268dd63b66c53b96889ee5188f3
12bdd38cb369b7e56860cf0cbbd9769f14417b4680e58b7b2564083add79d7f2
1317d5f2a1260ea3a75891b24403639555c22f68d5605d64060cc5b818f8d5c6
13cdee5a7dbdb75ba06271fff8669bb408838d89eae133c2b3db99d2891bb35b
148a74b0921ad78021d716e8032ede1cdaf7ed7279cefd7d2acbe906add12a68
1903bc7b06a690ebd02ed71854c39bfb5d372bd2bccf4c0af8e920fd3d1288c7
195211df418c32079abb41bb0ebd2ea3aace287509a9c49702d80f1350313527
196cf16bdf33243c9b0b16685b08f159492453aeb97d7ae8635681d6576dff90
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
1f81387d932ab97c0ddff8edfc8e1ca4e37201b3cfb5d3911bc25a04e4087ae7
24dd593caf98fe7183e48e16a5a827ab4eb1a734a9821b497689127e68774db1
2528d731c4e61e67f78982f202d1de7e6f7a234117b4d9c98325c27e33c6e1d3
26e256bfa2011f9fbbe0e81f2515c98b94b7ee7696a82f380cb7e7c8361e04a4
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
2da781a6191588a46eeb8e47e2d5c4fd2d49a2eceeb1e6e061dbac289e63dc7c
2db23bd96dca0757b0f0d309acb62fe766c08348c86c195ed79658f7f7b456c3
2dfb2ca6dd5987a83d6f8dc506806417016c8f82ce8198f8b6e66cb03b8beb1d
3016d1c6efa3769cafb9d4460f1569c19129058de4159546b41ba3a791f53489
3058f7c617c39b1a94849fa7223c2f756437af3f215155d37c2a29c36848e28d
3180fea88eaa47e87effdffd92cc7f52249a701909b6b617b2d0c55b7a0e7c98
33df7d1430b49b83528e5df930e1da6d9bf492fb32b37ff2b9fd4d97834a0abd
35876d0e2744260a82f4c866be911a970fa37d63f2eab8450ef39d042c08fa5c
36bcc52e2af6ad0f4f4d27b50505c5b5efd760544f458d404704bd56216caf56
3f3a06c93db350a7a9d3616a3dbbd6c252e702ade48978256c8a125fc2981d2d
40f0bac99f9964610ee9769ab6e64ce6d66299bc9e1c75101c236422427495c9
42793f24dc3fddca04cc84a6991f0fc73c25498d023b07d488dd5e4238ed9b0c
4953a30def5d6eb8aa0119f918104b5069d10696ee634288c068accf06bb44e6
496d9a19dda325d9587f3729b5a16b1262f91a6b237e1aa5d54ed90e087c35e3
4c8537e1208918b04f3b7970b4e53d6c91b138b7b8325b469a4a5e84ced6ce2a
4d58ffb4437135b1a4f7b8cbf01321ea85fe244416aed493ea942462f3d58c86
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
521bfd25b076ada01d23b9d20bca3a3e67840702ca4d43b73d0a496575107e9e
52239b576d3fdb13fa5cec121a5e5ed123560a4ac1310d991f4694bcc5507710
5390daebe4fc263953ae2cd18f060ebb4aaef20d9df443a4d784cc642ed1eaf2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
59a410a623d86c98b190b07e27d0cf4e36455f184fc85cc1a4021aac1bc8a860
5cfc739598cda856cc20575229f8a5251e8df5b175830fe7886aaef79dfb6886
5f4e0577cb49e1130ec7098698e3556c0a2b7f33d02ec5789ee09b116e403f7e
5f8d1adf76eaaf2f3592e5a5633ef8722740af2424b1737d85c1d9581588884f
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
61deedef5519831c5ba93b5ea4ccbe1d3a6a544c37709704271d05871caf1a02
634b615987ef6bc5cf11ff7eb78673aebf61e436dc7a56de0f4b4aa543ccb577
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
67138202cdb85739d98743e8226b60fbef18366ce3da88902bee16dacd0f0959
6806cdcdd3c7f06950968eeebc5ed11dc261adde18cfefd541532fcf5e59ddff
68cb94151d86903ee4b3a5088e233b408a81a7faf9bb97d1172d8e3e6a83f868
69a02b48768b8f413fe8470c65b4232a39dc3d68350f1246da8721e92ac7e75d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
706bcb95e6eec4ff78ac6d9647ad0e0e7163134b73c45f0fc5b801ca529127d2
735b78ae1f09b1d02ee92b5ad319a189d50d10ecbec4ddd12201885dde3f4945
74948a425531d76301a98ea8fab548a09d9af38094ea6e71ab48ee6bbec31437
74d6ee660ac8d18d3940eefac6e8c0ff029ecc0f4a4799ada5d6088fe9abfbc8
75efcb64d60b45157ca306a2f68cfb2e3995e8074c33714f18cb5498124d9f80
76aefb325bdfaf3c67be7591a00c96105ffa1a3eda8cfc16d6d5e1affa8e3f95
76d9063e5a28081ce23c52ce4c500f8a39674afbedf24aad5f304df8f00a84df
76fea4cad87ffbee4d6c0d29a46382913e4a8c56ed7881d8556f684a174d6824
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
7a06dd94021db644db9732192dd8c6b062b80d3f99488e35ce495e82f0ccf961
7aba06718d078119bbf30235f808fbbf3998b4708d4b482304cb3cd08acf1dc8
7cfa9b9aa84249b05ae1ca5d642b1e3941a69895f3142a996adf0ef3fd7477ea
7e9433a7e4538237be585d3d84e1603595879c286be61e26dd3e628e3fd5e206
8048b6a47a7795c53151c7d28f992a190da59cfa9416a171a03652359a964f2a
8709e66f3192aac47989a4f2c826afc3062b52de3cd792115cba3314c05656c6
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
90bfbf24972d694b303aaa50fe006074f7dd5529c8dfe38099aed648c6312158
91997f03543fdd296c85e60feede1e3df0e950aca03698583ff2870869a2dc0b
9219b05e4c197d7fe7cbb2301573adec1a2c0f470df05258da7b95321c5b98a6
942ba1b657ab7477bc603f7852ff551aa393de40d1bab2dee01c8ad36d538a2a
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
98bee51ffbb032cfea01030abf23549c6d762f6d8283599e52bfb089f01b8742
9946a9c60957d840023e1a9e2da4d05d64e30a40812b23e1eccb2f54c7635259
9b3c52df9ce6473c11ee62f85cd48a7ff2b24ad8543ed415fec5124605a987f3
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
9cc7d9f633d3ad6930112f95653d6e9dcb6d2e090acdf0e6be9e7cbaf6d013a2
9e815610f978cad8bc6a72832b206c68e17bf6799cd0c937b2b3c30014243f73
9ef8f1f38a81a0aaf92984a8b88a75ede700f72084a6436bd3def955c79996bd
a0d9d290c9928affdd7f2816a574b367cbd6aca7ff1ba7b14b3391330d6f1995
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a167f660daaa2f0abba7204685eb46f7127b490d936f10747a2f8c5daba26b83
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4cbaa695a841f5471911a40cc4c2140d68b95d9fcaabb3b60e97db200c15b8d
a9376e05b43cb71f21a603eaaee1195d57375aa94fd33d50761aa50d1f43da34
a965bdafdcbdf6a1bc0a04fb81ee6d5fb86e1fde7a2da4e8998ab3bcf467bdb4
ac12f243172f3c8376a67f24942257093fd70d0c10212a58bf8df60f372be24e
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
b2da29ed5ab13ba88c22a51b412428640f8b495c40e0225d712d16eb6ea8351e
b4229c88ccc9ec00268d759c808bb5fc56a62479618d140eebd7948299a1544b
b48a895c0170a7310b29b01897fcf1954b43655748ce98037abae38562754a29
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b9b8fe9d0d7983bd3dc05016caf09d5028c4525e9beba05ecf0ed85bd0f3f86a
b9c823db89be14289e3b0585970e3d91c3313ec9f82d13c9cb24d90820efc699
bb5970d31af88f2d4b8e9a0d5d09423f60fdeaf8467e76558749b01175e29bff
bca38ca047c2a2923c2380ee37cff8a764d822d926d40a4e3213817fe5e8a77e
bd74c29617fed2dbd2f684dce7eebb659567ce0ae06be3418615ebe846a1bf5b
bfcc07136dc1faaee36973ca4858e530e403f2f41948fbdc47f0c3c399308db6
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c1524c7035a894f370d34f2d57704873a3978adef91d97978e3598515762eace
c16c2e899bbe232a64c1bd49e4312a7f9ea738cb2cb17058e63477a71b246fa7
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c2a54667fcd4151ef9a27b18f84f24c0b884fe593302ca1eb1210d114f4bd06b
c3af792cf17fc9da7b301e6ec8a24dcec9e7b4d3ef83622c2417329f658e8848
c6225223a7f689e02ca4f2144e864ad46dd63e29553cf3d4df572e7195303be0
c654220d555e70fb63334836085ed53e9a9d2982e79824664fba6d89e6dc490e
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c712b85f4d57c41bb049c80303067da9790aa76b32a41b422174bd507695f444
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
c8d27fc54324f4e6bba51414c1d4ccc83eff5ef97a93bc2854db3f4e4d72ac53
cd06dbad34877d2f21750d32c0b54c60c92120dcc6b9422c0d57975a57f4dd0f
d216f3dbe0416b7af16fff78f49d7553afd17126ef0bd290bbc0895a19f3d246
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
d88c03f60c9b0c3b3a4a929ad268b6078dda88e59ea5c98eeb16f031ffb0d9e0
d9860f79383e14b650769d292da0e71518d2bd747e83bdbd5ebe4bb95fb95493
db7de84263a6dfe6f7a674f478b4a6c5a97d7de7e0c7f52a12a5dedfb201004f
dd329c644951f3c041200e8279e3c90063ac5b5c8861fe253fca48df7dd8b99c
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
defd01b0db74c62e4efe18ef38e5ec968f2b8c2cf51ab6b14f12e1ad250eec84
e1652e3fbc6cef41f94897b295b6b1f57fa4901a3727e4c9ecb2911614531d0f
e25fa89bb49f7875384fe86ddb39c8c0a966f7aff529e4aa1e761efe8909fdad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e68e4b1057684aa14f6d44055bd77c6ee8170be28010b94e0278e2d05775973c
eb06d9c1faf512de924b0840e5ff2cea13ea5154e84b9a2edb23c3ee94602bd7
ee27e3cdc69e172aac4b82b3f20d30a2e9b8fc56e7154475292f0ce338b8a5a5
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
f3a883175288ea1293b396c31c793cc9a19c3d30ea2977f097bd05fad1269cd4
f443007354af04e5d9f0aea2ce21303442752753ce63ab035a6c76d4f06d5d52
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f66578f61dcd2d00bb8b7a0c5a7a02d39871c2e7c4615826c4e3a6a879a1a66b
f7d4d17ef4f0103008287290e9dd7bb35be1d08f0f8bc315033d13d0cfa6a6a5
f86e30c6fa77d034c9b5160f39c1443f7aea4e6ec22f646edff5147e46fb0851
f8c79df7183de5a0687fc40c5a9b1034d074e603d558c05a5311c7f91d9ccfe1
fad8df5718762444a80e745fd3b375ecfee298b37c480de5134b8a0ed05bc7a5
fd08b09bb992ad9d8eb1fa512716a782939ee1df7c7b10ebecef57bc7b023626
fe9132775150b13960723fdffd15ef8bb7f07d120787874114ac9e3d4f303f46
ff35e1bb0b3e1cb03aa7eab3fb0f74381ec3fd6fcff85d8c4f6be72abae116a0
ff79200e9d0486ad1207f01f3c5918eea0771ded9b1681694da8caaae4c74c1a